Aller au contenu

Utilisateur existant ? Connexion
Connexion

Se souvenir de moi Non recommandé sur les ordinateurs partagés

Mot de passe oublié ?
S’inscrire

Analyses et éradication malwares

Pas encore inscrit ?

Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs !

Se connecter

ou

S’inscrire

[Résolu] Virus tdlcmd.dll impossible à supprimer

Maheva

Par Maheva
le 25 novembre 2009 dans Analyses et éradication malwares

Partager

https://forum.zebulon.fr/topic/170550-resolu-virus-tdlcmddll-impossible-a-supprimer/

Messages recommandés

Falkra

Devil Member !

Falkra

Posté(e) le 29 novembre 2009

- Signaler

Posté(e) le 29 novembre 2009

Tu dois avoir remarqué que la bestiole que tu as est une des plus coriaces du moment.

On va faire un autre test. Télécharge Malwarebytes' Anti-Malware (MBAM)

Si ça ne se télécharge pas, que tu es redirigé, ou que MBAM ne démarre pas, signale-le moi : c'est un symptôme.

Double clique sur le fichier téléchargé pour lancer le processus d'installation.
Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
Sélectionne "Exécuter un examen rapide"
Clique sur "Rechercher"
L'analyse démarre.
A la fin de l'analyse (mais ce n'est pas fini), un message s'affiche :
L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi. N'oublie pas la suite.
Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

NB : Si MBAM te demande à redémarrer, fais-le.

Citer

Maheva

Member

Maheva

Posté(e) le 29 novembre 2009

Auteur

- Signaler

Posté(e) le 29 novembre 2009

Voilà le rapport:

Malwarebytes' Anti-Malware 1.41

Version de la base de données: 3257

Windows 6.0.6002 Service Pack 2

29/11/2009 18:49:38

mbam-log-2009-11-29 (18-49-38).txt

Type de recherche: Examen rapide

Eléments examinés: 95351

Temps écoulé: 5 minute(s), 29 second(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 2

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

Fichier(s) infecté(s):

C:\Windows\System32\tdlclk.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Windows\System32\tdlcmd.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

Citer

Maheva

Member

Maheva

Posté(e) le 1 décembre 2009

Auteur

- Signaler

Posté(e) le 1 décembre 2009

Bien que Malwarebytes' Anti-Malware dit que le virus est "Quarantined and deleted successfully" quand je redémarre, le virus est toujours là.

Qu'est-ce que je dois faire pour m'en débarasser ?

Citer

Falkra

Devil Member !

Falkra

Posté(e) le 2 décembre 2009

- Signaler

Posté(e) le 2 décembre 2009

MBAM ne suffira pas.

--------

Télécharge OTL sur le bureau :

http://oldtimer.geekstogo.com/OTL.exe

Double clicque sur son icôpne pour le démarrer. Assure toi d'avoir fermé le maximum de fenêtres ouvertes, avant ce qui suit.

Sous l'emplacement "Custom Scan" copie colle le contenu de cette boite CODE :

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
/md5stop
CREATERESTOREPOINT

Clique sur le bouton "Quick Scan". Ne change aucun réglage, sauf si on te le demande. Le scan sera rapide.

A la fin du scan, le bloc-notes sera ouvert, avec dedans OTL.Txt et Extras.Txt. Ce sont deux fichiers de rapports, sauvegardés au même encdroit qu'OTL.exe, que tu as téléchargé.

Copie-colle le contenu de ces fichiers dans ta prochaine réponse stp.

Citer

Maheva

Member

Maheva

Posté(e) le 3 décembre 2009

Auteur

- Signaler

Posté(e) le 3 décembre 2009

Voilà le rapport OTL.txt

OTL logfile created on: 03/12/2009 10:09:11 - Run 1

OTL by OldTimer - Version 3.1.11.4 Folder = C:\Users\Carole\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18828)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 90,52% Memory free

4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 149,04 Gb Total Space | 74,43 Gb Free Space | 49,94% Space Free | Partition Type: NTFS

Drive D: | 139,28 Gb Total Space | 133,76 Gb Free Space | 96,04% Space Free | Partition Type: NTFS

Drive E: | 3,74 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

F: Drive not present or media not loaded

Drive G: | 596,02 Gb Total Space | 243,93 Gb Free Space | 40,93% Space Free | Partition Type: FAT32

Drive H: | 977,47 Mb Total Space | 965,47 Mb Free Space | 98,77% Space Free | Partition Type: FAT

I: Drive not present or media not loaded

Computer Name: ORDI-DE-CAROLE

Current User Name: Carole

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/03 10:01:34 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\Carole\Desktop\OTL.exe

PRC - [2009/12/02 21:23:28 | 00,055,936 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe

PRC - [2009/12/02 21:18:30 | 00,347,776 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fsav32.exe

PRC - [2009/12/02 21:17:39 | 00,599,168 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fssm32.exe

PRC - [2009/12/02 21:17:39 | 00,476,800 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\FSGK32.EXE

PRC - [2009/08/27 06:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe

PRC - [2009/08/05 16:58:52 | 00,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\Common\FSMA32.EXE

PRC - [2009/08/05 16:58:50 | 00,199,264 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\Common\FSM32.EXE

PRC - [2009/08/05 16:58:50 | 00,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\Common\FSHDLL32.EXE

PRC - [2009/08/05 16:57:20 | 00,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\FWES\Program\fsdfwd.exe

PRC - [2009/08/05 16:56:10 | 00,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fsgk32st.exe

PRC - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

PRC - [2009/04/11 07:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe

PRC - [2009/04/11 07:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/04/11 07:27:28 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe

PRC - [2009/04/11 07:27:20 | 00,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe

PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe

PRC - [2008/11/21 05:38:40 | 00,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe

PRC - [2008/10/15 01:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

PRC - [2008/08/13 00:21:11 | 06,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2008/07/09 18:14:06 | 00,191,032 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe

PRC - [2008/06/26 06:58:59 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe

PRC - [2008/06/25 04:01:08 | 00,159,744 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Media\DMedia.exe

PRC - [2008/06/19 21:18:12 | 00,154,168 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe

PRC - [2008/06/18 07:10:24 | 00,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe

PRC - [2008/06/09 19:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe

PRC - [2008/06/09 19:16:32 | 02,363,392 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

PRC - [2008/06/04 02:29:08 | 00,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe

PRC - [2008/02/02 00:17:26 | 00,233,472 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe

PRC - [2008/01/24 00:34:42 | 07,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe

PRC - [2008/01/23 19:51:28 | 00,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe

PRC - [2008/01/21 03:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe

PRC - [2008/01/21 03:24:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe

PRC - [2008/01/21 03:23:32 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

PRC - [2008/01/12 07:40:10 | 00,098,304 | ---- | M] () -- C:\Program Files\ATK Hotkey\HControlUser.exe

PRC - [2007/12/06 11:12:57 | 00,095,528 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

PRC - [2007/12/06 11:12:43 | 01,029,416 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

PRC - [2007/12/04 19:57:06 | 02,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe

PRC - [2007/11/30 20:20:44 | 00,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe

PRC - [2007/11/05 04:48:06 | 00,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe

PRC - [2007/10/03 06:53:00 | 00,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe

PRC - [2007/09/25 19:08:58 | 00,094,208 | ---- | M] (France Telecom SA) -- C:\Program Files\Orange\Systray\SystrayApp.exe

PRC - [2007/09/25 18:58:46 | 00,598,016 | ---- | M] (France Telecom SA) -- C:\Program Files\Orange\Launcher\Launcher.exe

PRC - [2007/09/25 18:33:26 | 00,716,800 | ---- | M] (France Telecom SA) -- C:\Program Files\Orange\connectivity\connectivitymanager.exe

PRC - [2007/09/25 18:32:00 | 00,028,672 | ---- | M] (France Telecom SA) -- C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe

PRC - [2007/09/25 18:31:52 | 00,360,448 | ---- | M] (France Telecom SA) -- C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe

PRC - [2007/09/25 18:28:12 | 00,065,536 | ---- | M] (France Telecom SA) -- C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe

PRC - [2007/09/25 18:27:50 | 00,065,536 | ---- | M] (France Telecom SA) -- C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

PRC - [2007/09/25 18:24:56 | 00,090,112 | ---- | M] (France Telecom SA) -- C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe

PRC - [2007/08/15 20:20:16 | 00,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe

PRC - [2007/08/08 09:08:40 | 00,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe

PRC - [2007/08/03 21:24:54 | 00,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

PRC - [2007/07/06 01:53:44 | 01,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe

PRC - [2007/05/18 11:31:16 | 00,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe

PRC - [2005/07/07 00:43:42 | 00,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe

========== Modules (SafeList) ==========

MOD - [2009/12/03 10:01:34 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\Carole\Desktop\OTL.exe

MOD - [2009/08/05 16:58:30 | 00,330,336 | ---- | M] () -- \\?\c:\program files\orange\antivirus firewall\hips\fshook32.dll

MOD - [2009/04/11 07:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/12/03 00:14:46 | 00,167,936 | ---- | M] (F-Secure Corporation) -- C:\Windows\Temp\F-Secure\Anti-Virus\fsblsrv.exe -- (F-Secure BlackLight Sensor)

SRV - [2009/12/02 21:23:28 | 00,055,936 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe -- (FSORSPClient)

SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)

SRV - [2009/09/25 02:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009/09/23 15:36:06 | 00,051,168 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®

