Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

analyse de log : IE8 hyper lent (quasi à l'arret) - [résolu]

tonosama

Par tonosama
dans Analyses et éradication malwares

 Partager

Messages recommandés

tonosama Junior Member

tonosama

Posté(e)
Posté(e) (modifié)

salut à tous !

 

depuis 2 jours j'ai internet explorer 8 qui est devenu hyper lent (et quand je dis lent s'est presque à l'arret).

cela ne vient pas de mon fai car sur mes autres ordi la navigation est normale.

je passe par un routeur netgear.

j'ai fais tourner quelques softs pour voir quelques choses mais IE semble remarcher normalement sauf qu'au bout d'un petit moment c'est reparti.

 

voici le log de hijackthis :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:08:04, on 06/08/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

M:\www\xampp\apache\bin\httpd.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\WINDOWS\ATKKBService.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

M:\www\xampp\FileZillaFTP\FileZilla server.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

M:\www\xampp\apache\bin\httpd.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe

D:\program files\nero\Nero BackItUp 4\IoctlSvc.exe

C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe

C:\Program Files\Cyberlink\Shared files\RichVideo.exe

C:\WINDOWS\System32\svchost.exe

d:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\WINDOWS\system32\WDBtnMgr.exe

D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\WDC\SetIcon.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\UnHackMe\hackmon.exe

C:\Program Files\UnHackMe\gwebupdate.exe

C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\System32\svchost.exe

M:\www\xampp\xampp-control.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

D:\program files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Orange : téléphones, forfaits mobiles, Internet, actualité, sport, video

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - d:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - d:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe

O4 - HKLM\..\Run: [VirtualCloneDrive] "d:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [setIcon] \Program Files\WDC\SetIcon.exe

O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.15\AsRunHelp.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /M "Stylus D88" /EF "HKCU"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [unHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: APC UPS Status.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {3CBA13C3-58C7-47F1-9758-D4B255A50D52} (SESSearchCtrl Class) - file:///I:/fr/ses_ocx/sessearch.ocx

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166140792604

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_2_0_4_11.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B50DCB03-DB7C-4D14-B7BA-C386DFFC99F8}: NameServer = 192.168.0.1

O23 - Service: Apache2.2 - Apache Software Foundation - M:\www\xampp\apache\bin\httpd.exe

O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: FileZilla Server - FileZilla Project - M:\www\xampp\FileZillaFTP\FileZilla server.exe

O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: Nero MediaHome 4 Service (NeroMediaHomeService.4) - Nero AG - D:\program files\nero\Nero MediaHome 4\NMMediaServerService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\program files\nero\Nero BackItUp 4\IoctlSvc.exe

O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

O23 - Service: TomTomHOMEService - TomTom - d:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

 

--

End of file - 10300 bytes

 

j'envoi aussi le log zhpdiag aussi

Modifié par tonosama

tonosama Junior Member

tonosama

Posté(e)
  • Auteur
Posté(e)

voici le log zhpdiag :

 

Rapport de ZHPDiag v1.26.42 par Nicolas Coolman, Update du 04/08/2010

Run by fifi at 06/08/2010 00:16:25

Web site : ZHPDiag Outil de diagnostic

Contact : nicolascoolman@yahoo.fr

 

---\\ Web Browser

MSIE: Internet Explorer v8.0.6001.18702

 

---\\ System Information

Platform : Microsoft Windows XP (5.1.2600) Service Pack 3

Processor: x86 Family 6 Model 15 Stepping 6, GenuineIntel

Operating System: 32 Bits

Boot mode: Normal (Normal boot)

Total RAM: 3007 MB (76% free)

System drive C: has 11 GB (36%) free of 29 GB

 

---\\ Logged in mode

Computer Name: FIFI-HOME

User Name: fifi

All Users Names: SUPPORT_388945a0, NeroMediaHomeUser.4, HelpAssistant, fifi, ASPNET, Administrateur,

Unselected Option: O45,O61

Logged in as Administrator

 

---\\ DOS/Devices

A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

C:\ Hard drive, Flash drive, Thumb drive (Free 11 Go of 29 Go)

D:\ Hard drive, Flash drive, Thumb drive (Free 8 Go of 98 Go)

E:\ Hard drive, Flash drive, Thumb drive (Free 40 Go of 107 Go)

F:\ CD-ROM drive (Not Inserted)

G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

I:\ CD-ROM drive (Not Inserted)

K:\ Hard drive, Flash drive, Thumb drive (Free 62 Go of 466 Go)

M:\ Hard drive, Flash drive, Thumb drive (Free 260 Go of 932 Go)

 

 

---\\ Security Center & Tools Informations

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK

 

 

---\\ Processus lancés

[MD5.2A27A3A8634FB9E29F539D6D3ED3646A] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [602112]

[MD5.FB32F046A2578755FA0DA5052C6A9CD3] - (.Apache Software Foundation - Apache HTTP Server.) -- M:\www\xampp\apache\bin\httpd.exe [29416]

[MD5.DC45AB27932447B598848B10650313C5] - (.American Power Conversion Corporation - Battery backup management service.) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [176193]

[MD5.C7CFB40FC9BD47C1F63928CF63C8A7B9] - (.ASUSTeK COMPUTER INC. - ASUS Keyboard Service.) -- C:\WINDOWS\ATKKBService.exe [241664]

[MD5.D543E7E8BCAE3F5D256335EEE809ADF5] - (.ESET - ESET Service.) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [727720]

[MD5.395462DE8C64E11DA2978EF28E0104A9] - (.FileZilla Project - FileZilla Server.) -- M:\www\xampp\FileZillaFTP\FileZilla server.exe [1029776]

[MD5.1834C96FB1F9280BCF6DDFA6DE8338BF] - (.Sun Microsystems, Inc. - Java Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376]

[MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [322120]

[MD5.31E023681015C35EBFE1498B07813B87] - (.Microsoft Corporation - MsCamSvc.exe.) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe [139120]

[MD5.27FE4B70C12A2C67A58D799B9A4E8D81] - (.Nero AG - Nero BackItUp.) -- C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [935208]

[MD5.875E4E0661F3A5994DF9E5E3A0A4F96B] - (.Prolific Technology Inc. - PLFlash DeviceIoControl Service.) -- D:\program files\nero\Nero BackItUp 4\IoctlSvc.exe [81920]

[MD5.02A3C7C23BA47E8E7281CC07A0EF351E] - (.Dantz Development Corporation - Retrospect.) -- C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe [46592]

[MD5.BD517C7FB119997EFFBE39D5E4B37B05] - (.Pas de propriétaire - RichVideo Module.) -- C:\Program Files\Cyberlink\Shared files\RichVideo.exe [167936]

[MD5.E80CC0C9C45649A4CE23EA70A607F56E] - (.TomTom - Windows Service for TomTom HOME.) -- d:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [92008]

[MD5.F76B442E5D0CA43B273F45C6E7441701] - (.Western Digital Technologies, Inc. - WD Button Manager.) -- C:\WINDOWS\system32\WDBtnMgr.exe [331776]

[MD5.F40E80C04475731C6ED5D19C48E45E3C] - (.Elaborate Bytes AG - Virtual CloneDrive Daemon.) -- D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [85160]

[MD5.52DB6CDAC5BC7A1FC884E97C41C91213] - (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [248040]

[MD5.1983A11F702BDC5DB65B4B0F376FF6FD] - (.Analog Devices, Inc. - SMax4PNP.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe [868352]

[MD5.1DEE2BF22ECA27B3BBF91BA107DB07D8] - (.Standard Microsystems Corp. - Custom Icons Application For USB Drives.) -- C:\Program Files\WDC\SetIcon.exe [42496]

[MD5.BF91B68606862A32CAB13C24A24DD9A9] - (.PowerISO Computing, Inc. - PowerISO Virtual Drive Manager.) -- C:\Program Files\PowerISO\PWRISOVM.EXE [180224]

[MD5.861C702C4612B68FD9C36CB60245087B] - (.ESET - ESET GUI.) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2021400]

[MD5.2DB5D295CC797561F01AF10750AF219A] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE [98304]

[MD5.F137534728409BA123FA8D6B6E332E0B] - (.Greatis Software - Detects Rootkits in background.) -- C:\Program Files\UnHackMe\hackmon.exe [594200]

[MD5.661E0BB23A9ED33392CE0D9FD1D85BA0] - (.Greais Software - Web Update component.) -- C:\Program Files\UnHackMe\gwebupdate.exe [1186584]

[MD5.A9A5CDFDA52257DB4488F457C3F4022A] - (.American Power Conversion Corporation - PowerChute system tray power icon.) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe [417855]

[MD5.F26639AC752E2EFC016AA12788FD61CF] - (.Apache Friends - XAMPP: control center.) -- M:\www\xampp\xampp-control.exe [148112]

[MD5.D1460F85E91FBF7838821CDC07FF6603] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [481792]

 

 

---\\ Plugins de navigateurs Opera/Firefox(P1/P2)

P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.5.) -- C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

P2 - FPN: [HKLM] [@divx.com/DivX Browser Plugin,version=1.0.0] - (.DivX,Inc. - DivX Web Player version 2.0.2.40.) -- C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) -- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.50524.0.) -- C:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll

P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=8] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

 

 

---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,

F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"

 

 

---\\ Pages de recherche d'Internet Explorer (R1)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

 

 

---\\ Internet Explorer URLSearchHook (R3)

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18928 (longhorn_ie8_gdr.100503-1700)) -- C:\WINDOWS\system32\ieframe.dll

 

 

---\\ Browser Helper Objects de navigateur (O2)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} . (.SEIKO EPSON CORPORATION - EPSON Web-To-Page.) -- d:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

 

 

---\\ Internet Explorer Toolbars (O3)

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} . (.SEIKO EPSON CORPORATION - EPSON Web-To-Page.) -- d:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

 

 

---\\ Applications démarrées par registre & par dossier(O4)

O4 - HKLM\..\Run: [WD Button Manager] . (.Western Digital Technologies, Inc. - WD Button Manager.) -- C:\Windows\System32\WDBtnMgr.exe

O4 - HKLM\..\Run: [VirtualCloneDrive] . (.Elaborate Bytes AG - Virtual CloneDrive Daemon.) -- d:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe

O4 - HKLM\..\Run: [soundMAXPnP] . (.Analog Devices, Inc. - SMax4PNP.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [setIcon] . (.Standard Microsystems Corp. - Custom Icons Application For USB Drives.) -- \Program Files\WDC\SetIcon.exe

O4 - HKLM\..\Run: [AsusStartupHelp] . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\ASUS\AASP\1.00.15\AsRunHelp.exe

O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] . (.PowerISO Computing, Inc. - PowerISO Virtual Drive Manager.) -- C:\Program Files\PowerISO\PWRISOVM.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe

O4 - HKLM\..\Run: [egui] . (.ESET - ESET GUI.) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

O4 - HKLM\..\Run: [MSConfig] . (.Microsoft Corporation - Utilitaire de configuration système.) -- C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe

O4 - HKCU\..\Run: [MsnMsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

O4 - HKCU\..\Run: [EPSON Stylus D88 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.exe

O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [unHackMe Monitor] . (.Greatis Software - Detects Rootkits in background.) -- C:\Program Files\UnHackMe\hackmon.exe

O4 - HKLM\..\policies\Explorer: [NoDriveAutoRun] Data=67108863

O4 - HKLM\..\policies\Explorer: [NoDriveTypeAutoRun] Data=323

O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data=1

O4 - HKLM\..\policies\Explorer: [NoDrives] Data=0

O4 - HKCU\..\policies\Explorer: [NoDriveTypeAutoRun] Data=323

O4 - HKCU\..\policies\Explorer: [NoDriveAutoRun] Data=67108863

O4 - HKCU\..\policies\Explorer: [NoDrives] Data=0

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe

O4 - HKUS\S-1-5-21-1801674531-1409082233-725345543-1004\..\Run: [MsnMsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

O4 - HKUS\S-1-5-21-1801674531-1409082233-725345543-1004\..\Run: [EPSON Stylus D88 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.exe

O4 - HKUS\S-1-5-21-1801674531-1409082233-725345543-1004\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-1801674531-1409082233-725345543-1004\..\Run: [unHackMe Monitor] . (.Greatis Software - Detects Rootkits in background.) -- C:\Program Files\UnHackMe\hackmon.exe

O4 - Global Startup: APC UPS Status.lnk . (.American Power Conversion Corporation - Startup notification module.) -- C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe

 

 

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)

O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Excel.) -- D:\PROGRA~1\MICROS~1\Office10\EXCEL.exe

 

 

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (.not file.) - (.not file.)

O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe

 

 

---\\ Winsock hijacker (Layered Service Provider) (O10)

O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll

O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll

O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll

 

 

---\\ Internet Explorer Plugins (O12)

O12 - Plugin for .UVR - C:\Program Files\Internet Explorer\Plugins\NPUPano.dll

 

 

 

---\\ Objets ActiveX (Downloaded Program Files)(O16)

O16 - DPF: DirectAnimation Java Classes (DirectAnimation Java Classes) - (.not file.) - file:\\C:\WINDOWS\Java\classes\dajava.cab

O16 - DPF: Microsoft XML Parser for Java (Microsoft XML Parser for Java) - (.not file.) - file:\\C:\WINDOWS\Java\classes\xmldso.cab

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

O16 - DPF: {3CBA13C3-58C7-47F1-9758-D4B255A50D52} (SESSearchCtrl Class) - (.not file.) - I:\fr\ses_ocx\sessearch.ocx

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166140792604

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} () - http://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_2_0_4_11.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} () - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

 

 

---\\ Modification Domaine/Adresses DNS (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{B50DCB03-DB7C-4D14-B7BA-C386DFFC99F8}: NameServer = 192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{B50DCB03-DB7C-4D14-B7BA-C386DFFC99F8}: NameServer = 192.168.0.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{B50DCB03-DB7C-4D14-B7BA-C386DFFC99F8}: NameServer = 192.168.0.1

O17 - HKLM\System\CS3\Services\Tcpip\..\{B50DCB03-DB7C-4D14-B7BA-C386DFFC99F8}: NameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

 

 

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)

O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\System32\Ati2evxx.dll

O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll

O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\System32\WgaLogon.dll

 

 

---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\shell32.dll

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} . (.Microsoft Corporation - Moniteur et dossier UPNP Tray.) -- C:\WINDOWS\system32\upnpui.dll

 

 

---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)

O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\System32\browseui.dll

 

 

---\\ Liste des services NT non Microsoft et non désactivés (O23)

O23 - Service: Apache2.2 (Apache2.2) . (.Apache Software Foundation - Apache HTTP Server.) - M:\www\xampp\apache\bin\httpd.exe

O23 - Service: APC UPS Service (APC UPS Service) . (.American Power Conversion Corporation - Battery backup management service.) - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

O23 - Service: (Ati HotKey Poller) . (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart (ATI Smart) . (.Pas de propriétaire - ATI Smart.) - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) . (.ASUSTeK COMPUTER INC. - ASUS Keyboard Service.) - C:\WINDOWS\ATKKBService.exe

O23 - Service: ESET Service (ekrn) . (.ESET - ESET Service.) - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: FileZilla Server (FileZilla Server) . (.FileZilla Project - FileZilla Server.) - M:\www\xampp\FileZillaFTP\FileZilla server.exe

O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 4.0 (Nero BackItUp Scheduler 4.0) . (.Nero AG - Nero BackItUp.) - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: PLFlash DeviceIoControl Service (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc. - PLFlash DeviceIoControl Service.) - D:\program files\nero\Nero BackItUp 4\IoctlSvc.exe

O23 - Service: Retrospect WD Service (RetroWDSvc) . (.Dantz Development Corporation - Retrospect.) - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) . (.Pas de propriétaire - RichVideo Module.) - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

O23 - Service: TomTomHOMEService (TomTomHOMEService) . (.TomTom - Windows Service for TomTom HOME.) - d:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

 

 

---\\ Tâches planifiées en automatique (O39)

O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GlaryInitialize.job

O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{980F208D-EA48-4B13-A082-77BE7466FAB6}.job

 

 

---\\ Composants installés (ActiveSetup Installed Components) (O40)

O40 - ASIC: Personnalisation du navigateur - >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS . (.Pas de propriétaire - Pas de description.) -- RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

O40 - ASIC: LizardTech DjVu Activex Control - {0e8d0700-75df-11d3-8b4a-0008c7450c4a} . (.LizardTech - DjVuControl Module.) -- C:\Program Files\LizardTech\DjVuControl\DjVuCntl.dll

O40 - ASIC: Adobe Shockwave Director 11.0.3 - {233C1507-6A77-46A4-9443-F871F945D258} . (.Adobe Systems, Inc. - Shockwave ActiveX Control.) -- C:\WINDOWS\system32\Adobe\Director\SwDir.dll

O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msnetmtg.inf

O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msmsgs.inf

O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\wmp11.inf

O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 10.1 r53.) -- C:\WINDOWS\system32\Macromed\Flash\Flash10h.ocx

 

 

---\\ Pilotes lancés au démarrage (O41)

O41 - Driver: AsIO (AsIO) . (.Pas de propriétaire - Pas de description.) - C:\Windows\system32\drivers\AsIO.sys

O41 - Driver: Enhanced Display Driver Helper Service (asuskbnt) . (.ASUSTeK COMPUTER INC. - ASUS Help driver For Keyboard Service..) - C:\Windows\system32\drivers\atkkbnt.sys

O41 - Driver: ehdrv (ehdrv) . (.ESET - ESET Helper driver.) - C:\Windows\system32\DRIVERS\ehdrv.sys

O41 - Driver: ElbyCDIO Driver (ElbyCDIO) . (.Elaborate Bytes AG - ElbyCD Windows NT/2000/XP I/O driver.) - C:\Windows\system32\Drivers\ElbyCDIO.sys

O41 - Driver: epfwtdir (epfwtdir) . (.ESET - ESET Antivirus Network Redirector.) - C:\Windows\system32\DRIVERS\epfwtdir.sys

O41 - Driver: PCLEPCI (PCLEPCI) . (.Pinnacle Systems GmbH - PCLEPCI.) - C:\WINDOWS\system32\drivers\pclepci.sys

 

 

---\\ Logiciels installés (O42)

O42 - Logiciel: 4nec2 extension version 5.7.5 - (.4nec2@gmx.net (Use "4nec2 modeller" as the subject).) [HKLM]

O42 - Logiciel: 4nec2 version 5.7.5 - (.4nec2@gmx.net (Use "4nec2 modeller" as the subject).) [HKLM]

O42 - Logiciel: AGEIA PhysX v6.10.25 - (.AGEIA Technologies, Inc..) [HKLM]

O42 - Logiciel: APC PowerChute Personal Edition - (.American Power Conversion Corporation.) [HKLM]

O42 - Logiciel: ASUSUpdate - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: ATI - Software Uninstall Utility - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: ATI Catalyst Control Center - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: ATI Display Driver - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: Acala DivX to iPod 2.9.1 - (.Acala Software Inc..) [HKLM]

