Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[Resolu] Security Tools Seven 64Bits

skyangel

Par skyangel
dans Analyses et éradication malwares

 Partager

Messages recommandés

skyangel Mega Power Member

skyangel

Posté(e)
Posté(e) (modifié)

Bonsoir,

 

j'aurais besoin d'un peu d'aide pour finir une désinfection sur un pc portable avec seven 64bits, je doit le rendre demain a son proprio alors c'est chaud ^^

 

Donc le virus est bien : security tool

 

se que j'ai fait pour le moment :

 

redémarrer en mode sans echec

décocher le service au démarrage le processus 41742422.exe

redemarrer en mode normal ,

désactiver l'uac

enlever son antivirus qui ne servais a rien.. j'ai zapper le nom mais je lui mettrai antivir apres, il faudra enlever aussi VirusKeeper 2010 Pro Evaluation =/

installer mbam avec sa mise a jour manuel que j'avais mit sur clef usb

supprimer les virus détecter

 

Voici le rapport Mabam et ZHPdiag, Rsit ethijackthis n'etant pas compatible :

 

Malwarebytes' Anti-Malware 1.44

Version de la base de données: 3913

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

 

29/03/2010 18:53:55

mbam-log-2010-03-29 (18-53-55).txt

 

Type de recherche: Examen rapide

Eléments examinés: 104077

Temps écoulé: 2 minute(s), 59 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 1

Dossier(s) infecté(s): 1

Fichier(s) infecté(s): 3

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

C:\ProgramData\47142422 (Rogue.Multiple) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\ProgramData\47142422\47142422.exe (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Users\kareen\Desktop\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.

C:\Users\kareen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.

 

 

 

 

Rapport de ZHPDiag v1.24.25 par Nicolas Coolman

Run by kareen at 3/29/2010 8:34:48 PM

Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html

Platform : Windows 7 Home Premium

MSIE: Internet Explorer v8.0.7600.16385

 

Boot mode: Normal (Normal boot)

Total RAM: 4095.2 MB (76% free)

System drive C: has 61 GB (52%) free of 116 GB

 

---\\ Processus lancés

C:\Program Files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe

C:\Program Files (x86)\Cyberlink\PowerDirector\MUITransfer\MUIStartMenu.exe

C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe

C:\Program Files (x86)\Cyberlink\PowerDVD9\Language\Language.exe

C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe

C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe

C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Windows Sidebar\Sidebar.exe

C:\Windows\system32\FBAgent.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe

C:\Program Files\ATKGFNEX\GFNEXSrv.exe

C:\Windows\System32\svchost.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe

C:\Windows\system32\lsass.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files (x86)\AxBx\VirusKeeper 2010 Pro Evaluation\vk_service.exe

C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

 

---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: Shell=explorer.exe

 

---\\ Pages de démarrage d'Internet Explorer (R0)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

 

---\\ Pages de recherche d'Internet Explorer (R1)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

 

---\\ Internet Explorer URLSearchHook (R3)

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll

 

---\\ Browser Helper Objects de navigateur (O2)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

 

---\\ Internet Explorer Toolbars (O3)

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

 

---\\ Applications démarrées automatiquement par le registre (O4)

O4 - HKLM\..\Run: [MDS_Menu] C:\Program Files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Cyberlink\MediaShowEspresso UpdateWithCreateOnce Software\CyberLink\MediaShow Espresso\5.0

O4 - HKLM\..\Run: [updatePDRShortCut] C:\Program Files (x86)\Cyberlink\PowerDirector\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Cyberlink\PowerDirector UpdateWithCreateOnce Software\CyberLink\PowerDirector\7.0

O4 - HKLM\..\Run: [RemoteControl9] C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe

O4 - HKLM\..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\Cyberlink\PowerDVD9\Language\Language.exe

O4 - HKLM\..\Run: [updatePSTShortCut] C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Cyberlink\DVD Suite UpdateWithCreateOnce Software\CyberLink\PowerStarter

O4 - HKLM\..\Run: [updateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\CyberLink\LabelPrint UpdateWithCreateOnce Software\CyberLink\LabelPrint\2.5

O4 - HKLM\..\Run: [updateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\CyberLink\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\6.0

O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

O4 - HKLM\..\Run: [setwallpaper] c:\programdata\SetWallpaper.cmd

O4 - HKCU\..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKLM\..\policies\Explorer: [NoActiveDesktop] Data=1

O4 - HKLM\..\policies\Explorer: [ForceActiveDesktopOn] Data=0

O4 - HKLM\..\policies\Explorer: [NoActiveDesktopChanges] Data=0

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

O4 - Global Startup: FancyStart daemon.lnk - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe

 

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

 

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)

O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll,201

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFBARH.ICO

 

---\\ Onglet supplémentaire dans les options avancées d'Internet Explorer (O11)

O11 - Options group: [accessibility] Accessibility - C:\Windows\SysWOW64\inetcpl.cpl

O11 - Options group: [browse] Browsing - C:\Windows\SysWOW64\inetcpl.cpl

O11 - Options group: [crypto] Security - C:\Windows\SysWOW64\inetcpl.cpl

O11 - Options group: [http] HTTP 1.1 settings - C:\Windows\SysWOW64\inetcpl.cpl

O11 - Options group: [international] International - C:\Windows\SysWOW64\inetcpl.cpl

O11 - Options group: [multimedia] Multimedia - C:\Windows\SysWOW64\inetcpl.cpl

O11 - Options group: [print] Printing - C:\Windows\SysWOW64\inetcpl.cpl

O11 - Options group: [searching] Search from the Address bar - C:\Windows\SysWOW64\inetcpl.cpl

 

---\\ Protocole additionnel et piratage de protocole (O18)

O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll

O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll

O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL

O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll

O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL

O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll

O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll

O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

 

---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - (not file)

 

---\\ Liste des services NT non Microsoft et non désactivés (O23)

O23 - Service: AFBAgent (AFBAgent) - C:\Windows\system32\FBAgent.exe

O23 - Service: ASLDR Service (ASLDRService) - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - C:\Program Files\ATKGFNEX\GFNEXSrv.exe

O23 - Service: Service Bonjour (Bonjour Service) - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Service Google Update (gupdate) (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc

