Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

infection

gnamoy

Par gnamoy
dans Analyses et éradication malwares

 Partager

Messages recommandés

gnamoy Junior Member

gnamoy

Posté(e)
Posté(e)

bonjour,

 

depuis 1 semaine au moins, je n'arrive pas à travailler ou à naviguer à souhait. juste des bouts de temps de 10 à 15 minutes avant que les navigateurs se plantent. IL y a la connexion mais je n'arrive à ouvrir aucune page. Et AVG qui était mon premier antivirus avait détecté ce virus Win32\ Olmarik Trojan qui n'arrivait pas à supprimer. Etant novice dans la chose il m'a été conseillé de prendre NOD 32, chose que j'ai faite. Mais lui non plus n'arrive pas à supprimer cette infection. En fouillant sur google, j'ai téléchargé Combofix, j'ai lancé et mais me suis perdu dans toutes les instructions. Depuis, toutes les activités sur le PC sont ralenties. Je sollicite votre aide. Pouvez- vous s'il vous plaît m'aider à résoudre mon problème?

merci d'avance.

Florinator Extrem Member

Florinator

Posté(e)
Posté(e)

Bonjour Gnamoy ;)

 

Il va falloir arrêter de penser que ComboFix est la solution à tout les problèmes...

Poste moi son rapport stp situé sous C:\ComboFix.txt stp.

 

A++

gnamoy Junior Member

gnamoy

Posté(e)
  • Auteur
Posté(e)

bonjour floranitor.

comme demandé je te copie-collé le rapport.

 

ComboFix 10-09-16.06 - VIACOM 17/09/2010 12:20:51.2.2 - x86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.503.267 [GMT 1:00]

Lancé depuis: c:\documents and settings\VIACOM\Bureau\ComboFix.exe

* Un nouveau point de restauration a été créé

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Exécution préalable -------

.

c:\documents and settings\VIACOM\Application Data\Desktopicon\eBay.ico

c:\documents and settings\VIACOM\Application Data\Desktopicon\uninst.exe

c:\documents and settings\VIACOM\Application Data\inst.exe

c:\program files\SpeedBit Video Downloader\Toolbar\tbhelper.dll

c:\windows\system32\3698051087.dat

c:\windows\system32\drivers\str.sys

c:\windows\system32\scvideo.dll

c:\windows\system32\system

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2010-08-17 au 2010-09-17 ))))))))))))))))))))))))))))))))))))

.

 

2010-09-16 21:07 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-09-16 21:07 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll

2010-09-16 15:28 . 2010-09-16 15:28 -------- d-----w- c:\windows\system32\xircom

2010-09-16 15:28 . 2010-09-16 15:28 -------- d-----w- c:\windows\system32\wbem\snmp

2010-09-16 15:28 . 2010-09-16 15:28 -------- d-----w- c:\windows\srchasst

2010-09-16 15:28 . 2010-09-16 15:28 -------- d-----w- c:\program files\microsoft frontpage

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-17 11:32 . 2010-01-26 10:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-09-17 11:27 . 2010-01-26 11:14 -------- d-----w- c:\documents and settings\VIACOM\Application Data\uTorrent

2010-09-17 10:50 . 2010-07-16 13:29 -------- d-----w- c:\program files\Spyware Doctor

2010-09-17 10:32 . 2008-12-11 12:26 -------- d-----w- c:\program files\SuperCopier2

2010-09-16 21:09 . 2010-06-25 09:56 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 4

2010-08-16 17:46 . 2010-04-13 06:44 -------- d-----w- c:\documents and settings\VIACOM\Application Data\Winamp

2010-08-13 20:08 . 2010-08-02 12:30 -------- d-----r- c:\program files\Skype

2010-08-13 20:03 . 2010-08-02 10:05 -------- d-----w- c:\documents and settings\VIACOM\Application Data\CVitae

2010-08-13 19:55 . 2008-12-11 12:27 -------- d---a-w- c:\program files\XYplorer

2010-08-11 17:42 . 2010-08-02 12:49 -------- d-----w- c:\documents and settings\VIACOM\Application Data\skypePM

2010-08-11 14:57 . 2010-06-11 10:41 2266624 ----a-w- c:\documents and settings\VIACOM\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\extensions\firefox@bandoo.com\components\FFPlugin.dll

2010-08-02 21:12 . 2010-08-02 21:12 503808 ----a-w- c:\documents and settings\VIACOM\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6267f88e-n\msvcp71.dll

2010-08-02 21:12 . 2010-08-02 21:12 499712 ----a-w- c:\documents and settings\VIACOM\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6267f88e-n\jmc.dll

2010-08-02 21:12 . 2010-08-02 21:12 348160 ----a-w- c:\documents and settings\VIACOM\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6267f88e-n\msvcr71.dll

2010-08-02 21:11 . 2010-08-02 21:11 61440 ----a-w- c:\documents and settings\VIACOM\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-423be221-n\decora-sse.dll

2010-08-02 21:11 . 2010-08-02 21:11 12800 ----a-w- c:\documents and settings\VIACOM\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-423be221-n\decora-d3d.dll

2010-08-02 13:08 . 2008-04-14 12:00 577260 ----a-w- c:\windows\system32\perfh00C.dat

2010-08-02 13:08 . 2008-04-14 12:00 105570 ----a-w- c:\windows\system32\perfc00C.dat

2010-08-02 12:49 . 2010-08-02 12:49 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2010-08-02 12:41 . 2008-12-11 12:33 -------- d-----w- c:\program files\Microsoft.NET

2010-08-02 12:30 . 2010-08-02 12:30 -------- d-----w- c:\program files\Fichiers communs\Skype

2010-08-02 12:30 . 2010-08-02 12:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2010-08-02 10:12 . 2010-08-02 10:12 -------- d-----w- c:\program files\SoftChris

2010-08-02 10:05 . 2010-08-02 10:05 -------- d-----w- c:\program files\CVitaeV4

2010-08-02 09:59 . 2010-08-02 09:54 -------- d-----w- c:\program files\Dactylo

2010-08-02 09:54 . 2010-08-02 09:54 -------- d-----w- c:\program files\Free PDF to Word Doc Converter

2010-08-02 09:17 . 2010-02-28 11:59 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-07-29 15:56 . 2010-07-29 15:56 6656 ----a-w- c:\windows\system32\haspvdd.dll

2010-07-29 15:56 . 2010-07-29 15:56 47616 ----a-w- c:\windows\system32\drivers\Haspnt.sys

2010-07-29 15:56 . 2010-07-29 15:56 383 ----a-w- c:\windows\system32\haspdos.sys

2010-07-29 13:27 . 2010-07-29 13:27 -------- d-----w- c:\program files\Fichiers communs\PC SOFT

2010-07-22 21:48 . 2010-07-22 21:48 -------- d-----w- c:\documents and settings\VIACOM\Application Data\Nero

2010-07-22 16:27 . 2010-02-11 19:08 -------- d-----w- c:\program files\ma-config.com

2010-07-22 16:27 . 2010-06-01 22:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com

2010-07-22 16:22 . 2010-07-22 16:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero

2010-07-22 16:22 . 2010-07-22 16:21 -------- d-----w- c:\program files\Nero

2010-07-22 16:16 . 2010-01-23 16:36 -------- d-----w- c:\program files\Microsoft Silverlight

2010-07-22 16:05 . 2008-12-11 12:27 -------- d-----w- c:\program files\CCleaner

2010-07-22 15:05 . 2010-07-22 15:05 -------- d-----w- c:\documents and settings\VIACOM\Application Data\Canneverbe Limited

2010-07-22 15:05 . 2010-07-22 15:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited

2010-07-22 15:03 . 2010-07-22 15:03 -------- d-----w- c:\program files\CDBurnerXP

2010-07-17 04:00 . 2010-06-19 06:35 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-16 12:40 . 2010-07-07 21:45 96432 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll

2010-07-14 11:37 . 2010-08-02 10:55 455888 ----a-w- c:\program files\Fichiers communs\PredictAdInstaller.exe

2010-07-13 08:49 . 2010-02-26 08:55 0 ----a-w- c:\documents and settings\VIACOM\Local Settings\Application Data\prvlcl.dat

2010-07-12 20:32 . 2008-04-14 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys

2010-07-07 21:24 . 2010-07-07 21:24 3509272 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\Offers\VA31_DapSo.exe

2010-07-07 21:14 . 2010-07-07 21:14 62464 ----a-w- c:\documents and settings\VIACOM\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\update.exe

2010-07-07 21:14 . 2010-07-07 21:14 48128 ----a-w- c:\documents and settings\VIACOM\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\uninstall.exe

2010-01-26 22:43 . 2010-01-26 22:42 1956528 ----a-w- c:\program files\install_flash_player_ax.exe

2009-04-16 15:34 . 2010-01-23 16:39 3935260 ----a-w- c:\program files\Lettramots.zip

.

 

------- Sigcheck -------

 

[-] 2010-07-12 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys

 

[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys

 

[-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

 

[-] 2008-04-14 . 16813155807C6881F4BFBF6657424659 . 25216 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys

 

[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys

 

[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys

 

[-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

 

[-] 2008-06-07 . 8E036EEC565910417EA020CE0962AA24 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys

 

[-] 2008-04-14 . 06B54A7B1EF7CB16BFD0E208D343FA71 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll

 

[-] 2008-04-14 . 91E6024D6D4DCDECDB36C43ECF9BBECB . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe

 

[-] 2008-04-14 . BE0CB143FA427D93440DED18DB8C918B . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll

 

[-] 2008-04-14 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll

 

[-] 2008-04-14 . 3D65EB82E1FA6DB15A33E024C9E03CAB . 399360 . . [5.1.2600.5512] . . c:\windows\system32\rpcss.dll

 

[-] 2008-04-14 . 54CB50058851D95E56EC70D09F70857F . 109056 . . [5.1.2600.5512] . . c:\windows\system32\services.exe

 

[-] 2008-04-14 . 460E4CE148BD07218DA0B6A3D31885A9 . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe

 

[-] 2008-04-14 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

 

[-] 2008-04-14 . B4AA331468315B6A174C3F0D5B3BC135 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll

 

[-] 2008-04-14 . 7A6D0B71035E123FDDA2156A25578AD3 . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll

 

[-] 2008-04-14 12:00 . 9FD4A0615BF3E9388A46EDF8774C7294 . 246272 . . [2001.12.4414.701] . . c:\windows\system32\es.dll

 

[-] 2008-04-14 . 0469B73DB32E5520F342C5E163AA3CCA . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll

 

[-] 2008-04-14 . 3AC8886DFA5AB641417DF4D3B7F5512E . 1054720 . . [5.1.2600.5512] . . c:\windows\system32\kernel32.dll

 

[-] 2008-04-14 . 5C64008E661307C4A3C3C25D9086CDE7 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll

 

[-] 2008-04-14 . 982B2C204337C3B12211E1E1D9BA8C9C . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll

 

[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\system32\mshtml.dll

[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\mshtml.dll

[-] 2008-06-07 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie8\mshtml.dll

 

[-] 2008-04-14 . 3891413139EAABFEFE9B0CA49B5CD395 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll

 

[-] 2008-04-14 . 196CCC3FDD21665DCAA9F83FFC03B41A . 247808 . . [5.1.2600.5512] . . c:\windows\system32\mswsock.dll

 

[-] 2008-04-14 . 04821179C3171554C1BD1F9888A113E2 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll

 

[-] 2008-04-14 . B10C36956EB7A8B1586DBE3B43875280 . 2147328 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe

 

[-] 2008-04-14 . 9F2C862E39BF8E8FC51C3F6A6BCEB415 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll

 

[-] 2008-04-14 . 973B36634C544948C663E8269AA1B3A3 . 187392 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll

 

[-] 2008-04-14 . 9A4E7ECBB5B7FB86F3B926AB039F4FEC . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll

 

[-] 2008-04-14 . E4BDF223CD75478BF44567B4D5C2634D . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe

 

[-] 2008-04-14 . 8E5231171AD6595FF002E848CC54FCD7 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll

 

[-] 2008-04-14 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

 

[-] 2008-04-14 . E74DDB12188C2FF57A78624DBF7332FC . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe

 

[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\system32\wininet.dll

[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\wininet.dll

[-] 2008-06-07 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:\windows\ie8\wininet.dll

 

[-] 2008-04-14 . FB836F9E62D82904C983AD21296A5D9C . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll

 

[-] 2008-04-14 . 36A608BF354FCC64AD6C0F2B5E2B8806 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll

 

[-] 2008-04-14 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\explorer.exe

 

[-] 2008-04-14 . 9245FAF86A8235D5290A23C010DABD43 . 1287168 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll

 

[-] 2008-04-14 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll

 

[-] 2008-04-14 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe

 

[-] 2008-04-14 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll

 

[-] 2008-04-14 . 4EC800BDF80521B0207BD2301DFC7D14 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll

 

[-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

 

[-] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

 

[-] 2008-04-14 . B9F20D71E5B6CE89A7A94B38351FDBDC . 135680 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll

 

[-] 2008-04-14 . E598D81197E2E0EC42A0C55772BB00E8 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll

 

[-] 2008-04-14 . 55F5C5C1BE1A78E285033E432BA01597 . 194560 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll

 

[-] 2008-04-14 . EA9E0DB8684CEF2FD3BADD671DF5A112 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll

 

[-] 2008-04-14 . 710BC85A8C22626EE094439E3EA0D38C . 297984 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll

 

[-] 2008-04-14 . F36C9F78FC902C8DCE4D3B576BB0435A . 176640 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll

 

[-] 2008-04-14 . E4ABC1212B70BB03D35E60681C447210 . 12032 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

 

[-] 2008-04-13 07:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys

 

[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys

 

[-] 2008-04-14 12:00 . CE21FE79AD3B913A79E0C742BED6BF85 . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll

 

[-] 2008-04-14 . E67A66A3781C1A483F0F8992664CBE0D . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll

 

[-] 2008-06-07 14:18 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll

 

[-] 2008-06-07 . 92E82482CDB39929CF7B541A9648AFAE . 2025984 . . [5.1.2600.5512] . . c:\windows\system32\ntkrnlpa.exe

 

[-] 2008-04-14 12:00 . 037D92B3A7853A183FCAB77FB1D13D6C . 438272 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll

 

[-] 2008-04-14 . BD8166A495B02308F364B36249475F22 . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll

 

[-] 2008-04-14 . 4BB396EA6CAA50F2208078602549F2F2 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll

 

[-] 2008-04-14 . 7EAEC24B85DD04EDAA04A51CB07DF870 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll

 

[-] 2008-04-14 . 75BD925DAB6E5323EDB6D5CFCDEB16D1 . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll

 

[-] 2008-04-14 12:00 . 3BA21BD333A1B8B222006E5464D44F49 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll

 

[-] 2008-04-14 . 08592889A219F7A60F9865B0EE7CAFF8 . 42496 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll

 

[-] 2008-04-14 . A71A42AD584FAD1A8D1EC5D807C6E528 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]

2010-07-07 21:14 2447360 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}]

2010-08-11 14:54 2197504 ----a-w- c:\program files\Bandoo\Plugins\IE\ieplugin.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]

"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2010-07-07 2819584]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-06-19 327472]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]

"DumpTeam"="h:\windev 10 (d)\DumpTeam_Pack_v4.5a4.exe" [bU]

"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]

"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-03-09 1286608]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"nltide_3"="advpack.dll" [2009-03-08 128512]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2010-7-3 1205840]

Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter\WLANUTL.exe [2010-7-13 835584]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoSMMyDocs"= 1 (0x1)

"NoSMMyPictures"= 1 (0x1)

"NoSMHelp"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoSMMyDocs"= 1 (0x1)

"NoSMMyPictures"= 1 (0x1)

"NoSMHelp"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Bandoo\BndHook.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2010-03-19 16:27 5248312 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

2009-11-11 10:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-05-13 15:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]

2010-07-07 21:27 1607272 ----a-w- c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2010-06-19 20:59 327472 ----a-w- c:\program files\uTorrent\uTorrent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [16/07/2010 14:31 217032]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [16/07/2010 14:32 112592]

R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [04/05/2010 12:07 503080]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [16/07/2010 14:30 366840]

R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [03/07/2010 09:38 104344]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]

S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [03/07/2010 09:38 69656]

S2 PD91EngineTapiSrv;PD91Engine PD91EngineTapiSrv; srv --> srv [?]

S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm [?]

S2 VMUSBArbService;VMware USB Arbitration Service;"c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe" --> c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [?]

S3 DSCVc;Video Capture;c:\windows\system32\DRIVERS\CoachVc.sys --> c:\windows\system32\DRIVERS\CoachVc.sys [?]

S3 lgusbsmodem;LGE Mobile USB Modem;c:\windows\system32\DRIVERS\lgusbsmodem.sys --> c:\windows\system32\DRIVERS\lgusbsmodem.sys [?]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [19/07/2010 14:59 259440]

S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;c:\windows\system32\drivers\WlanUZXP.sys [13/07/2010 10:04 260608]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]

 

--- Autres Services/Pilotes en mémoire ---

 

*NewlyCreated* - ZDPNDIS5

*Deregistered* - mchInjDrv

*Deregistered* - PCTSDInjDriver32

.