O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM]

O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM]

O42 - Logiciel: Adobe Reader 9.3.3 - Français - (.Adobe Systems Incorporated.) [HKLM]

O42 - Logiciel: Adobe Shockwave Player 11.5 - (.Adobe Systems, Inc..) [HKLM]

O42 - Logiciel: Agatha Christie - Les Vacances d'Hercule Poirot - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: Apple Application Support - (.Apple Inc..) [HKLM]

O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM]

O42 - Logiciel: Archiveur WinRAR - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Auslogics Disk Defrag - (.Auslogics Software Pty Ltd.) [HKLM]

O42 - Logiciel: AviSynth 2.5 - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: BD/HD Advisor 1.0 - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: Banner Designer Pro v4.0 - (.Banner Designer Pro v4.0.) [HKLM]

O42 - Logiciel: CCleaner - (.Piriform.) [HKLM]

O42 - Logiciel: Calcul de Résistances 2.1 - (.Thomas et Mathieu DUBAËLE (Atlence.com).) [HKLM]

O42 - Logiciel: Catalyst Control Center - Branding - (.ATI.) [HKLM]

O42 - Logiciel: CloneSpy 2.51 - (.CloneSpy.) [HKLM]

O42 - Logiciel: Cobian Backup 9 - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: Combined Community Codec Pack 2007-07-22 - (.CCCP Project.) [HKLM]

O42 - Logiciel: Configuration DivX - (.DivX, Inc. .) [HKLM]

O42 - Logiciel: ConvertXtoDVD 4.0.10.324 - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: CoreAVC Pro 1.5.0.0 - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2 - (.Fengtao Software Inc..) [HKLM]

O42 - Logiciel: Defraggler - (.Piriform.) [HKLM]

O42 - Logiciel: DivX Converter - (.DivX, Inc..) [HKLM]

O42 - Logiciel: DivX Plus DirectShow Filters - (.DivX, Inc..) [HKLM]

O42 - Logiciel: Dr. DivX Trial - (.DivXNetworks, Inc..) [HKLM]

O42 - Logiciel: Détection de l'application Winamp - (.Nullsoft, Inc.) [HKCU]

O42 - Logiciel: ESET Antivirus License Finder (MiNODLogin) - (.GuillerSoft.) [HKLM]

O42 - Logiciel: FileZilla Client 3.3.2.1 - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: Glary Utilities 2.13.0.686 - (.Glarysoft Ltd.) [HKLM]

O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM]

O42 - Logiciel: Google Earth - (.Google.) [HKLM]

O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Hotfix for Windows XP (KB976002-v5) - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: ImageDupeless - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: IrfanView (remove only) - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: IsoBuster 2.7 - (.Smart Projects.) [HKLM]

O42 - Logiciel: Japanese Fonts Support For Adobe Reader 9 - (.Adobe Systems Incorporated.) [HKLM]

O42 - Logiciel: Java 6 Update 20 - (.Sun Microsystems, Inc..) [HKLM]

O42 - Logiciel: Korean Fonts Support For Adobe Reader 9 - (.Adobe Systems Incorporated.) [HKLM]

O42 - Logiciel: La nuit des sacrifies - (.Frogwares.) [HKLM]

O42 - Logiciel: Live Media Plugin (Todae) - (.Todae.fr.) [HKLM]

O42 - Logiciel: Lizardtech DjVu Control (autoinstall) - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: Logitech Gaming Software 5.04 - (.Logitech.) [HKLM]

O42 - Logiciel: Loyers - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: MMANA-GAL 1.2 - (.GAL-ANT.) [HKLM]

O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM]

O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM]

O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Microsoft.) [HKLM]

O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB979906) - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft AutoRoute 2007 avec récepteur GPS - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Corporation - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Corporation - (.Microsoft Visual C++ 2005 CRT Redistributable.) [HKLM]

O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft LifeCam - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft National Language Support Downlevel APIs - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Office XP Professional avec FrontPage - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Publisher 2002 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Microsoft Windows Media Video 9 VCM - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Nero 9 - (.Nero AG.) [HKLM]

O42 - Logiciel: Nero BackItUp 4 - (.Nero AG.) [HKLM]

O42 - Logiciel: Nero MediaHome 4 - (.Nero AG.) [HKLM]

O42 - Logiciel: On2 VP7 Personal Edition - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: PC Inspector File Recovery - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: PC Probe II - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: PDFCreator - (.Frank Heindörfer, Philip Chinery.) [HKLM]

O42 - Logiciel: PowerISO - (.PowerISO Computing, Inc..) [HKLM]

O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM]

O42 - Logiciel: R-Studio 4.2 - (.R-Tools Technology Inc..) [HKLM]

O42 - Logiciel: Real Alternative 1.60 Lite - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: RealSpeak Solo pour la voix francaise Virginie - (.Nuance.) [HKLM]

O42 - Logiciel: RegRun Reanimator - (.Greatis Software, LLC..) [HKLM]

O42 - Logiciel: Revo Uninstaller 1.88 - (.VS Revo Group.) [HKLM]

O42 - Logiciel: River Past DirectShow Detective - (.River Past.) [HKLM]

O42 - Logiciel: SAMSUNG Mobile Composite Device Software - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: SAMSUNG Mobile Modem Driver Set - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: SAMSUNG Mobile USB Modem 1.0 Software - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: SAMSUNG Mobile USB Modem Software - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: Samsung Mobile phone USB driver Software - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: Samsung PC Studio 3 - (.Samsung Electronics Co., Ltd..) [HKLM]

O42 - Logiciel: Samsung PC Studio 3 USB Driver Installer - (.Samsung Electronics Co., Ltd..) [HKLM]

O42 - Logiciel: SeaTools for Windows - (.Seagate Technology.) [HKLM]

O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM]

O42 - Logiciel: SimpliBourse 2 - (.Cornu Nicolas.) [HKLM]

O42 - Logiciel: SpeedFan (remove only) - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: Spelling Dictionaries Support For Adobe Reader 9 - (.Adobe Systems Incorporated.) [HKLM]

O42 - Logiciel: SpywareBlaster 4.3 - (.Javacool Software LLC.) [HKLM]

O42 - Logiciel: System Requirements Lab - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: TomTom HOME 2.7.4.1962 - (.TomTom.) [HKLM]

O42 - Logiciel: TomTom HOME Visual Studio Merge Modules - (.TomTom International B.V..) [HKLM]

O42 - Logiciel: UnHackMe 5.95 release - (.Greatis Software, LLC..) [HKLM]

O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: VC80CRTRedist - 8.0.50727.4053 - (.DivX, Inc.) [HKLM]

O42 - Logiciel: VLC media player 1.1.2 - (.VideoLAN.) [HKLM]

O42 - Logiciel: VirtualCloneDrive - (.Elaborate Bytes.) [HKLM]

O42 - Logiciel: VirtualDubMOD 1.5.10.3 Fr - (.Trad-Fr.) [HKLM]

O42 - Logiciel: Visual C++ 2008 x86 Runtime - (v9.0.30729) - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Visual C++ 2008 x86 Runtime - v9.0.30729.01 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Winamp - (.Nullsoft, Inc.) [HKLM]

O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Windows Media Format 11 runtime - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: Windows Presentation Foundation - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Windows XP Service Pack 3 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: XML Paper Specification Shared Components Language Pack 1.0 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: XML Paper Specification Shared Components Pack 1.0 - (.Microsoft Corporation.) [HKLM]

O42 - Logiciel: Xilisoft DVD Ripper 4 - (.Xilisoft.) [HKLM]

O42 - Logiciel: XnView 1.97 - (.Gougelet Pierre-e.) [HKLM]

O42 - Logiciel: Yagi Calculator Version 2.3.3 - (.John Drew.) [HKLM]

O42 - Logiciel: e-COMO - (.Pas de propriétaire.) [HKLM]

O42 - Logiciel: neroxml - (.Nero AG.) [HKLM]

 

---\\ HKCU & HKLM Software Keys

[HKCU\Software\3ivx]

[HKCU\Software\?? ?? ???? ????? ??? ?? ????]

[HKCU\Software\AMIJ]

[HKCU\Software\ASProtect]

[HKCU\Software\ASUS]

[HKCU\Software\ATI]

[HKCU\Software\Acala DivX to iPod]

[HKCU\Software\Ad-Remover]

[HKCU\Software\Adobe]

[HKCU\Software\Ahead]

[HKCU\Software\Analog Devices]

[HKCU\Software\AppDataLow\Software\Adobe]

[HKCU\Software\AppDataLow\Software\Macromedia]

[HKCU\Software\AppDataLow\Software]

[HKCU\Software\AppDataLow]

[HKCU\Software\Apple Computer, Inc.]

[HKCU\Software\Auslogics]

[HKCU\Software\Autodesk, Inc.]

[HKCU\Software\Autodesk]

[HKCU\Software\BinTube]

[HKCU\Software\Borland]

[HKCU\Software\CDDB]

[HKCU\Software\CDisplay]

[HKCU\Software\CITY_INTERACTIVE]

[HKCU\Software\Classes]

[HKCU\Software\CoreCodec]

[HKCU\Software\Cyberlink]

[HKCU\Software\DScaler5]

[HKCU\Software\DVD Decrypter]

[HKCU\Software\DVDAuthor2]

[HKCU\Software\DVDAuthorPro]

[HKCU\Software\DVDFab]

[HKCU\Software\Digital River]

[HKCU\Software\DivXNetworks]

[HKCU\Software\DivX]

[HKCU\Software\DreamCatcher]

[HKCU\Software\EGOSOFT]

[HKCU\Software\EPSON]

[HKCU\Software\Elaborate Bytes]

[HKCU\Software\Elcom]

[HKCU\Software\Eset]

[HKCU\Software\Freeware]

[HKCU\Software\Future Pinball]

[HKCU\Software\GNU]

[HKCU\Software\GSpot Appliance Corp]

[HKCU\Software\Gabest]

[HKCU\Software\GameHouse]

[HKCU\Software\GlarySoft]

[HKCU\Software\Google]

[HKCU\Software\Greatis]

[HKCU\Software\HTS-BELOTE]

[HKCU\Software\HTS]

[HKCU\Software\Haali]

[HKCU\Software\IM Providers]

[HKCU\Software\ImageDupeless]

[HKCU\Software\Intel]

[HKCU\Software\JavaSoft]

[HKCU\Software\LC Technology]

[HKCU\Software\Lake]

[HKCU\Software\Lavasoft]

[HKCU\Software\Libnet]

[HKCU\Software\Licenses]

[HKCU\Software\Ligos]

[HKCU\Software\LizardTech]

[HKCU\Software\Local AppWizard-Generated Applications]

[HKCU\Software\Logitech]

[HKCU\Software\Macromedia]

[HKCU\Software\Mainconcept]

[HKCU\Software\Malwarebytes' Anti-Malware]

[HKCU\Software\Micro Application]

[HKCU\Software\Mirabilis]

[HKCU\Software\NOS]

[HKCU\Software\Nero]

[HKCU\Software\Netscape]

[HKCU\Software\ODBC]

[HKCU\Software\Opalium]

[HKCU\Software\PC Wizard]

[HKCU\Software\PDFCreator]

[HKCU\Software\Pegasus Imaging]

[HKCU\Software\Pegasys Inc.]

[HKCU\Software\Pinnacle Systems]

[HKCU\Software\Piriform]

[HKCU\Software\Policies]

[HKCU\Software\PowerISO]

[HKCU\Software\Protexis]

[HKCU\Software\R-TT]

[HKCU\Software\RealNetworks]

[HKCU\Software\Regrun]

[HKCU\Software\River Past]

[HKCU\Software\SEIKO EPSON]

[HKCU\Software\Samsung PC Studio]

[HKCU\Software\Samsung]

[HKCU\Software\SkillEmpire]

[HKCU\Software\SlySoft]

[HKCU\Software\Smart Panel]

[HKCU\Software\Smart Projects]

[HKCU\Software\Softonic]

[HKCU\Software\Softwrap]

[HKCU\Software\Sony Ericsson]

[HKCU\Software\SpeedFan]

[HKCU\Software\Steinberg Media Technologies]

[HKCU\Software\Streetwise Software]

[HKCU\Software\Sysinternals]

[HKCU\Software\Todae]

[HKCU\Software\TomTom]

[HKCU\Software\Trolltech]

[HKCU\Software\Ubi Soft]

[HKCU\Software\Ulead Systems]

[HKCU\Software\Uniscan]

[HKCU\Software\VB and VBA Program Settings]

[HKCU\Software\VFPlugin]

[HKCU\Software\VOB]

[HKCU\Software\VSO]

[HKCU\Software\VSRevoGroup]

[HKCU\Software\WDC]

[HKCU\Software\WinRAR SFX]

[HKCU\Software\WinRAR]

[HKCU\Software\Winamp]

[HKCU\Software\Xilisoft]

[HKCU\Software\XnView]

[HKCU\Software\YahooPartnerToolbar]

[HKCU\Software\eMule]

[HKCU\Software\etoro]

[HKCU\Software\keyhole.com]

[HKCU\Software\srac]

[HKLM\Software\ACE Compression Software]

[HKLM\Software\AGEIA Technologies]

[HKLM\Software\APC]

[HKLM\Software\ASUSTeK COMPUTER INC.]

[HKLM\Software\ASUS]

[HKLM\Software\ATI Technologies Inc.]

[HKLM\Software\ATI Technologies]

[HKLM\Software\ATI]

[HKLM\Software\Acorn]

[HKLM\Software\Adobe]

[HKLM\Software\America Online]

[HKLM\Software\Analog Devices]

[HKLM\Software\Andrea Electronics]

[HKLM\Software\AppDataLow]

[HKLM\Software\Apple Computer, Inc.]

[HKLM\Software\Apple Inc.]

[HKLM\Software\Apps TMD]

[HKLM\Software\Audible]

[HKLM\Software\Autodesk]

[HKLM\Software\BrowserChoice]

[HKLM\Software\C07ft5Y]

[HKLM\Software\CDDB]

[HKLM\Software\CDex]

[HKLM\Software\CDisplay 1.8.1.0 Fr]

[HKLM\Software\Classes]

[HKLM\Software\Clients]

[HKLM\Software\Cobian]

[HKLM\Software\Combined-Community-Codec-Pack]

[HKLM\Software\Convar Deutschland GmbH]

[HKLM\Software\CyberLink]

[HKLM\Software\DIOC]

[HKLM\Software\DVC150]

[HKLM\Software\DVD Decrypter 3.5.4.0 Fr]

[HKLM\Software\DVDFab]

[HKLM\Software\Dantz]

[HKLM\Software\Digital River]

[HKLM\Software\DivXNetworks]

[HKLM\Software\DivX]

[HKLM\Software\EPSON Photo Print]

[HKLM\Software\EPSON]

[HKLM\Software\ESET]

[HKLM\Software\Elaborate Bytes]

[HKLM\Software\Elcom]

[HKLM\Software\Ericsson]

[HKLM\Software\FAST Multimedia]

[HKLM\Software\FileZilla 3]

[HKLM\Software\Frogwares]

[HKLM\Software\GNU]

[HKLM\Software\Gabest]

[HKLM\Software\Gemplus]

[HKLM\Software\Google]

[HKLM\Software\Greatis]

[HKLM\Software\HaaliMkx]

[HKLM\Software\ImageMagick]

[HKLM\Software\InstallShield]

[HKLM\Software\InstalledOptions]

[HKLM\Software\Intel]

[HKLM\Software\JMICRON Technologies, Inc.]

[HKLM\Software\JavaSoft]

[HKLM\Software\Jodix]

[HKLM\Software\JreMetrics]

[HKLM\Software\Kodak]

[HKLM\Software\Lake]

[HKLM\Software\Les Vacances d'Hercule Poirot]

[HKLM\Software\Licenses]

[HKLM\Software\Ligos]

[HKLM\Software\LocalCooling]

[HKLM\Software\Logitech]

[HKLM\Software\MC2]

[HKLM\Software\MCCI]

[HKLM\Software\Macromedia]

[HKLM\Software\Marvell]

[HKLM\Software\Micro Application]

[HKLM\Software\MimarSinan]

[HKLM\Software\MovieBox USB]

[HKLM\Software\MozillaPlugins]

[HKLM\Software\Mozilla]

[HKLM\Software\NOS]

[HKLM\Software\Nero]

[HKLM\Software\NewSoft]

[HKLM\Software\Nullsoft]

[HKLM\Software\ODBC]

[HKLM\Software\On2 Technologies]

[HKLM\Software\PDFCreator]

[HKLM\Software\PandeGroup]

[HKLM\Software\Pegasus Imaging]

[HKLM\Software\PegasusImaging]

[HKLM\Software\Pegasys Inc.]

[HKLM\Software\PepiMK Software]

[HKLM\Software\Persits Software]

[HKLM\Software\Phonemonitor]

[HKLM\Software\Pinnacle Systems]

[HKLM\Software\Piriform]

[HKLM\Software\Policies]

[HKLM\Software\Program Groups]

[HKLM\Software\Protexis]

[HKLM\Software\Python]

[HKLM\Software\R-TT]

[HKLM\Software\RealAlternative]

[HKLM\Software\RealNetworks]

[HKLM\Software\Rebellion]

[HKLM\Software\ReflexiveArcade]

[HKLM\Software\RegisteredApplications]

[HKLM\Software\River Past]

[HKLM\Software\Runtime Software]

[HKLM\Software\S3R521]

[HKLM\Software\SEIKO EPSON CORP.]

[HKLM\Software\Safer Networking Limited]

[HKLM\Software\Samsung Electronics Co., Ltd.]

