Impossible de déplacer du .avi

[NxxS]

Alors, alors :

 

Rapport Malware-bytes Scan complet :

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 5914

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

3/3/2011 6:25:51 PM
mbam-log-2011-03-03 (18-25-41).txt

Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 161341
Temps écoulé: 24 minute(s), 0 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\documents and settings\administrator\Desktop\vegas sony\crack vegas 9\Keygen.exe (Trojan.Agent) -> No action taken.(si, supprimé)

 

Rapport du nettoyage avec Ad-remover :

 

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 14:59:49 on 04/03/2011, Normal boot

Microsoft Windows XP Professional Service Pack 3 (X86) 
Administrator@EXPERIEN-8DF3A0 ( ) 

============== ACTION(S) ==============



(!) -- Temporary files deleted.


Key deleted: HKLM\Software\Classes\CLSID\{601ac3dc-786a-4eb0-bf40-ee3521e70bfb}
Key deleted: HKLM\Software\Classes\CLSID\{72b3882f-453a-4633-aac9-8c3dced62aff}
Key deleted: HKLM\Software\Conduit
Key deleted: HKCU\Software\Ask.com
Key deleted: HKCU\Software\AskToolbar
Key deleted: HKCU\Software\Conduit
Key deleted: HKLM\Software\Cheat Engine\OpenCandy


============== ADDITIONNAL SCAN ==============

**** Mozilla Firefox Version [3.6.14 (fr)] ****

Plugins\npdeployJava1.dll (Oracle)
Components\FFComm.dll (BitDefender S.R.L.)
Extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} (Skype extension		)
HKLM_Extensions|FFToolbar@bitdefender.com - C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\

-- C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\bqpa1y01.default --
Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} (Adobe DLM (powered by getPlus(R)))
Prefs.js - browser.download.dir, C:\\Documents and Settings\\Administrator\\Desktop
Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Administrator\\Desktop
Prefs.js - browser.startup.homepage, hxxp://www.google.fr/
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.14

========================================

**** Internet Explorer Version [7.0.5730.13] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKLM_ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} - C:\Program Files\Java\jre6\bin\ssvagent.exe (Oracle)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{bf00e119-21a3-4fd1-b178-3b8537e75c92} - "IeMonitorBho Class" (C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 File(s)
C:\Program Files\Ad-Remover\Backup: 13 File(s)

C:\Ad-Report-CLEAN[1].txt - 04/03/2011 15:00:15 (978 Byte(s)) 

End at: 15:00:51, 04/03/2011 

============== E.O.F ============== 

 

P.S. : Les DDE n'étaient pas co durant ces scans.

[bleuet]

Salut !

 

Mettre à jour IE7 vers IE8. Aussi Java.

Télécharger Java pour Windows

 

Voir si tu veux remplacer Avast par AntiVir.

 

Tu peux remettre un ZHPDiag ?

 

 

Bleuet (04/03/2011)

[NxxS]

J'utilise jamais IE.

Mais si tu le dis...

[leminou]

Bonjour,

 

IL le dit et je confirme, même si on n'utilise pas IE il faut qu'il soit à jour ainsi que Java, Flash et autres... je suppose que depuis tu as rebooté la machine

 

Apréès avoir refait un peu de lecture, je relève ceci...

Edit : y'a un ptit panneau Attention jaune qui se met dans ma barre des taches à droite. En rapport avec mon/mes DDE branchés. Il indique rien. Il s'en va quand on clic dessus (droite ou gauche) :/

Aller dans le gestionnaire de périphériques HD connectés et regarder si tu n'as pas de point d'interrogation...

 

Quelle marque et modèle de disque connexion USB ou eSAT et quel format FAT32/NTFS ?????? (1 ? par question)

 

Essayer SuperCopier 2.2 Beta

[NxxS]

Bleuet :

 

Java mis à jour.