Contenu du dossier 'Tâches planifiées'

 

2010-06-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

 

2010-09-17 c:\windows\Tasks\User_Feed_Synchronization-{808BFC13-1FAC-49EF-8206-3319B724D7CF}.job

- c:\windows\system32\msfeedssync.exe [2008-06-07 03:31]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://home.speedbit.com/?aff=205

uDefault_Search_URL = hxxp://www.durable.com/recherche

uSearchMigratedDefaultURL = hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q={searchTerms}

uSearchAssistant = hxxp://www.durable.com/recherche

uSearchURL,(Default) = hxxp://www.durable.com/recherche

IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm

IE: &Download with &DAP - c:\program files\DAP\dapextie.htm

IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm

IE: Download ALL with IDA

IE: Download with IDA

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

LSP: c:\program files\Fichiers communs\PC Tools\Lsp\PCTLsp.dll

LSP: c:\progra~1\SPEEDB~2\sblsp.dll

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll

FF - ProfilePath - c:\documents and settings\VIACOM\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\

FF - prefs.js: browser.search.defaulturl - hxxp://fr.search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - BigSeekPro

FF - prefs.js: browser.startup.homepage - hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official

FF - prefs.js: keyword.URL - hxxp://www.bigseekpro.com/search/toolbar//?q=

FF - plugin: c:\documents and settings\VIACOM\Application Data\Facebook\npfbplugin_1_0_1.dll

FF - plugin: c:\documents and settings\VIACOM\Application Data\Facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

 

---- PARAMETRES FIREFOX ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

FF - user.js: browser.sessionstore.resume_from_crash - false

.

- - - - ORPHELINS SUPPRIMES - - - -

 

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-09-17 12:31

Windows 5.1.2600 Service Pack 3 NTFS

 

detected NTDLL code modification:

ZwClose

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]

"ImagePath"="\??\c:\docume~1\VIACOM\LOCALS~1\Temp\mc21.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PD91EngineTapiSrv]

"ImagePath"=" srv"

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_USERS\S-1-5-21-507921405-963894560-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2155564E-1CB2-875A-A4F6-835A12CFD2CB}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"faedkffldfkf"=hex:66,61,66,70,6c,63,68,6e,6b,6a,67,61,00,00

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):d1,4a,f1,fc,cc,98,85,2d,82,8b,a2,bd,7a,8c,ce,d6,06,44,bb,2f,0a,

f9,8c,d5,94,e0,65,62,cc,04,79,a7,e4,b8,2d,ec,5c,e2,6f,f1,00,00,00,00,00,00,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8dba3805-1f50-437e-b286-e4b3084e9710}]

@Denied: (Full) (Everyone)

"Model"=dword:00000037

"Therad"=dword:0000002a

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,ab,9e,50,1b,eb,77,d1,ab,4a,ba,b3,6d,c5,12,c0,85,83,e0,8b,c5,07,bb,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]

"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'lsass.exe'(740)

c:\program files\Fichiers communs\PC Tools\Lsp\PCTLsp.dll

c:\progra~1\SPEEDB~2\sblsp.dll

c:\program files\SpeedBit Video Accelerator\ConfigDB.dll

c:\program files\SpeedBit Video Accelerator\Accelerator.dll

c:\program files\SpeedBit Video Accelerator\Collector.dll

 

- - - - - - - > 'explorer.exe'(3876)

c:\program files\Spyware Doctor\pctgmhk.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\WS2_32.dll

c:\windows\system32\WS2HELP.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

.

Heure de fin: 2010-09-17 12:38:59

ComboFix-quarantined-files.txt 2010-09-17 11:38

 

Avant-CF: 10 424 188 928 octets libres

Après-CF: 10 419 625 984 octets libres

 

- - End Of File - - 02245B9693FDB139EA0286C6EA3C2D41

 

 

merci pour ton aide.

Florinator Extrem Member

Florinator

Posté(e)
Posté(e)

Bonjour Gnamoy :-)

 

Ok, on va continuer à vérifier certaines choses:

 

 

1)

 

Télécharge MBAM

 

  • Installe le
  • Lance l'outil
  • Coche "Executer un examen complet"
  • Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
  • Clique sur Supprimer la sélection
  • Pour poster le rapport clique sur l'onglet Rapports/Log et
  • Sélectionne celui t'intéresse et clique sur Ouvrir
  • Fait copier coller et poste le rapport stp

 

 

 

2)

 

Télécharge ZHPDiag crée par Nicolas Coolman

 

  • Enregistre le sur ton bureau
  • Double clique sur l'icône
  • Suis les instructions à l'ecran
  • Clique sur loupe.jpg pour lancer l'analyse
  • Clique sur PanelCopierPP.jpg pour copier le rapport
  • Puis colle le dans ta prochaine réponses
  • Le rapport se situe aussi sous C:\Program Files\ZebHelpProcess\ZHPDiag.txt

 

A++

gnamoy Junior Member

gnamoy

Posté(e)
  • Auteur
Posté(e)

après avoir suivi tes instructions, je puis te dire que MBAM a mis en quarantaine 6 malwares. avec l'onglet rapport/log, je n'arrive pas à ouvrir le rapport malgré les double-clic. mais le rapport du zhpdiag a été récupéré . le voici:

 

Rapport de ZHPDiag v1.26.65 par Nicolas Coolman, Update du 18/09/2010

Run by VIACOM at 19/09/2010 14:03:38

Web site : ZHPDiag Outil de diagnostic

Contact : nicolascoolman@yahoo.fr

 

---\\ Web Browser

MSIE: Internet Explorer v8.0.6001.18702

MFIE: Mozilla Firefox (4.0b4)

 

---\\ System Information

Platform : Microsoft Windows XP (5.1.2600) Service Pack 3

Processor: x86 Family 15 Model 2 Stepping 9, GenuineIntel

Operating System: 32 Bits

Boot mode: Normal (Normal boot)

Total RAM: 503 MB (38% free)

System drive C: has 10 GB (31%) free of 31 GB

 

---\\ Logged in mode

Computer Name: VIACOM-24DFD8F7

User Name: VIACOM

All Users Names: VIACOM, SUPPORT_388945a0, HelpAssistant, ASPNET, Administrateur,

Unselected Option: O1,O45,O61,O62,O65,O82

Logged in as Administrator

 

---\\ DOS/Devices

C:\ Hard drive, Flash drive, Thumb drive (Free 10 Go of 31 Go)

D:\ CD-ROM drive (Not Inserted)

E:\ Hard drive, Flash drive, Thumb drive (Free 122 Go of 122 Go)

F:\ Hard drive, Flash drive, Thumb drive (Free 66 Go of 111 Go)

G:\ CD-ROM drive (Not Inserted)

 

 

---\\ Security Center & Tools Informations

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: Modified

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: Modified

[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK

 

 

---\\ Processus lancés

[MD5.4B5AE15E5C73EB4DC8DBEC2788230D41] - (.Apple Inc. - Apple Mobile Device Service.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672]

[MD5.126A16F569122AE00AD3D12EF831D651] - (.Sun Microsystems, Inc. - Java Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376]

[MD5.9D1CCE440552500DED3A62F9D779CDB4] - (.Nero AG - NeroUpdate.) -- C:\Program Files\Nero\Update\NASvc.exe [503080]

[MD5.7AEA4DF1CA68FD45DD4BBE1F0243CE7F] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096]

[MD5.D31F88C5F19EEFA366A415D6BC5F2ABC] - (.HP - PML Driver.) -- C:\WINDOWS\system32\HPZipm12.exe [69632]

[MD5.E0A449CC140514A0C59FED7F36CEC6C1] - (.Speedbit Ltd. - VideoAcceleratorEngine.) -- C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe [300656]

[MD5.A86CC65C82C04D871B1AB89D70C924B3] - (.Discordia Limited - Bandoo Coordinator.) -- C:\PROGRA~1\Bandoo\Bandoo.exe [1939392]

[MD5.01018F75F3F18CE629FAC9689954A2AE] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [77824]

[MD5.996ABAC2332DE28F3B6A179C6DA20205] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [114688]

[MD5.70189D91A5347F5E34039D06C7E58419] - (.Yahoo! Inc - Yahoo! Application.) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [111856]

[MD5.93DB1FF92B03D24738A71E6E4992DFD3] - (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [248552]

[MD5.B8DA797CEA896C42F5BAD9E08E21AF9F] - (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe [1052672]

[MD5.3D4D22B3360BF51EA620DE25A85C5023] - (.SpeedBit Ltd. - Download Accelerator Plus (DAP).) -- C:\Program Files\DAP\DAP.EXE [2819584]

[MD5.0E2137502449143F04133498B9621A2E] - (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe [327472]

[MD5.91C9F6FB02169142EB4F514E87756EC1] - (.Pas de propriétaire - ADIMON MFC Application.) -- C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [1205840]

[MD5.EB66FABBF2E589EF973FD68451128BCE] - (.Pas de propriétaire - SAGEM Wi-Fi 11g USB adapter LAN Utility.) -- C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter\WLANUTL.exe [835584]

[MD5.994C5C50B681816AB2EC3CE7B1A5294D] - (.Speedbit Ltd. - VideoAcceleratorEngine.) -- C:\PROGRA~1\SPEEDB~2\VideoAcceleratorEngine.exe [140920]

[MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544]

[MD5.D594EA4AC1C0E4675EF2F0063950ABEF] - (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [1090952]

[MD5.58ACFB0BB32E5F42508C6C03759BB055] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [555520]

 

 

---\\ Page de démarrage de Mozilla Firefox (M0)

M0 - MFSP: prefs.js [VIACOM - t3i2mr5p.default] Page de démarrage Mozilla Firefox

 

 

---\\ Programmes d'extension pour Mozilla Firefox (M2)

M2 - MFEP: prefs.js [VIACOM - t3i2mr5p.default\ChoiceGuard@Microsoft] [] Microsoft Choice Guard 2.0 (.Microsoft.)

M2 - MFEP: prefs.js [VIACOM - t3i2mr5p.default\firefox@bandoo.com] [] Bandoo for Firefox 5.0 (.Microsoft.)

M2 - MFEP: prefs.js [VIACOM - t3i2mr5p.default\toolbar@waltershop.com] [] WalterShop 1.0 (.waltershop.com.)

M2 - MFEP: prefs.js [VIACOM - t3i2mr5p.default\wikilook@testpilot] [] WikiLook 2.5.5 (.TestPilot.)

M2 - MFEP: prefs.js [VIACOM - t3i2mr5p.default\{0b38152b-1b20-484d-a11f-5e04a9b0661f}] [] Winamp Toolbar 5.6.12.1 (.AOL LLC.)

M2 - MFEP: prefs.js [VIACOM - t3i2mr5p.default\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}] [] Softonic-Eng7 Toolbar 2.5.8.6 (.Conduit Ltd..)

M2 - MFEP: prefs.js [VIACOM - t3i2mr5p.default\{635abd67-4fe9-1b23-4f01-e679fa7484c1}] [yahoo.ytff] Yahoo! Toolbar 2.1.1.20091029021655 (.Yahoo!.)

M2 - MFEP: prefs.js [VIACOM - t3i2mr5p.default\{75656794-AB59-4712-BFBC-5D816D56F3BC}] [] Splitcam Toolbar 1.1.6 (..)

M2 - MFEP: prefs.js [VIACOM - t3i2mr5p.default\{ada4b710-8346-4b82-8199-5de2b400a6ae}] [] ReminderFox 1.9.8.3 (.Tom Mutdosch and Daniel Lee.)

M2 - MFEP: prefs.js [VIACOM - t3i2mr5p.default\{AE93811A-5C9A-4d34-8462-F7B864FC4696}] [] StumbleUpon 1.9.8.3 (.StumbleUpon.)

M2 - MFEP: prefs.js [VIACOM - t3i2mr5p.default\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}] [adblockplus] Adblock Plus 1.2.2 (.Wladimir Palant.)

M2 - MFEP: prefs.js [VIACOM - t3i2mr5p.default\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}] [] Download Statusbar 0.9.7.1 (.Devon Jensen.)

M2 - MFEP: prefs.js [VIACOM - t3i2mr5p.default\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}] [] SearchStatus 0.9.7.1 (.Craig Raw.)

M2 - MFEP: prefs.js [VIACOM - t3i2mr5p.default\{eebc5c3f-ec4b-4ad4-b5d1-fa51b3c42c58}] [] SecretHelper 0.9.7.1 (.SecretHelper - sechelper@gmail.com.)

M2 - MFEP: prefs.js [VIACOM - t3i2mr5p.default\{EEE6C361-6118-11DC-9C72-001320C79847}] [] SweetIM Toolbar for Firefox 1.0.0.10 (.SweetIM Technologies LTD..)

 

 

---\\ Plugins de navigateurs Opera/Firefox(P1/P2)

P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll

P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - Office Plugin for Netscape Navigator.) -- C:\Program Files\Mozilla Firefox\Plugins\NPOFF12.DLL

P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - Office Plugin for Netscape Navigator.) -- C:\Program Files\Mozilla Firefox\Plugins\NPOFFICE.DLL

P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin2.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin3.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin4.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin5.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin6.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin7.dll

P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.5.) -- C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_21 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

P2 - FPN: [HKLM] [@ma-config.com/HardwareDetection] - (.Cybelsoft - Plugin NPAPI Ma-Config.com.) -- C:\Program Files\ma-config.com\nphardwaredetection.dll

P2 - FPN: [HKLM] [@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6] - (.Yahoo! Inc. - Yahoo Application State Plugin version 1.0.0.7.) -- C:\Program Files\Yahoo!\Shared\npYState.dll

P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.50524.0.) -- C:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll

P2 - FPN: [HKLM] [@microsoft.com/OfficeLive,version=1.3] - (.Microsoft Corp. - Office Live Update v1.3.) -- C:\Program Files\Microsoft\Office Live\npOLW.dll

P2 - FPN: [HKCU] [@facebook.com/FBPlugin,version=1.0.1] - (.Pas de propriétaire - Provides additional functionality on Facebook. See <a href="http://www.'>http://www.) -- C:\Documents and Settings\VIACOM\Application Data\Facebook\npfbplugin_1_0_1.dll

P2 - FPN: [HKCU] [@facebook.com/FBPlugin,version=1.0.3] - (.Pas de propriétaire - Provides additional functionality on Facebook. See <a href="http://www.) -- C:\Documents and Settings\VIACOM\Application Data\Facebook\npfbplugin_1_0_3.dll

 

 

---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,

F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"

 

 

---\\ Pages de démarrage d'Internet Explorer (R0)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.speedbit.com/?aff=205

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo

 

 

---\\ Pages de recherche d'Internet Explorer (R1)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Recherche écologique sur Durable.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Recherche écologique sur Durable.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

 

---\\ Internet Explorer URLSearchHook (R3)

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)) -- C:\WINDOWS\system32\ieframe.dll

 

 

---\\ Browser Helper Objects de navigateur (O2)

O2 - BHO: SBCONVERT - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} . (.Pas de propriétaire - IE Toolbar Engine.) -- C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll

O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} . (.Speedbit Ltd. - SearchPredict DLL.) -- C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} . (.Discordia Limited - Bandoo IE Plugin.) -- C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll

O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} . (.Pas de propriétaire - Pas de description.) -- (.not file.)

O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} . (.SpeedBit Ltd. - Download Accelerator Plus (DAP) MSIE Loader.) -- C:\PROGRA~1\DAP\DAPIEL~1.DLL

O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} . (.Speedbit Ltd. - SpeedBit Grab & Convert.) -- C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll

 

 

---\\ Internet Explorer Toolbars (O3)

O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} . (.Pas de propriétaire - IE Toolbar Engine.) -- C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll

 

 

---\\ Applications démarrées par registre & par dossier (O4)

O4 - HKLM\..\Run: [igfxtray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [YSearchProtection] . (.Yahoo! Inc - Yahoo! Application.) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

O4 - HKLM\..\Run: [DumpTeam] H:\Windev 10 (D)\DumpTeam_Pack_v4.5a4.exe (.not file.)

O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe

O4 - HKCU\..\Run: [superCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [search Protection] . (.Yahoo! Inc - Yahoo! Application.) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [DownloadAccelerator] . (.SpeedBit Ltd. - Download Accelerator Plus (DAP).) -- C:\Program Files\DAP\DAP.exe

O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe

O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe

O4 - HKUS\S-1-5-21-507921405-963894560-1644491937-1003\..\Run: [superCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKUS\S-1-5-21-507921405-963894560-1644491937-1003\..\Run: [search Protection] . (.Yahoo! Inc - Yahoo! Application.) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

O4 - HKUS\S-1-5-21-507921405-963894560-1644491937-1003\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-21-507921405-963894560-1644491937-1003\..\Run: [DownloadAccelerator] . (.SpeedBit Ltd. - Download Accelerator Plus (DAP).) -- C:\Program Files\DAP\DAP.exe

O4 - HKUS\S-1-5-21-507921405-963894560-1644491937-1003\..\Run: [uTorrent] . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe

O4 - HKUS\S-1-5-21-507921405-963894560-1644491937-1003\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

O4 - HKUS\S-1-5-21-507921405-963894560-1644491937-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk . (.Pas de propriétaire - ADIMON MFC Application.) -- C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Démarrage\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk . (.Pas de propriétaire - SAGEM Wi-Fi 11g USB adapter LAN Utility.) -- C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter\WLANUTL.exe

 

 

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)

O8 - Extra context menu item: &Clean Traces . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~1\Office12\EXCEL.exe

O8 - Extra context menu item: Google Sidewiki... - (.not file.) - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll

 

 

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (.Pas de propriétaire - Pas de description.) -- C:\PROGRA~1\MICROS~1\Office12\REFBARH.ICO

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (.not file.) - (.not file.)