SRV - [2009/08/05 16:58:52 | 00,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\Common\FSMA32.EXE -- (FSMA)

SRV - [2009/08/05 16:57:20 | 00,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\FWES\Program\fsdfwd.exe -- (FSDFWD)

SRV - [2009/08/05 16:56:10 | 00,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)

SRV - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)

SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2008/06/26 06:58:59 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)

SRV - [2008/06/09 19:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)

SRV - [2008/01/21 03:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2007/10/03 06:53:00 | 00,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)

SRV - [2007/09/25 18:27:50 | 00,065,536 | ---- | M] (France Telecom SA) -- C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)

SRV - [2007/08/08 09:08:40 | 00,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)

SRV - [2007/08/03 21:24:54 | 00,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)

SRV - [2007/05/18 11:31:16 | 00,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)

SRV - [2007/02/20 14:53:06 | 00,075,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)

SRV - [2007/02/20 14:53:02 | 00,112,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)

SRV - [2007/01/26 11:39:06 | 00,075,952 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe -- (ICScsiSV)

SRV - [2007/01/26 11:38:48 | 00,067,760 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe -- (IcVzMonLauncher)

SRV - [2007/01/26 11:38:48 | 00,043,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)

SRV - [2006/12/14 02:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)

SRV - [2006/12/14 02:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)

SRV - [2006/12/14 01:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)

SRV - [2006/11/02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)

SRV - [2006/10/26 22:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...S&bmod=ASUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...S&bmod=ASUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll ()

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\Orange\Antivirus Firewall\NRS\litmus-ff@f-secure.com [2009/12/02 21:23:37 | 00,000,000 | ---D | M]

O1 HOSTS File: (736 bytes) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: ::1 localhost

O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Orange\Antivirus Firewall\NRS\iescript\baselitmus.dll (F-Secure Corporation)

O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Orange\Antivirus Firewall\NRS\iescript\baselitmus.dll (F-Secure Corporation)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()

O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()

O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)

O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()

O4 - HKLM..\Run: [EPSON Stylus DX4200 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [EPSON Stylus DX4200 Series (Copie 1)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Orange\Antivirus Firewall\Common\FSM32.EXE (F-Secure Corporation)

O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Orange\Antivirus Firewall\FSGUI\TNBUtil.exe (F-Secure Corporation)

O4 - HKLM..\Run: [HControlUser] C:\Program Files\ATK Hotkey\HcontrolUser.exe ()

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe (France Telecom SA)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [symLnch] C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Support\SymLnch\SymLnch.exe File not found

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [systrayORAHSS] C:\Program Files\Orange\Systray\SystrayApp.exe (France Telecom SA)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [EPSON Stylus CX4200 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE (SEIKO EPSON CORPORATION)

O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: orange.fr ([www] http in Sites de confiance)

O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2009/11/25 18:27:01 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2009/11/25 18:27:01 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2009/11/25 18:27:04 | 00,000,000 | RHSD | M] - G:\autorun.inf -- [ FAT32 ]

O33 - MountPoints2\{0d8fb13f-b43b-11de-8ef1-0023548f92e7}\Shell - "" = AutoRun

O33 - MountPoints2\{0d8fb13f-b43b-11de-8ef1-0023548f92e7}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found

O33 - MountPoints2\{d7aa0463-8deb-11de-8491-0023548f92e7}\Shell - "" = AutoRun

O33 - MountPoints2\{d7aa0463-8deb-11de-8491-0023548f92e7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

O33 - MountPoints2\G\Shell\AutoRun\command - "" = wd_windows_tools\WDSetup.exe

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (*) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 03:34:27 | 00,000,000 | ---D | M]

NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2009/12/03 10:01:22 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Users\Carole\Desktop\OTL.exe

[2009/12/03 00:14:01 | 00,000,000 | ---D | C] -- C:\Users\Carole\AppData\Roaming\F-Secure

[2009/12/02 22:15:14 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Carole\Desktop\Carole.exe

[2009/12/02 21:41:48 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Carole\Desktop\HiJackThis.exe

[2009/12/02 21:11:03 | 00,071,040 | ---- | C] (F-Secure Corporation) -- C:\Windows\System32\drivers\fsdfw.sys

[2009/12/02 20:39:40 | 00,000,000 | --SD | C] -- C:\ComboFix

[2009/12/02 20:39:40 | 00,000,000 | --SD | C] -- \ComboFix

[2009/12/02 19:44:57 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009/12/02 19:44:57 | 00,000,000 | ---D | C] -- \Qoobox

[2009/11/25 18:27:01 | 00,000,000 | RHSD | C] -- C:\autorun.inf

[2009/11/25 18:27:01 | 00,000,000 | RHSD | C] -- \autorun.inf

[2009/11/25 18:14:47 | 00,000,000 | ---D | C] -- C:\UsbFix

[2009/11/25 18:14:47 | 00,000,000 | ---D | C] -- \UsbFix

[2009/11/25 18:05:17 | 00,000,000 | ---D | C] -- C:\rsit

[2009/11/25 18:05:17 | 00,000,000 | ---D | C] -- \rsit

[2008/06/03 22:41:51 | 00,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys

[2007/07/05 01:28:51 | 00,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll

[1 C:\Users\Carole\Documents\*.tmp files -> C:\Users\Carole\Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/03 10:09:52 | 03,145,728 | -HS- | M] () -- C:\Users\Carole\NTUSER.DAT

[2009/12/03 10:08:59 | 00,023,552 | ---- | M] () -- C:\Windows\System32\tdlcmd.dll

[2009/12/03 10:08:53 | 00,012,800 | ---- | M] () -- C:\Windows\System32\tdlclk.dll

[2009/12/03 10:04:18 | 00,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe

[2009/12/03 10:04:11 | 00,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2009/12/03 10:04:10 | 00,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2009/12/03 10:04:04 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2009/12/03 10:04:01 | 00,027,934 | ---- | M] () -- C:\ProgramData\nvModes.001

[2009/12/03 10:03:51 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2009/12/03 10:02:28 | 00,524,288 | -HS- | M] () -- C:\Users\Carole\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms

[2009/12/03 10:02:28 | 00,065,536 | -HS- | M] () -- C:\Users\Carole\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf

[2009/12/03 10:02:13 | 02,691,316 | -H-- | M] () -- C:\Users\Carole\AppData\Local\IconCache.db

[2009/12/03 10:02:00 | 00,000,290 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2009/12/03 10:01:34 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\Carole\Desktop\OTL.exe

[2009/12/03 09:34:34 | 00,000,558 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job

[2009/12/03 00:19:39 | 00,000,204 | ---- | M] () -- C:\infect.fstmp

[2009/12/03 00:14:00 | 00,000,000 | ---- | M] () -- C:\error.fstmp

[2009/12/02 22:14:27 | 00,781,909 | ---- | M] () -- C:\Users\Carole\Desktop\RSIT.exe

[2009/12/02 22:09:39 | 00,027,934 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2009/12/02 21:41:52 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Carole\Desktop\HiJackThis.exe

[2009/12/02 21:41:52 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Carole\Desktop\Carole.exe

[2009/12/02 21:19:05 | 00,033,920 | ---- | M] () -- C:\Windows\System32\drivers\fsbts.sys

[2009/12/02 21:11:11 | 01,706,152 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2009/12/02 21:11:11 | 00,743,178 | ---- | M] () -- C:\Windows\System32\perfh00C.dat

[2009/12/02 21:11:11 | 00,655,218 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2009/12/02 21:11:11 | 00,157,320 | ---- | M] () -- C:\Windows\System32\perfc00C.dat

[2009/12/02 21:11:11 | 00,130,922 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2009/12/02 20:01:12 | 00,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{91283F18-3F0E-457A-A007-2FA9F9DC6165}.job

[2009/12/02 19:35:55 | 00,810,414 | ---- | M] () -- C:\Users\Carole\Desktop\UNINSTALLATION_TOOL.exe

[2009/12/02 19:32:54 | 03,575,064 | R--- | M] () -- C:\Users\Carole\Desktop\ComboFix.exe

[2009/12/01 20:57:50 | 00,047,616 | ---- | M] () -- C:\Users\Carole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/11/30 16:55:10 | 00,010,787 | ---- | M] () -- C:\Users\Carole\Documents\Objets En Vente.xlsx

[2009/11/29 18:36:37 | 00,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/11/28 14:19:16 | 00,436,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2009/11/27 20:35:23 | 00,000,000 | ---- | M] () -- C:\Users\Carole\defogger_renable

[2009/11/27 18:48:28 | 00,013,916 | ---- | M] () -- C:\Users\Carole\Documents\Budget.xlsx

[2009/11/26 14:41:36 | 03,145,728 | -HS- | M] () -- C:\Users\Carole\ntuser.dat_previous

[2009/11/25 13:30:59 | 02,356,152 | R--- | M] () -- C:\Users\Carole\Documents\Money Sauvegarde.mbf

[2009/11/23 11:39:34 | 00,044,161 | ---- | M] () -- C:\Users\Carole\Documents\EdT Carole.xlsx

[2009/11/22 20:54:46 | 00,321,024 | ---- | M] () -- C:\Users\Carole\Documents\Antoine Laurent Lavoisier[1].ppt

[2009/11/22 20:52:37 | 00,007,549 | ---- | M] () -- C:\Users\Carole\Documents\Lavoisier_texte_1.odt

[2009/11/22 20:51:00 | 00,006,996 | ---- | M] () -- C:\Users\Carole\Documents\Damien Cornacchia ex semaine 23 novembre.odt