 

IE8 impossible à installer sur mon ordi, message d'incompatibilité dès le lancement du .exe (j'ai testé en version english+français)

 

ZHPDiag :

 

Rapport de ZHPDiag v1.27.1626 par Nicolas Coolman, Update du 01/03/2011

Run by Administrator at 3/6/2011 12:51:22 PM

Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html

Contact : nicolascoolman@yahoo.fr

 

---\\ Web Browser

MSIE: Internet Explorer v7.0.5730.13

MFIE: Mozilla Firefox v3.6.14 (fr) (Defaut)

 

---\\ System Information

Windows XP Professional Service Pack 3 (Build 2600)

Processor: x86 Family 15 Model 4 Stepping 1, GenuineIntel

Operating System: 32 Bits

Boot mode: Normal (Normal boot)

Total RAM: 1022.1 MB (56% free)

System Restore: Activé (Enable)

System drive C: has 1 GB (7%) free of 19 GB

 

---\\ Logged in mode

Computer Name: EXPERIEN-8DF3A0

User Name: Administrator

All Users Names: SUPPORT_388945a0, HelpAssistant, Guest, Administrator,

Unselected Option: O45,O61,O62,O65,O66,O82

Logged in as Administrator

 

---\\ Environnement Variables

%AppData%=C:\Documents and Settings\Administrator\Application Data

%LocalAppData%=C:\Documents and Settings\Administrator\Local Settings\Application Data

%StartMenu%=C:\Documents and Settings\Administrator\Start Menu

 

---\\ DOS/Devices

C:\ Hard drive, Flash drive, Thumb drive (Free 1 Go of 19 Go)

D:\ CD-ROM drive (Not Inserted)

F:\ Hard drive, Flash drive, Thumb drive (Free 61 Go of 233 Go)

 

 

---\\ Security Center & Tools Informations

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK

 

 

---\\ Search Generic System Files

[MD5.91172F1F7DECAA275ED52FCB61F57307] - (.Microsoft Corporation - Windows Explorer.) (.5/3/2008 1:00:00 PM.) -- C:\Windows\Explorer.exe [1033728]

[MD5.A4A0FC92358F39538A6494C42EF99FE9] - (.Microsoft Corporation - Internet Extensions for Win32.) (.8/13/2007 6:54:10 PM.) -- C:\Windows\System32\wininet.dll [818688]

[MD5.B8135E9ED99A0858DF535CE0A0271558] - (.Microsoft Corporation - Windows NT Logon Application.) (.5/3/2008 1:00:00 PM.) -- C:\Windows\System32\Winlogon.exe [507904]

[MD5.65EA06F8711FB3A64EC7D323E350F456] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.3/20/2008 8:33:08 PM.) -- C:\Windows\System32\drivers\atapi.sys [96512]

[MD5.D7F8A3F743C54C13D78954176AD483A2] - (.Microsoft Corporation - NT File System Driver.) (.5/3/2008 1:00:00 PM.) -- C:\Windows\System32\drivers\ntfs.sys [574976]

 

 

---\\ Running Processes

[MD5.471087B5E1E01CC82604E81EA14781D8] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [602112]

[MD5.25FB74EABCE5EC7836BA3CFB3C58449A] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384]

[MD5.3C417A392EC51E601AC55B5E196549E7] - (.Unknown owner - ANIWConnService.) -- C:\WINDOWS\system32\ANIWConnService.exe [151552]

[MD5.5E06A9D23727DAF96FAA796F1135FDCD] - (.Sun Microsystems, Inc. - Java Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376]

[MD5.F25BDB64996625C4B014F26572DEB647] - (.Wireless Service - ANIWZCS2 launcher for Windows..) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [98304]

[MD5.ECDC0143B65DAD02CEC24BC08295959E] - (.D-Link Corp. - D-Link WLAN Application.) -- C:\Program Files\D-Link\DWL-G122_DWA-110\AirGCFG.exe [1708032]

[MD5.10247C15D999CC116C87DA36BD0AD64D] - (.Analog Devices, Inc. - SMax4PNP MFC Application.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928]