 

 

---\\ Winsock hijacker (Layered Service Provider) (O10)

O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll

O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll

O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll

 

 

---\\ Objets ActiveX (Downloaded Program Files)(O16)

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ("Ma-Config.com control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_2_1_0.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} () - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

 

 

---\\ Modification Domaine/Adresses DNS (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{F59BE288-398A-4176-8044-477FF5157CB3}: NameServer = 213.136.96.2 213.136.96.37

O17 - HKLM\System\CS1\Services\Tcpip\..\{F59BE288-398A-4176-8044-477FF5157CB3}: NameServer = 213.136.96.2 213.136.96.37

O17 - HKLM\System\CCS\Services\Tcpip\..\{308D8AE0-37FA-4995-95D2-263FF9CF61A9}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{308D8AE0-37FA-4995-95D2-263FF9CF61A9}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{308D8AE0-37FA-4995-95D2-263FF9CF61A9}: DhcpNameServer = 192.168.1.1

 

 

---\\ Protocole additionnel et piratage de protocole (O18)

O18 - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype for COM API.) -- C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

 

 

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)

O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll

O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\System32\igfxdev.dll

 

 

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)

O20 - AppInit_DLLs: . (.Discordia Limited - BndHook.) - c:\progra~1\bandoo\bndhook.dll

 

 

---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\wpdshserviceobj.dll

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\shell32.dll

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll

 

 

---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)

O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll

 

 

---\\ Liste des services NT non Microsoft et non désactivés (O23)

O23 - Service: Apple Mobile Device (Apple Mobile Device) . (.Apple Inc. - Apple Mobile Device Service.) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bandoo Coordinator (Bandoo Coordinator) . (.Discordia Limited - Bandoo Coordinator.) - C:\PROGRA~1\Bandoo\Bandoo.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: C:\Program Files\Nero\Update\NASvc.exe (NAUpdate) . (.Nero AG - NeroUpdate.) - C:\Program Files\Nero\Update\NASvc.exe

O23 - Service: NMSAccess (NMSAccess) . (.Pas de propriétaire - Pas de description.) - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: PD91Engine PD91EngineTapiSrv (PD91EngineTapiSrv) . (.Pas de propriétaire - Pas de description.) - srv

O23 - Service: Pml Driver HPZ12 (Pml Driver HPZ12) . (.HP - PML Driver.) - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: VideoAcceleratorService (VideoAcceleratorService) . (.Speedbit Ltd. - VideoAcceleratorEngine.) - C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe

O23 - Service: VMware USB Arbitration Service (VMUSBArbService) . (.Pas de propriétaire - Pas de description.) - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe

 

 

---\\ Enumération Active Desktop & MHTML Editor (O24)

O24 - Default MHTML Editor: Last - .(.Microsoft Corporation - Microsoft Office Word.) - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.exe

 

 

---\\ Tâches planifiées en automatique (O39)

O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{808BFC13-1FAC-49EF-8206-3319B724D7CF}.job

 

 

---\\ Composants installés (ActiveSetup Installed Components) (O40)

O40 - ASIC: Personnalisation du navigateur - >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS . (.Pas de propriétaire - Pas de description.) -- RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\regutils.dll

O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msnetmtg.inf

O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\wmp.inf

O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 10.1 r82.) -- C:\WINDOWS\system32\Macromed\Flash\Flash10i.ocx

 

 

---\\ Logiciels installés (O42)

O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX

O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin

O42 - Logiciel: Adobe Shockwave Player 11.5 - (.Adobe Systems, Inc..) [HKLM] -- Adobe Shockwave Player

O42 - Logiciel: Apple Application Support - (.Apple Inc..) [HKLM] -- {A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}

O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM] -- {AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}

O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] -- {6956856F-B6B3-4BE0-BA0B-8F495BE32033}

O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] -- {DCE8CD14-FBF5-4464-B9A4-E18E473546C7}

O42 - Logiciel: Bandoo - (.Discordia Limited.) [HKLM] -- Bandoo

O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner

O42 - Logiciel: CDBurnerXP - (.CDBurnerXP.) [HKLM] -- {7E265513-8CDA-4631-B696-F40D983F3B07}_is1

O42 - Logiciel: CVitaeV4 - (.Pas de propriétaire.) [HKCU] -- CVitaeV4

O42 - Logiciel: Canta 1.10 - (.Chaumet Software.) [HKLM] -- Canta

O42 - Logiciel: Download Accelerator Plus (DAP) - (.Speedbit Ltd..) [HKLM] -- Download Accelerator Plus (DAP)

O42 - Logiciel: Facebook Plug-In - (.Facebook, Inc..) [HKCU] -- Facebook Plug-In

O42 - Logiciel: FormatFactory 2.45 - (.Free Time.) [HKLM] -- FormatFactory

O42 - Logiciel: Free PDF to Word Doc Converter v1.1 - (.www.hellopdf.com.) [HKLM] -- Free PDF to Word Doc Converter_is1

O42 - Logiciel: HashTab 2.0.9 - (.Cody Batt.) [HKLM] -- HashTab

O42 - Logiciel: Hotfix for Windows XP (KB915865) - (.Microsoft Corporation.) [HKLM] -- KB915865

O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3

O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {46ABBC54-1872-4AA3-95E2-F2C063A63F31}

O42 - Logiciel: Intel® Extreme Graphics 2 Driver - (.Pas de propriétaire.) [HKLM] -- {8A708DD8-A5E6-11D4-A706-000629E95E20}

O42 - Logiciel: Java 6 Update 21 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216018FF}

O42 - Logiciel: Java 6 Update 6 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160060}

O42 - Logiciel: Lettramots - (.Pas de propriétaire.) [HKLM] -- Lettramots

O42 - Logiciel: MSVC80_x86_v2 - (.Nokia.) [HKLM] -- {6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}

O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

O42 - Logiciel: Ma-Config.com - (.Cybelsoft.) [HKLM] -- {207BB01A-0163-43E0-8CE9-BE494505BE0F}

O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1

O42 - Logiciel: Micro Application - MediaDICO 12 - (.Pas de propriétaire.) [HKLM] -- MediaDICO12

O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Pas de propriétaire.) [HKLM] -- Microsoft .NET Framework 1.1 (1033)

O42 - Logiciel: Microsoft .NET Framework 1.1 SP1 with KB886903 Hotfix - (.Microsoft.) [HKLM] -- {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB953297) - (.Pas de propriétaire.) [HKLM] -- M953297

O42 - Logiciel: Microsoft .NET Framework 3.0 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.0

O42 - Logiciel: Microsoft .NET Framework 3.0 - (.Microsoft Corporation.) [HKLM] -- {15095BF3-A3D7-4DDF-B193-3A496881E003}

O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile

O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}

O42 - Logiciel: Microsoft .NET Framework 4 Client Profile FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}

O42 - Logiciel: Microsoft .NET Framework 4 Extended - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Extended

O42 - Logiciel: Microsoft .NET Framework 4 Extended - (.Microsoft Corporation.) [HKLM] -- {0A0CADCF-78DA-33C4-A350-CD51849B9702}

O42 - Logiciel: Microsoft .NET Framework 4 Extended FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {043F86B7-EE12-3399-B2CA-D0B603D87963}

O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

O42 - Logiciel: Microsoft Office Access MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0015-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Excel MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office InfoPath MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0044-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Live Add-in 1.3 - (.Microsoft Corporation.) [HKLM] -- {57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}

O42 - Logiciel: Microsoft Office Outlook Connector - (.Microsoft Corporation.) [HKLM] -- {95120000-0122-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Outlook MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001A-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] -- PROPLUS

O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (Arabic) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (Dutch) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (German) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proofing (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002C-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Publisher MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0019-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Shared MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Word MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {837b34e3-7c30-493c-8f6a-2b0f04e2912c}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 - (.Microsoft Corporation.) [HKLM] -- {FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}

O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack

O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Extended FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Extended FRA Language Pack

O42 - Logiciel: Mozilla Firefox (4.0b4) - (.Mozilla.) [HKLM] -- Mozilla Firefox (4.0b4)

O42 - Logiciel: Nero BurnLite 10 - (.Nero AG.) [HKLM] -- {842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}

O42 - Logiciel: Nero BurnLite 10 - (.Nero AG.) [HKLM] -- {AB627AF2-9C7E-4DBD-816B-3B2646B81E89}

O42 - Logiciel: Nero Control Center 10 - (.Nero AG.) [HKLM] -- {6DFB899F-17A2-48F0-A533-ED8D6866CF38}

O42 - Logiciel: Nero ControlCenter 10 Help (CHM) - (.Nero AG.) [HKLM] -- {523B2B1B-D8DB-4B41-90FF-C4D799E2758A}

O42 - Logiciel: Nero Core Components 10 - (.Nero AG.) [HKLM] -- {2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}

O42 - Logiciel: Nero Update - (.Nero AG.) [HKLM] -- {65BB0407-4CC8-4DC7-952E-3EEFDF05602A}

O42 - Logiciel: Nokia Connectivity Cable Driver - (.Nokia.) [HKLM] -- {6869591A-7DD8-46D2-837F-57CBF7358955}

O42 - Logiciel: Nokia PC Suite - (.Nokia.) [HKLM] -- Nokia PC Suite

O42 - Logiciel: Nokia PC Suite - (.Nokia.) [HKLM] -- {9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}

O42 - Logiciel: PC Connectivity Solution - (.Nokia.) [HKLM] -- {6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}

O42 - Logiciel: Package de pilotes Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0) - (.MobileTop.) [HKLM] -- 6194C28A8F62DD817EA1B918E6E46E806A21B452

O42 - Logiciel: Package de pilotes Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0) - (.MobileTop.) [HKLM] -- 65B6FE5418CE28F4D72543FB2D964C3CEC83F161

O42 - Logiciel: Package de pilotes Windows - Nokia Modem (06/01/2009 7.01.0.4) - (.Nokia.) [HKLM] -- 8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA

O42 - Logiciel: Package de pilotes Windows - Nokia Modem (10/05/2009 4.2) - (.Nokia.) [HKLM] -- 05B59228C7E1C21DFBE89260F879BD95880548D8

O42 - Logiciel: Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) - (.Nokia.) [HKLM] -- 504244733D18C8F63FF584AEB290E3904E791693

O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM] -- {EB900AF8-CC61-4E15-871B-98D1EA3E8025}

O42 - Logiciel: SAGEM F@st 800-840 - (.SAGEM.) [HKLM] -- {4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}

O42 - Logiciel: SAGEM Wi-Fi 11g USB adapter - (.Pas de propriétaire.) [HKLM] -- {CB2D74EA-777C-4C58-AE8A-AAF15BB3B9E0}

O42 - Logiciel: SAMSUNG Mobile Composite Device Software - (.Pas de propriétaire.) [HKLM] -- SAMSUNG Mobile Composite Device

O42 - Logiciel: SAMSUNG Mobile USB Modem 1.0 Software - (.Pas de propriétaire.) [HKLM] -- SAMSUNG Mobile USB Modem 1.0

O42 - Logiciel: SAMSUNG Mobile USB Modem Software - (.Pas de propriétaire.) [HKLM] -- SAMSUNG Mobile USB Modem

O42 - Logiciel: Samsung Mobile phone USB driver Software - (.Pas de propriétaire.) [HKLM] -- Samsung Mobile phone USB driver

O42 - Logiciel: Samsung PC Studio 3 - (.Samsung Electronics Co., Ltd..) [HKLM] -- {C4A4722E-79F9-417C-BD72-8D359A090C97}

O42 - Logiciel: Security Update pour Microsoft .NET Framework 2.0 (KB917283) - (.Microsoft Corporation.) [HKLM] -- KB917283.T1_1ToU93_1

O42 - Logiciel: Security Update pour Microsoft .NET Framework 2.0 (KB922770) - (.Microsoft Corporation.) [HKLM] -- KB922770.T1_1ToU168_1

O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] -- {A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

O42 - Logiciel: Skype 4.2 - (.Skype Technologies S.A..) [HKLM] -- {D103C4BA-F905-437A-8049-DB24763BBE36}

O42 - Logiciel: SpeedBit Video Accelerator - (.SpeedBit Ltd..) [HKLM] -- SpeedBit Video Accelerator

O42 - Logiciel: SpeedBit Video Downloader - (.SpeedBit Ltd..) [HKLM] -- SpeedBit Video Downloader

O42 - Logiciel: Sudoku V 3.0.2 - (.Olivier RAVET.) [HKLM] -- Sudoku_is1

O42 - Logiciel: SuperCopier2 - (.Pas de propriétaire.) [HKLM] -- SuperCopier2

O42 - Logiciel: VLC media player 1.1.2 - (.VideoLAN.) [HKLM] -- VLC media player

O42 - Logiciel: Virtual DJ - Atomix Productions - (.Pas de propriétaire.) [HKLM] -- Virtual DJ - Atomix Productions

O42 - Logiciel: WinRAR archiver - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver

O42 - Logiciel: Winamp - (.Nullsoft, Inc.) [HKLM] -- Winamp

O42 - Logiciel: Windows Communication Foundation - (.Microsoft Corporation.) [HKLM] -- {491DD792-AD81-429C-9EB4-86DD3D22E333}

O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] -- ie8

O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {ED00D08A-3C5F-488D-93A0-A04F21F23956}

O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {770F1BEC-2871-4E70-B837-FB8525FFA3B1}

O42 - Logiciel: Windows Presentation Foundation - (.Microsoft Corporation.) [HKLM] -- {BAF78226-3200-4DB4-BE33-4D922A799840}

O42 - Logiciel: Windows Workflow Foundation - (.Microsoft Corporation.) [HKLM] -- {7D1B85BD-AA07-48B8-808D-67A4067FC6BD}

O42 - Logiciel: WordBiz version 1.8 - (.Internet Scrabble Club.) [HKLM] -- Internet Scrabble Club_is1

O42 - Logiciel: XML Paper Specification Shared Components Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- XpsEPSC

O42 - Logiciel: Yahoo! Messenger - (.Yahoo! Inc..) [HKLM] -- Yahoo! Messenger

O42 - Logiciel: Yahoo! Search Protection - (.Pas de propriétaire.) [HKLM] -- Yahoo! Search Defender

O42 - Logiciel: µTorrent - (.Pas de propriétaire.) [HKLM] -- uTorrent

 

---\\ HKCU & HKLM Software Keys

[HKCU\Software\2VG]

[HKCU\Software\?? ?? ???? ????? ??? ?? ????]

[HKCU\Software\ACD Systems]

[HKCU\Software\AVG Security Toolbar]

[HKCU\Software\Adobe]

[HKCU\Software\Ahead]

[HKCU\Software\AppDataLow\Software\Microsoft]

[HKCU\Software\AppDataLow\Software]

[HKCU\Software\AppDataLow]

[HKCU\Software\Apple Computer, Inc.]

[HKCU\Software\AutocompleteProBHO]

[HKCU\Software\Avg]

[HKCU\Software\Boonty]

[HKCU\Software\CDDB]

[HKCU\Software\Canneverbe Limited]

[HKCU\Software\Classes]

[HKCU\Software\Clients]

[HKCU\Software\Conduit]

[HKCU\Software\Driver Fetch]

[HKCU\Software\ESET]

[HKCU\Software\Flock]

[HKCU\Software\Foxit Software]

[HKCU\Software\FreeTime]

[HKCU\Software\GNU]

[HKCU\Software\Gabest]

[HKCU\Software\Google]

[HKCU\Software\Haali]

[HKCU\Software\HashTab]

[HKCU\Software\Headlight]

[HKCU\Software\Hewlett-Packard]

[HKCU\Software\HookNetwork]

[HKCU\Software\IM Providers]

[HKCU\Software\Intel]

[HKCU\Software\JavaSoft]

[HKCU\Software\KasperskyLab]

[HKCU\Software\LG Electronics Inc]

[HKCU\Software\LG MEDIA PLAYER]

[HKCU\Software\LGSync]

[HKCU\Software\Laventure]

[HKCU\Software\Licenses]

[HKCU\Software\Local AppWizard-Generated Applications]

[HKCU\Software\LowRegistry]

[HKCU\Software\Macromedia]

[HKCU\Software\Macrovision]

[HKCU\Software\Magnet]

[HKCU\Software\Malwarebytes' Anti-Malware]

[HKCU\Software\MozillaPlugins]

[HKCU\Software\Mozilla]

[HKCU\Software\Nero]

[HKCU\Software\Netscape]

[HKCU\Software\Netzip]

[HKCU\Software\Nimbuzz]

[HKCU\Software\Nokia]

[HKCU\Software\ODBC]

[HKCU\Software\OfferBox]

[HKCU\Software\PC SOFT]

[HKCU\Software\Piriform]

[HKCU\Software\Policies]

[HKCU\Software\ProgSense]

[HKCU\Software\RealNetworks]

[HKCU\Software\SBCONVERT]

[HKCU\Software\SFX TEAM]

[HKCU\Software\SMTTB2009]

[HKCU\Software\Samsung PC Studio]

[HKCU\Software\Samsung]

[HKCU\Software\SecretHelper]

[HKCU\Software\Skype]

[HKCU\Software\Softonic]

[HKCU\Software\Somoto Toolbar]

[HKCU\Software\SpeedBit]

[HKCU\Software\SweetIM]

[HKCU\Software\Sysinternals]

[HKCU\Software\Trolltech]

[HKCU\Software\VB and VBA Program Settings]

[HKCU\Software\VSO]

[HKCU\Software\VirtualDJ]

[HKCU\Software\WPI]

[HKCU\Software\Wget]

[HKCU\Software\WideStream]

[HKCU\Software\WinRAR SFX]

[HKCU\Software\WinRAR]

[HKCU\Software\Winamp]

[HKCU\Software\Xobni]

[HKCU\Software\YahooPartnerToolbar]

[HKCU\Software\Yahoo]

[HKCU\Software\cybelsoft]

[HKCU\Software\ej-technologies]

[HKCU\Software\keyhole.com]

[HKCU\Software\toolband]

[HKLM\Software\7F68A003]

[HKLM\Software\ACD Systems]

[HKLM\Software\Adobe]

[HKLM\Software\Ahead]

[HKLM\Software\America Online]

[HKLM\Software\Analog Devices]

[HKLM\Software\AppDataLow]

[HKLM\Software\Apple Computer, Inc.]