[2009/11/22 19:44:36 | 00,005,073 | ---- | M] () -- C:\Users\Carole\Documents\Plan.odt

[2009/11/22 19:40:56 | 00,004,577 | ---- | M] () -- C:\Users\Carole\Documents\Lexique.odt

[2009/11/21 12:17:18 | 00,292,352 | ---- | M] () -- C:\Users\Carole\Desktop\gmer.exe

[2009/11/20 18:58:22 | 00,011,353 | ---- | M] () -- C:\Users\Carole\Documents\Semaine.xlsx

[2009/11/20 18:44:41 | 00,016,574 | ---- | M] () -- C:\Windows\EPISMF00.SWB

[1 C:\Users\Carole\Documents\*.tmp files -> C:\Users\Carole\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/02 22:21:34 | 00,292,352 | ---- | C] () -- C:\Users\Carole\Desktop\gmer.exe

[2009/12/02 22:14:26 | 00,781,909 | ---- | C] () -- C:\Users\Carole\Desktop\RSIT.exe

[2009/12/02 21:41:47 | 00,012,800 | ---- | C] () -- C:\Windows\System32\tdlclk.dll

[2009/12/02 20:39:37 | 00,023,552 | ---- | C] () -- C:\Windows\System32\tdlcmd.dll

[2009/12/02 19:35:50 | 00,810,414 | ---- | C] () -- C:\Users\Carole\Desktop\UNINSTALLATION_TOOL.exe

[2009/12/02 19:32:51 | 03,575,064 | R--- | C] () -- C:\Users\Carole\Desktop\ComboFix.exe

[2009/11/27 20:35:23 | 00,000,000 | ---- | C] () -- C:\Users\Carole\defogger_renable

[2009/11/25 18:44:56 | 00,000,159 | ---- | C] () -- \VundoFix.txt

[2009/11/25 18:19:00 | 00,008,313 | ---- | C] () -- \UsbFix.txt

[2009/11/22 20:50:56 | 00,006,996 | ---- | C] () -- C:\Users\Carole\Documents\Damien Cornacchia ex semaine 23 novembre.odt

[2009/11/22 19:44:33 | 00,005,073 | ---- | C] () -- C:\Users\Carole\Documents\Plan.odt

[2009/11/22 19:40:53 | 00,004,577 | ---- | C] () -- C:\Users\Carole\Documents\Lexique.odt

[2009/11/20 18:44:40 | 00,016,574 | ---- | C] () -- C:\Windows\EPISMF00.SWB

[2009/10/22 14:18:39 | 00,000,000 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini

[2009/10/22 14:18:38 | 00,237,568 | ---- | C] () -- C:\Windows\System32\qtmlClient.dll

[2009/08/18 00:54:08 | 00,000,204 | ---- | C] () -- \infect.fstmp

[2009/08/18 00:54:08 | 00,000,000 | ---- | C] () -- \error.fstmp

[2009/08/07 03:03:00 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/08/07 03:01:32 | 00,019,944 | ---- | C] () -- C:\Windows\System32\drivers\atapi.sys

[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/07/24 00:21:22 | 00,029,239 | ---- | C] () -- C:\Users\Carole\AppData\Roaming\UserTile.png

[2009/06/17 18:18:26 | 00,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe

[2009/05/30 20:28:19 | 00,033,920 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys

[2009/05/25 18:07:08 | 00,000,680 | ---- | C] () -- C:\Users\Carole\AppData\Local\d3d9caps.dat

[2009/05/09 13:37:48 | 00,000,094 | ---- | C] () -- C:\Users\Carole\AppData\Local\fusioncache.dat

[2009/03/31 11:30:40 | 00,000,000 | RHS- | C] () -- \MSDOS.SYS

[2009/03/31 11:30:40 | 00,000,000 | RHS- | C] () -- \IO.SYS

[2009/03/05 11:19:09 | 00,000,021 | ---- | C] () -- \NIS2008.TXT

[2009/02/23 15:23:20 | 00,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll

[2009/01/21 18:17:46 | 00,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2009/01/21 18:17:22 | 00,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2009/01/21 18:17:22 | 00,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2009/01/21 18:17:20 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2009/01/21 18:17:13 | 00,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2009/01/21 18:17:13 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest

[2009/01/21 13:43:28 | 00,047,616 | ---- | C] () -- C:\Users\Carole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/01/21 12:41:06 | 35,341,14816 | -HS- | C] () --

[2009/01/21 12:20:18 | 00,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini

[2008/11/22 20:25:18 | 00,000,105 | ---- | C] () -- \Pass.txt

[2008/11/21 06:00:23 | 00,019,069 | ---- | C] () -- \devlist.txt

[2008/11/21 05:57:03 | 00,000,009 | ---- | C] () -- \Finish.log

[2008/11/21 05:44:49 | 00,000,024 | ---- | C] () -- C:\Windows\System32\ChkMail.ini

[2008/11/21 05:14:04 | 00,000,159 | ---- | C] () -- \Setup.log

[2008/11/21 05:11:35 | 00,000,646 | ---- | C] () -- \RHDSetup.log

[2008/11/21 04:34:44 | 00,000,481 | ---- | C] () -- \igoogle_log.txt

[2008/11/21 04:06:02 | 00,000,021 | ---- | C] () -- \V552.txt

[2008/11/21 03:56:15 | 00,000,166 | ---- | C] () -- \SumHidd.txt

[2008/11/21 03:55:30 | 00,000,098 | ---- | C] () -- \SumOS.txt

[2008/10/01 06:09:42 | 00,000,021 | ---- | C] () -- \msapp2.LOG

[2008/09/24 18:54:29 | 01,048,576 | RH-- | C] () -- \X71SLAS.BIN

[2008/09/08 21:19:49 | 00,000,027 | ---- | C] () -- \Driver.20

[2008/07/02 04:28:38 | 00,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll

[2008/06/02 17:51:13 | 00,000,022 | ---- | C] () -- \RECOVERY.DAT

[2008/05/23 04:01:42 | 00,000,030 | ---- | C] () -- \NERO.LOG

[2008/05/22 18:35:54 | 00,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg

[2008/05/13 22:35:23 | 01,772,544 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys

[2008/04/29 14:49:01 | 00,000,020 | ---- | C] () -- \READER_A.TXT

[2008/04/16 12:27:14 | 00,333,257 | RHS- | C] () -- \bootmgr

[2008/04/16 11:43:39 | 00,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini

[2008/04/16 11:43:26 | 00,000,019 | ---- | C] () -- \CA21.txt

[2008/03/21 03:56:21 | 00,002,666 | ---- | C] () -- \Patch.LOG

[2007/06/12 19:34:50 | 00,035,822 | ---- | C] () -- C:\Program Files\Common Files\ASPG_icon.ico

[2007/05/09 23:16:39 | 00,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys

[2007/03/16 00:17:34 | 00,000,025 | ---- | C] () -- \OFFICE2007_A.TXT

[2006/11/02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 11:23:09 | 00,000,024 | ---- | C] () -- \autoexec.bat

[2006/11/02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 07:25:08 | 00,000,010 | ---- | C] () -- \config.sys

[2006/05/19 19:39:57 | 00,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

[2006/03/09 02:57:59 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2004/02/29 16:44:34 | 00,052,576 | ---- | C] () -- \orange.bmp

========== LOP Check ==========

[2009/11/18 11:35:11 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\Auslogics

[2009/10/08 21:23:53 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\DAEMON Tools Lite

[2009/05/13 10:10:56 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\eMule

[2009/03/24 11:42:58 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\EPSON

[2009/12/03 00:14:01 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\F-Secure

[2009/10/08 14:42:40 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\GARMIN

[2009/05/30 21:02:22 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\gtk-2.0

[2009/08/20 04:24:22 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\ITTNord

[2009/03/05 11:19:15 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\Oberon Games

[2009/07/24 00:21:22 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\PeerNetworking

[2009/08/18 01:44:40 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\PlayFirst

[2009/10/23 18:17:23 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\proDAD

[2009/10/08 21:30:15 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\Sony

[2009/12/03 10:02:18 | 00,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2009/12/03 09:34:34 | 00,000,558 | ---- | M] () -- C:\Windows\Tasks\Scheduled scanning task.job

[2009/12/02 20:01:12 | 00,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{91283F18-3F0E-457A-A007-2FA9F9DC6165}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >

[2008/01/21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008/01/21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008/01/21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008/01/21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008/01/21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006/11/02 10:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >

[2009/04/11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009/04/11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008/01/21 03:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008/01/21 03:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006/11/02 10:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2009/04/11 07:32:26 | 00,019,944 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\atapi.sys

< MD5 for: CNGAUDIT.DLL >

[2006/11/02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006/11/02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >

[2008/01/21 03:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008/01/21 03:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008/01/21 03:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006/11/02 10:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >

[2009/04/11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009/04/11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008/01/21 03:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >

[2006/11/02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008/01/21 03:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008/01/21 03:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008/01/21 03:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >

[2008/01/21 03:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2009/04/11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009/04/11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:D2A5A561

@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:37994DBE

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:6B86037F

@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:6677D85A

@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:10D98D98

< End of report >

Et maintenant, extras .txt

OTL Extras logfile created on: 03/12/2009 10:09:11 - Run 1

OTL by OldTimer - Version 3.1.11.4 Folder = C:\Users\Carole\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18828)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 90,52% Memory free