O23 - Service: NVIDIA Display Driver Service (nvsvc) - C:\Windows\system32\nvvsvc.exe

O23 - Service: Oberon Media Game Console service (OberonGameConsoleService) - C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe

O23 - Service: SeaPort (SeaPort) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - C:\Windows\System32\spoolsv.exe

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - C:\Windows\system32\sppsvc.exe

O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - C:\Program Files (x86)\AxBx\VirusKeeper 2010 Pro Evaluation\vk_service.exe

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe

O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - C:\Windows\system32\SearchIndexer.exe /Embedding

 

---\\ Tâches planifiées en automatique (O39)

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

 

---\\ Composants installés (ActiveSetup Installed Components) (O40)

O40 - ASIC: Microsoft Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

O40 - ASIC: Microsoft Windows Media Player 12.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\SysWOW64\wmpdxm.dll

O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\system32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\system32\themeui.dll

O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)

O40 - ASIC: Microsoft Windows - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)

O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)

O40 - ASIC: Microsoft Windows Script 5.6 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)

O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)

O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)

O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)

O40 - ASIC: Address Book 7 - {7790769C-0471-11d2-AF11-00C04FA35D02} - (not file)

O40 - ASIC: .NET Framework - {7C028AF8-F614-47B3-82DA-BA94E41B1089} - (not file)

O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

O40 - ASIC: Web Platform Customizations - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)

O40 - ASIC: .NET Framework - {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - (not file)

O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)

O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\Windows\SysWow64\Macromed\Flash\Flash10d.ocx

O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)

O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)

 

---\\ Pilotes lancés au démarrage (O41)

O41 - Driver: @%systemroot%\system32\drivers\afd.sys,-1000 (AFD) - C:\Windows\system32\drivers\afd.sys

O41 - Driver: (no object) (blbdrive) - C:\WINDOWS\system32\DRIVERS\blbdrive.sys

O41 - Driver: CD-ROM Driver (cdrom) - C:\WINDOWS\system32\DRIVERS\cdrom.sys

O41 - Driver: @%systemroot%\system32\drivers\dfsc.sys,-101 (DfsC) - C:\WINDOWS\System32\Drivers\dfsc.sys

O41 - Driver: @%systemroot%\system32\drivers\discache.sys,-102 (discache) - C:\WINDOWS\System32\drivers\discache.sys

O41 - Driver: Microsoft System Management BIOS Driver (mssmbios) - C:\WINDOWS\system32\DRIVERS\mssmbios.sys

O41 - Driver: NetBIOS Interface (NetBIOS) - C:\WINDOWS\system32\DRIVERS\netbios.sys

O41 - Driver: @%SystemRoot%\system32\drivers\netbt.sys,-2 (NetBT) - C:\WINDOWS\System32\DRIVERS\netbt.sys

O41 - Driver: @%SystemRoot%\system32\drivers\nsiproxy.sys,-2 (nsiproxy) - C:\WINDOWS\system32\drivers\nsiproxy.sys

O41 - Driver: @%SystemRoot%\System32\drivers\pacer.sys,-101 (Psched) - C:\WINDOWS\system32\DRIVERS\pacer.sys

O41 - Driver: @%systemroot%\system32\wkssvc.dll,-1000 (rdbss) - C:\WINDOWS\system32\DRIVERS\rdbss.sys

O41 - Driver: @%systemroot%\system32\DRIVERS\RDPCDD.sys,-100 (RDPCDD) - C:\WINDOWS\System32\DRIVERS\RDPCDD.sys

O41 - Driver: @%systemroot%\system32\drivers\RDPENCDD.sys,-101 (RDPENCDD) - C:\WINDOWS\system32\drivers\rdpencdd.sys

O41 - Driver: @%systemroot%\system32\drivers\RdpRefMp.sys,-101 (RDPREFMP) - C:\WINDOWS\system32\drivers\rdprefmp.sys

O41 - Driver: @%SystemRoot%\system32\tcpipcfg.dll,-50004 (tdx) - C:\WINDOWS\system32\DRIVERS\tdx.sys

O41 - Driver: Terminal Device Driver (TermDD) - C:\WINDOWS\system32\DRIVERS\termdd.sys

O41 - Driver: (no object) (VgaSave) - C:\Windows\System32\drivers\vga.sys

O41 - Driver: Virtual WiFi Filter Driver (vwififlt) - C:\WINDOWS\system32\DRIVERS\vwififlt.sys

O41 - Driver: @%systemroot%\system32\rascfg.dll,-32012 (Wanarpv6) - C:\WINDOWS\system32\DRIVERS\wanarp.sys

O41 - Driver: WFP Lightweight Filter (WfpLwf) - C:\WINDOWS\system32\DRIVERS\wfplwf.sys

 

---\\ Logiciels installés (O42)

O42 - Logiciel: 2007 Microsoft Office system

O42 - Logiciel: ASUS AI Recovery

O42 - Logiciel: ASUS AP Bank

O42 - Logiciel: ASUS CopyProtect

O42 - Logiciel: ASUS LifeFrame3

O42 - Logiciel: ASUS SmartLogon

O42 - Logiciel: ASUS Splendid Video Enhancement Technology

O42 - Logiciel: ASUS Video Magic

O42 - Logiciel: ATK Hotkey

O42 - Logiciel: ATKOSD2

O42 - Logiciel: Acrobat.com

O42 - Logiciel: Activation Assistant for the 2007 Microsoft Office suites

O42 - Logiciel: Actualização do Microsoft Office Excel 2007 Help (KB963678)

O42 - Logiciel: Actualização do Microsoft Office Powerpoint 2007 Help (KB963669)