[HKLM\Software\Samsung]

[HKLM\Software\ScanSoft]

[HKLM\Software\Schlumberger]

[HKLM\Software\Secure]

[HKLM\Software\SlySoft]

[HKLM\Software\Smart Panel]

[HKLM\Software\SmartSound Software]

[HKLM\Software\SoftShape]

[HKLM\Software\Sony Ericsson]

[HKLM\Software\Srac]

[HKLM\Software\Staccato]

[HKLM\Software\Streetwise Software]

[HKLM\Software\SymNRT]

[HKLM\Software\TSS]

[HKLM\Software\Tag?s]

[HKLM\Software\Teleca]

[HKLM\Software\Todae]

[HKLM\Software\TomTom]

[HKLM\Software\Trad-FR]

[HKLM\Software\TrendMicro]

[HKLM\Software\Ulead Systems]

[HKLM\Software\VOB]

[HKLM\Software\VSO]

[HKLM\Software\VST]

[HKLM\Software\VideoLAN]

[HKLM\Software\Visioneer]

[HKLM\Software\WexTech Systems]

[HKLM\Software\Windows 3.1 Migration Status]

[HKLM\Software\ahead]

[HKLM\Software\mozilla.org]

[HKLM\Software\swearware]

 

 

---\\ Contenu des dossiers Program Files (O43)

O43 - CFD:Common File Directory ----D- C:\Program Files\Ad-Remover

O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe

O43 - CFD:Common File Directory ----D- C:\Program Files\AGEIA Technologies

O43 - CFD:Common File Directory ----D- C:\Program Files\Analog Devices

O43 - CFD:Common File Directory ----D- C:\Program Files\AnswerWorks 4.0

O43 - CFD:Common File Directory ----D- C:\Program Files\APC

O43 - CFD:Common File Directory ----D- C:\Program Files\Apple Software Update

O43 - CFD:Common File Directory ----D- C:\Program Files\Asus

O43 - CFD:Common File Directory ----D- C:\Program Files\ATI Technologies

O43 - CFD:Common File Directory ----D- C:\Program Files\Atlence

O43 - CFD:Common File Directory ----D- C:\Program Files\Auslogics

O43 - CFD:Common File Directory ----D- C:\Program Files\Autodesk

O43 - CFD:Common File Directory ----D- C:\Program Files\AviSynth 2.5

O43 - CFD:Common File Directory ----D- C:\Program Files\CCleaner

O43 - CFD:Common File Directory ----D- C:\Program Files\CloneSpy

O43 - CFD:Common File Directory ----D- C:\Program Files\Combined Community Codec Pack

O43 - CFD:Common File Directory ----D- C:\Program Files\ComPlus Applications

O43 - CFD:Common File Directory ----D- C:\Program Files\Cyberlink

O43 - CFD:Common File Directory ----D- C:\Program Files\Dantz

O43 - CFD:Common File Directory ----D- C:\Program Files\Digital Image Recovery

O43 - CFD:Common File Directory ----D- C:\Program Files\DivX

O43 - CFD:Common File Directory ----D- C:\Program Files\ElcomSoft

O43 - CFD:Common File Directory ----D- C:\Program Files\EPSON

O43 - CFD:Common File Directory ----D- C:\Program Files\ESET

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers communs

O43 - CFD:Common File Directory ----D- C:\Program Files\FileZilla Server

O43 - CFD:Common File Directory ----D- C:\Program Files\GameHouse

O43 - CFD:Common File Directory ----D- C:\Program Files\Glary Utilities

O43 - CFD:Common File Directory ----D- C:\Program Files\Google

O43 - CFD:Common File Directory ----D- C:\Program Files\ImageDupeless

O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information

O43 - CFD:Common File Directory ----D- C:\Program Files\Intel

O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer

O43 - CFD:Common File Directory ----D- C:\Program Files\IrfanView

O43 - CFD:Common File Directory ----D- C:\Program Files\Java

O43 - CFD:Common File Directory ----D- C:\Program Files\Lavasoft

O43 - CFD:Common File Directory ----D- C:\Program Files\Ligos

O43 - CFD:Common File Directory ----D- C:\Program Files\LizardTech

O43 - CFD:Common File Directory ----D- C:\Program Files\LocalCooling

O43 - CFD:Common File Directory ----D- C:\Program Files\Logitech

O43 - CFD:Common File Directory ----D- C:\Program Files\Loyers

O43 - CFD:Common File Directory ----D- C:\Program Files\Malwarebytes' Anti-Malware

O43 - CFD:Common File Directory ----D- C:\Program Files\Marvell

O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft

O43 - CFD:Common File Directory ----D- C:\Program Files\microsoft frontpage

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft LifeCam

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Silverlight

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Visual Studio

O43 - CFD:Common File Directory ----D- C:\Program Files\MMANA-GAL

O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker

O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild

O43 - CFD:Common File Directory ----D- C:\Program Files\MSN

O43 - CFD:Common File Directory ----D- C:\Program Files\MSN Gaming Zone

O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 4.0

O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 6.0

O43 - CFD:Common File Directory ----D- C:\Program Files\My Company Name

O43 - CFD:Common File Directory ----D- C:\Program Files\My-Tool

O43 - CFD:Common File Directory ----D- C:\Program Files\Navilog1

O43 - CFD:Common File Directory ----D- C:\Program Files\NetMeeting

O43 - CFD:Common File Directory ----D- C:\Program Files\On2 Technologies

O43 - CFD:Common File Directory ----D- C:\Program Files\Outlook Express

O43 - CFD:Common File Directory ----D- C:\Program Files\PC Inspector File Recovery

O43 - CFD:Common File Directory ----D- C:\Program Files\PC Wizard 2006

O43 - CFD:Common File Directory ----D- C:\Program Files\PDFCreator

O43 - CFD:Common File Directory ----D- C:\Program Files\Pinnacle

O43 - CFD:Common File Directory ----D- C:\Program Files\PowerISO

O43 - CFD:Common File Directory ----D- C:\Program Files\Pro Imaging Powertoys

O43 - CFD:Common File Directory ----D- C:\Program Files\QuickTime

O43 - CFD:Common File Directory ----D- C:\Program Files\Real Alternative

O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies

O43 - CFD:Common File Directory ----D- C:\Program Files\RescuePRO

O43 - CFD:Common File Directory ----D- C:\Program Files\Runtime Software

O43 - CFD:Common File Directory ----D- C:\Program Files\Samsung

O43 - CFD:Common File Directory ----D- C:\Program Files\Seagate

O43 - CFD:Common File Directory ----D- C:\Program Files\Services en ligne

O43 - CFD:Common File Directory ----D- C:\Program Files\Smart Panel

O43 - CFD:Common File Directory ----D- C:\Program Files\SmartSound Software

O43 - CFD:Common File Directory ----D- C:\Program Files\SMWLink3.0

O43 - CFD:Common File Directory ----D- C:\Program Files\SpeedFan

O43 - CFD:Common File Directory ----D- C:\Program Files\SpywareBlaster

O43 - CFD:Common File Directory ----D- C:\Program Files\Steinberg

O43 - CFD:Common File Directory ----D- C:\Program Files\SystemRequirementsLab

O43 - CFD:Common File Directory ----D- C:\Program Files\TomTom International B.V

O43 - CFD:Common File Directory ----D- C:\Program Files\Ubi Soft

O43 - CFD:Common File Directory ----D- C:\Program Files\Ubisoft

O43 - CFD:Common File Directory ----D- C:\Program Files\UnHackMe

O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information

O43 - CFD:Common File Directory ----D- C:\Program Files\uTorrent

O43 - CFD:Common File Directory ----D- C:\Program Files\VS Revo Group

O43 - CFD:Common File Directory ----D- C:\Program Files\VSO

O43 - CFD:Common File Directory ----D- C:\Program Files\WDC

O43 - CFD:Common File Directory ----D- C:\Program Files\Winamp

O43 - CFD:Common File Directory ----D- C:\Program Files\Winamp Detect

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live SkyDrive

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Connect 2

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Sidebar

O43 - CFD:Common File Directory --H-D- C:\Program Files\WindowsUpdate

O43 - CFD:Common File Directory ----D- C:\Program Files\WMV9_VCM

O43 - CFD:Common File Directory ----D- C:\Program Files\xerox

O43 - CFD:Common File Directory ----D- C:\Program Files\Yagi Calculator

O43 - CFD:Common File Directory ----D- C:\Program Files\ZHPDiag

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Adobe

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Apple

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\ATI Technologies

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Atlence

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Autodesk Shared

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Designer

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\DivX Shared

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\InstallShield

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Java

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Logitech

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Macromedia

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Microsoft Shared

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\MSSoap

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Nero

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\ODBC

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Python

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Real

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\River Past

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Services

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\SpeechEngines

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\System

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Teleca Shared

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Ulead Systems

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Windows Live

O43 - CFD:Common File Directory -SH-D- C:\Program Files\Fichiers Communs\WindowsLiveInstaller

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Wise Installation Wizard

 

 

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)

O44 - LFC:[MD5.00000000000000000000000000000000] - 05/08/2010 - 22:39:02 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\WindowsUpdate.log [1648057]

O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 05/08/2010 - 22:30:18 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system.ini [227]

O44 - LFC:[MD5.ED0E13160E5A05A13DB61BB6CDF3E61F] - 05/08/2010 - 22:30:18 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\win.ini [595]

O44 - LFC:[MD5.1FF9EBFC8AE9AA26DE33FA2118FCCCD1] - 05/08/2010 - 22:30:18 RSHA- . (.Pas de propriétaire - Pas de description.) -- C:\boot.ini [286]

O44 - LFC:[MD5.A55C23F1B7B505A64D6823DF10253D0E] - 05/08/2010 - 22:07:53 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\wpa.dbl [13646]

O44 - LFC:[MD5.0877AC09CAA217471589644C398FA572] - 05/08/2010 - 22:07:10 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\bootstat.dat [2048]

O44 - LFC:[MD5.001306824620682AF6C70BD582CC3CC6] - 05/08/2010 - 22:07:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\PARTIZAN.TXT [4034]

O44 - LFC:[MD5.7A2A74AA2768CCBA6AEB9DA10DFA19D4] - 05/08/2010 - 21:43:20 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Ad-Report-CLEAN[1].txt [2182]

O44 - LFC:[MD5.F9CE310E1E491A63A747891DDA1BF386] - 05/08/2010 - 20:10:22 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Ad-Report-SCAN[1].txt [1873]

O44 - LFC:[MD5.7C94333CED841061D3AD79CE7251A243] - 05/08/2010 - 20:02:55 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\lopR.txt [18771]

O44 - LFC:[MD5.7471C7946FAA4128771535C777B62990] - 05/08/2010 - 18:33:48 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\ZHPExportRegistry-05-08-2010-19-33-48.txt [52056]

O44 - LFC:[MD5.1A868DC368BAB9FCFCB0F62F97116F4B] - 05/08/2010 - 13:56:42 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\aaw7boot.log [33771]

O44 - LFC:[MD5.F08DBD8C48A168818A3DFC28929EE6B5] - 04/08/2010 - 23:06:39 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\AUTOEXEC.NT [1896]

O44 - LFC:[MD5.486E0B1BC94C346E5C352C295388C803] - 04/08/2010 - 23:06:39 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\CONFIG.NT [3072]

O44 - LFC:[MD5.81051BCC2CF1BEDF378224B0A93E2877] - 04/08/2010 - 23:06:39 RSHA- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\winstart.bat [2]

O44 - LFC:[MD5.E63D740A6D29F988D439A6B79D166E62] - 04/08/2010 - 23:04:20 ---A- . (.Greatis Software - Partizan - First Bootwatch Anti-Rootkit.) -- C:\WINDOWS\System32\Partizan.exe [37600]

O44 - LFC:[MD5.6DDCF3F801EC15FE698F6A215CF30A1F] - 04/08/2010 - 23:04:20 ---A- . (.Greatis Software - Partizan - Rootkit detector.) -- C:\WINDOWS\System32\drivers\Partizan.sys [35816]

O44 - LFC:[MD5.536D3D03DEA0872FB9F974F3ACCEE31A] - 04/08/2010 - 23:04:00 ---A- . (.Greatis Software, LLC. - UnHackMe Kernel Driver.) -- C:\WINDOWS\System32\drivers\UnHackMeDrv.sys [12808]

O44 - LFC:[MD5.98BA10E286AE71E6816B43FA96592EA4] - 04/08/2010 - 16:49:53 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\ComboFix.txt [18009]

O44 - LFC:[MD5.31F101E10A24A3061BB1C1FA271BEB28] - 04/08/2010 - 16:43:11 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Boot.bak [215]

O44 - LFC:[MD5.48C65662EC81FBCAA110509F50C51497] - 04/08/2010 - 16:43:09 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\cmldr [263488]

O44 - LFC:[MD5.C5EC72A20B4C98DB5314E6C46765B148] - 04/08/2010 - 16:40:55 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\MBR.exe [77312]

O44 - LFC:[MD5.F1FBA6185A6A2BC6456970914875078E] - 04/08/2010 - 16:40:52 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\PEV.exe [256512]

O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 04/08/2010 - 16:40:52 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\grep.exe [80412]

O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 04/08/2010 - 16:40:52 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\sed.exe [98816]

O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 04/08/2010 - 16:40:52 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\zip.exe [68096]

O44 - LFC:[MD5.01D95A1F8CF13D07CC564AABB36BCC0B] - 04/08/2010 - 16:40:52 ---A- . (.SteelWerX - Freeware implementation of REG.EXE.) -- C:\WINDOWS\SWREG.exe [161792]

O44 - LFC:[MD5.B7517DB073B28F5696A1E5528ABEB5D0] - 04/08/2010 - 16:40:52 ---A- . (.SteelWerX - Freeware implementation of SC.EXE.) -- C:\WINDOWS\SWSC.exe [136704]

O44 - LFC:[MD5.B1A9CF0B6F80611D31987C247EC630B4] - 04/08/2010 - 16:40:52 ---A- . (.SteelWerX - Freeware implementation of XCACLS.) -- C:\WINDOWS\SWXCACLS.exe [212480]

 

 

---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)

O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll

 

 

---\\ Export de clé d'application autorisée (ECAA) (O47)

O47 - AAKE:Key Export SP - "D:\program files\Pinnacle\Studio 10\programs\studio.exe" [Enabled] .(.Pinnacle Systems - Studio program file.) -- D:\program files\Pinnacle\Studio 10\programs\studio.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Asus\AsusUpdate\Update.exe" [Enabled] .(.ASUSTek Computer Inc. - ASUS Windows Platform Flash Program.) -- C:\Program Files\Asus\AsusUpdate\Update.exe

O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\javaw.exe" [Enabled] .(.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\WINDOWS\system32\javaw.exe

O47 - AAKE:Key Export SP - "D:\program files\adslTV\adsltv.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- D:\program files\adslTV\adsltv.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) (.not file.) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe

O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\sessmgr.exe" [Disabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) (.not file.) -- C:\WINDOWS\system32\sessmgr.exe

O47 - AAKE:Key Export SP - "D:\program files\nero\Nero MediaHome 4\NMMediaServerService.exe" [Enabled] .(.Nero AG - Nero MediaHome.) (.not file.) -- D:\program files\nero\Nero MediaHome 4\NMMediaServerService.exe

O47 - AAKE:Key Export SP - "D:\program files\VideoLAN\VLC\vlc.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- D:\program files\VideoLAN\VLC\vlc.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) (.not file.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Microsoft LifeCam\LifeCam.exe" [Enabled] .(.Microsoft Corporation - LifeCam.exe.) (.not file.) -- C:\Program Files\Microsoft LifeCam\LifeCam.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" [Enabled] .(.Microsoft Corporation - LifeEnC2.exe.) (.not file.) -- C:\Program Files\Microsoft LifeCam\LifeEnC2.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Microsoft LifeCam\LifeExp.exe" [Enabled] .(.Microsoft Corporation - LifeExp.exe.) (.not file.) -- C:\Program Files\Microsoft LifeCam\LifeExp.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Microsoft LifeCam\LifeTray.exe" [Enabled] .(.Microsoft Corporation - LifeTray.exe.) (.not file.) -- C:\Program Files\Microsoft LifeCam\LifeTray.exe

O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" [Enabled] .(.SEIKO EPSON CORPORATION - SAgent4.) (.not file.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.exe

O47 - AAKE:Key Export SP - "M:\www\xampp\xampp-control.exe" [Enabled] .(.Apache Friends - XAMPP: control center.) (.not file.) -- M:\www\xampp\xampp-control.exe

O47 - AAKE:Key Export SP - "M:\www\xampp\FileZillaFTP\FileZilla Server.exe" [Enabled] .(.FileZilla Project - FileZilla Server.) (.not file.) -- M:\www\xampp\FileZillaFTP\FileZilla Server.exe

O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe

O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe

O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

 

 

---\\ Déni du service (Local Security Authority) (LSA) (O48)

O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\System32\msv1_0.dll

O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l'Éditeur de configuration de sécurité Windows.) -- C:\WINDOWS\System32\scecli.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\System32\msv1_0.dll

 

 

---\\ Image File Execution Options (IFEO) (O50)

O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d

 

 

---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)

O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm

O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll

O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (.Ligos Corporation - Ligos Indeo® Video 3.2.) -- C:\WINDOWS\System32\ir32_32.dll

O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (.Ligos Corporation - Ligos Indeo® Video 3.2.) -- C:\WINDOWS\System32\ir32_32.dll

O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm

O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\System32\l3codeca.acm

O52 - TDSD: \Drivers32\"VIDC.MJPG"="Pvmjpg30.dll" . (.Pegasus Imaging Corporation - PICVideo M-JPEG 3 codec.) -- C:\WINDOWS\System32\Pvmjpg30.dll

O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Ligos Corporation - Ligos Indeo XP (Indeo® Video 5.2).) -- C:\WINDOWS\System32\ir50_32.dll

O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Ligos Corporation - Indeo® Audio Software.) -- C:\WINDOWS\system32\iac25_32.ax

O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\System32\ir41_32.ax

O52 - TDSD: \Drivers32\"vidc.VP70"="vp7vfw.dll" . (.On2.com - VP70 VIDEO FOR WINDOWS CODEC.) -- C:\WINDOWS\System32\vp7vfw.dll

O52 - TDSD: \Drivers32\"vidc.DIVX"="DivX.dll" . (.DivX, Inc. - DivX.) -- C:\WINDOWS\System32\DivX.dll

O52 - TDSD: \Drivers32\"vidc.yv12"="DivX.dll" . (.DivX, Inc. - DivX.) -- C:\WINDOWS\System32\DivX.dll

O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm

O52 - TDSD: \drivers.desc\"C:\WINDOWS\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\System32\l3codeca.acm

O52 - TDSD: \drivers.desc\"pvmjpg30.dll"="PICVideo 3 M-JPEG VfW Codec" . (.Pegasus Imaging Corporation - PICVideo M-JPEG 3 codec.) -- C:\WINDOWS\System32\pvmjpg30.dll

O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® Audio Software" . (.Ligos Corporation - Indeo® Audio Software.) -- C:\WINDOWS\system32\iac25_32.ax

O52 - TDSD: \drivers.desc\"iyvu9_32.dll"="Indeo® Video RAW YVU9" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\iyvu9_32.dll

O52 - TDSD: \drivers.desc\"tssoft32.acm"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm

O52 - TDSD: \drivers.desc\"iccvid.dll"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll

O52 - TDSD: \drivers.desc\"vp7vfw.dll"="vp7vfw.dll" . (.On2.com - VP70 VIDEO FOR WINDOWS CODEC.) -- C:\WINDOWS\System32\vp7vfw.dll

 

 

---\\ ShareTools MSconfig StartupReg (SMSR) (O53)

O53 - SMSR:HKLM\...\startupreg\Adobe Reader Speed Launcher [Key] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

O53 - SMSR:HKLM\...\startupreg\DivXUpdate [Key] . (.Pas de propriétaire - DivX Update.) -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

O53 - SMSR:HKLM\...\startupreg\IW_Drop_Icon [Key] . (.Pinnacle Systems GmbH. - InstantWrite Control Center.) -- C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe

O53 - SMSR:HKLM\...\startupreg\QuickTime Task [Key] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe

O53 - SMSR:HKLM\...\startupreg\Start WingMan Profiler [Key] . (.Logicool Co. Ltd. - Logicool WingMan Event Monitor.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe

O53 - SMSR:HKLM\...\startupreg\TomTomHOME.exe [Key] . (.TomTom - System Tray application for TomTom HOME.) -- d:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

 

 

---\\ Microsoft Control Security Providers (MCSP) (O54)

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll

 

 

---\\ Microsoft Windows Policies System (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=

O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "DisableRegistryTools"=0

 

 

---\\ Microsoft Windows Policies Explorer (MWPE) (O56)

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=323

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=67108863

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDrives"=0

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=67108863

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=323

O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=1

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDrives"=0

 

 

---\\ Liste des Drivers Système (SDL) (O58)

O58 - SDL:[MD5.EE97365199D656DDF3197FFDB091EADF] - 08/12/2006 - 16:06:00 R--A- . (.Analog Devices, Inc. - Analog Devices DTS Driver.) -- C:\WINDOWS\system32\drivers\adidts.sys

O58 - SDL:[MD5.0158F4027C0808FF65ED3B3D683339C9] - 16/01/2007 - 08:09:06 R--A- . (.Analog Devices, Inc. - High Definition Audio Function Driver.) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys

O58 - SDL:[MD5.358063AB6C1C4173B735525CDFA65F94] - 07/08/2006 - 05:57:30 R--A- . (.Andrea Electronics Corporation - Audio Noise Filtering Driver (32-bit).) -- C:\WINDOWS\system32\drivers\aeaudio.sys

O58 - SDL:[MD5.D48659BB24C48345D926ECB45C1EBDF5] - 13/08/2004 - 03:56:20 R--A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\WINDOWS\system32\drivers\ASACPI.sys

O58 - SDL:[MD5.4F9CBBF95E8F7A0D4C0EDCFE3B78102E] - 28/11/2003 - 18:34:40 ---A- . (.Pinnacle Systems GmbH - ASAPI.) -- C:\WINDOWS\system32\drivers\asapiW2k.sys

O58 - SDL:[MD5.310C1844D7B7144288196DCF19FF578C] - 19/10/2006 - 03:11:12 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\drivers\AsInsHelp32.sys

O58 - SDL:[MD5.51E2A3E5CE3F7D63845E06832E627F2D] - 19/10/2006 - 03:11:30 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\drivers\AsInsHelp64.sys

O58 - SDL:[MD5.19A1DAC5BC607C212E8A94C05886ED52] - 22/12/2005 - 03:22:18 R--A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\drivers\AsIO.sys

O58 - SDL:[MD5.54AB078660E536DA72B21A27F56B035B] - 21/11/2005 - 06:48:20 ---A- . (.Adaptec - ASPI for WIN32 Kernel Driver.) -- C:\WINDOWS\system32\drivers\ASPI32.SYS

O58 - SDL:[MD5.DE91D0D73C3E61E6826D98FAC2FAC729] - 27/04/2004 - 08:26:48 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\drivers\ASUSHWIO.SYS

O58 - SDL:[MD5.8763EDE3E0CD40F5C3450571AC57F205] - 26/02/2009 - 23:58:57 ---A- . (.ATI Technologies Inc. - ATI Radeon WindowsNT Miniport Driver.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys

O58 - SDL:[MD5.F5C2CCDB273A546E9C3A15250F1D9165] - 18/10/2005 - 15:01:00 ---A- . (.ASUSTeK COMPUTER INC. - ASUS Help driver For Keyboard Service..) -- C:\WINDOWS\system32\drivers\atkkbnt.sys

O58 - SDL:[MD5.6E996CF8459A2594E0E9609D0E34D41F] - 20/04/2009 - 16:30:03 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\drivers\atksgt.sys

O58 - SDL:[MD5.CE49F1969FEAAA89A67E06ECAD286D44] - 30/06/2006 - 11:38:00 ---A- . (.ASMT - Kernel-Mode Dll.) -- C:\WINDOWS\system32\drivers\Bravo_a_crystal.sys

O58 - SDL:[MD5.22AFC56DDA9325C8593E507F7D76D996] - 30/06/2006 - 11:35:00 ---A- . (.ASMT - Kernel-Mode Dll.) -- C:\WINDOWS\system32\drivers\Bravo_a_enriched.sys

O58 - SDL:[MD5.F0784AABF7C59DA003BAAA63F407FA4A] - 30/06/2006 - 11:37:00 ---A- . (.ASMT - Kernel-Mode Dll.) -- C:\WINDOWS\system32\drivers\Bravo_a_theater.sys

O58 - SDL:[MD5.9CD0409A86A8ECF32E0BC59D96B87010] - 30/06/2006 - 11:36:00 ---A- . (.ASMT - Kernel-Mode Dll.) -- C:\WINDOWS\system32\drivers\Bravo_a_vivid.sys

O58 - SDL:[MD5.3EB2F1D3D8550E8A4A543C5E52F3AAA7] - 30/06/2006 - 11:34:00 ---A- . (.ASMT - Kernel-Mode Dll.) -- C:\WINDOWS\system32\drivers\Bravo_n_crystal.sys

O58 - SDL:[MD5.F16B45867FCBF7BD402C09087CC60A3F] - 30/06/2006 - 11:31:00 ---A- . (.ASMT - Kernel-Mode Dll.) -- C:\WINDOWS\system32\drivers\Bravo_n_enriched.sys

O58 - SDL:[MD5.B99E46350C2AE5AF11EE22C82AF1B06D] - 30/06/2006 - 11:32:00 ---A- . (.ASMT - Kernel-Mode Dll.) -- C:\WINDOWS\system32\drivers\Bravo_n_theater.sys

O58 - SDL:[MD5.E2B7835429F02BBBA41E8CAE4E22BFBF] - 30/06/2006 - 11:28:00 ---A- . (.ASMT - Kernel-Mode Dll.) -- C:\WINDOWS\system32\drivers\Bravo_n_vivid.sys

O58 - SDL:[MD5.837EEF65AF62D4E8A37C41D3879F7274] - 02/02/2007 - 03:00:00 ---A- . (.Sonic Solutions - CDR4 CD and DVD Place Holder Driver (see PxHelp).) -- C:\WINDOWS\system32\drivers\cdr4_xp.sys

O58 - SDL:[MD5.579DA2F9F5401F55DAE2CF8779D61DFC] - 02/02/2007 - 03:00:00 ---A- . (.Sonic Solutions - CDRAL Place Holder Driver (see PxHelp).) -- C:\WINDOWS\system32\drivers\cdralw2k.sys

O58 - SDL:[MD5.1407BC5C00EA37B1BEF106C1A225FF6D] - 10/02/2005 - 11:55:08 ---A- . (.Pinnacle Systems GmbH - InstantWrite Driver.) -- C:\WINDOWS\system32\drivers\Cdrdrv.sys

O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 30/08/2002 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\drivers\cinemst2.sys

O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 30/08/2002 - 13:00:00 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys

O58 - SDL:[MD5.59D9E5DBCFEF1E0E3DBAC1B55C718F2D] - 06/02/2009 - 13:19:52 ---A- . (.ESET - Amon monitor.) -- C:\WINDOWS\system32\drivers\eamon.sys

O58 - SDL:[MD5.3BD67A869964BF57266CBBD1DCA38C6A] - 06/02/2009 - 13:23:18 ---A- . (.ESET - ESET Helper driver.) -- C:\WINDOWS\system32\drivers\ehdrv.sys

O58 - SDL:[MD5.0DAF3544804650526751C478AECCCE63] - 14/06/2006 - 06:56:00 R--A- . (.ASUSTeK Computer Inc. - ASUS Kernel Mode Driver for NT.) -- C:\WINDOWS\system32\drivers\EIO.sys

O58 - SDL:[MD5.075D91E4DE09A6F1EDE77C341803D454] - 26/12/2006 - 13:54:35 ---A- . (.SlySoft, Inc. - ElbyCDIO Filter Driver.) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys

O58 - SDL:[MD5.44996A2ADDD2DB7454F2CA40B67D8941] - 18/12/2009 - 23:25:12 ---A- . (.Elaborate Bytes AG - ElbyCD Windows NT/2000/XP I/O driver.) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys

O58 - SDL:[MD5.AA0AF2830FC14FFD7E80611614ECAC74] - 06/02/2009 - 13:24:24 ---A- . (.ESET - ESET Antivirus Network Redirector.) -- C:\WINDOWS\system32\drivers\epfwtdir.sys

O58 - SDL:[MD5.52ADA45F60D6382C9B3C52826CDB9D26] - 06/05/2007 - 00:30:36 ---A- . (.Sony Ericsson Mobile Communications - Gordon's Gate USB Driver.) -- C:\WINDOWS\system32\drivers\ggsemc.sys

O58 - SDL:[MD5.D64A40B94602158E40527AE95E7A9193] - 05/11/2004 - 10:08:06 ---A- . (.Aladdin Knowledge Systems Ltd. - Hardlock Device Driver for Windows NT.) -- C:\WINDOWS\system32\drivers\hardlock.sys

O58 - SDL:[MD5.C995C0E8B4503FAC38793BB0236AD246] - 07/02/2006 - 12:52:58 R--A- . (.JMicron - SCSI Port upper filter driver.) -- C:\WINDOWS\system32\drivers\JGOGO.sys

O58 - SDL:[MD5.F561C67E8E9C598051D4F83296FD1201] - 05/07/2006 - 13:55:58 R--A- . (.JMicron Technology Corp. - JMicron JR036X RAID Driver.) -- C:\WINDOWS\system32\drivers\jraid.sys

O58 - SDL:[MD5.53D606019BB0F0C6B3E6EC9D2E0F7622] - 03/06/2005 - 12:46:32 R--A- . (.MCCI - Sony Ericsson 600i Driver.) -- C:\WINDOWS\system32\drivers\k600bus.sys

O58 - SDL:[MD5.FF34C0A8B82D1978E10F3513659BFEAE] - 03/06/2005 - 12:46:32 R--A- . (.MCCI - Windows 98/98SE/ME support functions.) -- C:\WINDOWS\system32\drivers\k600cm95.sys

O58 - SDL:[MD5.72315EFA8E1013FD70709FD16E995AF0] - 03/06/2005 - 12:46:34 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\k600cmnt.sys

O58 - SDL:[MD5.FF76FA33CF9BEA7CC7404AFDC2AEA1C8] - 03/06/2005 - 12:46:34 R--A- . (.MCCI - WDM class registry.) -- C:\WINDOWS\system32\drivers\k600cr.sys

O58 - SDL:[MD5.C0D81F66557847BBB7F5B9980BC2EA2E] - 03/06/2005 - 12:46:36 R--A- . (.MCCI - Sony Ericsson 600i USB WMC Modem Filter Driver.) -- C:\WINDOWS\system32\drivers\k600mdfl.sys

O58 - SDL:[MD5.646900B2921BAD4757B427D2D328EC96] - 03/06/2005 - 12:46:36 R--A- . (.MCCI - Sony Ericsson 600i USB WMC Modem WDM Driver.) -- C:\WINDOWS\system32\drivers\k600mdm.sys

O58 - SDL:[MD5.3990320CFEF38B038C012029257E2300] - 03/06/2005 - 12:46:40 R--A- . (.MCCI - Sony Ericsson 600i USB WMC Device Management Driver.) -- C:\WINDOWS\system32\drivers\k600mgmt.sys

O58 - SDL:[MD5.1578CB8176D08CC4D3DBE094C62FC236] - 03/06/2005 - 12:46:40 R--A- . (.MCCI - Sony Ericsson 600i USB WMC OBEX Interface Device Driver.) -- C:\WINDOWS\system32\drivers\k600obex.sys

O58 - SDL:[MD5.7A6EAB94B7926F405E7B92B38017EFB7] - 03/06/2005 - 12:46:48 R--A- . (.MCCI - Windows 98/98SE/ME support functions.) -- C:\WINDOWS\system32\drivers\k600wh95.sys

O58 - SDL:[MD5.CF2684B3684A2983F95A94F5F84DE6C3] - 03/06/2005 - 12:46:50 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\k600whnt.sys

O58 - SDL:[MD5.FE8300320281D658A7854D5CFC02A63F] - 03/06/2005 - 12:46:52 R--A- . (.MCCI - Sony Ericsson 750 Driver.) -- C:\WINDOWS\system32\drivers\k750bus.sys

O58 - SDL:[MD5.594613F4B2E18F5EF24B2148BB699265] - 03/06/2005 - 12:46:54 R--A- . (.MCCI - Windows 98/98SE/ME support functions.) -- C:\WINDOWS\system32\drivers\k750cm95.sys

O58 - SDL:[MD5.8C2B0E77E85902EB75BB84A8161474F6] - 03/06/2005 - 12:46:54 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\k750cmnt.sys

O58 - SDL:[MD5.DC2346C10039EE89CE689E63C173BC4F] - 03/06/2005 - 12:46:56 R--A- . (.MCCI - WDM class registry.) -- C:\WINDOWS\system32\drivers\k750cr.sys

O58 - SDL:[MD5.F44521F63C0C00364FA3D59DB980DE6A] - 03/06/2005 - 12:46:58 R--A- . (.MCCI - Sony Ericsson 750 USB WMC Modem Filter Driver.) -- C:\WINDOWS\system32\drivers\k750mdfl.sys

O58 - SDL:[MD5.E93323C3ED5E8923A177740A973C27B2] - 03/06/2005 - 12:47:00 R--A- . (.MCCI - Sony Ericsson 750 USB WMC Modem WDM Driver.) -- C:\WINDOWS\system32\drivers\k750mdm.sys

O58 - SDL:[MD5.9D5F5A70CA0B7C428EFCD73DB50E6AC7] - 03/06/2005 - 12:47:04 R--A- . (.MCCI - Sony Ericsson 750 USB WMC Device Management Driver.) -- C:\WINDOWS\system32\drivers\k750mgmt.sys

O58 - SDL:[MD5.81CA2D57B2C14F76F4BA80846784BB3D] - 03/06/2005 - 12:47:06 R--A- . (.MCCI - Sony Ericsson 750 USB WMC OBEX Interface Device Driver.) -- C:\WINDOWS\system32\drivers\k750obex.sys

O58 - SDL:[MD5.4790F9D4BB512A03C3967FB4E576D0FB] - 03/06/2005 - 12:47:14 R--A- . (.MCCI - Windows 98/98SE/ME support functions.) -- C:\WINDOWS\system32\drivers\k750wh95.sys

O58 - SDL:[MD5.A03516D5C5FB064835DFF8FD1C251E5D] - 03/06/2005 - 12:47:14 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\k750whnt.sys

O58 - SDL:[MD5.975B6CF65F44E95883F3855BAE8CECAF] - 20/04/2009 - 16:30:02 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\drivers\lirsgt.sys

O58 - SDL:[MD5.269C14D512B74CC28D2812FF7D1EB066] - 02/06/2005 - 19:28:38 ---A- . (.Pinnacle Systems GmbH - Pinnacle Marvin Discrete Bus Enumerator.) -- C:\WINDOWS\system32\drivers\MarvinBus.sys

O58 - SDL:[MD5.67B48A903430C6D4FB58CBACA1866601] - 29/04/2010 - 14:39:26 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbam.sys

O58 - SDL:[MD5.C7DD7D9739785BD3A6B8499EEC1DEE7E] - 29/04/2010 - 14:39:38 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 30/08/2002 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\nikedrv.sys

O58 - SDL:[MD5.6DDCF3F801EC15FE698F6A215CF30A1F] - 05/08/2010 - 23:04:20 ---A- . (.Greatis Software - Partizan - Rootkit detector.) -- C:\WINDOWS\system32\drivers\Partizan.sys

O58 - SDL:[MD5.1BEBE7DE8508A02650CDCE45C664C2A2] - 09/02/2005 - 12:59:00 ---A- . (.Pinnacle Systems GmbH - PCLEPCI.) -- C:\WINDOWS\system32\drivers\Pclepci.sys

O58 - SDL:[MD5.5B6C11DE7E839C05248CED8825470FEF] - 15/09/2007 - 13:14:23 ---A- . (.VSO Software - low level access layer for CD/DVD/BD devices.) -- C:\WINDOWS\system32\drivers\pcouffin.sys

O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 30/08/2002 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys

O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 30/08/2002 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers\rio8drv.sys

O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 30/08/2002 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\riodrv.sys

O58 - SDL:[MD5.4019149E4E296072831C8855605D9FDC] - 04/04/2010 - 21:12:02 ---A- . (.Sunbelt Software - Anti-Rootkit Engine.) -- C:\WINDOWS\system32\drivers\SBREDrv.sys

O58 - SDL:[MD5.16B1ABE7F3E35F21DAC57592B6C5D464] - 09/11/2009 - 04:21:18 ---A- . (.PowerISO Computing, Inc. - PowerISO Virtual Drive.) -- C:\WINDOWS\system32\drivers\scdemu.sys

O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/11/2007 - 11:25:54 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\secdrv.sys

O58 - SDL:[MD5.4C0D673281178CB496011A2E28571FC8] - 10/08/2005 - 13:44:04 ---A- . (.Protection Technology - StarForce Protection Environment Driver.) -- C:\WINDOWS\system32\drivers\sfdrv01.sys

O58 - SDL:[MD5.15BE2B5E4DC5B8623CF167720682ABC9] - 16/05/2005 - 14:20:39 ---A- . (.Protection Technology - StarForce Protection Helper Driver.) -- C:\WINDOWS\system32\drivers\sfhlp02.sys

O58 - SDL:[MD5.EFEBBC1D13FDB77A6AF4EDDFC7232EDF] - 10/08/2005 - 15:06:28 ---A- . (.Protection Technology - StarForce Protection Synchronization Driver.) -- C:\WINDOWS\system32\drivers\sfsync02.sys

O58 - SDL:[MD5.9245B33503E8CAB76E0BCB39F6C5CF3B] - 19/05/2003 - 09:16:00 ---A- . (.Standard Microsystems Corporation - Password Filter Driver.) -- C:\WINDOWS\system32\drivers\smscpswd.sys

O58 - SDL:[MD5.00000000000000000000000000000000] - 24/06/2007 - 02:50:35 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\drivers\sptd.sys

O58 - SDL:[MD5.14622AE81C72B08691EEDAABC1D4A129] - 02/05/2007 - 11:12:34 ---A- . (.MCCI Corporation - SAMSUNG Mobile USB Device II 1.0 Driver.) -- C:\WINDOWS\system32\drivers\ssm_bus.sys

O58 - SDL:[MD5.79B3761947FFDA77F2EF2225C1A1DFB1] - 02/05/2007 - 11:12:34 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\ssm_cm.sys

O58 - SDL:[MD5.79B3761947FFDA77F2EF2225C1A1DFB1] - 02/05/2007 - 11:12:34 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\ssm_cmnt.sys