4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 149,04 Gb Total Space | 74,43 Gb Free Space | 49,94% Space Free | Partition Type: NTFS

Drive D: | 139,28 Gb Total Space | 133,76 Gb Free Space | 96,04% Space Free | Partition Type: NTFS

Drive E: | 3,74 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

F: Drive not present or media not loaded

Drive G: | 596,02 Gb Total Space | 243,93 Gb Free Space | 40,93% Space Free | Partition Type: FAT32

Drive H: | 977,47 Mb Total Space | 965,47 Mb Free Space | 98,77% Space Free | Partition Type: FAT

I: Drive not present or media not loaded

Computer Name: ORDI-DE-CAROLE

Current User Name: Carole

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

chm.file [open] -- "%SystemRoot%\hh.exe" %1

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" File not found

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Orange\Connectivity\ConnectivityManager.exe" = C:\Program Files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS -- (France Telecom SA)

"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{04EF0DAA-3364-4753-A67A-0A380C8B579D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |

"{0CC8CD90-C72F-4D3D-9F21-541A0B3D7295}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=c:\windows\system32\dfsr.exe |

"{0CFD4547-4B38-4A07-9E9D-5914E5FE6F23}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |

"{0E38BF59-D21B-41C6-A767-4E4B64508B4E}" = lport=2869 | protocol=6 | dir=in | app=system |

"{0FC2A612-7AF3-4F96-A8BA-A6D8FAC780BF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{10389D0A-65D9-40F9-8A68-8385F680EE10}" = rport=5358 | protocol=6 | dir=out | app=system |

"{10EE348B-7DDD-4BF3-BE60-F3DC624C4A5B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{16FA9091-FC13-4A15-A8ED-50A3EF3CBFD3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{1DE8CCAF-911B-4B45-9B27-3D726AE53F77}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe |

"{25921FE2-54DF-4986-9659-3CB705096C54}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |

"{26481A59-97D6-4DB4-B4DD-916102E9A745}" = rport=137 | protocol=17 | dir=out | app=system |

"{2BF705E1-6D18-408A-844B-8643AE6F1122}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{2D064117-F3B1-4536-86F5-4BB9D768E4D9}" = lport=2869 | protocol=6 | dir=in | app=system |

"{2D24594C-EE2C-4672-B2CB-96CD31ABD7E2}" = lport=80 | protocol=6 | dir=in | app=system |

"{33A7DB04-4545-41B8-A1C3-0209A4E5C03A}" = rport=10244 | protocol=6 | dir=out | app=system |

"{34CA4EA4-A578-4488-A32D-ACC936749E10}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |

"{3579FB55-65E8-44D4-9D86-621FB97552FA}" = lport=teredo | protocol=17 | dir=in | svc=iphlpsvc | app=c:\windows\system32\svchost.exe |

"{37DDD179-454B-4CFD-8D7D-D68348D64008}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=c:\windows\system32\svchost.exe |

"{3AA85D1D-3D5F-4830-AC07-262FB63D0FE9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |

"{3EC000F3-0914-424B-BFFC-C6B5C875EFEC}" = rport=1723 | protocol=6 | dir=out | app=system |

"{3FC9B20E-4177-473D-AD6E-11788E270279}" = lport=2178 | protocol=6 | dir=in | app=system |

"{400266FE-015D-4562-A703-AD68426B01FF}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=c:\windows\system32\vds.exe |

"{4042ACE2-BD12-4C3D-84A9-69C2816100DF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |

"{42D3764F-C486-4356-94F8-E96226976914}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=c:\windows\system32\svchost.exe |

"{439A9972-38A2-4D03-9F4A-82F93BE18116}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{439C4EE8-E464-4F43-9E27-DBE936FEC3B5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{43C086A1-BE7D-45C7-95D4-BAB9BA3D3C28}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |

"{488756BD-1F66-4E1A-B2BE-74C7AA4FE5AA}" = rport=10244 | protocol=6 | dir=out | app=system |

"{4E55B95F-4575-4792-8CE8-85F5351E00E2}" = lport=10244 | protocol=6 | dir=in | app=system |

"{4E6EF3FD-FFD2-4AE0-B832-ADE90AABC5B2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |

"{5365BA64-FB48-4485-839B-2745B2CD3AEE}" = lport=1701 | protocol=17 | dir=in | app=system |

"{537B869D-2A32-411A-9266-543B42057596}" = lport=rpc | protocol=6 | dir=in | svc=* | app=c:\windows\system32\svchost.exe |

"{544FD8E6-DCC9-4DD8-B355-5715272F27C3}" = lport=rpc | protocol=6 | dir=in | svc=schedule | app=c:\windows\system32\svchost.exe |

"{5E83E43E-0A75-4536-97B8-72130C67638B}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\services.exe |

"{606DB5AE-CC5C-424E-BFE0-11069B0530DF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{614DE214-860D-41ED-9C3D-B80D1D3BAE98}" = lport=445 | protocol=6 | dir=in | app=system |

"{61B1E811-F7CB-4EE2-B0A9-AAE49760D774}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=c:\windows\system32\svchost.exe |

"{6424D34F-787F-4BFE-A03A-87837D4CCB4A}" = lport=162 | protocol=17 | dir=in | svc=snmptrap | app=c:\windows\system32\snmptrap.exe |

"{65774F19-B7E3-4722-ADEE-C6CF2B93EC2E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{674810AA-5E1C-4208-B0C2-7951A48A3D71}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |

"{6AEF0A4F-D1BA-4FE7-BD5B-7608E11F808C}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |

"{6CFBD518-C2B6-412F-BBFC-409C6B846DFD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{6F7729B7-DD75-48C7-84AC-D8E6C9F645ED}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe |

"{76EA2D60-05CB-4839-AF50-C9E3DA328698}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe |

"{7DB7552E-B7CA-4E55-BA20-592B07B6395E}" = rport=67 | protocol=17 | dir=in | svc=dhcp | app=c:\windows\system32\svchost.exe |

"{7F4BF18B-6334-4866-978E-BA21788F7382}" = rport=5357 | protocol=6 | dir=out | app=system |

"{81A151D8-24EC-415D-A171-EB1F13553F68}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |

"{8259521A-4347-48AE-948F-6C4B77ABE600}" = lport=445 | protocol=6 | dir=in | app=system |

"{8A7E6871-A7C0-40AE-B45B-485EF67E98F6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{8BEB0E93-3778-43EE-993C-1CED06F80C51}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |

"{8FE9261C-4488-4512-B0FA-CB1E8FE037A9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |

"{907393C0-1C87-4DB9-BC0E-6E90262FDCDF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |

"{9271B479-5269-41D7-A0E0-FD4BAEDC6327}" = rport=10243 | protocol=6 | dir=out | app=system |

"{92B5333B-6588-46E3-AF4E-E1ABFCD9A648}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{985584CE-124B-4AE1-ADA6-0A268C6F7E33}" = rport=445 | protocol=6 | dir=out | app=system |

"{98611EA2-F20C-4AE1-9330-9F4F29FD56A2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{992806BF-7073-4D71-B2C6-06A1F8A61C9B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{99CA74F3-5D4F-4D62-8BAE-18B738F544A9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |

"{9A31DBAF-FCE6-4521-8DB9-63F4F4470A37}" = rport=67 | protocol=17 | dir=out | svc=dhcp | app=c:\windows\system32\svchost.exe |

"{9B05E977-A447-457A-A664-92F01EBE3FA0}" = lport=1723 | protocol=6 | dir=in | app=system |

"{9E68F8E0-81BC-4F62-A242-5EFA76C8D97B}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\vdsldr.exe |

"{A3678B4E-7D86-4D77-8125-9A491F4A42B7}" = lport=rpc | protocol=6 | dir=in | svc=ktmrm | app=c:\windows\system32\svchost.exe |

"{A3873589-768A-4BA8-8775-0C0A6B5B6ADC}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |

"{A4E1B6FF-D89F-42CB-AAE9-8D3970CCDE02}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=c:\windows\system32\dfsr.exe |

"{A6D0C651-A907-46EF-9EE1-EEB4C012AE9F}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe |

"{A8185B98-0FF3-4655-A852-F879A4EDFF04}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{A9863B9C-A920-4CFD-AD29-373CF20D05E0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |

"{A9E35231-05F7-4B5A-B443-216A2769688C}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |

"{B18BA636-C003-47D1-9E1B-850F06150E95}" = lport=445 | protocol=6 | dir=in | app=system |

"{B2D62FE5-798E-4A8C-957D-A3E205E4C9CD}" = rport=2178 | protocol=6 | dir=out | app=system |

"{BE2AF41B-80FB-48DB-9C48-7E28C8D456B2}" = lport=5357 | protocol=6 | dir=in | app=system |

"{C472CC72-996A-4170-9138-6BF558FF0A87}" = lport=443 | protocol=6 | dir=in | app=system |

"{C5EB9BAA-CF0B-4086-95DA-930BC7672AED}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{C7EE5998-C6D5-4019-8D1B-8346B52AC2FB}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |

"{C8206BAC-2C5B-4C90-8ACD-D556A1577917}" = lport=5358 | protocol=6 | dir=in | app=system |

"{C94D3EBC-C98C-4710-B43C-77D0BFBF5489}" = lport=445 | protocol=6 | dir=in | app=system |

"{C9D2109F-A9BE-4476-BF71-5F32814531F5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{CACBD1CC-8170-48BA-9DAD-2C6E31944638}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{CAED2A27-0C0B-4052-83DD-14B9A2FED23C}" = rport=1701 | protocol=17 | dir=out | app=system |