O42 - Logiciel: Adobe AIR

O42 - Logiciel: Adobe Flash Player 10 ActiveX

O42 - Logiciel: Adobe Flash Player 10 Plugin

O42 - Logiciel: Alcor Micro USB Card Reader

O42 - Logiciel: Alice Greenfingers

O42 - Logiciel: Apple Application Support

O42 - Logiciel: Apple Software Update

O42 - Logiciel: Asus_Camera_ScreenSaver

O42 - Logiciel: Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

O42 - Logiciel: Bonjour

O42 - Logiciel: Chicken Invaders 2

O42 - Logiciel: ControlDeck

O42 - Logiciel: CyberLink LabelPrint

O42 - Logiciel: CyberLink MediaShow Espresso

O42 - Logiciel: CyberLink PhotoNow

O42 - Logiciel: CyberLink Power2Go

O42 - Logiciel: CyberLink PowerDVD 9

O42 - Logiciel: CyberLink PowerDirector

O42 - Logiciel: Dream Day Wedding Married in Manhattan

O42 - Logiciel: Express Gate

O42 - Logiciel: Game Park Console

O42 - Logiciel: Google Chrome

O42 - Logiciel: Installation Windows Live

O42 - Logiciel: Island Wars 2

O42 - Logiciel: MSVCRT

O42 - Logiciel: Malwarebytes' Anti-Malware

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2)

O42 - Logiciel: Microsoft Office Access MUI (Chinese (Traditional)) 2007

O42 - Logiciel: Microsoft Office Access MUI (Dutch) 2007

O42 - Logiciel: Microsoft Office Access MUI (English) 2007

O42 - Logiciel: Microsoft Office Access MUI (French) 2007

O42 - Logiciel: Microsoft Office Access MUI (German) 2007

O42 - Logiciel: Microsoft Office Access MUI (Greek) 2007

O42 - Logiciel: Microsoft Office Access MUI (Hebrew) 2007

O42 - Logiciel: Microsoft Office Access MUI (Italian) 2007

O42 - Logiciel: Microsoft Office Access MUI (Portuguese (Portugal)) 2007

O42 - Logiciel: Microsoft Office Access MUI (Spanish) 2007

O42 - Logiciel: Microsoft Office Excel 2007 Help - Aggiornamento (KB963678)

O42 - Logiciel: Microsoft Office Excel 2007 Help Actualización (KB963678)

O42 - Logiciel: Microsoft Office Excel 2007 Help §ó·sµ{¦¡ (KB963678)

O42 - Logiciel: Microsoft Office Excel MUI (Chinese (Traditional)) 2007

O42 - Logiciel: Microsoft Office Excel MUI (Dutch) 2007

O42 - Logiciel: Microsoft Office Excel MUI (English) 2007

O42 - Logiciel: Microsoft Office Excel MUI (French) 2007

O42 - Logiciel: Microsoft Office Excel MUI (German) 2007

O42 - Logiciel: Microsoft Office Excel MUI (Greek) 2007

O42 - Logiciel: Microsoft Office Excel MUI (Hebrew) 2007

O42 - Logiciel: Microsoft Office Excel MUI (Italian) 2007

O42 - Logiciel: Microsoft Office Excel MUI (Portuguese (Portugal)) 2007

O42 - Logiciel: Microsoft Office Excel MUI (Spanish) 2007

O42 - Logiciel: Microsoft Office Live Add-in 1.3

O42 - Logiciel: Microsoft Office Outlook 2007 Help - Aggiornamento (KB963677)

O42 - Logiciel: Microsoft Office Outlook 2007 Help Actualización (KB963677)

O42 - Logiciel: Microsoft Office Outlook MUI (Chinese (Traditional)) 2007

O42 - Logiciel: Microsoft Office Outlook MUI (Dutch) 2007

O42 - Logiciel: Microsoft Office Outlook MUI (English) 2007

O42 - Logiciel: Microsoft Office Outlook MUI (French) 2007

O42 - Logiciel: Microsoft Office Outlook MUI (German) 2007

O42 - Logiciel: Microsoft Office Outlook MUI (Greek) 2007

O42 - Logiciel: Microsoft Office Outlook MUI (Hebrew) 2007

O42 - Logiciel: Microsoft Office Outlook MUI (Italian) 2007

O42 - Logiciel: Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007

O42 - Logiciel: Microsoft Office Outlook MUI (Spanish) 2007

O42 - Logiciel: Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007

O42 - Logiciel: Microsoft Office PowerPoint MUI (Dutch) 2007

O42 - Logiciel: Microsoft Office PowerPoint MUI (English) 2007

O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007

O42 - Logiciel: Microsoft Office PowerPoint MUI (German) 2007

O42 - Logiciel: Microsoft Office PowerPoint MUI (Greek) 2007

O42 - Logiciel: Microsoft Office PowerPoint MUI (Hebrew) 2007

O42 - Logiciel: Microsoft Office PowerPoint MUI (Italian) 2007

O42 - Logiciel: Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007

O42 - Logiciel: Microsoft Office PowerPoint MUI (Spanish) 2007

O42 - Logiciel: Microsoft Office Powerpoint 2007 Help - Aggiornamento (KB963669)

O42 - Logiciel: Microsoft Office Powerpoint 2007 Help Actualización (KB963669)

O42 - Logiciel: Microsoft Office Powerpoint 2007 Help §ó·sµ{¦¡ (KB963669)

O42 - Logiciel: Microsoft Office Publisher MUI (Chinese (Traditional)) 2007

O42 - Logiciel: Microsoft Office Publisher MUI (Dutch) 2007

O42 - Logiciel: Microsoft Office Publisher MUI (English) 2007

O42 - Logiciel: Microsoft Office Publisher MUI (French) 2007

O42 - Logiciel: Microsoft Office Publisher MUI (German) 2007

O42 - Logiciel: Microsoft Office Publisher MUI (Greek) 2007

O42 - Logiciel: Microsoft Office Publisher MUI (Hebrew) 2007

O42 - Logiciel: Microsoft Office Publisher MUI (Italian) 2007

O42 - Logiciel: Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007

O42 - Logiciel: Microsoft Office Publisher MUI (Spanish) 2007

O42 - Logiciel: Microsoft Office Word 2007 Help §ó·sµ{¦¡ (KB963665)

O42 - Logiciel: Microsoft Office Word MUI (Chinese (Traditional)) 2007

O42 - Logiciel: Microsoft Office Word MUI (English) 2007

O42 - Logiciel: Microsoft Office Word MUI (German) 2007

O42 - Logiciel: Microsoft Office Word MUI (Greek) 2007

O42 - Logiciel: Microsoft Search Enhancement Pack

O42 - Logiciel: Microsoft Silverlight

O42 - Logiciel: Microsoft Sync Framework Runtime Native v1.0 (x86)