O58 - SDL:[MD5.43EE5E9FDA61A5E0EAC4C1DE699E6E4D] - 02/05/2007 - 11:12:36 ---A- . (.MCCI Corporation - SAMSUNG Mobile USB Modem II 1.0 Filter Driver.) -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys

O58 - SDL:[MD5.918CFD32C7FEB174F356A0A6FAD11F4B] - 02/05/2007 - 11:12:36 ---A- . (.MCCI Corporation - SAMSUNG Mobile USB Modem II 1.0 Driver.) -- C:\WINDOWS\system32\drivers\ssm_mdm.sys

O58 - SDL:[MD5.029711A9A56D300E1DC60EC65121403E] - 02/05/2007 - 11:12:36 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\ssm_wh.sys

O58 - SDL:[MD5.029711A9A56D300E1DC60EC65121403E] - 02/05/2007 - 11:12:36 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\ssm_whnt.sys

O58 - SDL:[MD5.306521935042FC0A6988D528643619B3] - 06/01/2009 - 18:52:17 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\drivers\StarOpen.sys

O58 - SDL:[MD5.DD9596C18818288845423C68F3F39800] - 08/02/2010 - 16:07:53 ---A- . (.Trend Micro Inc. - TrendMicro Common Module.) -- C:\WINDOWS\system32\drivers\tmcomm.sys

O58 - SDL:[MD5.D74A8EC75305F1D3CFDE7C7FC1BD62A9] - 30/08/2002 - 13:00:00 ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\drivers\tsbvcap.sys

O58 - SDL:[MD5.536D3D03DEA0872FB9F974F3ACCEE31A] - 07/07/2010 - 09:14:14 ---A- . (.Greatis Software, LLC. - UnHackMe Kernel Driver.) -- C:\WINDOWS\system32\drivers\UnHackMeDrv.sys

O58 - SDL:[MD5.D7ADD0AF8424300B160DA131D15C6DE4] - 03/06/2005 - 12:47:18 R--A- . (.MCCI - Sony Ericsson V800-Vodafone 802SE Driver.) -- C:\WINDOWS\system32\drivers\v800bus.sys

O58 - SDL:[MD5.B462F5329B20699F840388AAB69891CB] - 03/06/2005 - 12:47:18 R--A- . (.MCCI - Windows 98/98SE/ME support functions.) -- C:\WINDOWS\system32\drivers\v800cm95.sys

O58 - SDL:[MD5.ABC077C88F1E9E9751914EF215F89FCA] - 03/06/2005 - 12:47:20 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\v800cmnt.sys

O58 - SDL:[MD5.A8674B23D186AE918FF5699CD292C969] - 03/06/2005 - 12:47:22 R--A- . (.MCCI - WDM class registry.) -- C:\WINDOWS\system32\drivers\v800cr.sys

O58 - SDL:[MD5.7B314C7CE2065082D6E2D8BFAB7D93EC] - 03/06/2005 - 12:47:22 R--A- . (.MCCI - Sony Ericsson V800-Vodafone 802SE USB WMC Modem Filter Driver.) -- C:\WINDOWS\system32\drivers\v800mdfl.sys

O58 - SDL:[MD5.B2F9621B65D24E4522ADD5EE380F0CC8] - 03/06/2005 - 12:47:24 R--A- . (.MCCI - Sony Ericsson V800-Vodafone 802SE USB WMC Modem WDM Driver.) -- C:\WINDOWS\system32\drivers\v800mdm.sys

O58 - SDL:[MD5.83F8CCAD73507C1435FF2033A25FA036] - 03/06/2005 - 12:47:28 R--A- . (.MCCI - Sony Ericsson V800-Vodafone 802SE USB WMC Device Management Dri.) -- C:\WINDOWS\system32\drivers\v800mgmt.sys

O58 - SDL:[MD5.7D66F658563CF251DA0A8A6EE1494B00] - 03/06/2005 - 12:47:30 R--A- . (.MCCI - Sony Ericsson V800-Vodafone 802SE USB WMC OBEX Interface Device.) -- C:\WINDOWS\system32\drivers\v800obex.sys

O58 - SDL:[MD5.DE5CBBB25920E5108CAAB1273394EE7C] - 03/06/2005 - 12:47:38 R--A- . (.MCCI - Windows 98/98SE/ME support functions.) -- C:\WINDOWS\system32\drivers\v800wh95.sys

O58 - SDL:[MD5.FCD037DD25ECFF6B6DB16B54F85D38B8] - 03/06/2005 - 12:47:40 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\v800whnt.sys

O58 - SDL:[MD5.94D73B62E458FB56C9CE60AA96D914F9] - 09/08/2009 - 22:25:56 ---A- . (.Elaborate Bytes AG - VirtualCloneCD Driver.) -- C:\WINDOWS\system32\drivers\VClone.sys

O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 30/08/2002 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys

O58 - SDL:[MD5.705C36BC6E13FDB304486898D6D8512B] - 04/10/2001 - 11:53:16 ---A- . (.VOB Computersysteme GmbH - InstantWrite Driver.) -- C:\WINDOWS\system32\drivers\vobcom.sys

O58 - SDL:[MD5.1DD1D1E3C3FAE2BF7CE5ED2F71A356A1] - 01/09/2004 - 14:50:02 ---A- . (.Pinnacle Systems GmbH - InstantWrite File System Driver.) -- C:\WINDOWS\system32\drivers\vobIW.sys

O58 - SDL:[MD5.D9232C52E2C7B7CD26054A81310615FF] - 01/08/2005 - 12:46:40 R--A- . (.MCCI - Sony Ericsson W550 Driver.) -- C:\WINDOWS\system32\drivers\w550bus.sys

O58 - SDL:[MD5.50E2FA8FED1B79770C3660E2F225F5BC] - 01/08/2005 - 12:46:40 R--A- . (.MCCI - Windows 98/98SE/ME support functions.) -- C:\WINDOWS\system32\drivers\w550cm95.sys

O58 - SDL:[MD5.F17FFC0AACD871733C19777FD8450FB0] - 01/08/2005 - 12:46:42 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\w550cmnt.sys

O58 - SDL:[MD5.3C9EFBE26DF0A93A6583A1E0E03FF9E0] - 01/08/2005 - 12:46:42 R--A- . (.MCCI - WDM class registry.) -- C:\WINDOWS\system32\drivers\w550cr.sys

O58 - SDL:[MD5.8CF6AE2C9D08C6950912B28FD3AC19E4] - 01/08/2005 - 12:46:42 R--A- . (.MCCI - Sony Ericsson W550 USB WMC Modem Filter Driver.) -- C:\WINDOWS\system32\drivers\w550mdfl.sys

O58 - SDL:[MD5.73E2933110D3CF48EABC6265924D1B5F] - 01/08/2005 - 12:46:44 R--A- . (.MCCI - Sony Ericsson W550 USB WMC Modem WDM Driver.) -- C:\WINDOWS\system32\drivers\w550mdm.sys

O58 - SDL:[MD5.57843DC7584BD243688761939BC28177] - 01/08/2005 - 12:46:28 R--A- . (.MCCI - Sony Ericsson W550 USB WMC Device Management Driver.) -- C:\WINDOWS\system32\drivers\w550mgmt.sys

O58 - SDL:[MD5.46FE721A406EEBCB484FDF9C82A71CA2] - 01/08/2005 - 12:46:46 R--A- . (.MCCI - Sony Ericsson W550 USB WMC OBEX Interface Device Driver.) -- C:\WINDOWS\system32\drivers\w550obex.sys

O58 - SDL:[MD5.0392565B674F3555D72228EC019C7DB2] - 01/08/2005 - 12:46:50 R--A- . (.MCCI - Windows 98/98SE/ME support functions.) -- C:\WINDOWS\system32\drivers\w550wh95.sys

O58 - SDL:[MD5.6236738881BA5124EC88C227CDBBBC1B] - 01/08/2005 - 12:46:50 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\w550whnt.sys

O58 - SDL:[MD5.3286961F32BAA7D9F2D75B24EC3ED7E6] - 15/08/2005 - 14:04:54 R--A- . (.MCCI - Sony Ericsson W600 Driver.) -- C:\WINDOWS\system32\drivers\w600bus.sys

O58 - SDL:[MD5.C6E28C564B3A9C3EA9DBA202D0F33014] - 15/08/2005 - 14:04:54 R--A- . (.MCCI - Windows 98/98SE/ME support functions.) -- C:\WINDOWS\system32\drivers\w600cm95.sys

O58 - SDL:[MD5.86D4087CD97BBB75419CA4E4E5B0B5E2] - 15/08/2005 - 14:04:52 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\w600cmnt.sys

O58 - SDL:[MD5.A0B5E49DE530799B87102872C538764D] - 15/08/2005 - 14:04:50 R--A- . (.MCCI - WDM class registry.) -- C:\WINDOWS\system32\drivers\w600cr.sys

O58 - SDL:[MD5.E403D8BD711561530D5A81D7F0773C54] - 15/08/2005 - 14:04:50 R--A- . (.MCCI - Sony Ericsson W600 USB WMC Modem Filter Driver.) -- C:\WINDOWS\system32\drivers\w600mdfl.sys

O58 - SDL:[MD5.9E1AEA75BF144A8511B014757BA8A073] - 15/08/2005 - 14:04:48 R--A- . (.MCCI - Sony Ericsson W600 USB WMC Modem WDM Driver.) -- C:\WINDOWS\system32\drivers\w600mdm.sys

O58 - SDL:[MD5.805455D662A4652AF5D22C7EFEA90107] - 15/08/2005 - 14:04:44 R--A- . (.MCCI - Sony Ericsson W600 USB WMC Device Management Driver.) -- C:\WINDOWS\system32\drivers\w600mgmt.sys

O58 - SDL:[MD5.CF61F82C83FDF3F1EC9AB293E6523C5A] - 15/08/2005 - 14:04:42 R--A- . (.MCCI - Sony Ericsson W600 USB WMC OBEX Interface Device Driver.) -- C:\WINDOWS\system32\drivers\w600obex.sys

O58 - SDL:[MD5.7C3266D9779BA856AE84A5CEE973DC3A] - 15/08/2005 - 14:04:34 R--A- . (.MCCI - Windows 98/98SE/ME support functions.) -- C:\WINDOWS\system32\drivers\w600wh95.sys

O58 - SDL:[MD5.B55303C70D86FAD122997B72FCEB958A] - 15/08/2005 - 14:04:32 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\w600whnt.sys

O58 - SDL:[MD5.B8C182DF79AC8938311AC8E193D52762] - 07/09/2005 - 15:42:44 R--A- . (.MCCI - Sony Ericsson W800 Driver.) -- C:\WINDOWS\system32\drivers\w800bus.sys

O58 - SDL:[MD5.18492F18DDBE44C0277843EF2F1F651E] - 07/09/2005 - 15:42:46 R--A- . (.MCCI - Windows 98/98SE/ME support functions.) -- C:\WINDOWS\system32\drivers\w800cm95.sys

O58 - SDL:[MD5.774969D1AB0F281978B3743FEC1D0650] - 07/09/2005 - 15:42:46 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\w800cmnt.sys

O58 - SDL:[MD5.D1D75D46A2D12B18A1022923B30120D9] - 07/09/2005 - 15:42:46 R--A- . (.MCCI - WDM class registry.) -- C:\WINDOWS\system32\drivers\w800cr.sys

O58 - SDL:[MD5.3AF69F28C17E1E03BB894F00D905ADD8] - 07/09/2005 - 15:42:46 R--A- . (.MCCI - Sony Ericsson W800 USB WMC Modem Filter Driver.) -- C:\WINDOWS\system32\drivers\w800mdfl.sys

O58 - SDL:[MD5.0D12AFD1E1C95226B4268C1777625D05] - 07/09/2005 - 15:42:48 R--A- . (.MCCI - Sony Ericsson W800 USB WMC Modem WDM Driver.) -- C:\WINDOWS\system32\drivers\w800mdm.sys

O58 - SDL:[MD5.36AD2EB4A6376D08555864EB4CFD2508] - 07/09/2005 - 15:42:50 R--A- . (.MCCI - Sony Ericsson W800 USB WMC Device Management Driver.) -- C:\WINDOWS\system32\drivers\w800mgmt.sys

O58 - SDL:[MD5.7905915006FEBBF0F137AF36A3FD6429] - 07/09/2005 - 15:42:50 R--A- . (.MCCI - Sony Ericsson W800 USB WMC OBEX Interface Device Driver.) -- C:\WINDOWS\system32\drivers\w800obex.sys

O58 - SDL:[MD5.9B59C3433498F8B9EB9ECBCAE434CB45] - 07/09/2005 - 15:42:56 R--A- . (.MCCI - Windows 98/98SE/ME support functions.) -- C:\WINDOWS\system32\drivers\w800wh95.sys

O58 - SDL:[MD5.EF0E1D2BFF6DE8F2AF0103B6EC9955D0] - 07/09/2005 - 15:42:56 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\w800whnt.sys

O58 - SDL:[MD5.5E8B60606FC4173B69CDECD964F22D28] - 20/02/2006 - 16:59:28 R--A- . (.MCCI - Sony Ericsson W810 Driver Driver.) -- C:\WINDOWS\system32\drivers\w810bus.sys

O58 - SDL:[MD5.81144FEC069AEBDEB006BCBC8D9F4074] - 06/05/2007 - 23:55:47 ---A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\w810cm.sys

O58 - SDL:[MD5.85FBAB631D3624B0FAFE3BAE6D83FA99] - 20/02/2006 - 16:59:30 R--A- . (.MCCI - Windows 95/98/ME support functions.) -- C:\WINDOWS\system32\drivers\w810cm95.sys

O58 - SDL:[MD5.81144FEC069AEBDEB006BCBC8D9F4074] - 20/02/2006 - 16:59:28 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\w810cmnt.sys

O58 - SDL:[MD5.BC8D6761011373A04963EB4C98681C06] - 20/02/2006 - 16:59:26 R--A- . (.MCCI - WDM class registry.) -- C:\WINDOWS\system32\drivers\w810cr.sys

O58 - SDL:[MD5.C0CC4F5A3C58B4C07EC4A82A5AE24714] - 20/02/2006 - 16:59:32 R--A- . (.MCCI - Sony Ericsson W810 USB WMC Modem Filter Driver.) -- C:\WINDOWS\system32\drivers\w810mdfl.sys

O58 - SDL:[MD5.2AAFEEDC3BFE14419CBCE7CEEA59DD05] - 20/02/2006 - 16:59:34 R--A- . (.MCCI - Sony Ericsson W810 USB WMC Modem WDM Driver.) -- C:\WINDOWS\system32\drivers\w810mdm.sys

O58 - SDL:[MD5.B0037DB3F890D0FFCF7E35F356A435EC] - 20/02/2006 - 16:59:34 R--A- . (.MCCI - Sony Ericsson W810 USB WMC Device Management Driver.) -- C:\WINDOWS\system32\drivers\w810mgmt.sys

O58 - SDL:[MD5.BF609636068F17246F94B490C5812483] - 20/02/2006 - 16:59:36 R--A- . (.MCCI - Sony Ericsson W810 USB WMC OBEX Interface Device Driver.) -- C:\WINDOWS\system32\drivers\w810obex.sys

O58 - SDL:[MD5.77D236E2F152D8C3F137696CA4494466] - 06/05/2007 - 23:55:47 ---A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\w810wh.sys

O58 - SDL:[MD5.41363C88F0823FE024AEEEB8465A8B52] - 20/02/2006 - 16:59:40 R--A- . (.MCCI - Windows 95/98/ME support functions.) -- C:\WINDOWS\system32\drivers\w810wh95.sys

O58 - SDL:[MD5.77D236E2F152D8C3F137696CA4494466] - 20/02/2006 - 16:59:42 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\w810whnt.sys

O58 - SDL:[MD5.E3673EFE4201C86B1313E7EC7C1610F2] - 27/09/2005 - 09:34:10 R--A- . (.MCCI - Sony Ericsson 900i Driver.) -- C:\WINDOWS\system32\drivers\w900bus.sys

O58 - SDL:[MD5.9820DE5D48A58E85B3D4FEB921C1BA00] - 27/09/2005 - 09:34:12 R--A- . (.MCCI - Windows 98/98SE/ME support functions.) -- C:\WINDOWS\system32\drivers\w900cm95.sys

O58 - SDL:[MD5.0384B69C7D361AD97216C3BB646DECF8] - 27/09/2005 - 09:34:12 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\w900cmnt.sys

O58 - SDL:[MD5.BA8F7209579BB71539E71F198C153A16] - 27/09/2005 - 09:34:14 R--A- . (.MCCI - WDM class registry.) -- C:\WINDOWS\system32\drivers\w900cr.sys

O58 - SDL:[MD5.5E12E1A14EC2B30D194AE5F0DCF51E99] - 27/09/2005 - 09:34:16 R--A- . (.MCCI - Sony Ericsson 900i USB WMC Modem Filter Driver.) -- C:\WINDOWS\system32\drivers\w900mdfl.sys

O58 - SDL:[MD5.4B07902F1239B1AAC1922375143B7465] - 27/09/2005 - 09:34:18 R--A- . (.MCCI - Sony Ericsson 900i USB WMC Modem WDM Driver.) -- C:\WINDOWS\system32\drivers\w900mdm.sys

O58 - SDL:[MD5.B1B176032248B743875D56EC5D727E21] - 27/09/2005 - 09:34:24 R--A- . (.MCCI - Sony Ericsson 900i USB WMC Device Management Driver.) -- C:\WINDOWS\system32\drivers\w900mgmt.sys

O58 - SDL:[MD5.D938E852E96336AD9E872833E233098B] - 27/09/2005 - 09:34:26 R--A- . (.MCCI - Sony Ericsson 900i USB WMC OBEX Interface Device Driver.) -- C:\WINDOWS\system32\drivers\w900obex.sys

O58 - SDL:[MD5.E5D6754921C1BB7EFEAB7C8FC0A84B98] - 27/09/2005 - 09:34:34 R--A- . (.MCCI - Windows 98/98SE/ME support functions.) -- C:\WINDOWS\system32\drivers\w900wh95.sys

O58 - SDL:[MD5.0275505C4C33E5C247865B01D45C2B99] - 27/09/2005 - 09:34:36 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\w900whnt.sys

O58 - SDL:[MD5.59C90BC8317BD3F6E5559A4DEAF35090] - 13/01/2009 - 18:13:20 ---A- . (.Logicool Co. Ltd. - Logicool WingMan Virtual Bus Enumerator Driver.) -- C:\WINDOWS\system32\drivers\WmBEnum.sys

O58 - SDL:[MD5.999A4539AD634A741AFD357E290BD461] - 13/01/2009 - 18:13:28 ---A- . (.Logicool Co. Ltd. - Logicool WingMan Hid Filter Driver.) -- C:\WINDOWS\system32\drivers\WmFilter.sys

O58 - SDL:[MD5.0B8C64B13776F17537F0705FE62799C6] - 13/01/2009 - 18:13:44 ---A- . (.Logicool Co. Ltd. - Logicool WingMan Virtual Hid Device Driver.) -- C:\WINDOWS\system32\drivers\WmVirHid.sys