[MD5.7B878518590E826F1F3A5B1D61D405F8] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe [3396624]

[MD5.255E405D801CF01247390F38F92D8042] - (...) -- C:\Program Files\Unlocker\UnlockerAssistant.exe [17408]

[MD5.2E5212A0BFB98FE0167C92C76C87AFE3] - (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [249064]

[MD5.61CFEDAF9C527A1463F34F71240F9BB5] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [15026056]

[MD5.2CE8F1C52F490875592166316C512B6F] - (.Skype Technologies - Skype Extras Manager.) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe [80256]

[MD5.D804D54E70E15078DFF46F9543A5E151] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [632320]

 

 

---\\ Opera, Plugins,Start,Search (P1,B0,B1)

P1 - OPN:Opera Plugin Navigator . (.Unknown owner - No comment.) -- C:\Program Files\Opera\Program\Plugins\NPSWF32.dll

 

 

---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)

M3 - MFPP: Plugins - [Administrator] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml

M3 - MFPP: Plugins - [Administrator] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml

M3 - MFPP: Plugins - [Administrator] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml

M3 - MFPP: Plugins - [Administrator] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml

M3 - MFPP: Plugins - [Administrator] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml

M3 - MFPP: Plugins - [Administrator] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml

P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll

P2 - FPN:Firefox Plugin Navigator . (.mozilla.org - Default Plug-in.) -- C:\Program Files\Mozilla Firefox\Plugins\npnul32.dll

P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - Office Plugin for Netscape Navigator.) -- C:\Program Files\Mozilla Firefox\Plugins\NPOFF12.DLL

P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.0.1.) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll

P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Unknown owner - No comment.) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_24 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

P2 - FPN: [HKLM] [@videolan.org/vlc,version=0.9.9] - (.the VideoLAN Team - Version 0.9.9, copyright 1996-2009 The VideoLAN Team<br><a href="http:.) -- C:\Program Files\VideoLAN\VLC\npvlc.dll

M0 - MFSP: prefs.js [Administrator - bqpa1y01.default] http://www.google.fr/

M2 - MFEP: prefs.js [Administrator - bqpa1y01.default\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}] [adblockplus] Adblock Plus v1.3.3 (.Wladimir Palant.)

M2 - MFEP: prefs.js [Administrator - bqpa1y01.default\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}] [] Adobe DLM (powered by getPlus®) v1.6.2.63 (.NOS Microsystems Ltd..)

 

 

---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com'>http://fr.msn.com'>http://fr.msn.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com

R0 - HKUS\S-1-5-21-2000478354-308236825-1644491937-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com'>http://www.microsoft.com'>http://www.microsoft.com'>http://www.microsoft.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (7.00.5730.13 (longhorn(wmbla).070711-1130)) -- C:\WINDOWS\system32\ieframe.dll

R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2

 

 

---\\ Internet Explorer, Proxy Management (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0

R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

 

 

---\\ Changed inifile Value, Mapped to Registry (F2)

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,

F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"

 

 

---\\ Browser Helper Objects (O2)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} . (.Skype Technologies S.A. - Skype add-on for IE.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} . (.Megaupload Limited - Mega Manager IE Click Catcher.) -- C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

 

 

---\\ Auto loading programs from Registry and folders (O4)

O4 - HKLM\..\Run: [ANIWZCS2Service] . (.Wireless Service - ANIWZCS2 launcher for Windows..) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [D-Link D-Link Wireless G DWL-G122_DWA-110] . (.D-Link Corp. - D-Link WLAN Application.) -- C:\Program Files\D-Link\DWL-G122_DWA-110\AirGCFG.exe

O4 - HKLM\..\Run: [soundMAXPnP] . (.Analog Devices, Inc. - SMax4PNP MFC Application.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [avast5] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe

O4 - HKLM\..\Run: [unlockerAssistant] . (...) -- C:\Program Files\Unlocker\UnlockerAssistant.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe

O4 - HKCU\..\Run: [skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe

O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-2000478354-308236825-1644491937-500\..\Run: [skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe

O4 - HKUS\S-1-5-21-2000478354-308236825-1644491937-500\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll

 

 

---\\ Other User Links (O4)

O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Mega Manager.lnk . (.Megaupload Limited.) -- C:\Program Files\Megaupload\Mega Manager\MegaManager.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Pinnacle Studio 12.lnk . (...) -- E:\Logiciels\Pinnacle Studio 12 Plus\Programs\Studio.exe (.not file.)