O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

O42 - Logiciel: Outil de téléchargement Windows Live

O42 - Logiciel: PI Free PC (Désintallation seule)

O42 - Logiciel: Piggly

O42 - Logiciel: QuickTime

O42 - Logiciel: Smileyville

O42 - Logiciel: Update for Microsoft Office Access 2007 Help (KB963663)

O42 - Logiciel: Update for Microsoft Office Excel 2007 Help (KB963678)

O42 - Logiciel: Update for Microsoft Office Outlook 2007 Help (KB963677)

O42 - Logiciel: Update for Microsoft Office Powerpoint 2007 Help (KB963669)

O42 - Logiciel: Update for Microsoft Office Publisher 2007 Help (KB963667)

O42 - Logiciel: Update for Microsoft Office Word 2007 Help (KB963665)

O42 - Logiciel: Update für Microsoft Office Excel 2007 Help (KB963678)

O42 - Logiciel: Update für Microsoft Office Outlook 2007 Help (KB963677)

O42 - Logiciel: Update für Microsoft Office Powerpoint 2007 Help (KB963669)

O42 - Logiciel: Update für Microsoft Office Word 2007 Help (KB963665)

O42 - Logiciel: Update voor Microsoft Office Excel 2007 Help (KB963678)

O42 - Logiciel: Update voor Microsoft Office Powerpoint 2007 Help (KB963669)

O42 - Logiciel: Usenet.nl

O42 - Logiciel: VirusKeeper 2010 Pro Evaluation

O42 - Logiciel: WinFlash

O42 - Logiciel: Windows Live Call

O42 - Logiciel: Windows Live FolderShare

O42 - Logiciel: Windows Live Mail

O42 - Logiciel: Windows Live Messenger

O42 - Logiciel: Windows Live Writer

O42 - Logiciel: Wireless Console 3

O42 - Logiciel: adsl TV

O42 - Logiciel: eMule

O42 - Logiciel: ÅíçìåñùìÝíç Ýêäïóç Microsoft Office Excel 2007 Help (KB963678)

O42 - Logiciel: ÅíçìåñùìÝíç Ýêäïóç Microsoft Office Powerpoint 2007 Help (KB963669)

O42 - Logiciel: ÅíçìåñùìÝíç Ýêäïóç Microsoft Office Word 2007 Help (KB963665)

O42 - Logiciel: òãëåï òáåø îñðï ãåàø äæáì ùì Microsoft Office Excel 2007 Help (KB963678)

O42 - Logiciel: òãëåï òáåø îñðï ãåàø äæáì ùì Microsoft Office Powerpoint 2007 Help (KB963669)

 

---\\ Contenu des dossiers Fichiers Communs (O43)

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Activation Assistant for the 2007 Microsoft Office suites

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Adobe

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\AmIcoSingLun

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Apple Software Update

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\ASUS

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\AxBx

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Bonjour

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\CyberLink

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Downloaded Installations

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Google

O43 - CFD:Common File Directory --H-D- C:\Program Files (x86)\InstallShield Installation Information

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Internet Explorer

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Malwarebytes' Anti-Malware

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Microsoft

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Microsoft Office

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Microsoft Office Outlook Connector

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Microsoft Silverlight

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Microsoft Sync Framework

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Microsoft Visual Studio

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Microsoft Works

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Microsoft.NET

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\MSBuild

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Oberon Media

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\QuickTime

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Realtek

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Reference Assemblies

O43 - CFD:Common File Directory --H-D- C:\Program Files (x86)\Temp

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\trend micro

O43 - CFD:Common File Directory --H-D- C:\Program Files (x86)\Uninstall Information

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Usenet.nl

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Windows Defender

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Windows Live

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Windows Live SkyDrive

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Windows Mail

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Windows Media Player

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Windows NT

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Windows Photo Viewer

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Windows Portable Devices

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Windows Sidebar

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\ZHPDiag

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\Adobe

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\Adobe AIR

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\Apple

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\CyberLink

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\DESIGNER

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\InstallShield

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\microsoft shared

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\Oberon Media

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\Services

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\SpeechEngines

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\System

O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Common Files\Windows Live

 

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)

O44 - LFC:Last File Created 3/11/2010 - 7:09:30 AM ---A- C:\Windows\System32\config.nt

O44 - LFC:Last File Created 3/11/2010 - 9:33:21 PM ---A- C:\Windows\DirectX.log

O44 - LFC:Last File Created 3/29/2010 - 5:30:23 PM ---A- C:\Windows\ntbtlog.txt

O44 - LFC:Last File Created 3/29/2010 - 6:26:19 PM ---A- C:\Windows\PFRO.log

O44 - LFC:Last File Created 3/29/2010 - 6:26:25 PM -S-A- C:\Windows\bootstat.dat

O44 - LFC:Last File Created 3/29/2010 - 6:26:34 PM ---A- C:\Windows\setupact.log

O44 - LFC:Last File Created 3/29/2010 - 7:29:27 PM ---A- C:\Windows\WindowsUpdate.log

 

---\\ Derniers fichiers créés dans Windows Prefetcher (O45)

O45 - LFCP:Last File Created Prefetch 3/13/2010 - 10:05:49 AM ---A- C:\Windows\Prefetch\AgCx_S1_S-1-5-21-3149180271-1780418648-2234364113-1000.snp.db

O45 - LFCP:Last File Created Prefetch 3/13/2010 - 10:07:16 AM ---A- C:\Windows\Prefetch\AgCx_SC3_9CC879D56B8D5B2D.db

O45 - LFCP:Last File Created Prefetch 3/26/2010 - 7:54:32 PM ---A- C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf

O45 - LFCP:Last File Created Prefetch 3/28/2010 - 8:54:05 PM ---A- C:\Windows\Prefetch\ELANTPCFG64.EXE-C8459A63.pf

O45 - LFCP:Last File Created Prefetch 3/28/2010 - 8:54:05 PM ---A- C:\Windows\Prefetch\WMPNSCFG.EXE-FC0D39BF.pf

O45 - LFCP:Last File Created Prefetch 3/28/2010 - 8:54:15 PM ---A- C:\Windows\Prefetch\DLLHOST.EXE-40DD444D.pf