O58 - SDL:[MD5.8D388AEB1A12C1192AA9B4EBCEABCBA6] - 13/01/2009 - 18:13:52 ---A- . (.Logicool Co. Ltd. - Logicool WingMan Translation Driver.) -- C:\WINDOWS\system32\drivers\WmXlCore.sys

O58 - SDL:[MD5.4322C32CED8C4772E039616DCBF01D3F] - 06/12/2007 - 09:51:00 ---A- . (.Marvell - Miniport Driver for Marvell Yukon Ethernet Controller..) -- C:\WINDOWS\system32\drivers\yk51x86.sys

O58 - SDL:[MD5.8DAB07DDA1526827BB38DA7B988CB15E] - 03/06/2005 - 12:47:42 R--A- . (.MCCI - Sony Ericsson Driver.) -- C:\WINDOWS\system32\drivers\z3f2bus.sys

O58 - SDL:[MD5.39D911061E5F49C27404785D00650E9B] - 03/06/2005 - 12:47:42 R--A- . (.MCCI - Windows 95/98/ME support functions.) -- C:\WINDOWS\system32\drivers\z3f2cm95.sys

O58 - SDL:[MD5.DC5CA7DC334E44865EF89A0BF7410D3C] - 03/06/2005 - 12:47:42 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\z3f2cmnt.sys

O58 - SDL:[MD5.B29B390CAFF8F4D3E4C8637F3CFCFE81] - 03/06/2005 - 12:47:44 R--A- . (.MCCI - WDM class registry.) -- C:\WINDOWS\system32\drivers\z3f2cr.sys

O58 - SDL:[MD5.48EFFA7FB2E4EF1617BB8017CB745094] - 03/06/2005 - 12:47:46 R--A- . (.MCCI - Sony Ericsson USB WMC Modem Filter Driver.) -- C:\WINDOWS\system32\drivers\z3f2mdfl.sys

O58 - SDL:[MD5.900A1E03EC880DE37A478BD3EF53F884] - 03/06/2005 - 12:47:46 R--A- . (.MCCI - Sony Ericsson USB WMC Modem WDM Driver.) -- C:\WINDOWS\system32\drivers\z3f2mdm.sys

O58 - SDL:[MD5.2BED88B85BC1B19BA4AD5DEFF5DEACBA] - 03/06/2005 - 12:47:50 R--A- . (.MCCI - Sony Ericsson USB WMC Device Management Driver.) -- C:\WINDOWS\system32\drivers\z3f2mgmt.sys

O58 - SDL:[MD5.2FF5F28714C16F677650337B91F3E7B5] - 03/06/2005 - 12:47:50 R--A- . (.MCCI - Sony Ericsson USB WMC OBEX Interface Device Driver.) -- C:\WINDOWS\system32\drivers\z3f2obex.sys

O58 - SDL:[MD5.1EAA4649BA1C1CA39338F7FB882C2245] - 03/06/2005 - 12:48:00 R--A- . (.MCCI - Windows 95/98/ME support functions.) -- C:\WINDOWS\system32\drivers\z3f2wh95.sys

O58 - SDL:[MD5.3804C903C79125BA637648D543DE647F] - 03/06/2005 - 12:48:00 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\z3f2whnt.sys

O58 - SDL:[MD5.F0F412800D61BB5614FC567D272B4071] - 07/09/2005 - 15:42:56 R--A- . (.MCCI - Sony Ericsson 520 Driver.) -- C:\WINDOWS\system32\drivers\z520bus.sys

O58 - SDL:[MD5.C7F80E03146B4AE69CA3637CFA45C4F7] - 07/09/2005 - 15:42:58 R--A- . (.MCCI - Windows 98/98SE/ME support functions.) -- C:\WINDOWS\system32\drivers\z520cm95.sys

O58 - SDL:[MD5.759F8C115A79BB27027B828D9F68FD1A] - 07/09/2005 - 15:42:58 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\z520cmnt.sys

O58 - SDL:[MD5.E55859D932CCAA7368AB114311A07DFD] - 07/09/2005 - 15:42:58 R--A- . (.MCCI - WDM class registry.) -- C:\WINDOWS\system32\drivers\z520cr.sys

O58 - SDL:[MD5.C74E6F770617CD75A50BB655BAA37A87] - 07/09/2005 - 15:42:58 R--A- . (.MCCI - Sony Ericsson 520 USB WMC Modem Filter Driver.) -- C:\WINDOWS\system32\drivers\z520mdfl.sys

O58 - SDL:[MD5.C5897913D4CE3D851573B52C33055CB2] - 07/09/2005 - 15:43:00 R--A- . (.MCCI - Sony Ericsson 520 USB WMC Modem WDM Driver.) -- C:\WINDOWS\system32\drivers\z520mdm.sys

O58 - SDL:[MD5.0E9C6528BBE7B83CB179ADE881EAA38E] - 07/09/2005 - 15:43:02 R--A- . (.MCCI - Sony Ericsson 520 USB WMC Device Management Driver.) -- C:\WINDOWS\system32\drivers\z520mgmt.sys

O58 - SDL:[MD5.F69D28F2B6D6F4493E564549A2D9816B] - 07/09/2005 - 15:43:02 R--A- . (.MCCI - Sony Ericsson 520 USB WMC OBEX Interface Device Driver.) -- C:\WINDOWS\system32\drivers\z520obex.sys

O58 - SDL:[MD5.9D577AB16E1912C571D7006818BFF145] - 07/09/2005 - 15:43:08 R--A- . (.MCCI - Windows 98/98SE/ME support functions.) -- C:\WINDOWS\system32\drivers\z520wh95.sys

O58 - SDL:[MD5.31126608D29943618F25597568960D07] - 07/09/2005 - 15:43:08 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\z520whnt.sys

O58 - SDL:[MD5.C4E75E2C549137ED07FCC075A9767141] - 18/11/2005 - 12:26:28 R--A- . (.MCCI - Sony Ericsson Z800 Driver.) -- C:\WINDOWS\system32\drivers\z800bus.sys

O58 - SDL:[MD5.00C8F00E4754603570DD0C42A77B8D08] - 18/11/2005 - 12:26:28 R--A- . (.MCCI - Windows 98/98SE/ME support functions.) -- C:\WINDOWS\system32\drivers\z800cm95.sys

O58 - SDL:[MD5.D7DA6A936B8DF79A20A8289A7DAC017A] - 18/11/2005 - 12:26:26 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\z800cmnt.sys

O58 - SDL:[MD5.92CDC06EF91FCC4EA5D23DA324E93754] - 18/11/2005 - 12:26:24 R--A- . (.MCCI - WDM class registry.) -- C:\WINDOWS\system32\drivers\z800cr.sys

O58 - SDL:[MD5.DAA7CF523159946C635CEC73419EC408] - 18/11/2005 - 12:26:22 R--A- . (.MCCI - Sony Ericsson Z800 USB WMC Modem Filter Driver.) -- C:\WINDOWS\system32\drivers\z800mdfl.sys

O58 - SDL:[MD5.368E4BF66728848F66602F4CB95DC788] - 18/11/2005 - 12:26:20 R--A- . (.MCCI - Sony Ericsson Z800 USB WMC Modem WDM Driver.) -- C:\WINDOWS\system32\drivers\z800mdm.sys

O58 - SDL:[MD5.C902E1C9D12ECD6D5B73B0D10575341B] - 18/11/2005 - 12:26:12 R--A- . (.MCCI - Sony Ericsson Z800 USB WMC Device Management Driver.) -- C:\WINDOWS\system32\drivers\z800mgmt.sys

O58 - SDL:[MD5.3562D8FB0A2E254F304AB4BCBCA44CAB] - 18/11/2005 - 12:26:08 R--A- . (.MCCI - Sony Ericsson Z800 USB WMC OBEX Interface Device Driver.) -- C:\WINDOWS\system32\drivers\z800obex.sys

O58 - SDL:[MD5.1D306275FF0B1919BFF58B3AC9D6AA4C] - 18/11/2005 - 12:25:58 R--A- . (.MCCI - Windows 98/98SE/ME support functions.) -- C:\WINDOWS\system32\drivers\z800wh95.sys

O58 - SDL:[MD5.320C74622013992EF027B4D84170B164] - 18/11/2005 - 12:25:58 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\z800whnt.sys

O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 30/08/2002 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ansi.sys

O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 30/08/2002 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\country.sys

O58 - SDL:[MD5.4D9BD3A599C6A9C2B5922376F9F4D221] - 29/01/2008 - 23:24:48 RSH-- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\F12653EECC.sys

O58 - SDL:[MD5.77EBF3E9386DAA51551AF429052D88D0] - 03/04/1996 - 20:33:26 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\giveio.sys

O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 30/08/2002 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\himem.sys

O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 30/08/2002 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\key01.sys

O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 30/08/2002 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\keyboard.sys

O58 - SDL:[MD5.CACC7DB4CA4F58717280B67EC9BC2F64] - 08/05/2009 - 16:09:50 -SHA- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\KGyGaAvL.sys

O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 30/08/2002 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos.sys

O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 30/08/2002 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos404.sys

O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 30/08/2002 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos411.sys

O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 30/08/2002 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos412.sys

O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 30/08/2002 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos804.sys

O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 03/08/2004 - 22:45:26 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio.sys

O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 03/08/2004 - 22:45:16 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio404.sys

O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 03/08/2004 - 22:45:12 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio411.sys

O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 03/08/2004 - 22:45:16 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio412.sys

O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 03/08/2004 - 22:45:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio804.sys

O58 - SDL:[MD5.5D6401DB90EC81B71F8E2C5C8F0FEF23] - 24/09/2006 - 14:28:46 ---A- . (.Windows ® 2000 DDK provider - SpeedFan Device Driver.) -- C:\WINDOWS\system32\speedfan.sys

 

 

---\\ Liste des outils de nettoyage (LATC) (O63)

O63 - Logiciel: Ad-Remover By C_XX - (.C_XX.)

O63 - Logiciel: HijackThis 2.0.2 - (.TrendMicro.)

O63 - Logiciel: ZHPDiag 1.26 - (.Nicolas Coolman.)

O63 - Logiciel: Lop SD - (.AngelDark & Eric71.)

O63 - Logiciel: RSIT - (.random/random.)

 

 

---\\ Liste des services Legacy (LALS) (O64)

O64 - Services: CurCS - M:\www\xampp\apache\bin\httpd.exe - Apache2.2 (Apache2.2) .(.Apache Software Foundation - Apache HTTP Server.) - LEGACY_APACHE2.2

O64 - Services: CurCS - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe - APC UPS Service (APC UPS Service) .(.American Power Conversion Corporation - Battery backup management service.) - LEGACY_APC_UPS_SERVICE

O64 - Services: CurCS - C:\Windows\system32\drivers\AsIO.sys - AsIO (AsIO) .(.Pas de propriétaire - Pas de description.) - LEGACY_ASIO

O64 - Services: CurCS - C:\Windows\system32\drivers\aspi32.sys - Aspi32 (Aspi32) .(.Adaptec - ASPI for WIN32 Kernel Driver.) - LEGACY_ASPI32

O64 - Services: CurCS - C:\WINDOWS\system32\Ati2evxx.exe - Ati HotKey Poller (Ati HotKey Poller) .(.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - LEGACY_ATI_HOTKEY_POLLER

O64 - Services: CurCS - C:\WINDOWS\system32\ati2sgag.exe - ATI Smart (ATI Smart) .(.Pas de propriétaire - ATI Smart.) - LEGACY_ATI_SMART

O64 - Services: CurCS - C:\WINDOWS\ATKKBService.exe - ATK Keyboard Service (ATKKeyboardService) .(.ASUSTeK COMPUTER INC. - ASUS Keyboard Service.) - LEGACY_ATKKEYBOARDSERVICE

O64 - Services: CurCS - C:\Windows\system32\DRIVERS\atksgt.sys - atksgt (atksgt) .(.Pas de propriétaire - Pas de description.) - LEGACY_ATKSGT

O64 - Services: CurCS - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe - Autodesk Licensing Service (Autodesk Licensing Service) .(.Autodesk - System Level Service Utility.) - LEGACY_AUTODESK_LICENSING_SERVICE

O64 - Services: CurCS - (.not file.) - Lanceur de processus serveur DCOM (DcomLaunch) .(.Pas de propriétaire - Pas de description.) - LEGACY_DCOMLAUNCH

O64 - Services: CurCS - C:\Windows\system32\DRIVERS\eamon.sys - eamon (eamon) .(.ESET - Amon monitor.) - LEGACY_EAMON

O64 - Services: CurCS - C:\Windows\system32\DRIVERS\ehdrv.sys - ehdrv (ehdrv) .(.ESET - ESET Helper driver.) - LEGACY_EHDRV

O64 - Services: CurCS - C:\WINDOWS\system32\drivers\EIO.sys - EIO (EIO) .(.ASUSTeK Computer Inc. - ASUS Kernel Mode Driver for NT.) - LEGACY_EIO

O64 - Services: CurCS - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe - ESET Service (ekrn) .(.ESET - ESET Service.) - LEGACY_EKRN

O64 - Services: CurCS - C:\Windows\system32\Drivers\ElbyCDIO.sys - ElbyCDIO Driver (ElbyCDIO) .(.Elaborate Bytes AG - ElbyCD Windows NT/2000/XP I/O driver.) - LEGACY_ELBYCDIO

O64 - Services: CurCS - C:\Windows\system32\DRIVERS\epfwtdir.sys - epfwtdir (epfwtdir) .(.ESET - ESET Antivirus Network Redirector.) - LEGACY_EPFWTDIR

O64 - Services: CurCS - M:\www\xampp\FileZillaFTP\FileZilla server.exe - FileZilla Server (FileZilla Server) .(.FileZilla Project - FileZilla Server.) - LEGACY_FILEZILLA_SERVER

O64 - Services: CurCS - C:\Windows\system32\giveio.sys - giveio (giveio) .(.Pas de propriétaire - Pas de description.) - LEGACY_GIVEIO

O64 - Services: CurCS - C:\Program Files\Google\Update\GoogleUpdate.exe - Service Google Update (gupdate) (gupdate) .(.Google Inc. - Programme d'installation de Google.) - LEGACY_GUPDATE

O64 - Services: CurCS - C:\WINDOWS\system32\drivers\hardlock.sys - Hardlock (Hardlock) .(.Aladdin Knowledge Systems Ltd. - Hardlock Device Driver for Windows NT.) - LEGACY_HARDLOCK

O64 - Services: CurCS - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe - InstallDriver Table Manager (IDriverT) .(.Macrovision Corporation - IDriverT Module.) - LEGACY_IDRIVERT

O64 - Services: CurCS - C:\Program Files\Java\jre6\bin\jqs.exe - Java Quick Starter (JavaQuickStarterService) .(.Sun Microsystems, Inc. - Java Quick Starter Service.) - LEGACY_JAVAQUICKSTARTERSERVICE

O64 - Services: CurCS - C:\Windows\system32\DRIVERS\lirsgt.sys - lirsgt (lirsgt) .(.Pas de propriétaire - Pas de description.) - LEGACY_LIRSGT

O64 - Services: CurCS - (.not file.) - Gestionnaire de point de montage (MountMgr) .(.Pas de propriétaire - Pas de description.) - LEGACY_MOUNTMGR

O64 - Services: CurCS - (.not file.) - Mup (Mup) .(.Pas de propriétaire - Pas de description.) - LEGACY_MUP

O64 - Services: CurCS - (.not file.) - Pilote système NDIS (NDIS) .(.Pas de propriétaire - Pas de description.) - LEGACY_NDIS

O64 - Services: CurCS - D:\program files\nero\Nero MediaHome 4\NMMediaServerService.exe - Nero MediaHome 4 Service (NeroMediaHomeService.4) .(.Nero AG - Nero MediaHome.) - LEGACY_NEROMEDIAHOMESERVICE.4

O64 - Services: CurCS - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe - Nero BackItUp Scheduler 4.0 (Nero BackItUp Scheduler 4.0) .(.Nero AG - Nero BackItUp.) - LEGACY_NERO_BACKITUP_SCHEDULER_4.0

O64 - Services: CurCS - C:\Windows\system32\drivers\Partizan.sys - Partizan (Partizan) .(.Greatis Software - Partizan - Rootkit detector.) - LEGACY_PARTIZAN

O64 - Services: CurCS - (.not file.) - Gestionnaire de partition (PartMgr) .(.Pas de propriétaire - Pas de description.) - LEGACY_PARTMGR

O64 - Services: CurCS - C:\WINDOWS\system32\drivers\pclepci.sys - PCLEPCI (PCLEPCI) .(.Pinnacle Systems GmbH - PCLEPCI.) - LEGACY_PCLEPCI

O64 - Services: CurCS - D:\program files\nero\Nero BackItUp 4\IoctlSvc.exe - PLFlash DeviceIoControl Service (PLFlash DeviceIoControl Service) .(.Prolific Technology Inc. - PLFlash DeviceIoControl Service.) - LEGACY_PLFLASH_DEVICEIOCONTROL_SERVICE

O64 - Services: CurCS - (.not file.) - RDPNP (RDPNP) .(.Pas de propriétaire - Pas de description.) - LEGACY_RDPNP

O64 - Services: CurCS - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe - Retrospect WD Service (RetroWDSvc) .(.Dantz Development Corporation - Retrospect.) - LEGACY_RETROWDSVC

O64 - Services: CurCS - C:\Program Files\Cyberlink\Shared files\RichVideo.exe - Cyberlink RichVideo Service(CRVS) (RichVideo) .(.Pas de propriétaire - RichVideo Module.) - LEGACY_RICHVIDEO

O64 - Services: CurCS - (.not file.) - Appel de procédure distante (RPC) (RpcSs) .(.Pas de propriétaire - Pas de description.) - LEGACY_RPCSS

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\SCDEMU.sys - SCDEmu (SCDEmu) .(.PowerISO Computing, Inc. - PowerISO Virtual Drive.) - LEGACY_SCDEMU

O64 - Services: CurCS - C:\Windows\system32\DRIVERS\secdrv.sys - Secdrv (Secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV

O64 - Services: CurCS - C:\Windows\system32\drivers\sfdrv01.sys - StarForce Protection Environment Driver (version 1.x) (sfdrv01) .(.Protection Technology - StarForce Protection Environment Driver.) - LEGACY_SFDRV01

O64 - Services: CurCS - C:\Windows\system32\drivers\sfhlp02.sys - StarForce Protection Helper Driver (version 2.x) (sfhlp02) .(.Protection Technology - StarForce Protection Helper Driver.) - LEGACY_SFHLP02

O64 - Services: CurCS - C:\Windows\system32\drivers\sfsync02.sys - StarForce Protection Synchronization Driver (version 2.x) (sfsync02) .(.Protection Technology - StarForce Protection Synchronization Driver.) - LEGACY_SFSYNC02