"{CD082EB4-F87D-49BF-AC18-361EE12375C5}" = lport=3390 | protocol=6 | dir=in | app=system |

"{CDAB6DD3-4847-433E-9C69-B85D72BC2BC9}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |

"{D08791AA-2267-40B3-B435-71A927422AF5}" = lport=10243 | protocol=6 | dir=in | app=system |

"{D2AABAD9-E592-4955-985F-878992C05F04}" = rport=138 | protocol=17 | dir=out | app=system |

"{D4E9BCBF-437D-482B-8029-FDAAE6DF720B}" = rport=139 | protocol=6 | dir=out | app=system |

"{D950F9D4-2901-42F7-90AB-31C00CC4FB44}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |

"{DB04B4DF-4613-475B-99E2-4977499E07E6}" = rport=53 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |

"{DDA19E9A-B56B-4F16-8FE3-207A4D01C88C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |

"{E5D68986-3C2C-47C7-AEFC-BB2B34DBF478}" = lport=138 | protocol=17 | dir=in | app=system |

"{E70242E9-5705-4E66-AC4A-AD473223EE8E}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |

"{E802D80E-2528-4373-8906-40CACD2C189A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |

"{E81D012B-2659-4717-8491-0C7EA31DF602}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe |

"{E8C051BB-E23B-400C-9F88-18DC23DBBFCD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{EB7E1286-EF63-4E73-B015-2A83F5A17F76}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |

"{ECB4FE06-B1FA-487D-A6E5-78C6C41D6A82}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

"{ECC149CB-C96F-4027-A4D0-E3A3ED3C6046}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |

"{F1E61521-A2BE-4095-9D42-FBCC8F493E18}" = lport=137 | protocol=17 | dir=in | app=system |

"{F4F479ED-7934-4F29-9FA8-F6D40728CA4C}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{F53745CF-80BE-4378-B61C-0287675547EF}" = lport=10244 | protocol=6 | dir=in | app=system |

"{F7B477C0-8DDF-4F65-A30B-3B8B1831628E}" = lport=3390 | protocol=6 | dir=in | app=system |

"{FAFFFA41-0AD9-41C0-8EF2-E3C418B786C9}" = lport=139 | protocol=6 | dir=in | app=system |

"{FBA2D11F-68A1-4362-8A07-6929FE02B7F5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{FC640F58-EB08-47AD-9BA3-9F48354B95B4}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe |

"{FF7D685D-B3B7-4276-87A8-CFF9544A3276}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{049FDB24-B33A-4425-9452-36334DBDAA9F}" = protocol=58 | dir=out | name=réseau de base - requête d’écouteur de multidiffusion (icmpv6-sortie) |

"{0A20B265-EA6F-47DA-8580-065026C2E933}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |

"{0AC69B42-01DA-43A3-BB7E-CD2849D6A05B}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |

"{0B15BC76-D37D-4BB2-AD95-7477CC819C1C}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |

"{0BD0A72C-1159-40FA-A789-D3C7AC047447}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |

"{0D660FAA-C28C-4DA9-B40B-038DA850520E}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe |

"{0FD4DC4F-11E5-42F0-8E6C-FC25E6FE73D8}" = protocol=58 | dir=out | name=gestion réseau de base - problème de paramètres (icmpv6-out) |

"{1A326DDD-F35C-449A-BA1C-651B964A84F0}" = protocol=58 | dir=in | app=system |

"{1A5E6BF8-1E0F-4EC6-8BE2-0CF90806F4F4}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |

"{228C8B1A-B625-419C-85F4-916A9F1D2492}" = protocol=6 | dir=in | app=c:\program files\transcode360\transcode360tray.exe |

"{2B8455CA-8753-41CE-B702-BD988A299853}" = protocol=17 | dir=out | svc=iphlpsvc | app=c:\windows\system32\svchost.exe |

"{2F6B74EE-4155-4180-9650-EFDF6A9064FB}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe |

"{33243D8F-7D83-4938-B955-816D5C5E45A8}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe |

"{385A9FF2-0689-4353-AB90-B5CC8E3D175E}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |

"{3EA4D1D1-A413-4981-ADD5-5732E576E647}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe |

"{439BFB47-F60F-4F63-BF92-0CE2984F8850}" = protocol=58 | dir=in | app=system |

"{477D2297-2A67-40C8-9F57-69AEE7729667}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |

"{48515E2D-C458-40FE-9BF9-45FF0A3B057F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{48685AF5-038D-4DA5-A2CB-3EA938DCE2D7}" = protocol=1 | dir=in | app=system |

"{499A798D-B67B-4F35-BDBF-0AC53136215C}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |

"{4DBC2C6D-9696-4944-9568-5E133EA91B18}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |

"{4E15C13B-8E3F-42C2-85E7-AC405C93EDE6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{4EBBB369-A715-4443-BB8C-5356BDEC2435}" = protocol=6 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |

"{4F34D8DC-C606-44FC-82D6-46412C64F132}" = protocol=6 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |

"{4F8D731B-2E34-4DA7-BFFF-A9BB74D2C29D}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{5205ADCF-4C5E-4D68-AB77-151FC55AC953}" = protocol=17 | dir=in | app=c:\program files\transcode360\transcode360tray.exe |

"{533E81CC-5263-48FE-80B1-9C8751F1728C}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe |

"{54EEC159-B294-46E4-9730-AFBDA6A3ECDE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{55090630-FC2F-4A6D-B06F-87D69B6E5515}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe |

"{58D11DFF-97B5-4C07-B358-5C858E0714F1}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |

"{5AB20C04-F03E-4BD8-AD91-69F7904AF2CA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{6089F5F0-291A-4CE6-B524-09C397AA29F5}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |

"{60C75F23-AFBC-460F-B4EA-F1CF81D80984}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |

"{60C824A5-3445-4FAE-8BE1-F529F98DD872}" = protocol=17 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |

"{61708798-82C9-415B-8939-30B288857EDC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{67555AA4-0514-4B8A-B92F-D46FC6370B08}" = protocol=41 | dir=in | app=system |

"{6B9B33E4-3443-4C11-BF8F-6959CD8922E6}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{6BB60378-083D-4118-AF3F-B9CCCA59E953}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe |

"{6F55A447-75D6-49A2-BFE8-06E4C66B0608}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |

"{70F1D2A5-D788-4960-B0F5-7C8D4E8F0351}" = protocol=6 | dir=in | svc=winmgmt | app=c:\windows\system32\svchost.exe |

"{7419D61E-769D-44CC-BFA7-95FBEB99DA74}" = protocol=58 | dir=out | name=réseau de base - écouteur de multidiffusion terminé (icmpv6-sortie) |

"{753F422A-4642-4E63-A3EC-C5FC7579E062}" = protocol=58 | dir=in | app=system |

"{76287C08-5B55-44BE-A9F3-D1FC46EE7180}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{774B46A2-2337-4CE5-A979-10E3DC7996A6}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |

"{77720A24-4A06-4F52-B1FD-8D0104FD1118}" = protocol=6 | dir=in | app=c:\program files\transcode360\transcode360.exe |

"{7C5F32B5-CC24-4A1F-B540-5BCE483B9364}" = protocol=58 | dir=out | name=réseau de base - publication de découverte de voisin (icmpv6-sortie) |

"{7C6A148C-218A-481C-A600-DEAA9592AE30}" = protocol=58 | dir=out | name=gestion réseau de base - temps dépassé (icmpv6-out) |

"{7C7DA6BE-12ED-497A-87E7-5051210E774E}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe |

"{7C8792B1-9223-440A-A08D-C01ADBE83D03}" = protocol=6 | dir=in | app=c:\windows\system32\wbem\unsecapp.exe |

"{7E53A26A-A8D2-439A-8548-CD93678DF9DD}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |

"{84C30DDB-52D5-4243-8E50-0CE145085FBF}" = protocol=2 | dir=out | app=system |

"{8848274C-B105-436F-A748-D802B12849E6}" = protocol=58 | dir=in | app=system |

"{8C4DFD6B-210C-4F3E-B60A-F8D733983BE7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{8FD6F03B-4E92-4F4D-BC37-33190F424B4B}" = protocol=58 | dir=out | name=réseau de base - sollicitation de découverte de voisin (icmpv6-sortie) |

"{9940C6D1-04FA-4A7F-ADC2-E84853126E7F}" = protocol=6 | dir=out | svc=winmgmt | app=c:\windows\system32\svchost.exe |

"{99704D7F-A25F-40EA-B988-5A7D53D75C54}" = protocol=6 | dir=out | app=system |

"{99AC5E78-BF55-4C91-AA00-E2D1DFCB61AF}" = protocol=6 | dir=out | app=system |

"{A1D76154-00F8-49A0-B2A0-3BFA66844B03}" = protocol=58 | dir=in | app=system |

"{ABB6F208-684A-4477-B968-4116C8640EA5}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe |

"{B06B84B9-CAB4-4E89-8465-4A0FA2CBD05A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{B07EED7E-49EF-4DA8-B43E-F3AB4650F044}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |

"{B39484FC-9A86-497B-BC7B-179325455F77}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe |

"{B39EFA30-0A15-4629-976E-9AE9C5A1CE39}" = protocol=41 | dir=out | app=system |

"{B7B02BAF-B8D6-4B05-8960-5F297829FDC0}" = protocol=58 | dir=in | app=system |

"{BAF0DB69-B8EA-43B4-8C29-94A0812AF481}" = protocol=58 | dir=in | app=system |

"{BB362584-2EB1-4A09-A665-1F67F227FBD3}" = protocol=2 | dir=in | app=system |

"{BB6A4C05-54C7-4669-9907-FA552312BFD7}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{D0279F1F-A611-4660-9636-EBEDA1700274}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{D0B95589-895D-4EC3-8B64-E77D6BDBF76F}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe |

"{DF836860-1DC5-4A33-9D92-D59D41B1F1EC}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe |

"{E075479E-5698-44AC-9979-07A5597AD32A}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe |

"{E0770B0B-6DFF-4100-A302-24BF65C6CF6D}" = protocol=17 | dir=in | app=c:\program files\transcode360\transcode360.exe |

"{E2875728-68C7-4803-8EBC-089A7701E4DC}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |

"{E2EA67EA-DC25-48A6-AFCC-747274C109EA}" = protocol=17 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |

"{E3702C79-19B3-4293-8C80-364FFF843F86}" = protocol=6 | dir=in | app=c:\windows\system32\msdtc.exe |

"{E3A2CDAD-C193-441F-8B1E-ABB7482D37C8}" = protocol=58 | dir=in | app=system |

"{E41B525E-0227-4E1F-A530-419DB8EC1AD3}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |

"{E4AA3A52-0D53-435F-BE72-5291BAC3B161}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |

"{E4D6A069-6F87-4D5A-BB58-9EC8E5863122}" = protocol=58 | dir=out | name=réseau de base - rapport d’écouteur de multidiffusion v2 (icmpv6-sortie) |

"{E6350DD9-F555-4088-AF53-BE1445AA2FBB}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{E655E1CF-65C0-4EC9-9890-EF4AD95E9539}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |

"{E6B08270-5B07-4B83-A405-6A84685113C6}" = protocol=58 | dir=out | name=réseau de base - rapport d’écouteur de multidiffusion (icmpv6-sortie) |

"{E6DCF104-D289-496A-80BB-9EDB0B8D81BC}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |

"{EC886C9D-39B4-48AC-8399-7D9C2E01A589}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |

"{EE8E42D3-8DB6-4A2A-B379-42D0EF68CF75}" = protocol=6 | dir=out | app=c:\windows\system32\msdtc.exe |

"{F00A1DF3-2E56-4C7B-8099-82DD10FFAE15}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{F4184533-9761-4252-A477-B7AD29B7679D}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |

"{F722861D-F7AB-4247-8E31-AD9915FAAA99}" = protocol=58 | dir=out | name=réseau de base - paquet trop important (icmpv6-sortie) |

"{F7A4E09A-3E1C-44E8-B847-792CE48BAA73}" = protocol=58 | dir=out | name=réseau de base - publication de routage (icmpv6-sortie) |

"{F9676C41-2874-4F13-A9D4-6C74120B7535}" = protocol=58 | dir=in | app=system |

"{FAA2F043-B7B4-40BE-90D4-8F3F72DC926C}" = protocol=58 | dir=in | app=system |

"{FD21958F-4176-4690-9425-515B2CE766F5}" = protocol=58 | dir=out | name=réseau de base - sollicitation des routeurs (icmpv6-sortie) |

"{FE032988-1EB0-4660-A0C2-070973347486}" = protocol=58 | dir=in | app=system |

"{FE74EAEE-91C3-4E34-84C5-395D22F3821C}" = protocol=58 | dir=in | app=system |

"TCP Query User{1D1D396A-FEFE-4669-ACAE-3A998F46BF77}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

"TCP Query User{290547EE-AF63-43B2-BB13-806C0DC20CFC}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |

"TCP Query User{2C15B30C-28A1-4ECA-BC4B-751D27266074}C:\users\carole\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\carole\program files\dna\btdna.exe |

"TCP Query User{7B40A48C-ACF5-4BD1-BCA1-028B9EF6F685}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"TCP Query User{8A4E5436-BF62-47C7-A8E2-696FE555135E}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |

"TCP Query User{9E05E0FC-2C4B-4340-BAD7-E8A2A53AF139}C:\users\carole\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\carole\program files\dna\btdna.exe |

"UDP Query User{29BAB1AA-A549-4B13-97AB-5B56B4C9BD51}C:\users\carole\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\carole\program files\dna\btdna.exe |

"UDP Query User{44CE3D72-3E66-414E-927F-841319E03E2B}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |

"UDP Query User{9071D3B5-F47E-476A-8944-8651B6BEAC92}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |

"UDP Query User{AD137BDE-CFA9-4175-A57B-8079F4023D06}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"UDP Query User{D46CB03D-5F3A-4327-A13B-51CAB63A1F3C}C:\users\carole\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\carole\program files\dna\btdna.exe |

"UDP Query User{F8446E58-4B3A-416C-B0E4-6CAA0D5B4E0F}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology

"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1

"{17342E3B-0818-4A6F-BFF8-99476605ADD6}" = livebox

"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager

"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program

"{2862A3C1-0CD9-4D8B-A28C-8C337D4DD5EB}" = Express Gate

"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module

"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update

"{4FEC2880-0ED9-44F4-AD20-1F4F4619B8F9}" = Mega Manager

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02

"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2

"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe

"{63DC2DA0-2A6C-4C38-9249-B75395458657}" = Windows Live Mail

"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7370DF47-B4F9-4279-BFC3-3F09919F720D}" = Installation Windows Live

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{82419DFA-102C-403D-B9D0-C0F0652AB8F8}" = Sony Ericsson Media Manager 1.1

"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module

"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007

"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007

"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007

"{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007

"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007

"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007

"{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007

"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007

"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007

"{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007

"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007

"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007

"{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007

"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007

"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007

"{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007

"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007

"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007

"{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007

"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007

"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007

"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007

"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007

"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007

"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007

"{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007

"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007

"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme

"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3

"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AC76BA86-7AD7-1036-7B44-A81300000003}" = Adobe Reader 8.1.3 - Français

"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support

"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution

"{C20B3C31-28CD-4732-AE45-A30F401AF91F}" = WALKMAN Launcher

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes

"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media

"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service

"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash

"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag

"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager

"{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3}" = F-Secure PSC Prerequisites

"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update

"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express

"{EFF87108-C9D0-43F1-BEE1-28DA87778F1A}" = Garmin Communicator Plugin

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1D891A7-2BAF-4033-9A20-DBB78F86BF0C}" = Video Downloader

"{FE013D72-CF3D-41A8-BC09-C38070FDE2CB}" = Image Converter 3

"{ORAHSS}.Browser" = Navigateur Orange

"{ORAHSS}.UninstallSuite" = Orange - Logiciels Internet

"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver

"CCleaner" = CCleaner

"eMule" = eMule

"EPSON Printer and Utilities" = EPSON Logiciel imprimante

"EPSON Scanner" = EPSON Scan

"F-Secure Product 440" = Anti-virus firewall

"HijackThis" = HijackThis 2.0.2

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00

"KLiteCodecPack_is1" = K-Lite Codec Pack 4.5.3 (Full)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MSMONEYV80" = Microsoft Money 2000 Suite Financière

"NVIDIA Drivers" = NVIDIA Drivers

"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01

"PROHYBRIDR" = 2007 Microsoft Office system

"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)

"Supermarket Management1.1.6" = Supermarket Management

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam

"WinLiveSuite_Wave3" = Installation Windows Live

"WinRAR archiver" = Archiveur WinRAR

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 30/11/2009 11:25:15 | Computer Name = Ordi-de-Carole | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103

Description =

Error - 30/11/2009 11:30:19 | Computer Name = Ordi-de-Carole | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103

Description =

Error - 30/11/2009 11:35:21 | Computer Name = Ordi-de-Carole | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103

Description =

Error - 30/11/2009 11:40:22 | Computer Name = Ordi-de-Carole | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103

Description =

Error - 30/11/2009 11:45:25 | Computer Name = Ordi-de-Carole | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103

Description =

Error - 30/11/2009 11:50:25 | Computer Name = Ordi-de-Carole | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103

Description =

Error - 30/11/2009 11:55:29 | Computer Name = Ordi-de-Carole | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103

Description =

Error - 30/11/2009 12:00:29 | Computer Name = Ordi-de-Carole | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103

Description =

Error - 30/11/2009 12:05:33 | Computer Name = Ordi-de-Carole | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103

Description =

Error - 30/11/2009 12:10:34 | Computer Name = Ordi-de-Carole | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103

Description =

[ Media Center Events ]

Error - 07/05/2009 15:28:02 | Computer Name = Ordi-de-Carole | Source = Mcx2Dvcs | ID = 401

Description =

Error - 09/05/2009 08:45:19 | Computer Name = Ordi-de-Carole | Source = ehReplay | ID = 701

Description =

Error - 09/05/2009 08:45:19 | Computer Name = Ordi-de-Carole | Source = ehReplay | ID = 700

Description =

Error - 09/05/2009 08:45:34 | Computer Name = Ordi-de-Carole | Source = ehReplay | ID = 701

Description =

Error - 09/05/2009 08:46:27 | Computer Name = Ordi-de-Carole | Source = McrMgr | ID = 109

Description =

[ OSession Events ]

Error - 02/02/2009 09:50:19 | Computer Name = Ordi-de-Carole | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1789

seconds with 1440 seconds of active time. This session ended with a crash.