[HKLM\Software\Apple Inc.]

[HKLM\Software\AskSBar]

[HKLM\Software\Avg]

[HKLM\Software\AviSynth]

[HKLM\Software\Buziol Games]

[HKLM\Software\C07ft5Y]

[HKLM\Software\CDDB]

[HKLM\Software\Chaumet]

[HKLM\Software\Classes]

[HKLM\Software\Clients]

[HKLM\Software\ClubdeJeux]

[HKLM\Software\Conduit]

[HKLM\Software\DivXNetworks]

[HKLM\Software\ESET]

[HKLM\Software\GEAR Software]

[HKLM\Software\GNU]

[HKLM\Software\Gemplus]

[HKLM\Software\Google]

[HKLM\Software\HP]

[HKLM\Software\HaaliMkx]

[HKLM\Software\Hewlett-Packard]

[HKLM\Software\INTEL]

[HKLM\Software\InstallShield]

[HKLM\Software\InstalledOptions]

[HKLM\Software\InterVideo]

[HKLM\Software\JavaSoft]

[HKLM\Software\JreMetrics]

[HKLM\Software\Licenses]

[HKLM\Software\Lidan]

[HKLM\Software\MCCI]

[HKLM\Software\Macromedia]

[HKLM\Software\Malwarebytes' Anti-Malware]

[HKLM\Software\Micro Application]

[HKLM\Software\MimarSinan]

[HKLM\Software\MozillaPlugins]

[HKLM\Software\Mozilla]

[HKLM\Software\Nero]

[HKLM\Software\Netzip]

[HKLM\Software\Nokia]

[HKLM\Software\Nullsoft]

[HKLM\Software\ODBC]

[HKLM\Software\PC Connectivity Solution]

[HKLM\Software\PCSuite]

[HKLM\Software\Policies]

[HKLM\Software\Program Groups]

[HKLM\Software\RealNetworks]

[HKLM\Software\Realtek Semiconductor Corp.]

[HKLM\Software\Realtek]

[HKLM\Software\RegisteredApplications]

[HKLM\Software\Rockstar Games]

[HKLM\Software\SAGEM]

[HKLM\Software\Samsung Electronics Co., Ltd.]

[HKLM\Software\Samsung]

[HKLM\Software\Schlumberger]

[HKLM\Software\Secure]

[HKLM\Software\Skype]

[HKLM\Software\SpeedBit]

[HKLM\Software\Swearware]

[HKLM\Software\SweetIM]

[HKLM\Software\Uniblue]

[HKLM\Software\VDownloader]

[HKLM\Software\VMware, Inc.]

[HKLM\Software\VSO]

[HKLM\Software\VideoLAN]

[HKLM\Software\VirtualDJ]

[HKLM\Software\WinRAR]

[HKLM\Software\Windows 3.1 Migration Status]

[HKLM\Software\Xing Technology Corp.]

[HKLM\Software\Yahoo]

[HKLM\Software\Z-Com, Inc.]

[HKLM\Software\cybelsoft]

[HKLM\Software\ej-technologies]

[HKLM\Software\genvcam]

[HKLM\Software\magnet]

[HKLM\Software\mozilla.org]

 

 

---\\ Contenu des dossiers ProgramFiles/ProgramData (O43)

O43 - CFD:Common File Directory ----D- C:\Program Files\Apple Software Update

O43 - CFD:Common File Directory ----D- C:\Program Files\AVG

O43 - CFD:Common File Directory ----D- C:\Program Files\Bandoo

O43 - CFD:Common File Directory ----D- C:\Program Files\Boonty

O43 - CFD:Common File Directory ----D- C:\Program Files\BoontyGames

O43 - CFD:Common File Directory ----D- C:\Program Files\Canta

O43 - CFD:Common File Directory ----D- C:\Program Files\Carambis

O43 - CFD:Common File Directory ----D- C:\Program Files\CCleaner

O43 - CFD:Common File Directory ----D- C:\Program Files\CDBurnerXP

O43 - CFD:Common File Directory ----D- C:\Program Files\Cell Phone Manager

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files

O43 - CFD:Common File Directory ----D- C:\Program Files\ComPlus Applications

O43 - CFD:Common File Directory ----D- C:\Program Files\Conduit

O43 - CFD:Common File Directory ----D- C:\Program Files\CVitaeV4

O43 - CFD:Common File Directory ----D- C:\Program Files\Dactylo

O43 - CFD:Common File Directory ----D- C:\Program Files\DAP

O43 - CFD:Common File Directory ----D- C:\Program Files\DIFX

O43 - CFD:Common File Directory ----D- C:\Program Files\Driver Fetch

O43 - CFD:Common File Directory ---AD- C:\Program Files\eMule

O43 - CFD:Common File Directory ----D- C:\Program Files\Feneris

O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers communs

O43 - CFD:Common File Directory ----D- C:\Program Files\Fondus-Online

O43 - CFD:Common File Directory ----D- C:\Program Files\Foxit Reader

O43 - CFD:Common File Directory ----D- C:\Program Files\Free PDF to Word Doc Converter

O43 - CFD:Common File Directory ----D- C:\Program Files\FreeTime

O43 - CFD:Common File Directory ----D- C:\Program Files\GetRight

O43 - CFD:Common File Directory ----D- C:\Program Files\Google

O43 - CFD:Common File Directory ----D- C:\Program Files\HashTab Shell Extension

O43 - CFD:Common File Directory ----D- C:\Program Files\HP

O43 - CFD:Common File Directory ----D- C:\Program Files\IDA

O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information

O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer

O43 - CFD:Common File Directory ----D- C:\Program Files\Java

O43 - CFD:Common File Directory ----D- C:\Program Files\Jurassic Park 2 - The Lost World

O43 - CFD:Common File Directory ----D- C:\Program Files\Lettramots

O43 - CFD:Common File Directory ----D- C:\Program Files\LimeWire

O43 - CFD:Common File Directory ----D- C:\Program Files\ma-config.com

O43 - CFD:Common File Directory ----D- C:\Program Files\Malwarebytes' Anti-Malware

O43 - CFD:Common File Directory ----D- C:\Program Files\MediaInfo

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft

O43 - CFD:Common File Directory ----D- C:\Program Files\microsoft frontpage

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office Outlook Connector

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Silverlight

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Visual Studio

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Visual Studio 8

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Works

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft.NET

O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker

O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Firefox

O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Firefox 4.0 Beta 4

O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild

O43 - CFD:Common File Directory ----D- C:\Program Files\MSN Gaming Zone

O43 - CFD:Common File Directory ----D- C:\Program Files\Nero

O43 - CFD:Common File Directory ----D- C:\Program Files\NetMeeting

O43 - CFD:Common File Directory ----D- C:\Program Files\Nokia

O43 - CFD:Common File Directory ----D- C:\Program Files\Notepad++

O43 - CFD:Common File Directory ----D- C:\Program Files\Outlook Express

O43 - CFD:Common File Directory ----D- C:\Program Files\PC Connectivity Solution

O43 - CFD:Common File Directory ----D- C:\Program Files\Real

O43 - CFD:Common File Directory ----D- C:\Program Files\Realtek AC97

O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies

O43 - CFD:Common File Directory ----D- C:\Program Files\SAGEM

O43 - CFD:Common File Directory ----D- C:\Program Files\Samsung

O43 - CFD:Common File Directory ----D- C:\Program Files\SearchPredict

O43 - CFD:Common File Directory ----D- C:\Program Files\Services en ligne

O43 - CFD:Common File Directory R---D- C:\Program Files\Skype

O43 - CFD:Common File Directory ----D- C:\Program Files\SoftChris

O43 - CFD:Common File Directory ----D- C:\Program Files\SpeedBit Video Accelerator

O43 - CFD:Common File Directory ----D- C:\Program Files\SpeedBit Video Downloader

O43 - CFD:Common File Directory ----D- C:\Program Files\SuperCopier2

O43 - CFD:Common File Directory ----D- C:\Program Files\SyllabiK

O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information

O43 - CFD:Common File Directory ----D- C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter

O43 - CFD:Common File Directory ----D- C:\Program Files\uTorrent

O43 - CFD:Common File Directory ----D- C:\Program Files\VideoLAN

O43 - CFD:Common File Directory ----D- C:\Program Files\VirtualDJ

O43 - CFD:Common File Directory ----D- C:\Program Files\VMware

O43 - CFD:Common File Directory ----D- C:\Program Files\Winamp

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Connect 2

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT

O43 - CFD:Common File Directory --H-D- C:\Program Files\WindowsUpdate

O43 - CFD:Common File Directory ----D- C:\Program Files\WinRAR

O43 - CFD:Common File Directory ----D- C:\Program Files\WordBiz

O43 - CFD:Common File Directory ----D- C:\Program Files\xerox

O43 - CFD:Common File Directory ---AD- C:\Program Files\XYplorer

O43 - CFD:Common File Directory ----D- C:\Program Files\Yahoo!

O43 - CFD:Common File Directory ----D- C:\Program Files\ZHPDiag

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\VMware

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\VMware

 

 

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)

O44 - LFC:[MD5.00000000000000000000000000000000] - 19/09/2010 - 13:03:19 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\WindowsUpdate.log [1530166]

O44 - LFC:[MD5.00000000000000000000000000000000] - 19/09/2010 - 12:55:55 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wiadebug.log [159]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 19/09/2010 - 12:55:53 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\0.log [0]

O44 - LFC:[MD5.00000000000000000000000000000000] - 19/09/2010 - 12:55:53 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wiaservc.log [50]

O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 19/09/2010 - 12:55:48 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\bootstat.dat [2048]

O44 - LFC:[MD5.00000000000000000000000000000000] - 19/09/2010 - 12:55:08 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\SchedLgU.Txt [32514]

O44 - LFC:[MD5.C7DD7D9739785BD3A6B8499EEC1DEE7E] - 19/09/2010 - 06:42:49 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [38224]

O44 - LFC:[MD5.67B48A903430C6D4FB58CBACA1866601] - 19/09/2010 - 06:42:47 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbam.sys [20952]

O44 - LFC:[MD5.955E20F2A28E16B57C0227D8B5A457A7] - 17/09/2010 - 11:39:01 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\ComboFix.txt [29785]

O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 17/09/2010 - 11:31:48 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system.ini [227]

O44 - LFC:[MD5.3C01CCFD94565B0DE17A521E94C8061E] - 16/09/2010 - 22:38:29 RSHA- . (.Pas de propriétaire - Pas de description.) -- C:\boot.ini [328]

O44 - LFC:[MD5.DF4BFD6B4E29C90629D172E71EF13303] - 16/09/2010 - 22:38:28 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\win.ini [603]

O44 - LFC:[MD5.EE13A44ACE93EA9D27A1009D50B05A79] - 16/09/2010 - 15:12:32 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\wpa.dbl [2206]

O44 - LFC:[MD5.775E188DD15C9AC9E735A556FB95578E] - 16/09/2010 - 15:06:25 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Boot.bak [212]

O44 - LFC:[MD5.48C65662EC81FBCAA110509F50C51497] - 16/09/2010 - 15:06:16 RSHA- . (.Pas de propriétaire - Pas de description.) -- C:\cmldr [263488]

O44 - LFC:[MD5.AE72E8619CB31D84DA25E2435E55003C] - 16/09/2010 - 13:53:32 ---A- . (.NirSoft - NirCmd.) -- C:\WINDOWS\NIRCMD.exe [31232]

O44 - LFC:[MD5.C5EC72A20B4C98DB5314E6C46765B148] - 16/09/2010 - 13:53:32 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\MBR.exe [77312]

O44 - LFC:[MD5.F1FBA6185A6A2BC6456970914875078E] - 16/09/2010 - 13:53:32 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\PEV.exe [256512]

O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 16/09/2010 - 13:53:32 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\grep.exe [80412]

O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 16/09/2010 - 13:53:32 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\sed.exe [98816]

O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 16/09/2010 - 13:53:32 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\zip.exe [68096]

O44 - LFC:[MD5.01D95A1F8CF13D07CC564AABB36BCC0B] - 16/09/2010 - 13:53:32 ---A- . (.SteelWerX - Freeware implementation of REG.EXE.) -- C:\WINDOWS\SWREG.exe [161792]

O44 - LFC:[MD5.B7517DB073B28F5696A1E5528ABEB5D0] - 16/09/2010 - 13:53:32 ---A- . (.SteelWerX - Freeware implementation of SC.EXE.) -- C:\WINDOWS\SWSC.exe [136704]

O44 - LFC:[MD5.B1A9CF0B6F80611D31987C247EC630B4] - 16/09/2010 - 13:53:32 ---A- . (.SteelWerX - Freeware implementation of XCACLS.) -- C:\WINDOWS\SWXCACLS.exe [212480]

 

 

---\\ Export de clé d'application autorisée (ECAA) (O47)

O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" [Enabled] .(.Microsoft Corporation - Microsoft Office Outlook.) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [Enabled] .(.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O47 - AAKE:Key Export SP - "C:\Program Files\uTorrent\uTorrent.exe" [Enabled] .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

O47 - AAKE:Key Export SP - "C:\Program Files\ma-config.com\maconfservice.exe" [Enabled] .(.CybelSoft - Service de détection matériel.) -- C:\Program Files\ma-config.com\maconfservice.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Skype\Plugin Manager\skypePM.exe" [Enabled] .(.Skype Technologies - Skype Extras Manager.) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Skype\Phone\Skype.exe" [Enabled] .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe

O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe

O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe

O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

 

 

---\\ Déni du service (Local Security Authority) (LSA) (O48)

O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\System32\msv1_0.dll

O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l'Éditeur de configuration de sécurité Windows.) -- C:\WINDOWS\System32\scecli.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\System32\msv1_0.dll

 

 

---\\ Image File Execution Options (IFEO) (O50)

O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d

 

 

---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)

O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm

O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll

O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll

O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll

O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\System32\ir41_32.ax

O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm

O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax

O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\System32\ir50_32.dll

O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm

O52 - TDSD: \Drivers32\"VIDC.ACDV"="ACDV.dll" . (.ACD Systems - ACDV.) -- C:\WINDOWS\System32\ACDV.dll

O52 - TDSD: \Drivers32\"VIDC.JPEG"="JpegCode.dll" . (.Pas de propriétaire - Pas de description.) -- (.not file.)

O52 - TDSD: \Drivers32\"VIDC.MJPG"="JpegCode.dll" . (.Pas de propriétaire - Pas de description.) -- (.not file.)

O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm

O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax

O52 - TDSD: \drivers.desc\"ir50_32.dll"="Indeo® video 5.10" . (.Pas de propriétaire - Pas de description.) -- (.not file.)

O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm

O52 - TDSD: \drivers.desc\"ACDV.dll"="ACDV 1.0" . (.Pas de propriétaire - Pas de description.) -- (.not file.)