O45 - LFCP:Last File Created Prefetch 3/28/2010 - 8:55:59 PM ---A- C:\Windows\Prefetch\AgCx_SC2.db

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 5:25:36 PM ---A- C:\Windows\Prefetch\SMARTLOGON.EXE-8F794AF5.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 5:25:37 PM ---A- C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 5:25:44 PM ---A- C:\Windows\Prefetch\AgCx_SC1.db.trx

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 5:26:45 PM ---A- C:\Windows\Prefetch\AgCx_SC1.db

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 5:46:08 PM ---A- C:\Windows\Prefetch\CONSENT.EXE-531BD9EA.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 5:47:29 PM ---A- C:\Windows\Prefetch\DLLHOST.EXE-766398D2.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:04:55 PM ---A- C:\Windows\Prefetch\UFUPDUI.EXE-746D842C.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:22:13 PM ---A- C:\Windows\Prefetch\CSC.EXE-BE9AC2DF.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:22:13 PM ---A- C:\Windows\Prefetch\CVTRES.EXE-2B9D810D.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:22:15 PM ---A- C:\Windows\Prefetch\PING.EXE-7E94E73E.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:22:15 PM ---A- C:\Windows\Prefetch\W32TM.EXE-1101AF41.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:22:16 PM ---A- C:\Windows\Prefetch\SDIAGNHOST.EXE-8D72177C.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:23:12 PM ---A- C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:24:54 PM ---A- C:\Windows\Prefetch\DLLHOST.EXE-ECB71776.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:25:16 PM ---A- C:\Windows\Prefetch\REMOVE.EXE-CC1AC478.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:25:26 PM ---A- C:\Windows\Prefetch\DLLHOST.EXE-7FAA2E4C.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:25:26 PM ---A- C:\Windows\Prefetch\REMOVE.EXE-D9EC712A.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:25:28 PM ---A- C:\Windows\Prefetch\DRVINST.EXE-4CB4314A.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:25:32 PM ---A- C:\Windows\Prefetch\SFCTLCOM.EXE-39EE4ED9.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:25:32 PM ---A- C:\Windows\Prefetch\TMLWFINS.EXE-71124229.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:25:32 PM ---A- C:\Windows\Prefetch\TMWFPINS.EXE-EBCF99F5.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:25:33 PM ---A- C:\Windows\Prefetch\MSIEXEC.EXE-A2D55CB6.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:25:34 PM ---A- C:\Windows\Prefetch\GRPCONV.EXE-B823222B.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:25:34 PM ---A- C:\Windows\Prefetch\REGSVR32.EXE-8461DBEE.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:25:34 PM ---A- C:\Windows\Prefetch\RUNONCE.EXE-D0649312.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:25:34 PM ---A- C:\Windows\Prefetch\TDIINS.EXE-65883274.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:25:34 PM ---A- C:\Windows\Prefetch\TISTOOL.EXE-141EC5C0.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:25:51 PM ---A- C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3149180271-1780418648-2234364113-1000.db

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:25:51 PM ---A- C:\Windows\Prefetch\AgGlUAD_S-1-5-21-3149180271-1780418648-2234364113-1000.db

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:25:52 PM ---A- C:\Windows\Prefetch\AgGlFaultHistory.db

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:25:52 PM ---A- C:\Windows\Prefetch\AgGlFgAppHistory.db

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:25:52 PM ---A- C:\Windows\Prefetch\AgGlGlobalHistory.db

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:25:52 PM ---A- C:\Windows\Prefetch\AgRobust.db

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:25:52 PM ---A- C:\Windows\Prefetch\PfSvPerfStats.bin

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:27:31 PM ---A- C:\Windows\Prefetch\ASSCRPROLOG.EXE-83162235.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:27:33 PM ---A- C:\Windows\Prefetch\REGSVR32.EXE-D5170E12.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:27:36 PM ---A- C:\Windows\Prefetch\READER_SL.EXE-BA37A2AE.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:27:37 PM ---A- C:\Windows\Prefetch\ADSMSRV.EXE-1A14F59E.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:27:39 PM ---A- C:\Windows\Prefetch\ADSMTRAY.EXE-9081D617.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:27:39 PM ---A- C:\Windows\Prefetch\RICHVIDEO.EXE-CF2CB9D7.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:27:43 PM ---A- C:\Windows\Prefetch\ASSCRPRO.EXE-2426B5AB.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:27:45 PM ---A- C:\Windows\Prefetch\CLMLSVC.EXE-2A642111.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:27:48 PM ---A- C:\Windows\Prefetch\RAVCPL64.EXE-D6B4B613.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:28:56 PM ---A- C:\Windows\Prefetch\SPPSVC.EXE-B0F8131B.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:28:56 PM ---A- C:\Windows\Prefetch\WMPNETWK.EXE-D9F2A96F.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:32:53 PM ---A- C:\Windows\Prefetch\WUDFHOST.EXE-AFFEF87C.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:33:49 PM ---A- C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:34:08 PM ---A- C:\Windows\Prefetch\RUNDLL32.EXE-F09751AE.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:34:12 PM ---A- C:\Windows\Prefetch\RSIT.EXE-BF2286E7.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:34:18 PM ---A- C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:36:45 PM ---A- C:\Windows\Prefetch\LIVEUPDT.EXE-DAF7AD9D.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:39:33 PM ---A- C:\Windows\Prefetch\MSCONFIG.EXE-3A52734E.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:39:37 PM ---A- C:\Windows\Prefetch\RUNDLL32.EXE-02CC9EFF.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:39:37 PM ---A- C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:41:34 PM ---A- C:\Windows\Prefetch\MBAM.EXE-80210E2F.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:41:45 PM ---A- C:\Windows\Prefetch\NOTEPAD.EXE-1605FA5B.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:45:07 PM ---A- C:\Windows\Prefetch\AUTOUPDATEAPILIB.EXE-52285F37.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:45:16 PM ---A- C:\Windows\Prefetch\ZHPDIAG_1.24.25.EXE-A9F0F95D.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:45:16 PM ---A- C:\Windows\Prefetch\ZHPDIAG_1.24.25.TMP-F8493437.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:45:31 PM ---A- C:\Windows\Prefetch\SUBINACL.EXE-AB0CE9D9.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:50:00 PM ---A- C:\Windows\Prefetch\GOOGLEUPDATE.EXE-B95715F5.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:50:10 PM ---A- C:\Windows\Prefetch\TASKENG.EXE-48D4E289.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:52:39 PM ---A- C:\Windows\Prefetch\AUDIODG.EXE-BDFD3029.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:55:15 PM ---A- C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:55:15 PM ---A- C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:55:35 PM ---A- C:\Windows\Prefetch\IEXPLORE.EXE-4B6C9213.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:55:36 PM ---A- C:\Windows\Prefetch\WLTUSER.EXE-7499E299.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:56:10 PM ---A- C:\Windows\Prefetch\DLLHOST.EXE-072DB435.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:56:55 PM ---A- C:\Windows\Prefetch\DLLHOST.EXE-76936ED5.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:57:03 PM ---A- C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 6:57:30 PM ---A- C:\Windows\Prefetch\NOTEPAD.EXE-D8414F97.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 7:10:39 PM ---A- C:\Windows\Prefetch\TASKHOST.EXE-7238F31D.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 7:12:03 PM ---A- C:\Windows\Prefetch\Layout.ini