O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\TI Connect.lnk . (.Texas Instruments Incorporated.) -- C:\Program Files\TI Education\TI Connect\TIConnect.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\ZHPDiag.lnk . (.Nicolas Coolman.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe

O4 - Global Startup: C:\Documents And Settings\Administrator\Desktop\Microsoft Office Word 2007.lnk . (...) -- C:\WINDOWS\Installer\{90120000-001B-0000-0000-0000000FF1CE}\wordicon.exe

O4 - Global Startup: C:\Documents And Settings\Administrator\Desktop\On-Screen Keyboard.lnk . (.Microsoft Corporation.) -- C:\WINDOWS\system32\osk.exe

O4 - Global Startup: C:\Documents And Settings\Administrator\Desktop\PhotoFiltre.lnk . (.Antonio Da Cruz.) -- C:\Program Files\PhotoFiltre\photofiltre.exe

O4 - Global Startup: C:\Documents And Settings\Administrator\Desktop\Power Sound Editor Free.lnk . (...) -- E:\Logiciels\Power Sound Editor Free\PowerSoundEditorFree.exe (.not file.)

O4 - Global Startup: C:\Documents And Settings\Administrator\Desktop\TmForeverLauncher.lnk . (...) -- E:\Jeux Etienne\Sport - (MMO)RG\TmNationsForever\TmForeverLauncher.exe (.not file.)

 

 

---\\ Extra items in the IE right-click menu (O8)

O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... . (.Unknown owner - No comment.) -- C:\Program Files\Megaupload\Mega Manager\mm_file.htm

 

 

---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (.Unknown owner - No comment.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico

O9 - Extra button: Skype Plug-In - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (.Unknown owner - No comment.) -- C:\PROGRA~1\MICROS~1\Office12\REFBARH.ICO

O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (.Unknown owner - No comment.) -- C:\PROGRA~1\MICROS~1\Office12\REFBARH.ICO

O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe

 

 

---\\ Winsock hijacker (Layered Service Provider) (O10)

O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Microsoft Windows Sockets 2.0 Service Provider.) -- C:\WINDOWS\system32\mswsock.dll

O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll

O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Microsoft Windows Sockets 2.0 Service Provider.) -- C:\WINDOWS\system32\mswsock.dll

 

 

---\\ Lop.com/Domain Hijackers (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{26A26B99-E2AA-4521-9D10-6C56AB79DEAD}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{A566577F-209F-49A4-9A8E-873FAC0473D3}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{C7C170F4-37F7-4096-B7B1-EA56D6041BE1}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{F3AD06F6-A187-4DE9-B304-6DB62B211C59}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{26A26B99-E2AA-4521-9D10-6C56AB79DEAD}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{A566577F-209F-49A4-9A8E-873FAC0473D3}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{C7C170F4-37F7-4096-B7B1-EA56D6041BE1}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{F3AD06F6-A187-4DE9-B304-6DB62B211C59}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{26A26B99-E2AA-4521-9D10-6C56AB79DEAD}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{C7C170F4-37F7-4096-B7B1-EA56D6041BE1}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{F3AD06F6-A187-4DE9-B304-6DB62B211C59}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

 

 

---\\ Extra protocols and protocol Hijackers (O18)

O18 - Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} . (.Skype Technologies S.A. - Skype add-on for IE.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype for COM API.) -- C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

 

 

---\\ AppInit_DLLs Registry value Autorun (O20)

O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\Windows\System32\Ati2evxx.dll