O52 - TDSD: \drivers.desc\"tssoft32.acm"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm

O52 - TDSD: \drivers.desc\"iccvid.dll"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll

O52 - TDSD: \drivers.desc\"ir32_32.dll"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll

O52 - TDSD: \drivers.desc\"ir41_32.ax"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\System32\ir41_32.ax

 

 

---\\ ShareTools MSconfig StartupReg (SMSR) (O53)

O53 - SMSR:HKLM\...\startupreg\Messenger (Yahoo!) [Key] . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe

O53 - SMSR:HKLM\...\startupreg\msnmsgr [Key] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

O53 - SMSR:HKLM\...\startupreg\PC Suite Tray [Key] . (.Nokia - Nokia Launch Application.) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

O53 - SMSR:HKLM\...\startupreg\Skype [Key] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe

O53 - SMSR:HKLM\...\startupreg\SpeedBitVideoAccelerator [Key] . (.Speedbit Ltd. - Speedbit Video Accelerator.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe

O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe

 

 

---\\ Microsoft Control Security Providers (MCSP) (O54)

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll

 

 

---\\ Microsoft Windows Policies System (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=

O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "NoInternetOpenWith"=1

O55 - MWPS:[HKLM\...\Policies\System] - "DisableRegistryTools"=0

 

 

---\\ Microsoft Windows Policies Explorer (MWPE) (O56)

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=323

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoResolveTrack"=1

O56 - MWPE:[HKCU\...\policies\Explorer] - "LinkResolveIgnoreLinkInfo"=1

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoResolveSearch"=1

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoRecentDocsMenu"=1

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoRecentDocsHistory"=1

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSMMyDocs"=1

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSMMyPictures"=1

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoStartMenuPinnedList"=1

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSMConfigurePrograms"=1

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=67108863

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDrives"=0

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSMHelp"=0

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=67108863

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=323

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDrives"=0

 

 

---\\ Liste des Drivers Système (SDL) (O58)

O58 - SDL:[MD5.9A3A8614859FB77767B63A82A017CCC6] - 07/02/2007 - 15:50:14 ---A- . (.Analog Deivces - USB Firmware loader.) -- C:\WINDOWS\system32\drivers\adildr.sys

O58 - SDL:[MD5.BCA6AABA425CE46D89412190A5A27B94] - 07/02/2007 - 15:50:58 ---A- . (.Analog Deivces - USB Firmware loader.) -- C:\WINDOWS\system32\drivers\adildrx64.sys

O58 - SDL:[MD5.B944AD9F92D31285DBA3D190DEB43883] - 07/02/2007 - 15:50:32 ---A- . (.Analog Devices Inc. - ADSL USB Driver.) -- C:\WINDOWS\system32\drivers\adiusbaw.sys

O58 - SDL:[MD5.5EB7BA94AD23F24761DEFE05F4855933] - 07/02/2007 - 15:51:18 ---A- . (.Analog Devices Inc. - ADSL USB Driver.) -- C:\WINDOWS\system32\drivers\adiusbawx64.sys

O58 - SDL:[MD5.DD8520280304B6145A6BE31008748C7C] - 24/09/2008 - 09:40:22 R--A- . (.Realtek Semiconductor Corp. - Realtek AC'97 Audio Driver (WDM).) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS

O58 - SDL:[MD5.B8C187439D27ABA430DD69FDCF1FA657] - 13/07/2010 - 15:01:31 ---A- . (.AVG Technologies CZ, s.r.o. - AVG AVI Loader Driver.) -- C:\WINDOWS\system32\drivers\avgldx86.sys.prepare

O58 - SDL:[MD5.357DDB51E03CAE598C096D95497373D0] - 06/10/2009 - 11:52:34 ---A- . (.Nokia - Nokia USB Phone Bus Driver.) -- C:\WINDOWS\system32\drivers\ccdcmb.sys

O58 - SDL:[MD5.7CD443F9D36C80E152FADB274089577A] - 06/10/2009 - 11:52:34 ---A- . (.Nokia - Nokia USB Phone Bus Driver.) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys

O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 07/06/2008 - 14:17:09 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\drivers\cinemst2.sys

O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 07/06/2008 - 14:17:09 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys

O58 - SDL:[MD5.AC9CF17EE2AE003C98EB4F5336C38058] - 16/11/2007 - 09:55:00 ---A- . (.Intel Corporation - Intel® PRO/100 Adapter NDIS 5.1 driver.) -- C:\WINDOWS\system32\drivers\e100b325.sys

O58 - SDL:[MD5.D32E68DA595ACD9FADCC110BEE196ACE] - 04/01/2007 - 12:47:48 ---A- . (.Analog Deivces - USB Firmware loader.) -- C:\WINDOWS\system32\drivers\e4ldr.sys

O58 - SDL:[MD5.3D905CA492629743AF2906941471D01F] - 04/01/2007 - 12:47:10 ---A- . (.Analog Deivces - USB Firmware loader.) -- C:\WINDOWS\system32\drivers\e4ldrx64.sys

O58 - SDL:[MD5.F7958C94559D5030F5023F14D46B9F2F] - 04/01/2007 - 12:48:04 ---A- . (.Analog Devices Inc. - ADSL USB Driver.) -- C:\WINDOWS\system32\drivers\e4usbaw.sys

O58 - SDL:[MD5.B637E55545DC6A43EB4878D1A82022BE] - 04/01/2007 - 12:46:30 ---A- . (.Analog Devices Inc. - ADSL USB Driver.) -- C:\WINDOWS\system32\drivers\e4usbawx64.sys

O58 - SDL:[MD5.ED32D389F8B0E74E400932E020BCFBDF] - 14/07/2004 - 11:54:42 ---A- . (.Aladdin Knowledge Systems - Hardlock Device Driver for Windows NT.) -- C:\WINDOWS\system32\drivers\hardlock.sys

O58 - SDL:[MD5.2DD25F060DC9F79B5CDF33D90ED93669] - 29/07/2010 - 15:56:30 ---A- . (.Aladdin Knowledge Systems - HASP Kernel Device Driver for Windows NT.) -- C:\WINDOWS\system32\drivers\Haspnt.sys

O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 14/04/2008 - 12:00:00 ---A- . (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\drivers\hdaudbus.sys

O58 - SDL:[MD5.30CA91E657CEDE2F95359D6EF186F650] - 16/05/2006 - 06:17:22 ---A- . (.HP - IEEE-1284.4-1999 Driver (Windows 2000).) -- C:\WINDOWS\system32\drivers\HPZid412.sys

O58 - SDL:[MD5.7AC43C38CA8FD7ED0B0A4466F753E06E] - 16/05/2006 - 06:17:23 ---A- . (.HP - 1284.4<->Usb Datalink Driver (Windows 2000).) -- C:\WINDOWS\system32\drivers\HPZius12.sys

O58 - SDL:[MD5.9A883C3C4D91292C0D09DE7C728E781C] - 20/09/2005 - 11:00:54 ---A- . (.Intel Corporation - Intel Graphics Miniport Driver.) -- C:\WINDOWS\system32\drivers\ialmnt5.sys

O58 - SDL:[MD5.67B48A903430C6D4FB58CBACA1866601] - 29/04/2010 - 14:39:26 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbam.sys

O58 - SDL:[MD5.C7DD7D9739785BD3A6B8499EEC1DEE7E] - 29/04/2010 - 14:39:38 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 07/06/2008 - 14:17:09 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\nikedrv.sys

O58 - SDL:[MD5.FD2041E9BA03DB7764B2248F02475079] - 26/08/2008 - 09:26:12 ---A- . (.Nokia - PCCS Mode Change Filter Driver.) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys

O58 - SDL:[MD5.5B6C11DE7E839C05248CED8825470FEF] - 12/03/2010 - 07:51:11 ---A- . (.VSO Software - low level access layer for CD/DVD/BD devices.) -- C:\WINDOWS\system32\drivers\pcouffin.sys

O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 14/04/2008 - 12:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys

O58 - SDL:[MD5.153D02480A0A2F45785522E814C634B6] - 28/04/2009 - 20:20:06 ---A- . (.Sonic Solutions - Px Engine Device Driver for Windows 2000/XP.) -- C:\WINDOWS\system32\drivers\pxhelp20.sys

O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 07/06/2008 - 14:17:09 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers\rio8drv.sys

O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 07/06/2008 - 14:17:09 ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\riodrv.sys

O58 - SDL:[MD5.18EEB910627DDAF40F822966F887BAD8] - 02/02/2005 - 16:56:00 R--A- . (.Ralink Technology Inc. - Sample Driver for Ralink 802.11g Wireless USB Adapters.) -- C:\WINDOWS\system32\drivers\rt2500usb.sys

O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 14/04/2008 - 12:00:00 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\secdrv.sys

O58 - SDL:[MD5.1319EA66A96250D59665D133C0FF7CD0] - 28/03/2005 - 14:19:38 ---A- . (.Analog Devices, Inc. - SoundMAX Integrated Digital Audio.) -- C:\WINDOWS\system32\drivers\smwdm.sys

O58 - SDL:[MD5.5A1D0CA8A5F1E7B4EC50B9D76C001F0E] - 02/05/2007 - 10:11:16 ---A- . (.MCCI Corporation - SAMSUNG Mobile USB Device 1.0 Driver.) -- C:\WINDOWS\system32\drivers\ss_bus.sys

O58 - SDL:[MD5.A251AEE642F64B8BC5E2CBFEBB437A1D] - 02/05/2007 - 10:11:16 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\ss_cm.sys

O58 - SDL:[MD5.A251AEE642F64B8BC5E2CBFEBB437A1D] - 02/05/2007 - 10:11:16 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\ss_cmnt.sys

O58 - SDL:[MD5.F0A85580E36A3A85059037D39A9CF079] - 02/05/2007 - 10:11:18 ---A- . (.MCCI Corporation - SAMSUNG Mobile USB Modem 1.0 Filter Driver.) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys

O58 - SDL:[MD5.84C3DBFD1BFA4ADC0A950B3D5506CB00] - 02/05/2007 - 10:11:18 ---A- . (.MCCI Corporation - SAMSUNG Mobile USB Modem 1.0 Driver.) -- C:\WINDOWS\system32\drivers\ss_mdm.sys

O58 - SDL:[MD5.09104A5FE22B716571E90E11B73A042C] - 02/05/2007 - 10:11:18 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\ss_wh.sys

O58 - SDL:[MD5.09104A5FE22B716571E90E11B73A042C] - 02/05/2007 - 10:11:18 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\ss_whnt.sys

O58 - SDL:[MD5.F92254B0BCFCD10CAAC7BCCC7CB7F467] - 12/11/2009 - 13:48:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\drivers\StarOpen.sys

O58 - SDL:[MD5.D74A8EC75305F1D3CFDE7C7FC1BD62A9] - 07/06/2008 - 14:17:09 ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\drivers\tsbvcap.sys

O58 - SDL:[MD5.15629E4D65F97AB5432D6D9597CF6A33] - 06/10/2009 - 11:52:34 ---A- . (.Nokia - Filter Driver for Nokia USB Phone Bus Driver.) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys

O58 - SDL:[MD5.5C17E6A11AA8BE53F79FD364BA19F0CE] - 06/10/2009 - 11:52:50 ---A- . (.Nokia - Filter Driver for Nokia USB Phone Bus Driver.) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys

O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 07/06/2008 - 14:17:09 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys

O58 - SDL:[MD5.FB0F61F574F7E72121411C5FB0E5C91D] - 01/06/2005 - 16:46:08 ---A- . (.ZyDAS Technology Corporation - ZD1211 802.11b+g USB LAN Driver.) -- C:\WINDOWS\system32\drivers\WlanUZXP.sys

O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 14/04/2008 - 12:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ansi.sys

O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 14/04/2008 - 12:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\country.sys

O58 - SDL:[MD5.DBCD41D42CF6F2C472B03E079057CBD2] - 29/07/2010 - 15:56:30 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\haspdos.sys

O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 14/04/2008 - 12:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\himem.sys

O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 14/04/2008 - 12:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\key01.sys

O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 14/04/2008 - 12:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\keyboard.sys

O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 14/04/2008 - 12:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos.sys

O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 14/04/2008 - 12:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos404.sys

O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 14/04/2008 - 12:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos411.sys

O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 14/04/2008 - 12:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos412.sys

O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 14/04/2008 - 12:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos804.sys

O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 14/04/2008 - 12:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio.sys

O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 14/04/2008 - 12:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio404.sys

O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 14/04/2008 - 12:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio411.sys

O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 14/04/2008 - 12:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio412.sys

O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 14/04/2008 - 12:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio804.sys

O58 - SDL:[MD5.29C917279D79848B3DD94909FC00E2A8] - 01/06/2005 - 16:46:08 ---A- . (.Printing Communications Assoc., Inc. (PCAUS - PCAUSA NDIS 5.0 Protocol Driver.) -- C:\WINDOWS\system32\ZDPNDIS5.sys

 

 

---\\ Liste des outils de nettoyage (LATC) (O63)

O63 - Logiciel: ZHPDiag 1.26 - (.Nicolas Coolman.)

 

 

---\\ Liste des services Legacy (LALS) (O64)

O64 - Services: CurCS - C:\WINDOWS\system32\drivers\afd.sys - AFD (AFD) .(.Microsoft Corporation - Ancillary Function Driver for WinSock.) - LEGACY_AFD

O64 - Services: CurCS - C:\WINDOWS\System32\alg.exe - Service de la passerelle de la couche Application (ALG) .(.Microsoft Corporation - Application Layer Gateway Service.) - LEGACY_ALG

O64 - Services: CurCS - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe - Apple Mobile Device (Apple Mobile Device) .(.Apple Inc. - Apple Mobile Device Service.) - LEGACY_APPLE_MOBILE_DEVICE

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Gestion d'applications (AppMgmt) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_APPMGMT

O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Audio Windows (AudioSrv) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_AUDIOSRV

O64 - Services: CurCS - (.not file.) - AVG9IDSDriver (AVGIDSDriverxpx) .(.Pas de propriétaire - Pas de description.) - LEGACY_AVGIDSDRIVERXPX

O64 - Services: CurCS - (.not file.) - AVG9IDSFilter (AVGIDSFilterxpx) .(.Pas de propriétaire - Pas de description.) - LEGACY_AVGIDSFILTERXPX

O64 - Services: CurCS - (.not file.) - AVG9IDSShim (AVGIDSShimxpx) .(.Pas de propriétaire - Pas de description.) - LEGACY_AVGIDSSHIMXPX

O64 - Services: CurCS - (.not file.) - avgrkx86.sys (AvgRkx86) .(.Pas de propriétaire - Pas de description.) - LEGACY_AVGRKX86

O64 - Services: CurCS - (.not file.) - AVG Network Redirector (AvgTdiX) .(.Pas de propriétaire - Pas de description.) - LEGACY_AVGTDIX

O64 - Services: CurCS - C:\PROGRA~1\Bandoo\Bandoo.exe - Bandoo Coordinator (Bandoo Coordinator) .(.Discordia Limited - Bandoo Coordinator.) - LEGACY_BANDOO_COORDINATOR

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\BEEP.sys - Beep (Beep) .(.Pas de propriétaire - Pas de description.) - LEGACY_BEEP

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Service de transfert intelligent en arrière-plan (BITS) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_BITS

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Explorateur d'ordinateur (Browser) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_BROWSER

O64 - Services: CurCS - C:\DOCUME~1\VIACOM\LOCALS~1\Temp\catchme.sys (.not file.) - catchme (catchme) .(.Pas de propriétaire - Pas de description.) - LEGACY_CATCHME

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\CDFS.sys - cdfs (cdfs) .(.Pas de propriétaire - Pas de description.) - LEGACY_CDFS

O64 - Services: CurCS - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe - .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) .(.Microsoft Corporation - .NET Runtime Optimization Service.) - LEGACY_CLR_OPTIMIZATION_V2.0.50727_32

O64 - Services: CurCS - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - Microsoft .NET Framework NGEN v4.0.30319_X86 (clr_optimization_v4.0.30319_32) .(.Microsoft Corporation - .NET Runtime Optimization Service.) - LEGACY_CLR_OPTIMIZATION_V4.0.30319_32

O64 - Services: CurCS - C:\WINDOWS\system32\dllhost.exe - Application système COM+ (COMSysApp) .(.Microsoft Corporation - COM Surrogate.) - LEGACY_COMSYSAPP

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Services de cryptographie (CryptSvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_CRYPTSVC

O64 - Services: CurCS - C:\WINDOWS\system32\svchost -k DcomLaunch (.not file.) - Lanceur de processus serveur DCOM (DcomLaunch) .(.Pas de propriétaire - Pas de description.) - LEGACY_DCOMLAUNCH

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Client DHCP (Dhcp) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_DHCP

O64 - Services: CurCS - C:\WINDOWS\System32\dmadmin.exe - Service d'administration du Gestionnaire de disque logique (dmadmin) .(.Microsoft Corp., Veritas Software - Processus du service Gestionnaire de disque.) - LEGACY_DMADMIN

O64 - Services: CurCS - C:\Windows\system32\drivers\dmboot.sys - dmboot (dmboot) .(.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disq.) - LEGACY_DMBOOT

O64 - Services: CurCS - C:\Windows\system32\drivers\dmload.sys - dmload (dmload) .(.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) - LEGACY_DMLOAD

O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Gestionnaire de disque logique (dmserver) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_DMSERVER

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Client DNS (Dnscache) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_DNSCACHE

O64 - Services: CurCS - (.not file.) - eamon (eamon) .(.Pas de propriétaire - Pas de description.) - LEGACY_EAMON

O64 - Services: CurCS - (.not file.) - ehdrv (ehdrv) .(.Pas de propriétaire - Pas de description.) - LEGACY_EHDRV

O64 - Services: CurCS - (.not file.) - epfwtdir (epfwtdir) .(.Pas de propriétaire - Pas de description.) - LEGACY_EPFWTDIR

O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Service de rapport d'erreurs (ERSvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_ERSVC

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Système d'événements de COM+ (EventSystem) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_EVENTSYSTEM

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\FASTFAT.sys - fastfat (fastfat) .(.Pas de propriétaire - Pas de description.) - LEGACY_FASTFAT

O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Compatibilité avec le Changement rapide d'utilisateur (FastUserSwitchingCompatibility) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_FASTUSERSWITCHINGCOMPATIBILITY

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\FIPS.sys - Fips (Fips) .(.Pas de propriétaire - Pas de description.) - LEGACY_FIPS

O64 - Services: CurCS - C:\Windows\system32\DRIVERS\fltMgr.sys - FltMgr (FltMgr) .(.Microsoft Corporation - Microsoft Filesystem Filter Manager.) - LEGACY_FLTMGR

O64 - Services: CurCS - c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe - Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) .(.Microsoft Corporation - Windows Presentation Foundation Font Cache.) - LEGACY_FONTCACHE3.0.0.0

O64 - Services: CurCS - (.not file.) - FssFltr (fssfltr) .(.Pas de propriétaire - Pas de description.) - LEGACY_FSSFLTR

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\FS_REC.sys - Fs_Rec (Fs_Rec) .(.Pas de propriétaire - Pas de description.) - LEGACY_FS_REC

O64 - Services: CurCS - C:\Windows\system32\DRIVERS\msgpc.sys - Classificateur de paquets générique (Gpc) .(.Microsoft Corporation - MS General Packet Classifier.) - LEGACY_GPC

O64 - Services: CurCS - C:\WINDOWS\system32\drivers\hardlock.sys - Hardlock (Hardlock) .(.Aladdin Knowledge Systems - Hardlock Device Driver for Windows NT.) - LEGACY_HARDLOCK

O64 - Services: CurCS - C:\WINDOWS\system32\drivers\Haspnt.sys - Haspnt (Haspnt) .(.Aladdin Knowledge Systems - HASP Kernel Device Driver for Windows NT.) - LEGACY_HASPNT

O64 - Services: CurCS - (.not file.) - VMware hcmon (hcmon) .(.Pas de propriétaire - Pas de description.) - LEGACY_HCMON