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 7:22:05 PM ---A- C:\Windows\Prefetch\RUNDLL32.EXE-230FC512.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 7:22:13 PM ---A- C:\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 7:22:13 PM ---A- C:\Windows\Prefetch\VSSVC.EXE-B8AFC319.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 7:34:38 PM ---A- C:\Windows\Prefetch\ZHPDIAG.EXE-0D117CAF.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 7:34:49 PM ---A- C:\Windows\Prefetch\CMD.EXE-AC113AA8.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 7:34:49 PM ---A- C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf

O45 - LFCP:Last File Created Prefetch 3/29/2010 - 7:34:49 PM ---A- C:\Windows\Prefetch\LADS.EXE-046BC4A8.pf

 

---\\ Contrôle du Safe Boot (CSB) (O49)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\procexp90.Sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\procexp90.Sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys

O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\procexp90.Sys

O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sermouse.sys

O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vgasave.sys

O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\volmgr.sys

O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\volmgrx.sys

O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ipnat.sys

O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\nsiproxy.sys

O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\procexp90.Sys

O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpencdd.sys

O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sermouse.sys

O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vgasave.sys

O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\volmgr.sys

O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\volmgrx.sys

O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\procexp90.Sys

O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\sermouse.sys

O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\vgasave.sys

O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\volmgr.sys

O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\volmgrx.sys

O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\ipnat.sys

O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\nsiproxy.sys

O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\procexp90.Sys

O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpencdd.sys

O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\sermouse.sys

O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\vgasave.sys

O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\volmgr.sys

O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\volmgrx.sys

 

---\\ Trojan Driver Search Data (TDSD) (O52)

O52 - TDSD:HKLM\...\Drivers32\"vidc.mrle"="msrle32.dll"

O52 - TDSD:HKLM\...\Drivers32\"vidc.msvc"="msvidc32.dll"

O52 - TDSD:HKLM\...\Drivers32\"msacm.imaadpcm"="imaadp32.acm"

O52 - TDSD:HKLM\...\Drivers32\"msacm.msg711"="msg711.acm"

O52 - TDSD:HKLM\...\Drivers32\"msacm.msgsm610"="msgsm32.acm"

O52 - TDSD:HKLM\...\Drivers32\"msacm.msadpcm"="msadp32.acm"

O52 - TDSD:HKLM\...\Drivers32\"midimapper"="midimap.dll"

O52 - TDSD:HKLM\...\Drivers32\"wavemapper"="msacm32.drv"

O52 - TDSD:HKLM\...\Drivers32\"vidc.uyvy"="msyuv.dll"

O52 - TDSD:HKLM\...\Drivers32\"vidc.yuy2"="msyuv.dll"

O52 - TDSD:HKLM\...\Drivers32\"vidc.yvyu"="msyuv.dll"

O52 - TDSD:HKLM\...\Drivers32\"vidc.iyuv"="iyuv_32.dll"

O52 - TDSD:HKLM\...\Drivers32\"vidc.i420"="iyuv_32.dll"

O52 - TDSD:HKLM\...\Drivers32\"vidc.yvu9"="tsbyuv.dll"

O52 - TDSD:HKLM\...\Drivers32\"msacm.l3acm"="C:\Windows\SysWOW64\l3codeca.acm"

O52 - TDSD:HKLM\...\Drivers32\"vidc.cvid"="iccvid.dll"

O52 - TDSD:HKLM\...\Drivers32\"wave1"="wdmaud.drv"

O52 - TDSD:HKLM\...\Drivers32\"midi1"="wdmaud.drv"

O52 - TDSD:HKLM\...\Drivers32\"mixer1"="wdmaud.drv"

O52 - TDSD:HKLM\...\Drivers32\"wave2"="wdmaud.drv"

O52 - TDSD:HKLM\...\Drivers32\"midi2"="wdmaud.drv"

O52 - TDSD:HKLM\...\Drivers32\"mixer2"="wdmaud.drv"

O52 - TDSD:HKLM\...\Drivers32\"wave3"="wdmaud.drv"

O52 - TDSD:HKLM\...\Drivers32\"midi3"="wdmaud.drv"

O52 - TDSD:HKLM\...\Drivers32\"mixer3"="wdmaud.drv"

O52 - TDSD:HKLM\...\Drivers32\"wave4"="wdmaud.drv"

O52 - TDSD:HKLM\...\Drivers32\"midi4"="wdmaud.drv"

O52 - TDSD:HKLM\...\Drivers32\"mixer4"="wdmaud.drv"

O52 - TDSD:HKLM\...\Drivers32\"wave"="wdmaud.drv"

O52 - TDSD:HKLM\...\Drivers32\"midi"="wdmaud.drv"

O52 - TDSD:HKLM\...\Drivers32\"mixer"="wdmaud.drv"

O52 - TDSD:HKLM\...\Drivers32\"aux"="wdmaud.drv"

O52 - TDSD:HKLM\...\Drivers32\"msacm.siren"="sirenacm.dll"