Error - 28/03/2009 15:57:54 | Computer Name = Ordi-de-Carole | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 23477

seconds with 4140 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 02/12/2009 15:50:14 | Computer Name = Ordi-de-Carole | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description =

Error - 02/12/2009 15:52:40 | Computer Name = Ordi-de-Carole | Source = Service Control Manager | ID = 7030

Description =

Error - 02/12/2009 16:01:43 | Computer Name = Ordi-de-Carole | Source = EventLog | ID = 6008

Description = L'arrêt système précédant à 20:56:59 le 02/12/2009 n'était pas prévu.

Error - 02/12/2009 16:02:49 | Computer Name = Ordi-de-Carole | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description =

Error - 02/12/2009 16:17:32 | Computer Name = Ordi-de-Carole | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description =

Error - 02/12/2009 16:38:09 | Computer Name = Ordi-de-Carole | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description =

Error - 02/12/2009 17:11:30 | Computer Name = Ordi-de-Carole | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description =

Error - 02/12/2009 17:24:04 | Computer Name = Ordi-de-Carole | Source = Service Control Manager | ID = 7031

Description =

Error - 03/12/2009 04:35:36 | Computer Name = Ordi-de-Carole | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description =

Error - 03/12/2009 05:06:09 | Computer Name = Ordi-de-Carole | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description =

< End of report >

Citer

Falkra

Devil Member !

Falkra

Posté(e) le 4 décembre 2009

- Signaler

Posté(e) le 4 décembre 2009

Ok, on avance. Le fichier incriminé est visible maintenant. On va tenter une restauration.

Ce sont des opérations complexes. Si tu as un doute sur une des opérations, ne fais rien et demande des précisions.

Télécharge une copie fraîche de combofix, écrase ton ancienne version par celle téléchargée. Lien :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Ne démarre pas combofix : plus tard.

----------

1. Télécharge The Avenger par Swandog46 sur ton Bureau.

Décompresse le fichier
avenger.exe sur le bureau

2. Copie le contenu de la boîte code ci-dessous (CTRL+C), les deux lignes, n'oublie aucune lettre :

Files to move:
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys | C:\Windows\System32\drivers\atapi.sys

Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.

si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.

3. Maintenant, lance The Avenger par clic droit, exécuter en tant qu'administrateur.

Sous "Input Script There", colle le code précédemment copié.
Clique sur Execute
Réponds "Yes" quand demandé.

4. The Avenger va automatiquement faire ce qui suit:

Il va Re-démarrer le système.
Pendant le re-démarrage, il apparaitra brièvement une fenêtre de commande de windows noire sur le bureau, c'est normal.
Après le re-démarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt

5. Pour finir copie/colle le contenu du ficher c:\avenger.txt dans ta prochaine réponse.

---------------

Après ce passage d'Avenger, démarre combofix, en mode normal, il ne devrait pas planter cette fois, et poste le rapport stp.

Citer

Maheva

Member

Maheva

Posté(e) le 4 décembre 2009

Auteur

- Signaler

Posté(e) le 4 décembre 2009

Bonjour

voilà le rapport de Avenger

//////////////////////////////////////////

Avenger Pre-Processor log

//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6002, Service Pack 2)

Fri Dec 04 17:30:55 2009

17:30:51: Error: Invalid script. A valid script must begin with a command directive.

Aborting execution!

//////////////////////////////////////////

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

File move operation "C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys|C:\Windows\System32\drivers\atapi.sys" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

et celui de combofix qui cette fois-ci a marché:

ComboFix 09-12-03.06 - Carole 04/12/2009 17:44.7.2 - x86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3070.2064 [GMT 1:00]

Lancé depuis: c:\users\Carole\Desktop\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\$recycle.bin\S-1-5-21-882581897-1287058187-1818664465-1000(0)

c:\windows\system32\tdlclk.dll

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-11-04 au 2009-12-04 ))))))))))))))))))))))))))))))))))))

.

2009-12-04 16:59 . 2009-12-04 17:00 -------- d-----w- c:\users\Carole\AppData\Local\temp

2009-12-04 16:59 . 2009-12-04 16:59 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-11-26 18:34 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll

2009-11-25 17:14 . 2009-11-25 17:32 4096 d-----w- C:\UsbFix

2009-11-25 17:05 . 2009-11-26 12:23 -------- d-----w- C:\rsit

2009-11-24 19:34 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll

2009-11-24 19:34 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6(126).dll

2009-11-24 19:34 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll

2009-11-24 19:34 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3(124).dll

2009-11-18 17:48 . 2009-11-18 17:48 -------- d-----w- c:\program files\CCleaner

2009-11-18 10:35 . 2009-11-18 10:35 -------- d-----w- c:\users\Carole\AppData\Roaming\Auslogics

2009-11-18 10:34 . 2009-11-18 10:34 -------- d-----w- c:\program files\Auslogics

2009-11-16 21:08 . 2009-11-16 21:08 -------- d-----w- c:\program files\Windows Portable Devices

2009-11-16 21:00 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll

2009-11-16 21:00 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2009-11-16 21:00 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll

2009-11-16 20:58 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll

2009-11-16 20:58 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll

2009-11-16 20:58 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll

2009-11-16 20:58 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll

2009-11-16 20:58 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll

2009-11-16 20:58 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll

2009-11-16 20:58 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll

2009-11-16 20:58 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll

2009-11-16 20:58 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll

2009-11-16 20:56 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2009-11-16 20:56 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll

2009-11-16 20:56 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2009-11-16 19:20 . 2009-11-16 19:20 -------- d-----w- c:\users\Carole\AppData\Roaming\Malwarebytes

2009-11-16 19:20 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-16 19:20 . 2009-11-29 17:36 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-11-16 19:20 . 2009-11-16 19:20 -------- d-----w- c:\progra~2\Malwarebytes

2009-11-16 19:20 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-13 20:00 . 2009-08-05 15:57 35680 ----a-w- c:\windows\system32\drivers\fses.sys

2009-11-11 10:07 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys

2009-11-11 10:07 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-04 16:38 . 2009-04-12 13:59 4096 d-----w- c:\program files\Orange

2009-12-04 16:34 . 2008-11-21 04:44 45056 ----a-w- c:\windows\system32\acovcnt.exe

2009-12-02 21:09 . 2009-01-20 21:38 27934 ----a-w- c:\progra~2\nvModes.dat

2009-12-02 20:19 . 2009-05-30 19:28 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys

2009-12-02 20:11 . 2008-04-16 11:16 743178 ----a-w- c:\windows\system32\perfh00C.dat

2009-12-02 20:11 . 2008-04-16 11:16 157320 ----a-w- c:\windows\system32\perfc00C.dat

2009-11-26 13:41 . 2008-11-21 04:37 -------- d-----w- c:\progra~2\P4G

2009-11-26 13:41 . 2009-04-22 08:50 4096 d-----w- c:\program files\Bonjour

2009-11-26 13:41 . 2008-11-21 04:32 4096 d-----w- c:\program files\ATKGFNEX

2009-11-26 13:41 . 2008-11-21 04:25 4096 d-----w- c:\program files\ASUS

2009-11-26 13:41 . 2008-11-21 04:05 -------- d-----w- c:\program files\ATKOSD2

2009-11-26 13:41 . 2008-11-21 04:05 8192 d-----w- c:\program files\ATK Hotkey

2009-11-26 13:41 . 2008-11-21 02:36 12288 d-----w- c:\program files\Common Files\LightScribe

2009-11-18 17:38 . 2009-01-21 13:04 4096 d-----w- c:\program files\Windows Live

2009-11-16 21:08 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat

2009-11-16 21:06 . 2009-11-16 21:06 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf

2009-11-13 18:34 . 2009-01-20 21:50 -------- d-----w- c:\program files\Securitoo

2009-11-12 10:10 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail

2009-11-12 09:52 . 2008-11-21 02:22 65536 d-----w- c:\progra~2\Microsoft Help

2009-11-05 15:24 . 2009-01-20 19:52 131160 ----a-w- c:\users\Carole\AppData\Local\GDIPFONTCACHEV1.DAT

2009-11-05 14:00 . 2009-10-09 16:36 -------- d-----w- c:\progra~2\Pinnacle

2009-11-02 19:42 . 2009-10-02 18:31 195456 ------w- c:\windows\system32\MpSigStub.exe

2009-11-02 07:44 . 2009-11-02 07:43 4096 d-----w- c:\program files\iTunes

2009-11-02 07:43 . 2009-11-02 07:43 -------- d-----w- c:\program files\iPod

2009-11-02 07:43 . 2009-04-22 08:44 -------- d-----w- c:\program files\Common Files\Apple

2009-10-23 17:17 . 2009-10-22 13:19 -------- d-----w- c:\users\Carole\AppData\Roaming\proDAD

2009-10-22 13:16 . 2008-11-21 02:36 12288 d--h--w- c:\program files\InstallShield Installation Information

2009-10-22 13:10 . 2009-10-22 13:10 -------- d-----w- c:\progra~2\Pinnacle Studio Ultimate

2009-10-11 03:17 . 2009-05-27 18:13 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-10-09 16:33 . 2009-10-09 16:32 -------- d-----w- c:\program files\Common Files\SureThing Shared

2009-10-09 16:31 . 2009-10-09 16:31 -------- d-----w- c:\progra~2\NOS

2009-10-09 16:31 . 2009-10-09 16:31 -------- d-----w- c:\program files\NOS

2009-10-08 20:30 . 2009-01-22 19:33 -------- d-----w- c:\users\Carole\AppData\Roaming\Sony