O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Aide et support (helpsvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_HELPSVC

O64 - Services: CurCS - C:\Windows\system32\Drivers\HTTP.sys - HTTP (HTTP) .(.Microsoft Corporation - HTTP Protocol Stack.) - LEGACY_HTTP

O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - HTTP SSL (HTTPFilter) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_HTTPFILTER

O64 - Services: CurCS - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe - Windows CardSpace (idsvc) .(.Microsoft Corporation - Windows CardSpace.) - LEGACY_IDSVC

O64 - Services: CurCS - C:\WINDOWS\system32\imapi.exe - Service COM de gravage de CD IMAPI (ImapiService) .(.Microsoft Corporation - API Image Mastering.) - LEGACY_IMAPISERVICE

O64 - Services: CurCS - C:\Windows\system32\DRIVERS\ipnat.sys - Traducteur d'adresses réseau IP (IpNat) .(.Microsoft Corporation - IP Network Address Translator.) - LEGACY_IPNAT

O64 - Services: CurCS - C:\Windows\system32\DRIVERS\ipsec.sys - Pilote IPSEC (IPSec) .(.Microsoft Corporation - IPSec Driver.) - LEGACY_IPSEC

O64 - Services: CurCS - C:\Program Files\Java\jre6\bin\jqs.exe - Java Quick Starter (JavaQuickStarterService) .(.Sun Microsystems, Inc. - Java Quick Starter Service.) - LEGACY_JAVAQUICKSTARTERSERVICE

O64 - Services: CurCS - (.not file.) - Kl1 (kl1) .(.Pas de propriétaire - Pas de description.) - LEGACY_KL1

O64 - Services: CurCS - (.not file.) - Kaspersky Lab Boot Guard Driver (klbg) .(.Pas de propriétaire - Pas de description.) - LEGACY_KLBG

O64 - Services: CurCS - (.not file.) - Kaspersky Lab Driver (KLIF) .(.Pas de propriétaire - Pas de description.) - LEGACY_KLIF

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\KSECDD.sys - ksecdd (ksecdd) .(.Pas de propriétaire - Pas de description.) - LEGACY_KSECDD

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Serveur (LanmanServer) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_LANMANSERVER

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Station de travail (LanmanWorkstation) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_LANMANWORKSTATION

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Assistance TCP/IP NetBIOS (LmHosts) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_LMHOSTS

O64 - Services: CurCS - C:\Program Files\ma-config.com\maconfservice.exe - Ma-Config Service (maconfservice) .(.CybelSoft - Service de détection matériel.) - LEGACY_MACONFSERVICE

O64 - Services: CurCS - (.not file.) - mbr (mbr) .(.Pas de propriétaire - Pas de description.) - LEGACY_MBR

O64 - Services: CurCS - C:\DOCUME~1\VIACOM\LOCALS~1\Temp\mc21.tmp (.not file.) - mchInjDrv (mchInjDrv) .(.Pas de propriétaire - Pas de description.) - LEGACY_MCHINJDRV

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MNMDD.sys - mnmdd (mnmdd) .(.Pas de propriétaire - Pas de description.) - LEGACY_MNMDD

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MOUNTMGR.sys - mountmgr (mountmgr) .(.Pas de propriétaire - Pas de description.) - LEGACY_MOUNTMGR

O64 - Services: CurCS - C:\Windows\system32\DRIVERS\mrxdav.sys - Redirecteur client WebDav (MRxDAV) .(.Microsoft Corporation - Windows NT WebDav Minirdr.) - LEGACY_MRXDAV

O64 - Services: CurCS - C:\Windows\system32\DRIVERS\mrxsmb.sys - MRXSMB (MRxSmb) .(.Microsoft Corporation - Windows NT SMB Minirdr.) - LEGACY_MRXSMB

O64 - Services: CurCS - C:\WINDOWS\system32\msdtc.exe - Distributed Transaction Coordinator (MSDTC) .(.Microsoft Corporation - MS DTC console program.) - LEGACY_MSDTC

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MSFS.sys - Msfs (Msfs) .(.Pas de propriétaire - Pas de description.) - LEGACY_MSFS

O64 - Services: CurCS - C:\WINDOWS\system32\msiexec.exe - Windows Installer (MSIServer) .(.Microsoft Corporation - Windows® installer.) - LEGACY_MSISERVER

O64 - Services: CurCS - (.not file.) - Mup (Mup) .(.Pas de propriétaire - Pas de description.) - LEGACY_MUP

O64 - Services: CurCS - C:\Program Files\Nero\Update\NASvc.exe - @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) .(.Nero AG - NeroUpdate.) - LEGACY_NAUPDATE

O64 - Services: CurCS - (.not file.) - Pilote système NDIS (NDIS) .(.Pas de propriétaire - Pas de description.) - LEGACY_NDIS

O64 - Services: CurCS - C:\Windows\system32\DRIVERS\ndistapi.sys - Pilote TAPI NDIS d'accès distant (NdisTapi) .(.Microsoft Corporation - NDIS 3.0 connection wrapper driver.) - LEGACY_NDISTAPI

O64 - Services: CurCS - C:\Windows\system32\DRIVERS\ndisuio.sys - NDIS mode utilisateur E/S Protocole (Ndisuio) .(.Microsoft Corporation - NDIS User mode I/O Driver.) - LEGACY_NDISUIO

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NDPROXY.sys - NDProxy (NDProxy) .(.Pas de propriétaire - Pas de description.) - LEGACY_NDPROXY

O64 - Services: CurCS - C:\Windows\system32\DRIVERS\netbios.sys - Interface NetBIOS (NetBIOS) .(.Microsoft Corporation - NetBIOS interface driver.) - LEGACY_NETBIOS

O64 - Services: CurCS - C:\Windows\system32\DRIVERS\netbt.sys - NetBIOS sur TCP/IP (NetBT) .(.Microsoft Corporation - MBT Transport driver.) - LEGACY_NETBT

O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Connexions réseau (Netman) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_NETMAN

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - NLA (Network Location Awareness) (Nla) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_NLA

O64 - Services: CurCS - C:\Program Files\CDBurnerXP\NMSAccessU.exe - NMSAccess (NMSAccess) .(.Pas de propriétaire - Pas de description.) - LEGACY_NMSACCESS

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NPFS.sys - Npfs (Npfs) .(.Pas de propriétaire - Pas de description.) - LEGACY_NPFS

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NTFS.sys - ntfs (ntfs) .(.Pas de propriétaire - Pas de description.) - LEGACY_NTFS

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NULL.sys - Null (Null) .(.Pas de propriétaire - Pas de description.) - LEGACY_NULL

O64 - Services: CurCS - C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.exe - Office Source Engine (ose) .(.Microsoft Corporation - Office Source Engine.) - LEGACY_OSE

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\PARTMGR.sys - PartMgr (PartMgr) .(.Pas de propriétaire - Pas de description.) - LEGACY_PARTMGR

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\PARVDM.sys - ParVdm (ParVdm) .(.Pas de propriétaire - Pas de description.) - LEGACY_PARVDM

O64 - Services: CurCS - (.not file.) - PCTSDInjDriver32 (PCTSDInjDriver32) .(.Pas de propriétaire - Pas de description.) - LEGACY_PCTSDINJDRIVER32

O64 - Services: CurCS - (.not file.) - PD91Engine PD91EngineTapiSrv (PD91EngineTapiSrv) .(.Pas de propriétaire - Pas de description.) - LEGACY_PD91ENGINETAPISRV

O64 - Services: CurCS - C:\WINDOWS\system32\HPZipm12.exe - Pml Driver HPZ12 (Pml Driver HPZ12) .(.HP - PML Driver.) - LEGACY_PML_DRIVER_HPZ12

O64 - Services: CurCS - C:\WINDOWS\system32\lsass.exe - Services IPSEC (PolicyAgent) .(.Microsoft Corporation - LSA Shell (Export Version).) - LEGACY_POLICYAGENT

O64 - Services: CurCS - (.not file.) - No object (PROCEXP111) .(.Pas de propriétaire - Pas de description.) - LEGACY_PROCEXP111

O64 - Services: CurCS - (.not file.) - PROCEXP113 (PROCEXP113) .(.Pas de propriétaire - Pas de description.) - LEGACY_PROCEXP113

O64 - Services: CurCS - C:\WINDOWS\system32\lsass.exe - Emplacement protégé (ProtectedStorage) .(.Microsoft Corporation - LSA Shell (Export Version).) - LEGACY_PROTECTEDSTORAGE

O64 - Services: CurCS - C:\Windows\system32\Drivers\PxHelp20.sys - PxHelp20 (PxHelp20) .(.Sonic Solutions - Px Engine Device Driver for Windows 2000/XP.) - LEGACY_PXHELP20

O64 - Services: CurCS - C:\Windows\system32\DRIVERS\rasacd.sys - Pilote de connexion automatique d'accès distant (RasAcd) .(.Microsoft Corporation - RAS Automatic Connection Driver.) - LEGACY_RASACD

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Gestionnaire de connexions d'accès distant (RasMan) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_RASMAN

O64 - Services: CurCS - C:\Windows\system32\DRIVERS\rdbss.sys - Rdbss (Rdbss) .(.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - LEGACY_RDBSS

O64 - Services: CurCS - C:\Windows\system32\DRIVERS\RDPCDD.sys - RDPCDD (RDPCDD) .(.Microsoft Corporation - RDP Miniport.) - LEGACY_RDPCDD

O64 - Services: CurCS - (.not file.) - RDPNP (RDPNP) .(.Pas de propriétaire - Pas de description.) - LEGACY_RDPNP

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Accès à distance au Registre (RemoteRegistry) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_REMOTEREGISTRY

O64 - Services: CurCS - C:\WINDOWS\system32\svchost -k rpcss (.not file.) - Appel de procédure distante (RPC) (RpcSs) .(.Pas de propriétaire - Pas de description.) - LEGACY_RPCSS

O64 - Services: CurCS - C:\WINDOWS\system32\lsass.exe - Gestionnaire de comptes de sécurité (SamSs) .(.Microsoft Corporation - LSA Shell (Export Version).) - LEGACY_SAMSS

O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Planificateur de tâches (Schedule) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SCHEDULE

O64 - Services: CurCS - (.not file.) - PC Tools Auxiliary Service (sdAuxService) .(.Pas de propriétaire - Pas de description.) - LEGACY_SDAUXSERVICE

O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Connexion secondaire (seclogon) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SECLOGON

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Notification d'événement système (SENS) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SENS

O64 - Services: CurCS - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe - ServiceLayer (ServiceLayer) .(.Nokia - ServiceLayer Module.) - LEGACY_SERVICELAYER

O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Pare-feu Windows / Partage de connexion Internet (SharedAccess) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SHAREDACCESS

O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Détection matériel noyau (ShellHWDetection) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SHELLHWDETECTION

O64 - Services: CurCS - C:\WINDOWS\system32\spoolsv.exe - Spouleur d'impression (Spooler) .(.Microsoft Corporation - Spooler SubSystem App.) - LEGACY_SPOOLER

O64 - Services: CurCS - C:\Windows\system32\DRIVERS\sr.sys - Pilote de filtre de restauration système (Sr) .(.Microsoft Corporation - Pilote de filtre de système de fichiers pou.) - LEGACY_SR

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Service de restauration système (srservice) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SRSERVICE

O64 - Services: CurCS - C:\Windows\system32\DRIVERS\srv.sys - Srv (Srv) .(.Microsoft Corporation - Server driver.) - LEGACY_SRV

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Service de découvertes SSDP (SSDPSRV) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SSDPSRV

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\STAROPEN.sys - StarOpen (StarOpen) .(.Pas de propriétaire - Pas de description.) - LEGACY_STAROPEN

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Acquisition d'image Windows (WIA) (stisvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_STISVC

O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Téléphonie (TapiSrv) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_TAPISRV

O64 - Services: CurCS - C:\Windows\system32\DRIVERS\tcpip.sys - Pilote du protocole TCP/IP (Tcpip) .(.Microsoft Corporation - TCP/IP Protocol Driver.) - LEGACY_TCPIP

O64 - Services: CurCS - C:\WINDOWS\System32\svchost -k DComLaunch (.not file.) - Services Terminal Server (TermService) .(.Pas de propriétaire - Pas de description.) - LEGACY_TERMSERVICE

O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Thèmes (Themes) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_THEMES

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Client de suivi de lien distribué (TrkWks) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_TRKWKS

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\UDFS.sys - Udfs (Udfs) .(.Pas de propriétaire - Pas de description.) - LEGACY_UDFS

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Hôte de périphérique universel Plug-and-Play (upnphost) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_UPNPHOST

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\VGA.sys - vga (vga) .(.Pas de propriétaire - Pas de description.) - LEGACY_VGA

O64 - Services: CurCS - C:\WINDOWS\system32\drivers\vga.sys - VgaSave (VgaSave) .(.Microsoft Corporation - VGA/Super VGA Video Driver.) - LEGACY_VGASAVE

O64 - Services: CurCS - C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe - VideoAcceleratorService (VideoAcceleratorService) .(.Speedbit Ltd. - VideoAcceleratorEngine.) - LEGACY_VIDEOACCELERATORSERVICE

O64 - Services: CurCS - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe (.not file.) - VMware USB Arbitration Service (VMUSBArbService) .(.Pas de propriétaire - Pas de description.) - LEGACY_VMUSBARBSERVICE

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\VOLSNAP.sys - VolSnap (VolSnap) .(.Pas de propriétaire - Pas de description.) - LEGACY_VOLSNAP

O64 - Services: CurCS - (.not file.) - Vstor2 WS60 Virtual Storage Driver (vstor2-ws60) .(.Pas de propriétaire - Pas de description.) - LEGACY_VSTOR2-WS60

O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Horloge Windows (W32Time) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_W32TIME

O64 - Services: CurCS - C:\Windows\system32\DRIVERS\wanarp.sys - Pilote ARP IP d'accès distant (Wanarp) .(.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - LEGACY_WANARP

O64 - Services: CurCS - C:\Windows\system32\Drivers\wdf01000.sys - Kernel Mode Driver Frameworks service (Wdf01000) .(.Microsoft Corporation - WDF Dynamic.) - LEGACY_WDF01000

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - WebClient (WebClient) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WEBCLIENT

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Infrastructure de gestion Windows (winmgmt) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WINMGMT

O64 - Services: CurCS - C:\WINDOWS\system32\wbem\wmiapsrv.exe - Carte de performance WMI (WmiApSrv) .(.Microsoft Corporation - Service de la carte de performance WMI.) - LEGACY_WMIAPSRV

O64 - Services: CurCS - C:\Program Files\Windows Media Player\WMPNetwk.exe - Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) .(.Microsoft Corporation - Service Partage réseau du Lecteur Windows M.) - LEGACY_WMPNETWORKSVC

O64 - Services: CurCS - C:\WINDOWS\system32\drivers\ws2ifsl.sys - Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0 (WS2IFSL) .(.Microsoft Corporation - Winsock2 IFS Layer.) - LEGACY_WS2IFSL

O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Centre de sécurité (wscsvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WSCSVC

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Mises à jour automatiques (wuauserv) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WUAUSERV

O64 - Services: CurCS - C:\Windows\system32\DRIVERS\WudfPf.sys - Windows Driver Foundation - User-mode Driver Framework Platform Driver (WudfPf) .(.Microsoft Corporation - Windows Driver Foundation - User-mode Drive.) - LEGACY_WUDFPF

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Windows Driver Foundation - User-mode Driver Framework (WudfSvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WUDFSVC

O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Configuration automatique sans fil (WZCSVC) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WZCSVC

O64 - Services: CurCS - C:\WINDOWS\system32\ZDPNDIS5.sys - ZDPNDIS5 NDIS Protocol Driver (ZDPNDIS5) .(.Printing Communications Assoc., Inc. (PCAUS - PCAUSA NDIS 5.0 Protocol Driver.) - LEGACY_ZDPNDIS5

 

 

---\\ File Associations Shell Spawning (O67)

O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll

O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.com> <ComFile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.html> <FirefoxHTML>[HKLM\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox 4.0 Beta 4\firefox.exe

O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe

O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)

O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll

O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.com> <ComFile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.html> <ChromeHTML>[HKCR\..\open\Command] (.Not Key.)