O52 - TDSD:HKLM\...\drivers.desc\"C:\Windows\SysWOW64\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec"

O52 - TDSD:HKLM\...\drivers.desc\"sirenacm.dll"="Messenger Audio Codec"

 

---\\ Microsoft Control Security Providers (MCSP) (O54)

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - "SecurityProviders"=credssp.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - "SecurityProviders"=credssp.dll

 

---\\ Microsoft Windows Policies System (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=0

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3

O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1

O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0

O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0

O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=

O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0

O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

O55 - MWPS:[HKCU\...\Policies\System] - "DisableRegistryTools"=0

 

---\\ Microsoft Windows Policies Explorer (MWPE) (O56)

O56 - MWPE:[HKLM\...\Policies\Explorer] - "NoActiveDesktop"=1

O56 - MWPE:[HKLM\...\Policies\Explorer] - "ForceActiveDesktopOn"=0

O56 - MWPE:[HKLM\...\Policies\Explorer] - "NoActiveDesktopChanges"=0

 

---\\ Liste des Drivers Système (SDL) (O58)

O58 - SDL:System Drivers List - C:\Windows\system32\drivers\mbamswissarmy.sys

O58 - SDL:System Drivers List - C:\Windows\system32\drivers\wimmount.sys

 

---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)

O61 - LFC:Last File Created 3/26/2010 - 10:12:45 PM ---A- C:\Users\kareen\AppData\Local\Temp\dd_vcredistMSI0432.txt

O61 - LFC:Last File Created 3/26/2010 - 10:12:45 PM ---A- C:\Users\kareen\AppData\Local\Temp\dd_vcredistUI0432.txt

O61 - LFC:Last File Created 3/26/2010 - 10:14:23 PM ---A- C:\Users\kareen\AppData\Local\Temp\AVSETUP_4bad234e\setup.log

O61 - LFC:Last File Created 3/26/2010 - 10:23:51 PM ---A- C:\Users\kareen\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt10.sqm

O61 - LFC:Last File Created 3/26/2010 - 12:18:04 AM ---A- C:\Users\kareen\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt08.sqm

O61 - LFC:Last File Created 3/27/2010 - 11:10:31 AM -SHA- C:\Users\Public\Recorded TV\TempRec\ehscanned.dat

O61 - LFC:Last File Created 3/27/2010 - 12:57:47 AM ---A- C:\Users\kareen\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt11.sqm

O61 - LFC:Last File Created 3/28/2010 - 12:30:55 PM ---A- C:\Users\kareen\Downloads\Planet.51_by_Doky_for Wawa-Mania.avi

O61 - LFC:Last File Created 3/28/2010 - 12:34:21 PM ---A- C:\Users\kareen\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt13.sqm

O61 - LFC:Last File Created 3/28/2010 - 12:36:29 PM ---A- C:\Users\kareen\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt14.sqm

O61 - LFC:Last File Created 3/28/2010 - 1:08:59 PM ---A- C:\Users\kareen\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt15.sqm

O61 - LFC:Last File Created 3/28/2010 - 1:10:00 PM ---A- C:\Users\kareen\AppData\Local\SRS Labs\SRS Premium Sound\srs_premium_sound_nopreset_Settings.xml

O61 - LFC:Last File Created 3/28/2010 - 1:17:52 PM ---A- C:\Users\kareen\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt16.sqm

O61 - LFC:Last File Created 3/28/2010 - 1:23:45 PM ---A- C:\Users\kareen\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt17.sqm

O61 - LFC:Last File Created 3/28/2010 - 2:51:22 AM ---A- C:\Users\kareen\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt12.sqm

O61 - LFC:Last File Created 3/28/2010 - 4:23:23 PM ---A- C:\Users\kareen\AppData\Local\Temp\Low\Windows Live Toolbar\wlto000.sqm

O61 - LFC:Last File Created 3/28/2010 - 4:34:01 PM ---A- C:\Users\kareen\AppData\Local\Temp\Low\Windows Live Toolbar\wlto001.sqm

O61 - LFC:Last File Created 3/28/2010 - 4:45:46 PM ---A- C:\Users\kareen\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt18.sqm

O61 - LFC:Last File Created 3/28/2010 - 5:29:03 PM ---A- C:\Users\kareen\AppData\Local\Temp\PCW5753.tmp

O61 - LFC:Last File Created 3/28/2010 - 5:29:03 PM ---A- C:\Users\kareen\AppData\Local\Temp\PCW5753.xml

O61 - LFC:Last File Created 3/28/2010 - 5:29:03 PM ---A- C:\Users\kareen\AppData\Local\Temp\SDIAG_8c05414c-5603-448d-b57c-ae85330e770b\result\results.xsl

O61 - LFC:Last File Created 3/28/2010 - 5:29:03 PM R--A- C:\Users\kareen\AppData\Local\Temp\msdt\_6299D117-F17C-4566-A5C3-62EB770EF386_\inuse

O61 - LFC:Last File Created 3/28/2010 - 5:32:38 PM ---A- C:\Users\kareen\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt19.sqm

O61 - LFC:Last File Created 3/28/2010 - 5:49:12 PM ---A- C:\Users\kareen\AppData\Local\Temp\Low\Windows Live Toolbar\wlto002.sqm

O61 - LFC:Last File Created 3/28/2010 - 8:11:11 PM ---A- C:\Users\kareen\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt09.sqm

O61 - LFC:Last File Created 3/28/2010 - 8:12:10 PM ---A- C:\Users\kareen\AppData\Local\Temp\Low\Windows Live Toolbar\wlto003.sqm

O61 - LFC:Last File Created 3/28/2010 - 9:01:17 PM ---A- C:\Users\kareen\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt00.sqm

O61 - LFC:Last File Created 3/29/2010 - 5:27:07 PM ---A- C:\Users\kareen\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt01.sqm

O61 - LFC:Last File Created 3/29/2010 - 5:42:59 PM -SHA- C:\Users\kareen\AppData\Local\Temp\Cookies\index.dat

O61 - LFC:Last File Created 3/29/2010 - 5:42:59 PM -SHA- C:\Users\kareen\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\index.dat