2009-10-08 20:23 . 2009-10-08 18:44 -------- d-----w- c:\users\Carole\AppData\Roaming\DAEMON Tools Lite

2009-10-08 18:52 . 2009-10-08 18:52 -------- d-----w- c:\progra~2\DAEMON Tools Lite

2009-10-08 18:51 . 2009-05-25 17:07 680 ----a-w- c:\users\Carole\AppData\Local\d3d9caps.dat

2009-10-08 18:45 . 2009-10-08 18:45 721904 ------w- c:\windows\system32\drivers\sptd.sys

2009-10-08 13:42 . 2009-10-08 13:42 -------- d-----w- c:\users\Carole\AppData\Roaming\GARMIN

2009-10-08 13:41 . 2009-10-08 13:41 -------- d-----w- c:\program files\Garmin GPS Plugin

2009-10-08 13:41 . 2009-10-08 13:41 -------- d-----w- c:\program files\DIFX

2009-10-08 13:40 . 2009-10-08 13:40 -------- d-----w- c:\program files\Garmin

2009-10-08 12:09 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Calendar

2009-10-08 12:09 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Sidebar

2009-10-08 12:09 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Journal

2009-10-08 12:09 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Collaboration

2009-10-08 12:09 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Photo Gallery

2009-10-08 12:08 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Defender

2009-10-07 16:12 . 2009-10-07 16:12 -------- d-----w- c:\progra~2\Office Genuine Advantage

2009-10-01 01:02 . 2009-11-16 20:59 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe

2009-10-01 01:02 . 2009-11-16 20:59 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll

2009-10-01 01:01 . 2009-11-16 20:59 81920 ----a-w- c:\windows\system32\wpdbusenum.dll

2009-09-25 02:10 . 2009-11-16 20:59 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll

2009-09-25 02:07 . 2009-11-16 20:59 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2009-09-25 02:04 . 2009-11-16 20:59 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll

2009-09-25 01:49 . 2009-11-16 20:59 1554432 ----a-w- c:\windows\system32\xpsservices.dll

2009-09-25 01:48 . 2009-11-16 20:59 351232 ----a-w- c:\windows\system32\XpsPrint.dll

2009-09-25 01:38 . 2009-11-16 20:59 847360 ----a-w- c:\windows\system32\OpcServices.dll

2009-09-25 01:36 . 2009-11-16 20:59 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2009-09-25 01:35 . 2009-11-16 20:59 135680 ----a-w- c:\windows\system32\XpsRasterService.dll

2009-09-25 01:33 . 2009-11-16 20:59 195584 ----a-w- c:\windows\system32\dxdiagn.dll

2009-09-25 01:33 . 2009-11-16 20:59 829440 ----a-w- c:\windows\system32\d3d10warp.dll

2009-09-25 01:33 . 2009-11-16 20:59 369664 ----a-w- c:\windows\system32\WMPhoto.dll

2009-09-25 01:32 . 2009-11-16 20:59 252928 ----a-w- c:\windows\system32\dxdiag.exe

2009-09-25 01:31 . 2009-11-16 20:59 519680 ----a-w- c:\windows\system32\d3d11.dll

2009-09-25 01:31 . 2009-11-16 20:59 486912 ----a-w- c:\windows\system32\d3d10level9.dll

2009-09-25 01:31 . 2009-11-16 20:59 161280 ----a-w- c:\windows\system32\d3d10_1.dll

2009-09-25 01:31 . 2009-11-16 20:59 218112 ----a-w- c:\windows\system32\d3d10_1core.dll

2009-09-25 01:31 . 2009-11-16 20:59 1030144 ----a-w- c:\windows\system32\d3d10.dll

2009-09-25 01:31 . 2009-11-16 20:59 828928 ----a-w- c:\windows\system32\d2d1.dll

2009-09-25 01:30 . 2009-11-16 20:59 190464 ----a-w- c:\windows\system32\d3d10core.dll

2009-09-25 01:30 . 2009-11-16 20:59 481792 ----a-w- c:\windows\system32\dxgi.dll

2009-09-25 01:27 . 2009-11-16 20:59 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2009-09-25 01:27 . 2009-11-16 20:59 37888 ----a-w- c:\windows\system32\cdd.dll

2009-09-25 01:27 . 2009-11-16 20:59 793088 ----a-w- c:\windows\system32\FntCache.dll

2009-09-25 01:27 . 2009-11-16 20:59 1064448 ----a-w- c:\windows\system32\DWrite.dll

2009-09-24 22:54 . 2009-11-16 20:59 258048 ----a-w- c:\windows\system32\winspool.drv

2009-09-24 22:54 . 2009-11-16 20:59 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe

2009-09-24 22:54 . 2009-11-16 20:59 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll

2009-09-14 09:29 . 2009-10-14 18:28 144896 ----a-w- c:\windows\system32\drivers\srv2.sys

2009-09-10 16:48 . 2009-10-14 18:46 218624 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-10 14:59 . 2009-10-28 07:52 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2009-09-10 14:58 . 2009-10-28 07:52 310784 ----a-w- c:\windows\system32\unregmp2.exe

2008-07-02 03:28 . 2008-07-02 03:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll

2008-05-22 17:35 . 2008-05-22 17:35 51962 ----a-w- c:\program files\Common Files\banner.jpg

2007-06-12 18:34 . 2007-06-12 18:34 35822 ----a-w- c:\program files\Common Files\ASPG_icon.ico

2004-08-09 21:30 . 2009-06-17 17:18 40960 ----a-w- c:\program files\Uninstall_CDS.exe

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-02 01:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-26 92704]

"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304]

"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]

"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744]

"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2008-11-21 47672]

"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-11-21 33136]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]

"ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-08-12 6265376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(b):01,2c,9a,f6,48,18,ca,01

R0 fsbts;fsbts;c:\windows\System32\drivers\fsbts.sys [30/05/2009 20:28 33920]

R0 lullaby;lullaby;c:\windows\System32\drivers\lullaby.sys [21/11/2008 05:30 15416]

R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [13/11/2009 21:00 35680]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [16/11/2007 05:09 48128]

S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [08/10/2009 19:45 721904]

S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 03:23 21504]

S3 FSORSPClient;F-Secure ORSP Client;"c:\program files\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe" --> c:\program files\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe [?]

S3 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [23/02/2009 15:25 75952]

S3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [23/02/2009 15:25 67760]

S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [12/04/2009 15:03 28224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Contenu du dossier 'Tâches planifiées'

2009-12-03 c:\windows\Tasks\User_Feed_Synchronization-{91283F18-3F0E-457A-A007-2FA9F9DC6165}.job

- c:\windows\system32\msfeedssync.exe [2009-10-14 03:41]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: orange.fr\www

.

- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-SymLnch - c:\program files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Support\SymLnch\SymLnch.exe

AddRemove-Activation Assistant for the 2007 Microsoft Office suites - c:\programdata\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe REMOVE=TRUE MODIFY=FALSE

AddRemove-NVIDIA Drivers - c:\windows\system32\NVUNINST.EXE UninstallGUI

AddRemove-{ORAHSS}.Browser - c:\program files\Orange\Uninstall\Browser\Shell.exe MainUninstall.shl

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-04 18:00

Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

C:\ADSM_PData_0150

Scan terminé avec succès

Fichiers cachés: 1

**************************************************************************

.

Heure de fin: 2009-12-04 18:05

ComboFix-quarantined-files.txt 2009-12-04 17:04

Avant-CF: 81 128 071 168 octets libres

Après-CF: 81 186 512 896 octets libres

- - End Of File - - B599AAC5302112F3E18347FD94CE44FA

Citer

Falkra

Devil Member !

Falkra

Posté(e) le 5 décembre 2009

- Signaler

Posté(e) le 5 décembre 2009

La bestiole semble morte.

Ce qui suit n'est que pour cette machine, et cette machine seulement.

Ne surtout pas utiliser sur une autre machine : dangereux.

Télécharge le fichier CFscript.txt depuis ce site :
http://senduit.com/b74d4d
Place-le sur le bureau, près de l'icône de combofix.
Fais un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe comme sur cet exemple

Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Citer

Maheva

Member

Maheva

Posté(e) le 7 décembre 2009

Auteur

- Signaler

Posté(e) le 7 décembre 2009

Salut,

Je n'étais pas là ce week-end. Je n'ai pas pu voir ton message. Du coup je peux plus téléchargé ton fichier, quand je clique on me dit File has expired.

Peux tu me le renvoyer, stp ?

Merci

Citer

Falkra

Devil Member !

Falkra

Posté(e) le 7 décembre 2009

- Signaler

Posté(e) le 7 décembre 2009

Pas de problème.

Voici un nouveau lien :

http://senduit.com/92b312

Citer

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité

Répondre à ce sujet…

× Collé en tant que texte enrichi. Coller en tant que texte brut à la place

Seulement 75 émoticônes maximum sont autorisées.

× Votre lien a été automatiquement intégré. Afficher plutôt comme un lien

× Votre contenu précédent a été rétabli. Vider l’éditeur

× Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

Insérer une image depuis une URL

×

https://forum.zebulon.fr/topic/170550-resolu-virus-tdlcmddll-impossible-a-supprimer/

Aller sur la liste des sujets

En ligne récemment 0 membre est en ligne
- Aucun utilisateur enregistré regarde cette page.

×

×

Créer...