O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe

 

 

---\\ Start Menu Internet (SMI) (O68)

O68 - StartMenuInternet: <chrome.exe> <>[HKLM\..\Shell\open\Command] (.Pas de propriétaire - Pas de description.) -- C:\Documents and Settings\VIACOM\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (.not file.)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox 4.0 Beta 4>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox 4.0 Beta 4\firefox.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe

 

 

---\\ Search Browser Infection (SBI) (O69)

O69 - SBI: prefs.js [VIACOM - t3i2mr5p.default] user_pref("CT2405280.SearchEngine", "Search||http://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2405280&octid=EB_ORIGINAL_CTID");

O69 - SBI: prefs.js [VIACOM - t3i2mr5p.default] user_pref("CT2405280.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&q=");

O69 - SBI: prefs.js [VIACOM - t3i2mr5p.default] user_pref("extensions.toolbar@ask.com.install-event-fired", true);

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - Bing

O69 - SBI: SearchScopes [HKCU] {15A6A848-69E9-41D1-B1C0-0093EF5A93B9} - (Live Search) - Bing

O69 - SBI: SearchScopes [HKCU] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - (Ask Search) - http://websearch.ask.com

O69 - SBI: SearchScopes [HKCU] {2B7B7EFC-C234-4532-822B-A8D74D7EF7EB} - (Durable.com) - L'actualité du Développement Durable sur durable.com

O69 - SBI: SearchScopes [HKCU] {3A2D3CEA-A1C1-43E8-AA1A-61228EE0BC09} - (Google) - Google

O69 - SBI: SearchScopes [HKCU] {50596439-82EB-4c76-9F30-AA6D729783C7} - (SpeedBit Search) - http://home.speedbit.com

O69 - SBI: SearchScopes [HKCU] {8A96AF9E-4074-43b7-BEA3-87217BDA74C8} [DefaultScope] - (Web Search) - Search

O69 - SBI: SearchScopes [HKCU] {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} - (BigSeekPro) - Homepage

O69 - SBI: SearchScopes [HKCU] {9D5BD211-422C-4164-9298-BB4186A30F31} - (Bing) - Bing

O69 - SBI: SearchScopes [HKCU] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (ToggleEN Customized Web Search) - http://search.conduit.com

O69 - SBI: SearchScopes [HKCU] {b41306c6-96d0-442a-bcc4-b0f621e82ce9} - (OfferBox Search) - Offerbox search

O69 - SBI: SearchScopes [HKCU] {DD16C641-3BE9-4A7A-87B0-544BA76F6FBF} - (Yahoo! Search) - Yahoo! Search - Web Search

O69 - SBI: SearchScopes [HKCU] {DECA3892-BA8F-44b8-A993-A466AD694AE4} - (Yahoo!) - Yahoo! Search - Recherche Web

O69 - SBI: SearchScopes [HKCU] {EEE6C360-6118-11DC-9C72-001320C79847} - (SweetIM Search) - http://search.sweetim.com

O69 - SBI: SearchScopes [HKCU] {F53A8C1E-6B99-47F1-BDAF-6C75B89246C9} - (Yahoo! Search) - Yahoo! Search - Web Search

 

 

---\\ Recherche Master Boot Record Infection (MBR)(O80)

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover

Run by VIACOM at 19/09/2010 14:04:01

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

kernel: MBR read successfully

user & kernel MBR OK

 

 

---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)

MBRCheck, version 1.2.3 by ad13, http://ad13.geekstog

Run by VIACOM at 19/09/2010 14:04:28

31 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: 8637A6CD1F8DC55758E12C0B860CDE1133CA5719

232 GB \\.\PhysicalDrive1 Windows XP MBR code detected

SHA1: 8637A6CD1F8DC55758E12C0B860CDE1133CA5719

Dump file Name : C:\Program Files\ZHPDiag\MBRDump_09-19-10_14-04-28_PhysicalDrive0.bin

 

 

---\\ Internet Feature Controls (IFC) (O81)

O81 - IFC: Internet Feature Controls [HKLM] [FEATURE_BROWSER_EMULATION] -- svchost.exe

O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe

O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe

 

 

---\\ Recherche des services démarrés par Svchost (SSS) (O83)

O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Service Installation de logiciels.) -- C:\WINDOWS\System32\appmgmts.dll [176640]

O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\WINDOWS\System32\audiosrv.dll [42496]

O83 - Search Svchost Services: Browser (Browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\WINDOWS\System32\browser.dll [77824]

O83 - Search Svchost Services: CryptSvc (CryptSvc) . (.Microsoft Corporation - Cryptographic Services.) -- C:\WINDOWS\System32\cryptsvc.dll [62464]

O83 - Search Svchost Services: DMServer (DMServer) . (.Microsoft Corp. - DLL Service gestionnaire de disque logique.) -- C:\WINDOWS\System32\dmserver.dll [24576]

O83 - Search Svchost Services: DHCP (DHCP) . (.Microsoft Corporation - Service client DHCP.) -- C:\WINDOWS\System32\dhcpcsvc.dll [127488]

O83 - Search Svchost Services: ERSvc (ERSvc) . (.Microsoft Corporation - Windows Error Reporting Service.) -- C:\WINDOWS\System32\ersvc.dll [23040]

O83 - Search Svchost Services: EventSystem (EventSystem) . (.Microsoft Corporation - Pas de description.) -- C:\WINDOWS\system32\es.dll [246272]

O83 - Search Svchost Services: FastUserSwitchingCompatibility (FastUserSwitchingCompatibility) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\WINDOWS\System32\shsvcs.dll [135680]

O83 - Search Svchost Services: HidServ (HidServ) . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\hidserv.dll [0]

O83 - Search Svchost Services: LanmanServer (LanmanServer) . (.Microsoft Corporation - Server Service DLL.) -- C:\WINDOWS\System32\srvsvc.dll [96768]

O83 - Search Svchost Services: LanmanWorkstation (LanmanWorkstation) . (.Microsoft Corporation - Workstation Service DLL.) -- C:\WINDOWS\System32\wkssvc.dll [132096]

O83 - Search Svchost Services: Messenger (Messenger) . (.Microsoft Corporation - NT Messenger Service.) -- C:\WINDOWS\System32\msgsvc.dll [33792]

O83 - Search Svchost Services: Netman (Netman) . (.Microsoft Corporation - Gestionnaire de connexions réseau.) -- C:\WINDOWS\System32\netman.dll [198144]

O83 - Search Svchost Services: Nla (Nla) . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\System32\mswsock.dll [247808]

O83 - Search Svchost Services: Ntmssvc (Ntmssvc) . (.Microsoft Corporation - Gestionnaire de stockage amovible.) -- C:\WINDOWS\system32\ntmssvc.dll [438272]

O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\WINDOWS\System32\rasauto.dll [88576]

O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\WINDOWS\System32\rasmans.dll [186368]

O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\WINDOWS\System32\mprdim.dll [53248]

O83 - Search Svchost Services: Schedule (Schedule) . (.Microsoft Corporation - Moteur du Planificateur de tâches.) -- C:\WINDOWS\system32\schedsvc.dll [194560]

O83 - Search Svchost Services: Seclogon (Seclogon) . (.Microsoft Corporation - DLL de service d'ouverture de session secondaire.) -- C:\WINDOWS\System32\seclogon.dll [18944]

O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\WINDOWS\system32\sens.dll [39424]

O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Composants de l'application d'assistance à Microsoft NAT.) -- C:\WINDOWS\System32\ipnathlp.dll [332800]

O83 - Search Svchost Services: SRService (SRService) . (.Microsoft Corporation - Service de restauration du système.) -- C:\WINDOWS\system32\srsvc.dll [171520]

O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Serveur de téléphonie Microsoft® Windows.) -- C:\WINDOWS\System32\tapisrv.dll [249856]

O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\WINDOWS\System32\shsvcs.dll [135680]

O83 - Search Svchost Services: TrkWks (TrkWks) . (.Microsoft Corporation - Distributed Link Tracking Client.) -- C:\WINDOWS\system32\trkwks.dll [90112]

O83 - Search Svchost Services: W32Time (W32Time) . (.Microsoft Corporation - Service de temps Windows.) -- C:\WINDOWS\system32\w32time.dll [178176]

O83 - Search Svchost Services: WZCSVC (WZCSVC) . (.Microsoft Corporation - Service configuration automatique sans fil.) -- C:\WINDOWS\System32\wzcsvc.dll [483840]

O83 - Search Svchost Services: Wmi (Wmi) . (.Microsoft Corporation - API avancées Windows 32.) -- C:\WINDOWS\System32\advapi32.dll [685568]

O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\WINDOWS\system32\wbem\WMIsvc.dll [145408]

O83 - Search Svchost Services: wscsvc (wscsvc) . (.Microsoft Corporation - Windows Security Center Service.) -- C:\WINDOWS\system32\wscsvc.dll [80896]

O83 - Search Svchost Services: xmlprov (xmlprov) . (.Microsoft Corporation - Network Provisioning Service.) -- C:\WINDOWS\System32\xmlprov.dll [129024]

O83 - Search Svchost Services: napagent (napagent) . (.Microsoft Corporation - Exécution du service Agent de quarantaine.) -- C:\WINDOWS\System32\qagentrt.dll [293376]

O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Service Gestion des clés.) -- C:\WINDOWS\System32\kmsvc.dll [61440]

O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Service de transfert intelligent en arrière-plan.) -- C:\WINDOWS\system32\qmgr.dll [409088]

O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update AutoUpdate Service.) -- C:\WINDOWS\system32\wuauserv.dll [6656]

O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\WINDOWS\System32\shsvcs.dll [135680]

O83 - Search Svchost Services: helpsvc (helpsvc) . (.Microsoft Corporation - Microsoft PCHealth Service Holder.) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400]

O83 - Search Svchost Services: WmdmPmSN (WmdmPmSN) . (.Microsoft Corporation - Microsoft Media Device Service Provider.) -- C:\WINDOWS\system32\mspmsnsv.dll [27136]

 

 

---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)

SR - | Auto 28/08/2009 144672 | Apple Mobile Device (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

SR - | Auto 11/08/2010 1939392 | Bandoo Coordinator (Bandoo Coordinator) . (.Discordia Limited.) - C:\PROGRA~1\Bandoo\Bandoo.exe

SR - | Auto 17/07/2010 153376 | Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc..) - C:\Program Files\Java\jre6\bin\jqs.exe

SS - | Demand 19/07/2010 259440 | Ma-Config Service (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe

SS - | Disabled 19/07/2010 0 | (mchInjDrv) . (.Pas de propriétaire.) - C:\DOCUME~1\VIACOM\LOCALS~1\Temp\mc21.tmp

SR - | Auto 04/05/2010 503080 | C:\Program Files\Nero\Update\NASvc.exe (NAUpdate) . (.Nero AG.) - C:\Program Files\Nero\Update\NASvc.exe

SR - | Auto 04/03/2010 71096 | NMSAccess (NMSAccess) . (.Pas de propriétaire.) - C:\Program Files\CDBurnerXP\NMSAccessU.exe

SS - | Auto 04/03/2010 0 | PD91Engine PD91EngineTapiSrv (PD91EngineTapiSrv) . (.Pas de propriétaire.) - srv

SS - | Auto 03/03/2006 69632 | Pml Driver HPZ12 (Pml Driver HPZ12) . (.HP.) - C:\WINDOWS\system32\HPZipm12.exe

SS - | Demand 27/10/2009 657408 | ServiceLayer (ServiceLayer) . (.Nokia.) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

SR - | Auto 07/07/2010 300656 | VideoAcceleratorService (VideoAcceleratorService) . (.Speedbit Ltd..) - C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe

SS - | Auto 07/07/2010 0 | VMware USB Arbitration Service (VMUSBArbService) . (.Pas de propriétaire.) - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe

 

 

---\\ Infection BT - BHO/Toolbar (Possible)

[HKLM\Software\AskSBar]

O69 - SBI: prefs.js [VIACOM - t3i2mr5p.default] user_pref("extensions.toolbar@ask.com.install-event-fired", true);

O69 - SBI: SearchScopes [HKCU] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - (Ask Search) - http://websearch.ask.com

 

 

 

End of the scan (1136 lines in 00mn 52s)(0)

 

 

comment faire pour récupérer le rapport de MBAM? faut-il que je refasse l'analyse?

merci pour ton aide et ton temps.

Florinator Extrem Member

Florinator

Posté(e)
Posté(e)

Bonjour ;)

 

Ne refais pas l'analyse pour l'instant avec Mbam,

Qu'est ce que tu utilises comme graveur?

 

Je souhaiterai que tu fasses ceci:

 

Télécharge Ad-Remover

 

Déconnectes toi et fermes toutes applications en cours

 

  • Double clique sur le programme, et valide le message d'avertissement
  • Double clique sur l'icône située sur ton bureau
  • Choisi l'option "scanner"
  • Poste le rapport qui apparait à la fin .

 

Remarque: Le rapport est sauvegardé sous C:\Ad-report SCAN.log. Il est possible que ton antivirus se mette en alerte, ignore la.

 

A++

gnamoy Junior Member

gnamoy

Posté(e)
  • Auteur
Posté(e)

merci pour tout le mal que tu te donnes

 

bon pour le graveur c'est un samsung TSST corp CDDVDW SH-S222A

 

voici le rapport

 

======= RAPPORT D'AD-REMOVER 2.0.0.1,F | UNIQUEMENT XP/VISTA/7 =======

 

Mis à jour par C_XX le 16/09/10 à 13:30

Contact: AdRemover.contact[AT]gmail.com

Site web: TEAM X SCRIPT : UsbFix - AD-Remover - FindyKill

 

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 16:22:43 le 20/09/2010, Mode normal

 

Microsoft Windows XP Professionnel Service Pack 3 (X86)

VIACOM@VIACOM-24DFD8F7 ( )

 

============== RECHERCHE ==============

 

 

0,Dossier trouvé: C:\Documents and Settings\VIACOM\Application Data\Bandoo

0,Dossier trouvé: C:\Documents and Settings\All Users\Application Data\Bandoo

0,Dossier trouvé: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Bandoo

0,Dossier trouvé: C:\Program Files\Bandoo

0,Dossier trouvé: C:\Documents and Settings\VIACOM\Local Settings\Application Data\Conduit

0,Dossier trouvé: C:\Program Files\Conduit

0,Dossier trouvé: C:\Documents and Settings\VIACOM\Application Data\Toolbar4

 

-- Fichier ouvert: C:\Documents and Settings\VIACOM\Application Data\Mozilla\FireFox\Profiles\t3i2mr5p.default\Prefs.js --

Ligne trouvée: user_pref("CT2405280.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER...

Ligne trouvée: user_pref("CT2405280.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT240...

Ligne trouvée: user_pref("browser.search.defaultengine", "Ask.com");

Ligne trouvée: user_pref("browser.search.defaultthis.engineName", "Softonic-Eng7 Customized Web Search");

Ligne trouvée: user_pref("browser.search.order.1", "Ask.com");

Ligne trouvée: user_pref("extensions.toolbar@ask.com.install-event-fired", true);

-- Fichier Fermé --

 

 

1,Clé trouvée: HKLM\Software\Classes\CLSID\{074E4EFE-81BB-4EA4-866E-082CB0E01070}

3,Clé trouvée: HKLM\Software\Classes\AppID\{EDE2C296-2458-4E3B-A846-4B512C0703B5}

1,Clé trouvée: HKLM\Software\Classes\CLSID\{0CE5B352-9D9C-41E1-9551-FCCD92820217}

1,Clé trouvée: HKLM\Software\Classes\CLSID\{167B2B5F-2757-434A-BBDA-2FDB2003F14F}

1,Clé trouvée: HKLM\Software\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}

3,Clé trouvée: HKLM\Software\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}

1,Clé trouvée: HKLM\Software\Classes\CLSID\{2E9A60EA-5554-49C3-BC9D-D0404DBACC62}

1,Clé trouvée: HKLM\Software\Classes\CLSID\{3E63C9BC-DD51-4E83-ABA6-B350EAD28531}

1,Clé trouvée: HKLM\Software\Classes\CLSID\{44CFFEF4-E7E1-44BD-B1F5-29F828ADA1B8}

1,Clé trouvée: HKLM\Software\Classes\CLSID\{872F3C0B-4462-424c-BB9F-74C6899B9F92}

3,Clé trouvée: HKLM\Software\Classes\AppID\{9C123289-82E1-4da7-A3C2-B8D28AAD114B}

1,Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424c-BB9F-74C6899B9F92}

1,Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872F3C0B-4462-424c-BB9F-74C6899B9F92}

1,Clé trouvée: HKLM\Software\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}

1,Clé trouvée: HKLM\Software\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}

1,Clé trouvée: HKLM\Software\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}

1,Clé trouvée: HKLM\Software\Classes\CLSID\{CE1CB632-6817-47b3-8587-D05AF75D6D5A}

3,Clé trouvée: HKLM\Software\Classes\AppID\{3AD7A5B6-610D-4A82-979E-0AED20920690}

1,Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CE1CB632-6817-47b3-8587-D05AF75D6D5A}

1,Clé trouvée: HKLM\Software\Classes\CLSID\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}

1,Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}

1,Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}

1,Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}

1,Clé trouvée: HKLM\Software\Classes\CLSID\{EF2B6317-C367-401B-83B8-80302D6588A7}

1,Clé trouvée: HKLM\Software\Classes\CLSID\{F5379B4B-24D8-432A-9A96-BE75EE5117DB}

1,Clé trouvée: HKLM\Software\Classes\CLSID\{F7FB2BC4-6C27-4EAC-B5E2-037B71FDE101}

1,Clé trouvée: HKLM\Software\Classes\CLSID\{FD53FE35-4368-4B71-89D6-F29F3DB29DF1}

1,Clé trouvée: HKLM\Software\Classes\Interface\{33DDFC61-F531-4982-8C32-4212B7835D44}

1,Clé trouvée: HKLM\Software\Classes\Interface\{384FE458-A963-450D-9187-EEFF81913FD0}

1,Clé trouvée: HKLM\Software\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}

1,Clé trouvée: HKLM\Software\Classes\Interface\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}

1,Clé trouvée: HKLM\Software\Classes\Interface\{A9005ED5-4A1D-4606-A4DF-1A25E7D7B417}

1,Clé trouvée: HKLM\Software\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}

1,Clé trouvée: HKLM\Software\Classes\TypeLib\{3AD7A5B6-610D-4A82-979E-0AED20920690}

1,Clé trouvée: HKLM\Software\Classes\TypeLib\{4410C118-B23C-406C-9F52-9CDABD90A5EA}

1,Clé trouvée: HKLM\Software\Classes\TypeLib\{62E5C9E1-A0E8-4F8C-8EAF-0F9250CC5786}

1,Clé trouvée: HKLM\Software\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}

1,Clé trouvée: HKLM\Software\Classes\TypeLib\{9C123289-82E1-4DA7-A3C2-B8D28AAD114B}