O64 - Services: CurCS - C:\Windows\system32\speedfan.sys - speedfan (speedfan) .(.Windows ® 2000 DDK provider - SpeedFan Device Driver.) - LEGACY_SPEEDFAN

O64 - Services: CurCS - C:\Windows\system32\Drivers\sptd.sys - sptd (sptd) .(.Pas de propriétaire - Pas de description.) - LEGACY_SPTD

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\STAROPEN.sys - StarOpen (StarOpen) .(.Pas de propriétaire - Pas de description.) - LEGACY_STAROPEN

O64 - Services: CurCS - (.not file.) - Services Terminal Server (TermService) .(.Pas de propriétaire - Pas de description.) - LEGACY_TERMSERVICE

O64 - Services: CurCS - d:\Program Files\TomTom HOME 2\TomTomHOMEService.exe - TomTomHOMEService (TomTomHOMEService) .(.TomTom - Windows Service for TomTom HOME.) - LEGACY_TOMTOMHOMESERVICE

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\UNHACKMEDRV.sys - UnHackMeDrv (UnHackMeDrv) .(.Greatis Software, LLC. - UnHackMe Kernel Driver.) - LEGACY_UNHACKMEDRV

 

 

---\\ Liste des fichiers non signés (LUF) (O65)

O65 - LUF:25/05/2004 (.Pas de propriétaire - AC3Filter.) (1.01a) - c:\windows\system32\ac3filter.ax

O65 - LUF:10/01/2006 (.Pas de propriétaire - AsIO Dynamic Link Library.) (1, 0, 0, 1) - c:\windows\system32\AsIO.dll

O65 - LUF:25/02/2009 (.Pas de propriétaire - ATI Smart.) (5.13.0027) - c:\windows\system32\ati2sgag.exe

O65 - LUF:21/05/2007 (.Pas de propriétaire - csExWBDLMan Module.) (1, 0, 0, 1) - c:\windows\system32\csExWBDLMan.dll

O65 - LUF:30/09/1997 (.Pas de propriétaire - Reference Implementation.) (V1.1.FC1) - c:\windows\system32\LFFPX7.DLL

O65 - LUF:30/09/1997 (.Pas de propriétaire - Reference Implementation.) (V1.1.FC1) - c:\windows\system32\LFKODAK.DLL

O65 - LUF:25/11/2003 (.Pas de propriétaire - MACD32 Dynamic Link Library.) (1, 0, 0, 1) - c:\windows\system32\macd32.dll

O65 - LUF:25/11/2003 (.Pas de propriétaire - MAMC32 Dynamic Link Library.) (1, 0, 0, 1) - c:\windows\system32\mamc32.dll

O65 - LUF:28/11/2005 (.Pas de propriétaire - PC Wizard.) (2006, 1, 0, 0) - c:\windows\system32\PCWizard.cpl

O65 - LUF:11/03/2004 (.Pas de propriétaire - .) (1.0.0.63) - c:\windows\system32\PSDrvCheck.CHS

O65 - LUF:11/03/2004 (.Pas de propriétaire - .) (1.0.0.63) - c:\windows\system32\PSDrvCheck.CHT

O65 - LUF:10/11/2003 (.Pas de propriétaire - .) (1.0.0.63) - c:\windows\system32\PSDrvCheck.DE

O65 - LUF:11/03/2004 (.Pas de propriétaire - .) (1.0.0.63) - c:\windows\system32\PSDrvCheck.DEU

O65 - LUF:10/11/2003 (.Pas de propriétaire - .) (1.0.0.63) - c:\windows\system32\PSDrvCheck.ES

O65 - LUF:11/03/2004 (.Pas de propriétaire - .) (1.0.0.63) - c:\windows\system32\PSDrvCheck.ESP

O65 - LUF:11/03/2004 (.Pas de propriétaire - .) (1.0.0.63) - c:\windows\system32\PSDrvCheck.exe

O65 - LUF:10/11/2003 (.Pas de propriétaire - .) (1.0.0.63) - c:\windows\system32\PSDrvCheck.FR

O65 - LUF:11/03/2004 (.Pas de propriétaire - .) (1.0.0.63) - c:\windows\system32\PSDrvCheck.FRA

O65 - LUF:10/11/2003 (.Pas de propriétaire - .) (1.0.0.63) - c:\windows\system32\PSDrvCheck.IT

O65 - LUF:11/03/2004 (.Pas de propriétaire - .) (1.0.0.63) - c:\windows\system32\PSDrvCheck.ITA

O65 - LUF:10/11/2003 (.Pas de propriétaire - .) (1.0.0.63) - c:\windows\system32\PSDrvCheck.JP

O65 - LUF:11/03/2004 (.Pas de propriétaire - .) (1.0.0.63) - c:\windows\system32\PSDrvCheck.JPN

O65 - LUF:11/03/2004 (.Pas de propriétaire - .) (1.0.0.63) - c:\windows\system32\PSDrvCheck.KOR

O65 - LUF:10/11/2003 (.Pas de propriétaire - .) (1.0.0.63) - c:\windows\system32\PSDrvCheck.NL

O65 - LUF:11/03/2004 (.Pas de propriétaire - .) (1.0.0.63) - c:\windows\system32\PSDrvCheck.NLD

O65 - LUF:01/02/2005 (.Pas de propriétaire - skvctcpl.) (1, 0, 0, 1) - c:\windows\system32\skvctcp.cpl

O65 - LUF:13/06/2006 (.Pas de propriétaire - ZLib.DLL.) (1.1.4.1) - c:\windows\system32\zlib.dll

 

 

---\\ File Associations Shell Spawning (O67)

O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll

O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.com> <ComFile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe

O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe

O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)

O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)

O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll

O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.com> <ComFile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.html> <htmlfile>[HKCR\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe

O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe

 

 

---\\ Start Menu Internet (SMI) (O68)

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe

O68 - StartMenuInternet: <MSN Explorer> <>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - msn.) -- C:\Program Files\MSN\MSNCoreFiles\MSN6.exe

 

 

---\\ Search Browser Infection (SBI) (O69)

O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - Bing

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - () - Bing

O69 - SBI: SearchScopes [HKCU] {3A4AA391-42F1-42EF-8C0D-C2B0AF53D621} [DefaultScope] - (Google) - http://www.google.com

O69 - SBI: SearchScopes [HKCU] {C9053C71-3EAD-4C4B-A4AF-BB4F48E21FC1} - (Yahoo! Search) - Yahoo! Search - Recherche Web

O69 - SBI: SearchScopes [HKCU] {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} - (Winamp Search) - http://slirsredirect.search.aol.com

 

 

---\\ Search Master Boot Record Infection (MBR)(O80)

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover

Run by fifi at 06/08/2010 00:19:58

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys sptd.sys >>UNKNOWN [0x8AD047AC]<<

kernel: MBR read successfully

user & kernel MBR OK

 

 

---\\ Crack & Keygen Files (CKF) (O82)

 

 

 

---\\ Recherche des services démarrés par Svchost (SSS) (O83)

O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\appmgmts.dll [0]

O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\WINDOWS\System32\audiosrv.dll [42496]

O83 - Search Svchost Services: Browser (Browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\WINDOWS\System32\browser.dll [77824]

O83 - Search Svchost Services: CryptSvc (CryptSvc) . (.Microsoft Corporation - Cryptographic Services.) -- C:\WINDOWS\System32\cryptsvc.dll [62464]

O83 - Search Svchost Services: DMServer (DMServer) . (.Microsoft Corp. - DLL Service gestionnaire de disque logique.) -- C:\WINDOWS\System32\dmserver.dll [24576]

O83 - Search Svchost Services: DHCP (DHCP) . (.Microsoft Corporation - Service client DHCP.) -- C:\WINDOWS\System32\dhcpcsvc.dll [127488]

O83 - Search Svchost Services: ERSvc (ERSvc) . (.Microsoft Corporation - Windows Error Reporting Service.) -- C:\WINDOWS\System32\ersvc.dll [23040]

O83 - Search Svchost Services: EventSystem (EventSystem) . (.Microsoft Corporation - Pas de description.) -- C:\WINDOWS\System32\es.dll [253952]

O83 - Search Svchost Services: FastUserSwitchingCompatibility (FastUserSwitchingCompatibility) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\WINDOWS\System32\shsvcs.dll [135680]

O83 - Search Svchost Services: HidServ (HidServ) . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\hidserv.dll [0]

O83 - Search Svchost Services: LanmanServer (LanmanServer) . (.Microsoft Corporation - Server Service DLL.) -- C:\WINDOWS\System32\srvsvc.dll [96768]

O83 - Search Svchost Services: LanmanWorkstation (LanmanWorkstation) . (.Microsoft Corporation - Workstation Service DLL.) -- C:\WINDOWS\System32\wkssvc.dll [132096]

O83 - Search Svchost Services: Messenger (Messenger) . (.Microsoft Corporation - NT Messenger Service.) -- C:\WINDOWS\System32\msgsvc.dll [33792]

O83 - Search Svchost Services: Netman (Netman) . (.Microsoft Corporation - Gestionnaire de connexions réseau.) -- C:\WINDOWS\System32\netman.dll [198144]

O83 - Search Svchost Services: Nla (Nla) . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\System32\mswsock.dll [247808]

O83 - Search Svchost Services: Ntmssvc (Ntmssvc) . (.Microsoft Corporation - Gestionnaire de stockage amovible.) -- C:\WINDOWS\system32\ntmssvc.dll [438272]

O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\WINDOWS\System32\rasauto.dll [88576]

O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\WINDOWS\System32\rasmans.dll [186368]

O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\WINDOWS\System32\mprdim.dll [53248]

O83 - Search Svchost Services: Schedule (Schedule) . (.Microsoft Corporation - Moteur du Planificateur de tâches.) -- C:\WINDOWS\system32\schedsvc.dll [194560]

O83 - Search Svchost Services: Seclogon (Seclogon) . (.Microsoft Corporation - DLL de service d'ouverture de session secondaire.) -- C:\WINDOWS\System32\seclogon.dll [18944]

O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\WINDOWS\system32\sens.dll [39424]

O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Composants de l'application d'assistance à Microsoft NAT.) -- C:\WINDOWS\System32\ipnathlp.dll [332800]

O83 - Search Svchost Services: SRService (SRService) . (.Microsoft Corporation - Service de restauration du système.) -- C:\WINDOWS\system32\srsvc.dll [171520]

O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Serveur de téléphonie Microsoft® Windows.) -- C:\WINDOWS\System32\tapisrv.dll [249856]

O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\WINDOWS\System32\shsvcs.dll [135680]

O83 - Search Svchost Services: TrkWks (TrkWks) . (.Microsoft Corporation - Distributed Link Tracking Client.) -- C:\WINDOWS\system32\trkwks.dll [90112]

O83 - Search Svchost Services: W32Time (W32Time) . (.Microsoft Corporation - Service de temps Windows.) -- C:\WINDOWS\system32\w32time.dll [178176]

O83 - Search Svchost Services: WZCSVC (WZCSVC) . (.Microsoft Corporation - Service configuration automatique sans fil.) -- C:\WINDOWS\System32\wzcsvc.dll [483840]

O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\WINDOWS\system32\wbem\WMIsvc.dll [145408]

O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Service Terminal Server.) -- C:\WINDOWS\System32\termsrv.dll [297984]

O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update AutoUpdate Service.) -- C:\WINDOWS\system32\wuauserv.dll [6656]

O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Service de transfert intelligent en arrière-plan.) -- C:\WINDOWS\system32\qmgr.dll [409088]

O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\WINDOWS\System32\shsvcs.dll [135680]

O83 - Search Svchost Services: helpsvc (helpsvc) . (.Microsoft Corporation - Microsoft PCHealth Service Holder.) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400]

O83 - Search Svchost Services: xmlprov (xmlprov) . (.Microsoft Corporation - Network Provisioning Service.) -- C:\WINDOWS\System32\xmlprov.dll [129024]

O83 - Search Svchost Services: wscsvc (wscsvc) . (.Microsoft Corporation - Windows Security Center Service.) -- C:\WINDOWS\system32\wscsvc.dll [80896]

O83 - Search Svchost Services: WmdmPmSN (WmdmPmSN) . (.Microsoft Corporation - Microsoft Media Device Service Provider.) -- C:\WINDOWS\system32\MsPMSNSv.dll [27136]

O83 - Search Svchost Services: napagent (napagent) . (.Microsoft Corporation - Exécution du service Agent de quarantaine.) -- C:\WINDOWS\System32\qagentrt.dll [293376]

O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Service Gestion des clés.) -- C:\WINDOWS\System32\kmsvc.dll [61440]

 

 

 

End of the scan (1635 lines in 09mn 47s)(294)

tonosama Junior Member

tonosama

Posté(e)
  • Auteur
Posté(e)

salut pear !

 

voici le rapport combofix que tu m'a demandé :

 

ComboFix 10-08-06.01 - fifi 06/08/2010 19:22:51.3.2 - x86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.3007.2369 [GMT 2:00]

Lancé depuis: m:\fifi_ftp\outil_diag\ComboFix.exe

AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

* Un antivirus résident est actif

 

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\404Fix.exe

c:\windows\system32\Agent.OMZ.Fix.exe

c:\windows\system32\dumphive.exe

c:\windows\system32\IEDFix.C.exe

c:\windows\system32\IEDFix.exe

c:\windows\system32\o4Patch.exe

c:\windows\system32\Process.exe

c:\windows\system32\SrchSTS.exe

c:\windows\system32\tmp.reg

c:\windows\system32\VACFix.exe

c:\windows\system32\VCCLSID.exe

c:\windows\system32\WS2Fix.exe

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2010-07-06 au 2010-08-06 ))))))))))))))))))))))))))))))))))))

.

 

2010-08-05 19:05 . 2010-08-05 20:43 -------- d-----w- c:\program files\Ad-Remover

2010-08-05 18:11 . 2010-08-05 18:11 -------- d-----w- c:\program files\SpywareBlaster

2010-08-05 14:26 . 2010-08-05 23:21 -------- d-----w- c:\program files\ZHPDiag

2010-08-05 00:08 . 2010-08-05 00:08 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-08-05 00:08 . 2010-08-05 00:08 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe

2010-08-05 00:07 . 2010-08-05 00:07 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe

2010-08-04 22:06 . 2010-08-04 22:06 2 --shatr- c:\windows\winstart.bat

2010-08-04 22:04 . 2010-08-04 22:04 37600 ----a-w- c:\windows\system32\Partizan.exe

2010-08-04 22:04 . 2010-08-04 22:04 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys

2010-08-04 22:04 . 2010-07-07 08:14 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys

2010-08-04 22:03 . 2010-08-04 22:22 -------- d-----w- c:\program files\UnHackMe

2010-08-04 16:50 . 2010-08-04 16:50 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET

2010-08-04 13:16 . 2010-08-04 13:18 -------- d-----w- C:\rsit

2010-08-04 00:56 . 2010-08-04 00:56 -------- d-----w- c:\documents and settings\fifi\Local Settings\Application Data\ESET

2010-08-02 14:33 . 2010-08-02 15:11 -------- d-----w- c:\program files\ESET

2010-08-02 14:33 . 2010-08-02 14:33 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET

2010-08-02 14:09 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-06 01:26 . 2002-08-30 12:00 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS

2010-08-06 01:26 . 2010-08-06 01:26 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL

2010-08-05 13:46 . 2006-12-15 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-08-05 13:43 . 2009-01-21 03:08 -------- d-----w- c:\program files\Lavasoft

2010-08-05 13:42 . 2007-09-07 12:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-08-05 00:41 . 2010-06-17 20:28 -------- d--h--w- c:\documents and settings\fifi\Application Data\Windows Firewall

2010-08-05 00:09 . 2010-05-03 23:25 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-08-05 00:09 . 2010-05-03 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX

2010-08-05 00:08 . 2007-12-11 18:55 -------- d-----w- c:\program files\DivX

2010-08-05 00:04 . 2010-06-09 08:18 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe

2010-08-05 00:04 . 2010-05-03 23:25 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll

2010-08-05 00:04 . 2010-05-03 23:25 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe

2010-07-03 19:10 . 2002-08-30 12:00 84956 ----a-w- c:\windows\system32\perfc00C.dat

2010-07-03 19:10 . 2002-08-30 12:00 509872 ----a-w- c:\windows\system32\perfh00C.dat

2010-07-03 11:52 . 2010-06-22 08:32 -------- d-----w- c:\documents and settings\fifi\Application Data\vlc

2010-07-01 22:54 . 2008-01-28 22:29 -------- d-----w- c:\documents and settings\fifi\Application Data\dvdcss

2010-06-27 22:27 . 2006-12-15 02:17 -------- d-----w- c:\documents and settings\fifi\Application Data\XnView

2010-06-26 00:17 . 2010-01-29 00:14 -------- d-----w- c:\program files\CCleaner

2010-06-17 20:28 . 2010-06-17 20:28 24576 ----a-w- c:\documents and settings\fifi\Application Data\Windows Firewall\Avira_AntiVir_Control_Center.exe

2010-06-14 14:31 . 2006-12-14 23:24 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe

2010-06-10 11:28 . 2010-06-10 11:35 528173 ----a-w- C:\Coupe_du_monde_2010.exe

2010-06-10 07:19 . 2008-07-02 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-06-09 12:03 . 2010-06-09 10:24 -------- d-----w- c:\program files\ImageDupeless

2010-06-09 10:08 . 2010-06-09 10:08 -------- d-----w- c:\program files\VS Revo Group

2010-06-09 08:22 . 2009-06-01 15:07 -------- d-----w- c:\program files\Fichiers communs\DivX Shared

2010-06-09 08:22 . 2010-06-09 08:22 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe

2010-06-09 08:22 . 2010-06-09 08:22 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe

2010-06-09 08:22 . 2010-06-09 08:22 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe

2010-06-09 08:22 . 2010-06-09 08:22 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe

2010-06-09 08:21 . 2010-06-09 08:21 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe

2010-06-08 19:08 . 2010-06-08 19:07 -------- d-----w- c:\documents and settings\fifi\Application Data\CloneSpy

2010-06-08 18:00 . 2010-06-08 18:00 -------- d-----w- c:\program files\CloneSpy

2010-06-07 12:20 . 2010-06-07 12:19 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe

2010-05-22 05:27 . 2010-05-22 05:27 503808 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-24984d25-n\msvcp71.dll

2010-05-22 05:27 . 2010-05-22 05:27 499712 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-24984d25-n\jmc.dll

2010-05-22 05:27 . 2010-05-22 05:27 348160 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-24984d25-n\msvcr71.dll

2010-05-22 05:27 . 2010-05-22 05:27 61440 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5f6e405f-n\decora-sse.dll

2010-05-22 05:27 . 2010-05-22 05:27 12800 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5f6e405f-n\decora-d3d.dll

2003-01-13 09:55 . 2006-12-16 18:44 282624 ------w- c:\program files\internet explorer\plugins\PanoViewer.dll

1999-04-30 15:00 . 2006-12-16 18:44 98304 ------w- c:\program files\internet explorer\plugins\UPjpeg.dll

2007-08-02 20:23 . 2007-08-01 20:55 48 --sh--w- c:\windows\S1E3544EF.tmp

2008-01-28 22:24 . 2008-01-28 22:23 56 --sh--r- c:\windows\system32\F12653EECC.sys

2009-05-08 15:09 . 2008-01-28 22:24 5484 --sha-w- c:\windows\system32\KGyGaAvL.sys

.