O61 - LFC:Last File Created 3/29/2010 - 5:42:59 PM -SHA- C:\Users\kareen\AppData\Local\Temp\History\History.IE5\index.dat

O61 - LFC:Last File Created 3/29/2010 - 5:46:38 PM ---A- C:\Users\kareen\AppData\Local\Temp\Administrateur.bmp

O61 - LFC:Last File Created 3/29/2010 - 5:46:38 PM ---A- C:\Users\kareen\AppData\Local\Temp\HomeGroupUser$.bmp

O61 - LFC:Last File Created 3/29/2010 - 5:46:38 PM ---A- C:\Users\kareen\AppData\Local\Temp\Invité.bmp

O61 - LFC:Last File Created 3/29/2010 - 5:46:45 PM ---A- C:\Users\kareen\AppData\Local\Temp\kareen.bmp

O61 - LFC:Last File Created 3/29/2010 - 5:48:37 PM ---A- C:\Users\kareen\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt02.sqm

O61 - LFC:Last File Created 3/29/2010 - 5:50:09 PM ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\ignore.dat

O61 - LFC:Last File Created 3/29/2010 - 5:53:55 PM ---A- C:\Users\kareen\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-03-29 (18-53-55).txt

O61 - LFC:Last File Created 3/29/2010 - 5:53:55 PM ---A- C:\Users\kareen\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\BACKUP1.20356

O61 - LFC:Last File Created 3/29/2010 - 5:53:55 PM ---A- C:\Users\kareen\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\BACKUP1.68800

O61 - LFC:Last File Created 3/29/2010 - 5:53:55 PM ---A- C:\Users\kareen\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\BACKUP1.76653

O61 - LFC:Last File Created 3/29/2010 - 5:53:55 PM ---A- C:\Users\kareen\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\BACKUP2.68957

O61 - LFC:Last File Created 3/29/2010 - 5:53:55 PM ---A- C:\Users\kareen\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\BACKUP5.99097

O61 - LFC:Last File Created 3/29/2010 - 5:53:55 PM ---A- C:\Users\kareen\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.20356

O61 - LFC:Last File Created 3/29/2010 - 5:53:55 PM ---A- C:\Users\kareen\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.68800

O61 - LFC:Last File Created 3/29/2010 - 5:53:55 PM ---A- C:\Users\kareen\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.76653

O61 - LFC:Last File Created 3/29/2010 - 5:54:02 PM ---A- C:\Users\kareen\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt03.sqm

O61 - LFC:Last File Created 3/29/2010 - 6:25:34 PM ---A- C:\Users\kareen\AppData\Local\Temp\Log\29032010_TIS17_TISTOOL_S-1-5-21-3149180271-1780418648-2234364113-1000.log

O61 - LFC:Last File Created 3/29/2010 - 6:25:47 PM ---A- C:\Users\kareen\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt04.sqm

O61 - LFC:Last File Created 3/29/2010 - 6:25:49 PM --HA- C:\Users\kareen\AppData\Local\IconCache.db

O61 - LFC:Last File Created 3/29/2010 - 6:26:37 PM ---A- C:\Users\All Users\P4G\P4G.ini

O61 - LFC:Last File Created 3/29/2010 - 6:26:50 PM ---A- C:\Users\All Users\NVIDIA\NvApps.xml

O61 - LFC:Last File Created 3/29/2010 - 6:26:56 PM ---A- C:\Users\kareen\Tracing\WindowsLiveMessenger-uccapi-0.uccapilog

O61 - LFC:Last File Created 3/29/2010 - 6:55:05 PM ---A- C:\Users\kareen\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt05.sqm

O61 - LFC:Last File Created 3/29/2010 - 6:56:05 PM ---A- C:\Users\kareen\AppData\Local\Temp\Windows Live Toolbar\wlto000.sqm

O61 - LFC:Last File Created 3/29/2010 - 6:56:38 PM ---A- C:\Users\kareen\AppData\Local\Temp\Windows Live Toolbar\wlto001.sqm

O61 - LFC:Last File Created 3/29/2010 - 6:56:48 PM ---A- C:\Users\kareen\AppData\Local\Temp\Windows Live Toolbar\wlto002.sqm

O61 - LFC:Last File Created 3/29/2010 - 6:56:54 PM ---A- C:\Users\kareen\AppData\Local\Temp\Windows Live Toolbar\wlto003.sqm

 

---\\ Liste des outils de nettoyage (LATC) (O63)

O63 - Logiciel: ZHPDiag 1.24

 

 

End of the scan: 664 lines

---\\ Liste des outils de nettoyage (LATC) (O63)

O63 - Logiciel: ZHPDiag 1.24

 

 

End of the scan: 669 lines

 

j'attend les instructions suivantes ^^

 

 

 

 

EDIT : j'ai modif le rapport ZHPdiag car j'avais oublier de tout cocher avec le tournevis, apres avoir lu pears dans un sujet au dessus ^^

Modifié par skyangel

pear Devil Member !

pear

Posté(e)
Posté(e) (modifié)

Bonsoir,

Le rapport Mbam est antérieur à Zhpdiag.

A le lire, le malware est détruit.

 

Relancez Zhpdiag pour confirmation.

Modifié par pear
skyangel Mega Power Member

skyangel

Posté(e)
  • Auteur
Posté(e) (modifié)

Bonsoir Pears,

 

j'etait justement entrain de le refaire, car j'ai lu un de tes post au dessus et j'ai vu que j'avais oublier de tout cocher avec le petit tournevis..

 

donc voilou j'ai édité.

 

par contre c'est la galere pour ecrire... par exemple j'ecrit assez vite..et sa ne suis pas..je prend quelque secondes d'avance.. =/ lol

 

 

Edit :

 

J'ai fermer le topic en Résolu, je doit rendre le pc tout à l'heure. tout a l'air d'aller bien. j'ai quand même passer un coup de navilog et ad remover qui n'ont rien trouver. Puis un scan complet avec antivir rien trouver non plus et ensuite un autre scan complet avec Mbam négatif aussi. vu que c'est une personne qui a l'air de faire pas mal de p2p a mons avis.. elle va faire une rechute ^^

 

Merci pear pour l'inter :P Bonne journée

Modifié par skyangel

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...