0,Clé trouvée: HKLM\Software\Classes\BandooCoordinator.BandooCoordinator

0,Clé trouvée: HKLM\Software\Classes\BandooCoordinator.BandooCoordinator.1

0,Clé trouvée: HKLM\Software\Classes\BandooCoordinator.CoordinatorUI

0,Clé trouvée: HKLM\Software\Classes\BandooCoordinator.CoordinatorUI.1

0,Clé trouvée: HKLM\Software\Classes\BandooCoordinator.HTTPAsyncResult

0,Clé trouvée: HKLM\Software\Classes\BandooCoordinator.HTTPAsyncResult.1

0,Clé trouvée: HKLM\Software\Classes\BandooCoordinator.PlugInNotifier

0,Clé trouvée: HKLM\Software\Classes\BandooCoordinator.PlugInNotifier.1

0,Clé trouvée: HKLM\Software\Classes\BandooCore.BandooCore

0,Clé trouvée: HKLM\Software\Classes\BandooCore.BandooCore.1

0,Clé trouvée: HKLM\Software\Classes\BandooCore.ResourcesMngr

0,Clé trouvée: HKLM\Software\Classes\BandooCore.ResourcesMngr.1

0,Clé trouvée: HKLM\Software\Classes\BandooCore.SettingsMngr

0,Clé trouvée: HKLM\Software\Classes\BandooCore.SettingsMngr.1

0,Clé trouvée: HKLM\Software\Classes\BandooCore.StatisticMngr

0,Clé trouvée: HKLM\Software\Classes\BandooCore.StatisticMngr.1

0,Clé trouvée: HKLM\Software\Classes\BandooIEPlugin.BandooIEPlugin

0,Clé trouvée: HKLM\Software\Classes\BandooIEPlugin.BandooIEPlugin.1

0,Clé trouvée: HKLM\Software\Classes\BFlashAnimator.BFlashAnimatorCtrl

0,Clé trouvée: HKLM\Software\Classes\BFlashAnimator.BFlashAnimatorCtrl.1

0,Clé trouvée: HKLM\Software\Classes\BGIFAnimator.BGIFAnimatorCtrl

0,Clé trouvée: HKLM\Software\Classes\BGIFAnimator.BGIFAnimatorCtrl.1

0,Clé trouvée: HKLM\Software\Classes\Toolbar.CT2077543

0,Clé trouvée: HKLM\Software\Classes\Toolbar.CT2095689

0,Clé trouvée: HKLM\Software\Classes\Toolbar.CT2102473

0,Clé trouvée: HKLM\Software\Classes\Toolbar.CT2405280

0,Clé trouvée: HKLM\Software\Classes\AppID\BandooCoordinator.EXE

1,Clé trouvée: HKLM\Software\Classes\AppID\{EDE2C296-2458-4E3B-A846-4B512C0703B5}

0,Clé trouvée: HKLM\Software\Classes\AppID\BandooCore.EXE

1,Clé trouvée: HKLM\Software\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}

0,Clé trouvée: HKLM\Software\bandoo

0,Clé trouvée: HKLM\Software\Conduit

0,Clé trouvée: HKCU\Software\AutocompleteProBHO

0,Clé trouvée: HKCU\Software\Conduit

0,Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Bandoo

3,Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

3,Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}

3,Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

3,Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}

3,Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}

3,Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}

3,Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}

0,Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bandoo

 

 

============== SCAN ADDITIONNEL ==============

 

** Mozilla Firefox Version [4.0b4 (fr)] **

 

-- C:\Documents and Settings\VIACOM\Application Data\Mozilla\FireFox\Profiles\t3i2mr5p.default\Prefs.js --

browser.download.dir, C:\\Documents and Settings\\VIACOM\\Mes documents\\Downloads\\Music

browser.download.lastDir, C:\\Documents and Settings\\VIACOM\\Bureau

browser.search.defaultenginename, Yahoo

browser.search.defaulturl, hxxp://fr.search.yahoo.com/search?fr=ffsp1&p=

browser.search.selectedEngine, BigSeekPro

browser.startup.homepage, hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official

browser.startup.homepage_override.mstone, rv:2.0b4

keyword.URL, hxxp://www.bigseekpro.com/search/toolbar//?q=

sweetim.toolbar.previous.browser.search.defaultenginename, Durable

sweetim.toolbar.previous.browser.search.defaulturl, hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%3Azblj...

sweetim.toolbar.previous.browser.search.selectedEngine, Durable

sweetim.toolbar.previous.browser.startup.homepage, hxxp://www.durable.com/recherche

sweetim.toolbar.previous.keyword.URL, hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FO...

 

========================================

 

** Internet Explorer Version [8.0.6001.18702] **

 

[HKCU\Software\Microsoft\Internet Explorer\Main]

Default_Search_URL: hxxp://www.durable.com/recherche

Do404Search: 0x01000000

Enable Browser Extensions: YES

Local Page: C:\WINDOWS\system32\blank.htm

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Show_ToolBar: yes

Start Page: hxxp://home.speedbit.com/?aff=205

Use Search Asst: no

 

[HKLM\Software\Microsoft\Internet Explorer\Main]

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157

Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Delete_Temp_Files_On_Exit: yes

Local Page: C:\WINDOWS\system32\blank.htm

Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157

 

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]

Tabs: hxxp://home.speedbit.com/tab/?aff=205

Blank: res://mshtml.dll/blank.htm

 

========================================

 

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)

C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)

 

C:\Ad-Report-SCAN[1].txt - 20/09/2010 (8348 Octet(s))

 

Fin à: 16:26:34, 20/09/2010

 

============== E.O.F ==============

 

merci pour l'aide!

Florinator Extrem Member

Florinator

Posté(e)
Posté(e)

Je me suis mal exprimé:

 

Qu'est ce que tu utilises comme graveur?

 

Qu'est ce que tu utilises comme logiciel de gravure?

 

 

 

!Déconnectes toi et fermes toutes applications en cours !

 

 

 

  • Relance Ad-remover : au menu principal choisi l'option "Nettoyer" .
  • Poste le rapport qui apparait à la fin.

 

Le rapport est sauvegardé sous C:\Ad-report CLEAN.log

 

 

 

Si ton Bureau ne réapparaît pas:

 

  • - Fais CTRL+ALT+SUPP pour ouvrir le Gestionnaire de tâches.
    - Clique en haut à gauche sur "Fichier"
    - Choisi "Nouvelle tâche" (Exécuter ...)
    - Tape "explorer" et valide.
    - Cela fera apparaître ton Bureau.

 

 

A++

gnamoy Junior Member

gnamoy

Posté(e)
  • Auteur
Posté(e)

le graveur que j'utilise actuellement est CD BurnerXP

 

 

 

======= RAPPORT D'AD-REMOVER 2.0.0.1,F | UNIQUEMENT XP/VISTA/7 =======

 

Mis à jour par C_XX le 16/09/10 à 13:30

Contact: AdRemover.contact[AT]gmail.com

Site web: TEAM X SCRIPT : UsbFix - AD-Remover - FindyKill

 

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 22:27:10 le 20/09/2010, Mode normal

 

Microsoft Windows XP Professionnel Service Pack 3 (X86)

VIACOM@VIACOM-24DFD8F7 ( )

 

============== ACTION(S) ==============

 

 

0,Dossier supprimé: C:\Documents and Settings\VIACOM\Application Data\Bandoo

0,Dossier supprimé: C:\Documents and Settings\All Users\Application Data\Bandoo

0,Dossier supprimé: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Bandoo

0,Dossier supprimé: C:\Program Files\Bandoo

0,Dossier supprimé: C:\Documents and Settings\VIACOM\Local Settings\Application Data\Conduit

0,Dossier supprimé: C:\Program Files\Conduit

0,Dossier supprimé: C:\Documents and Settings\VIACOM\Application Data\Toolbar4

 

(!) -- Fichiers temporaires supprimés.

 

 

-- Fichier ouvert: C:\Documents and Settings\VIACOM\Application Data\Mozilla\FireFox\Profiles\t3i2mr5p.default\Prefs.js --

Ligne supprimée: user_pref("CT2405280.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER...

Ligne supprimée: user_pref("CT2405280.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT240...

Ligne supprimée: user_pref("browser.search.defaultengine", "Ask.com");

Ligne supprimée: user_pref("browser.search.defaultthis.engineName", "Softonic-Eng7 Customized Web Search");

Ligne supprimée: user_pref("browser.search.order.1", "Ask.com");

Ligne supprimée: user_pref("extensions.toolbar@ask.com.install-event-fired", true);

-- Fichier Fermé --

 

 

1,Clé supprimée: HKLM\Software\Classes\CLSID\{074E4EFE-81BB-4EA4-866E-082CB0E01070}

3,Clé supprimée: HKLM\Software\Classes\AppID\{EDE2C296-2458-4E3B-A846-4B512C0703B5}

1,Clé supprimée: HKLM\Software\Classes\CLSID\{0CE5B352-9D9C-41E1-9551-FCCD92820217}

1,Clé supprimée: HKLM\Software\Classes\CLSID\{167B2B5F-2757-434A-BBDA-2FDB2003F14F}

1,Clé supprimée: HKLM\Software\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}

3,Clé supprimée: HKLM\Software\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}

1,Clé supprimée: HKLM\Software\Classes\CLSID\{2E9A60EA-5554-49C3-BC9D-D0404DBACC62}

1,Clé supprimée: HKLM\Software\Classes\CLSID\{3E63C9BC-DD51-4E83-ABA6-B350EAD28531}

1,Clé supprimée: HKLM\Software\Classes\CLSID\{44CFFEF4-E7E1-44BD-B1F5-29F828ADA1B8}

1,Clé supprimée: HKLM\Software\Classes\CLSID\{872F3C0B-4462-424c-BB9F-74C6899B9F92}

3,Clé supprimée: HKLM\Software\Classes\AppID\{9C123289-82E1-4da7-A3C2-B8D28AAD114B}

1,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424c-BB9F-74C6899B9F92}

1,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872F3C0B-4462-424c-BB9F-74C6899B9F92}

1,Clé supprimée: HKLM\Software\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}

1,Clé supprimée: HKLM\Software\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}

1,Clé supprimée: HKLM\Software\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}

1,Clé supprimée: HKLM\Software\Classes\CLSID\{CE1CB632-6817-47b3-8587-D05AF75D6D5A}

3,Clé supprimée: HKLM\Software\Classes\AppID\{3AD7A5B6-610D-4A82-979E-0AED20920690}

1,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CE1CB632-6817-47b3-8587-D05AF75D6D5A}

1,Clé supprimée: HKLM\Software\Classes\CLSID\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}

1,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}

1,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}

1,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}

1,Clé supprimée: HKLM\Software\Classes\CLSID\{EF2B6317-C367-401B-83B8-80302D6588A7}

1,Clé supprimée: HKLM\Software\Classes\CLSID\{F5379B4B-24D8-432A-9A96-BE75EE5117DB}

1,Clé supprimée: HKLM\Software\Classes\CLSID\{F7FB2BC4-6C27-4EAC-B5E2-037B71FDE101}

1,Clé supprimée: HKLM\Software\Classes\CLSID\{FD53FE35-4368-4B71-89D6-F29F3DB29DF1}

1,Clé supprimée: HKLM\Software\Classes\Interface\{33DDFC61-F531-4982-8C32-4212B7835D44}

1,Clé supprimée: HKLM\Software\Classes\Interface\{384FE458-A963-450D-9187-EEFF81913FD0}

1,Clé supprimée: HKLM\Software\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}

1,Clé supprimée: HKLM\Software\Classes\Interface\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}

1,Clé supprimée: HKLM\Software\Classes\Interface\{A9005ED5-4A1D-4606-A4DF-1A25E7D7B417}

1,Clé supprimée: HKLM\Software\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}

1,Clé supprimée: HKLM\Software\Classes\TypeLib\{3AD7A5B6-610D-4A82-979E-0AED20920690}

1,Clé supprimée: HKLM\Software\Classes\TypeLib\{4410C118-B23C-406C-9F52-9CDABD90A5EA}

1,Clé supprimée: HKLM\Software\Classes\TypeLib\{62E5C9E1-A0E8-4F8C-8EAF-0F9250CC5786}

1,Clé supprimée: HKLM\Software\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}

1,Clé supprimée: HKLM\Software\Classes\TypeLib\{9C123289-82E1-4DA7-A3C2-B8D28AAD114B}

0,Clé supprimée: HKLM\Software\Classes\BandooCoordinator.BandooCoordinator

0,Clé supprimée: HKLM\Software\Classes\BandooCoordinator.BandooCoordinator.1

0,Clé supprimée: HKLM\Software\Classes\BandooCoordinator.CoordinatorUI

0,Clé supprimée: HKLM\Software\Classes\BandooCoordinator.CoordinatorUI.1

0,Clé supprimée: HKLM\Software\Classes\BandooCoordinator.HTTPAsyncResult

0,Clé supprimée: HKLM\Software\Classes\BandooCoordinator.HTTPAsyncResult.1

0,Clé supprimée: HKLM\Software\Classes\BandooCoordinator.PlugInNotifier

0,Clé supprimée: HKLM\Software\Classes\BandooCoordinator.PlugInNotifier.1

0,Clé supprimée: HKLM\Software\Classes\BandooCore.BandooCore

0,Clé supprimée: HKLM\Software\Classes\BandooCore.BandooCore.1

0,Clé supprimée: HKLM\Software\Classes\BandooCore.ResourcesMngr

0,Clé supprimée: HKLM\Software\Classes\BandooCore.ResourcesMngr.1

0,Clé supprimée: HKLM\Software\Classes\BandooCore.SettingsMngr

0,Clé supprimée: HKLM\Software\Classes\BandooCore.SettingsMngr.1

0,Clé supprimée: HKLM\Software\Classes\BandooCore.StatisticMngr

0,Clé supprimée: HKLM\Software\Classes\BandooCore.StatisticMngr.1

0,Clé supprimée: HKLM\Software\Classes\BandooIEPlugin.BandooIEPlugin

0,Clé supprimée: HKLM\Software\Classes\BandooIEPlugin.BandooIEPlugin.1

0,Clé supprimée: HKLM\Software\Classes\BFlashAnimator.BFlashAnimatorCtrl

0,Clé supprimée: HKLM\Software\Classes\BFlashAnimator.BFlashAnimatorCtrl.1

0,Clé supprimée: HKLM\Software\Classes\BGIFAnimator.BGIFAnimatorCtrl

0,Clé supprimée: HKLM\Software\Classes\BGIFAnimator.BGIFAnimatorCtrl.1

0,Clé supprimée: HKLM\Software\Classes\Toolbar.CT2077543

0,Clé supprimée: HKLM\Software\Classes\Toolbar.CT2095689

0,Clé supprimée: HKLM\Software\Classes\Toolbar.CT2102473

0,Clé supprimée: HKLM\Software\Classes\Toolbar.CT2405280

0,Clé supprimée: HKLM\Software\Classes\AppID\BandooCoordinator.EXE

0,Clé supprimée: HKLM\Software\Classes\AppID\BandooCore.EXE

0,Clé supprimée: HKLM\Software\bandoo

0,Clé supprimée: HKLM\Software\Conduit

0,Clé supprimée: HKCU\Software\AutocompleteProBHO

0,Clé supprimée: HKCU\Software\Conduit

0,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Bandoo

3,Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

3,Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}

3,Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

3,Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}

3,Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}

3,Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}

3,Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}

0,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bandoo

 

 

============== SCAN ADDITIONNEL ==============

 

** Mozilla Firefox Version [4.0b4 (fr)] **

 

-- C:\Documents and Settings\VIACOM\Application Data\Mozilla\FireFox\Profiles\t3i2mr5p.default\Prefs.js --

browser.download.dir, C:\\Documents and Settings\\VIACOM\\Mes documents\\Downloads\\Music

browser.download.lastDir, F:

browser.search.defaultenginename, Yahoo

browser.search.defaulturl, hxxp://fr.search.yahoo.com/search?fr=ffsp1&p=

browser.search.selectedEngine, BigSeekPro

browser.startup.homepage, hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official

browser.startup.homepage_override.mstone, rv:2.0b4

keyword.URL, hxxp://www.bigseekpro.com/search/toolbar//?q=

sweetim.toolbar.previous.browser.search.defaultenginename, Durable

sweetim.toolbar.previous.browser.search.defaulturl, hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%3Azblj...

sweetim.toolbar.previous.browser.search.selectedEngine, Durable

sweetim.toolbar.previous.browser.startup.homepage, hxxp://www.durable.com/recherche

sweetim.toolbar.previous.keyword.URL, hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FO...

 

========================================

 

** Internet Explorer Version [8.0.6001.18702] **

 

[HKCU\Software\Microsoft\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Do404Search: 0x01000000

Enable Browser Extensions: YES

Local Page: C:\WINDOWS\system32\blank.htm

Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

Show_ToolBar: yes

Start Page: hxxp://fr.msn.com/

Use Search Asst: no

 

[HKLM\Software\Microsoft\Internet Explorer\Main]

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Delete_Temp_Files_On_Exit: yes

Local Page: C:\WINDOWS\system32\blank.htm

Search bar: hxxp://search.msn.com/spbasic.htm

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Start Page: hxxp://fr.msn.com/

 

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

Blank: res://mshtml.dll/blank.htm

 

========================================

 

C:\Program Files\Ad-Remover\Quarantine: 255 Fichier(s)

C:\Program Files\Ad-Remover\Backup: 15 Fichier(s)

 

C:\Ad-Report-CLEAN[1].txt - 20/09/2010 (8411 Octet(s))

C:\Ad-Report-SCAN[1].txt - 20/09/2010 (10724 Octet(s))

 

Fin à: 22:30:52, 20/09/2010

 

============== E.O.F ==============

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...