 

------- Sigcheck -------

 

[-] 2010-08-06 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS

[-] 2010-08-06 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\erdnt\cache\tcpip.sys

[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS

[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtServicePackUninstall$\tcpip.sys

[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys

[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys

[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys

[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]

"EPSON Stylus D88 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE" [2005-01-27 98304]

"UnHackMe Monitor"="c:\program files\UnHackMe\hackmon.exe" [2010-07-07 594200]

"TomTomHOME.exe"="d:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-05-07 247144]

"IW_Drop_Icon"="c:\program files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [2005-06-29 1346560]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WD Button Manager"="WDBtnMgr.exe" [2007-05-06 331776]

"VirtualCloneDrive"="d:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]

"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]

"SetIcon"="\Program Files\WDC\SetIcon.exe" [2004-04-28 42496]

"AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.15\AsRunHelp.exe" [2006-11-14 363008]

"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 92168]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Acc‚l‚rateur de d‚marrage AutoCAD.lnk - c:\program files\Fichiers communs\Autodesk Shared\acstart16.exe [2005-3-5 10872]

APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-10-11 221247]

Microsoft Office.lnk - d:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"TomTomHOME.exe"="d:\program files\TomTom HOME 2\TomTomHOMERunner.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe"

"Cobian Backup 9"="d:\program files\Cobian Backup 9\Cobian.exe"

"WinampAgent"="c:\program files\Winamp\winampa.exe"

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"NBKeyScan"="d:\program files\nero\Nero BackItUp 4\NBKeyScan.exe"

"Nero MediaHome 4"="d:\program files\nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN

"Sony Ericsson PC Suite"="d:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe"

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"d:\\program files\\Pinnacle\\Studio 10\\programs\\studio.exe"=

"c:\\Program Files\\Asus\\AsusUpdate\\Update.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\javaw.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"d:\\program files\\nero\\Nero MediaHome 4\\NMMediaServerService.exe"=

"d:\\program files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

"m:\\www\\xampp\\xampp-control.exe"=

"m:\\www\\xampp\\FileZillaFTP\\FileZilla Server.exe"=

 

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06/02/2009 14:23 106208]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [06/02/2009 14:24 93336]

R2 Apache2.2;Apache2.2;m:\www\xampp\apache\bin\httpd.exe [02/04/2010 14:29 29416]

R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [06/02/2009 14:23 727720]

R2 TomTomHOMEService;TomTomHOMEService;d:\program files\TomTom HOME 2\TomTomHOMEService.exe [07/05/2010 14:36 92008]

R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [21/01/2009 17:45 30560]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [05/08/2010 00:04 35816]

S1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [01/09/2004 15:50 188416]

S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/04/2010 14:37 136176]

S3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [10/02/2005 12:55 62976]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/06/2007 18:17 639224]

 

--- Autres Services/Pilotes en mémoire ---

 

*Deregistered* - UnHackMeDrv

.

Contenu du dossier 'Tâches planifiées'

 

2010-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

 

2010-08-06 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2009-05-25 13:55]

 

2010-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 12:37]

 

2010-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 12:37]

 

2010-08-06 c:\windows\Tasks\User_Feed_Synchronization-{980F208D-EA48-4B13-A082-77BE7466FAB6}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.orange.fr/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE: E&xporter vers Microsoft Excel - d:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000

TCP: {B50DCB03-DB7C-4D14-B7BA-C386DFFC99F8} = 192.168.0.1

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {3CBA13C3-58C7-47F1-9758-D4B255A50D52} - file:///I:/fr/ses_ocx/sessearch.ocx

.

.

------- Associations de fichier -------

.

.scr=AutoCADScriptFile

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-08-06 19:26

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(1148)

c:\windows\system32\Ati2evxx.dll

.

Heure de fin: 2010-08-06 19:28:29

ComboFix-quarantined-files.txt 2010-08-06 17:28

 

Avant-CF: 11 233 959 936 octets libres

Après-CF: 11 232 620 544 octets libres

 

- - End Of File - - 2034A44D3398CA399D68A7318E82C804

 

 

oulà je viens de le regarder, quel bordel !!!

j'ai viré spybot et adaware et il en reste encore des traces commeun scan fait avec avira !

tonosama Junior Member

tonosama

Posté(e)
  • Auteur
Posté(e)

salut pear !

merci de tes efforts.

je suppose que tu as déjà epluché mes rapports. aurais tu des choses à corriger dessus?

 

sinon pour winstart, j'ai essayé de le lire avec le bloc note mais rien ne s'affiche. pourrais tu me dire comme lire sont contenu? est ce qu'il est lisible via msconfig (l'arborescance de demarrage)?

pear Devil Member !

pear

Posté(e)
Posté(e)

Pour lire Winstart.bat clic droit_>Modifier

 

Oui, il y aura des des corrections.

Et c'est pour tout faire à la fois, si possible, que je vous demande le contenu de ce .bat

tonosama Junior Member

tonosama

Posté(e)
  • Auteur
Posté(e) (modifié)

aie !!

p'tit probleme, ça je l'ai déjà fait et c'est ce qui me pose problème : il n'y a rien dans ce bat (c:\windows\winstart.bat)

 

est ce normale?

 

petite précision, je fais tourner filzilla serveur pour un ftp et un serveur web apache.

 

pense tu que le logiciel unhackme peut avoir courcircuité winstart?

Modifié par tonosama
pear Devil Member !

pear

Posté(e)
Posté(e)

Bonjour,

 

pense tu que le logiciel unhackme peut avoir courcircuité winstart?

Je ne le pense pas , ce n'est pas sa fonction..

 

 

 

 

Combo, Nettoyage

Déconnectez-vous du net et désactivez l'antivirus (juste le temps de la procédure !)

Connecter tous les disques amovibles (disque dur externe, clé USB).

Dans certaines circonstances , le Mode sans échec peut être nécessaire

Vérifiez que l'antivirus soit bien désactivé car un redémarrage le réactive

Ouvrez Combofix

# Dans le bloc-note ,copiez-collez ces lignes :

KillAll::

File::

File::

c:\windows\winstart.bat

c:\windows\system32\F12653EECC.sys

c:\windows\S1E3544EF.tmp

c:\windows\Tasks\AppleSoftwareUpdate.job

c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Fcopy::

FCopy::

c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys | c:\windows\system32\dllcache\TCPIP.SYS

c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys | c:\windows\system32\drivers

* Attention, ce code a été rédigé spécialement pour cet utilisateur, il serait dangereux de le réutiliser dans d'autres cas !

Enregistrez-le en lui donnant le nom CFScript.txt

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

animation1md2.gif

 

* Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider.

* Patienter le temps du scan.

Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne toucher à rien tant que le scan n'est pas terminé.

 

Le rapport de ComboFix ne s'affichera qu'à la fin

Poster son contenu.

Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

tonosama Junior Member

tonosama

Posté(e)
  • Auteur
Posté(e)

salut pear !

 

voici le rapport après ta procedure :

 

ComboFix 10-08-06.01 - fifi 07/08/2010 16:27:18.4.2 - x86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.3007.2258 [GMT 2:00]

Lancé depuis: c:\documents and settings\fifi\Bureau\ComboFix.exe

Commutateurs utilisés :: c:\documents and settings\fifi\Bureau\CFScript.txt

AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

* Un antivirus résident est actif

 

 

FILE ::

"c:\windows\S1E3544EF.tmp"

"c:\windows\system32\F12653EECC.sys"

"c:\windows\Tasks\AppleSoftwareUpdate.job"

"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"

"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"

"c:\windows\winstart.bat"

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\S1E3544EF.tmp

c:\windows\system32\F12653EECC.sys

c:\windows\Tasks\AppleSoftwareUpdate.job

c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

c:\windows\winstart.bat

 

.

--------------- FCopy ---------------

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2010-07-07 au 2010-08-07 ))))))))))))))))))))))))))))))))))))

.

 

2010-08-07 05:27 . 2010-08-07 05:27 503808 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2265d5bc-n\msvcp71.dll

2010-08-07 05:27 . 2010-08-07 05:27 499712 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2265d5bc-n\jmc.dll

2010-08-07 05:27 . 2010-08-07 05:27 348160 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2265d5bc-n\msvcr71.dll

2010-08-07 05:27 . 2010-08-07 05:27 61440 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5babead3-n\decora-sse.dll

2010-08-07 05:27 . 2010-08-07 05:27 12800 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5babead3-n\decora-d3d.dll

2010-08-05 19:05 . 2010-08-05 20:43 -------- d-----w- c:\program files\Ad-Remover

2010-08-05 18:11 . 2010-08-05 18:11 -------- d-----w- c:\program files\SpywareBlaster

2010-08-05 14:26 . 2010-08-05 23:21 -------- d-----w- c:\program files\ZHPDiag

2010-08-05 00:08 . 2010-08-05 00:08 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-08-05 00:08 . 2010-08-05 00:08 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe

2010-08-05 00:07 . 2010-08-05 00:07 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe

2010-08-04 22:03 . 2010-08-07 14:04 -------- d-----w- c:\program files\UnHackMe

2010-08-04 16:50 . 2010-08-04 16:50 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET

2010-08-04 13:16 . 2010-08-04 13:18 -------- d-----w- C:\rsit

2010-08-04 00:56 . 2010-08-04 00:56 -------- d-----w- c:\documents and settings\fifi\Local Settings\Application Data\ESET

2010-08-02 14:33 . 2010-08-02 15:11 -------- d-----w- c:\program files\ESET

2010-08-02 14:33 . 2010-08-02 14:33 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET

2010-08-02 14:09 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-06 01:26 . 2002-08-30 12:00 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS

2010-08-06 01:26 . 2010-08-06 01:26 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL

2010-08-05 00:41 . 2010-06-17 20:28 -------- d--h--w- c:\documents and settings\fifi\Application Data\Windows Firewall

2010-08-05 00:09 . 2010-05-03 23:25 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-08-05 00:09 . 2010-05-03 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX

2010-08-05 00:08 . 2007-12-11 18:55 -------- d-----w- c:\program files\DivX

2010-08-05 00:04 . 2010-06-09 08:18 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe

2010-08-05 00:04 . 2010-05-03 23:25 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll

2010-08-05 00:04 . 2010-05-03 23:25 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe

2010-07-03 19:10 . 2002-08-30 12:00 84956 ----a-w- c:\windows\system32\perfc00C.dat

2010-07-03 19:10 . 2002-08-30 12:00 509872 ----a-w- c:\windows\system32\perfh00C.dat

2010-07-03 11:52 . 2010-06-22 08:32 -------- d-----w- c:\documents and settings\fifi\Application Data\vlc

2010-07-01 22:54 . 2008-01-28 22:29 -------- d-----w- c:\documents and settings\fifi\Application Data\dvdcss

2010-06-27 22:27 . 2006-12-15 02:17 -------- d-----w- c:\documents and settings\fifi\Application Data\XnView

2010-06-26 00:17 . 2010-01-29 00:14 -------- d-----w- c:\program files\CCleaner

2010-06-17 20:28 . 2010-06-17 20:28 24576 ----a-w- c:\documents and settings\fifi\Application Data\Windows Firewall\Avira_AntiVir_Control_Center.exe

2010-06-14 14:31 . 2006-12-14 23:24 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe

2010-06-10 07:19 . 2008-07-02 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-06-09 12:03 . 2010-06-09 10:24 -------- d-----w- c:\program files\ImageDupeless

2010-06-09 10:08 . 2010-06-09 10:08 -------- d-----w- c:\program files\VS Revo Group

2010-06-09 08:22 . 2009-06-01 15:07 -------- d-----w- c:\program files\Fichiers communs\DivX Shared

2010-06-09 08:22 . 2010-06-09 08:22 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe

2010-06-09 08:22 . 2010-06-09 08:22 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe

2010-06-09 08:22 . 2010-06-09 08:22 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe

2010-06-09 08:22 . 2010-06-09 08:22 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe

2010-06-09 08:21 . 2010-06-09 08:21 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe

2010-06-08 19:08 . 2010-06-08 19:07 -------- d-----w- c:\documents and settings\fifi\Application Data\CloneSpy

2010-06-08 18:00 . 2010-06-08 18:00 -------- d-----w- c:\program files\CloneSpy

2010-06-07 12:20 . 2010-06-07 12:19 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe

2010-05-22 05:27 . 2010-05-22 05:27 503808 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-24984d25-n\msvcp71.dll

2010-05-22 05:27 . 2010-05-22 05:27 499712 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-24984d25-n\jmc.dll

2010-05-22 05:27 . 2010-05-22 05:27 348160 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-24984d25-n\msvcr71.dll

2010-05-22 05:27 . 2010-05-22 05:27 61440 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5f6e405f-n\decora-sse.dll

2010-05-22 05:27 . 2010-05-22 05:27 12800 ----a-w- c:\documents and settings\fifi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5f6e405f-n\decora-d3d.dll

2003-01-13 09:55 . 2006-12-16 18:44 282624 ------w- c:\program files\internet explorer\plugins\PanoViewer.dll

1999-04-30 15:00 . 2006-12-16 18:44 98304 ------w- c:\program files\internet explorer\plugins\UPjpeg.dll

2009-05-08 15:09 . 2008-01-28 22:24 5484 --sha-w- c:\windows\system32\KGyGaAvL.sys

.

 

------- Sigcheck -------

 

[-] 2010-08-06 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\erdnt\cache\tcpip.sys

[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS

[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtServicePackUninstall$\tcpip.sys

[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys

[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys

[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys

[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]

"EPSON Stylus D88 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE" [2005-01-27 98304]

"TomTomHOME.exe"="d:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-05-07 247144]

"IW_Drop_Icon"="c:\program files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [2005-06-29 1346560]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WD Button Manager"="WDBtnMgr.exe" [2007-05-06 331776]

"VirtualCloneDrive"="d:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]

"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]

"SetIcon"="\Program Files\WDC\SetIcon.exe" [2004-04-28 42496]

"AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.15\AsRunHelp.exe" [2006-11-14 363008]

"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 92168]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Acc‚l‚rateur de d‚marrage AutoCAD.lnk - c:\program files\Fichiers communs\Autodesk Shared\acstart16.exe [2005-3-5 10872]

APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-10-11 221247]

Microsoft Office.lnk - d:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"TomTomHOME.exe"="d:\program files\TomTom HOME 2\TomTomHOMERunner.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe"

"Cobian Backup 9"="d:\program files\Cobian Backup 9\Cobian.exe"

"WinampAgent"="c:\program files\Winamp\winampa.exe"

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"NBKeyScan"="d:\program files\nero\Nero BackItUp 4\NBKeyScan.exe"

"Nero MediaHome 4"="d:\program files\nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN

"Sony Ericsson PC Suite"="d:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe"

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"d:\\program files\\Pinnacle\\Studio 10\\programs\\studio.exe"=

"c:\\Program Files\\Asus\\AsusUpdate\\Update.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\javaw.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"d:\\program files\\nero\\Nero MediaHome 4\\NMMediaServerService.exe"=

"d:\\program files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

"m:\\www\\xampp\\xampp-control.exe"=

"m:\\www\\xampp\\FileZillaFTP\\FileZilla Server.exe"=

 

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06/02/2009 14:23 106208]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [06/02/2009 14:24 93336]

R2 Apache2.2;Apache2.2;m:\www\xampp\apache\bin\httpd.exe [02/04/2010 14:29 29416]

R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [06/02/2009 14:23 727720]

R2 TomTomHOMEService;TomTomHOMEService;d:\program files\TomTom HOME 2\TomTomHOMEService.exe [07/05/2010 14:36 92008]

R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [21/01/2009 17:45 30560]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [01/09/2004 15:50 188416]

S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/04/2010 14:37 136176]

S3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [10/02/2005 12:55 62976]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/06/2007 18:17 639224]

.

Contenu du dossier 'Tâches planifiées'

 

2010-08-07 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2009-05-25 13:55]

 

2010-08-07 c:\windows\Tasks\User_Feed_Synchronization-{980F208D-EA48-4B13-A082-77BE7466FAB6}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.orange.fr/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE: E&xporter vers Microsoft Excel - d:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000

TCP: {B50DCB03-DB7C-4D14-B7BA-C386DFFC99F8} = 192.168.0.1

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {3CBA13C3-58C7-47F1-9758-D4B255A50D52} - file:///I:/fr/ses_ocx/sessearch.ocx

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-08-07 16:35

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(1124)

c:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'explorer.exe'(2984)

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe

c:\windows\ATKKBService.exe

m:\www\xampp\FileZillaFTP\FileZilla server.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

c:\program files\Microsoft LifeCam\MSCamS32.exe

c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe

d:\program files\nero\Nero BackItUp 4\IoctlSvc.exe

c:\progra~1\Dantz\RETROS~1\wdsvc.exe

c:\program files\Cyberlink\Shared files\RichVideo.exe

c:\windows\system32\WDBtnMgr.exe

c:\program files\WDC\SetIcon.exe

c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe

c:\program files\Windows Live\Contacts\wlcomm.exe

.

**************************************************************************

.

Heure de fin: 2010-08-07 16:39:01 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-08-07 14:38

ComboFix2.txt 2010-08-06 17:28

 

Avant-CF: 11 245 731 840 octets libres

Après-CF: 11 235 131 392 octets libres

 

- - End Of File - - 65536A5D7592E72B49BD7582556A3898

 

petite précision entre les 2 rapport j'ai viré (pour combofix) unhackme et j'ai viré aussi des répertoires résiduels de spybot et adaware

 

j'ai aussi une petite question sur mon rapport :

a la fin dans la section autres processus actifs j'ai 2 fois la ligne : c:\windows\systeme32\ati2evxx.exe

ce qui correspond au lancement du gestionnaire de ma carte graphique ATI mais pourquoi 2 fois la même ligne?

 

je n'en ai pas parlé car cela n'a rien avoir (enfin je pense) depuis plus d'1 an j'ai un petit probleme d'affichage que je pense lié avec justement le gestionnaire de ma carte graphique qui fait qu'a la fin du chargement de tous les processus au demarrage de windows, plusieurs icones situées près de l'horloge (comme l'icone pour mon onduleur APC ou bien celle de nod32) n'apparaissent pas (ou surtout disparaissent.

je pense que c'est celle qui se lance avant une application et peut être bien le gestionnaire graphique. le probleme avec lui c'est qu'il n'est plus developpé pas ATI et la dernière version me planté mon ordi.

donc si ca te dis quelque chose ou si tu vois quoi faire se sera avec plaisir ;-)

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...