O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\Windows\System32\crypt32.dll

O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\Windows\System32\cryptnet.dll

O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Offline Network Agent.) -- C:\Windows\System32\cscdll.dll

O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll

O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\Windows\System32\wlnotify.dll

O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\Windows\System32\wlnotify.dll

O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - Secondary Logon Service Notification DLL.) -- C:\Windows\System32\sclgntfy.dll

O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\Windows\System32\WlNotify.dll

O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\Windows\System32\wlnotify.dll

O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\Windows\System32\wlnotify.dll

 

 

---\\ ShellServiceObjectDelayLoad (O21)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\WINDOWS\system32\SHELL32.dll

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\WINDOWS\system32\SHELL32.dll

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Systray shell service object.) -- C:\WINDOWS\system32\stobject.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll

 

 

---\\ SharedTaskScheduler (O22)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\WINDOWS\system32\browseui.dll

 

 

---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23)

O23 - Service: (ANIWConnService) . (.Unknown owner - ANIWConnService.) - C:\WINDOWS\system32\ANIWConnService.exe

O23 - Service: (ANIWZCSdService) . (.Wireless Service - ANIWZCS2 Service Launcher.) - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: (Ati HotKey Poller) . (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: (ATI Smart) . (.Unknown owner - ATI Smart.) - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: (dmadmin) . (.Microsoft Corp., Veritas Software - Logical Disk Manager service process.) - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: (LVPrcSrv) . (.Logitech Inc. - Logitech LVPrcSrv Module..) - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

 

 

---\\ Windows Active Desktop & MHTML Editor (O24)

O24 - Desktop Component 0: My Current Home Page - file:About:Home

O24 - Default MHTML Editor: Last - .(.Unknown owner - No comment.) - (.not file.)

 

 

---\\ Drivers launched at startup (O41)

O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys

O41 - Driver: (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys

O41 - Driver: (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\Windows\System32\DRIVERS\imapi.sys

O41 - Driver: (intelppm) . (.Microsoft Corporation - Processor Device Driver.) - C:\Windows\System32\DRIVERS\intelppm.sys

O41 - Driver: (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\Windows\System32\DRIVERS\ipsec.sys

O41 - Driver: (Kbdclass) . (.Microsoft Corporation - Keyboard Class Driver.) - C:\Windows\System32\DRIVERS\kbdclass.sys

O41 - Driver: (kbdhid) . (.Microsoft Corporation - HID Mouse Filter Driver.) - C:\Windows\System32\DRIVERS\kbdhid.sys

O41 - Driver: (Mouclass) . (.Microsoft Corporation - Mouse Class Driver.) - C:\Windows\System32\DRIVERS\mouclass.sys

O41 - Driver: (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\Windows\System32\DRIVERS\mrxsmb.sys

O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys

O41 - Driver: (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys

O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\System32\DRIVERS\rasacd.sys

O41 - Driver: (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERS\rdbss.sys

O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys

O41 - Driver: (redbook) . (.Microsoft Corporation - Redbook Audio Filter Driver.) - C:\Windows\System32\DRIVERS\redbook.sys

O41 - Driver: (Serial) . (.Microsoft Corporation - Serial Device Driver.) - C:\Windows\System32\DRIVERS\serial.sys

O41 - Driver: (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\Windows\System32\DRIVERS\tcpip.sys

O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys

O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys

 

 

---\\ Software installed (O42)

O42 - Logiciel: ANIO Service - (.Unknown owner.) [HKLM] -- {7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}

O42 - Logiciel: ANIWZCS2 Service - (.Unknown owner.) [HKLM] -- {4C590030-7469-453E-8589-D15DA9D03F52}

O42 - Logiciel: ATI - Software Uninstall Utility - (.Unknown owner.) [HKLM] -- All ATI Software

O42 - Logiciel: ATI Catalyst Control Center - (.Unknown owner.) [HKLM] -- {055EE59D-217B-43A7-ABFF-507B966405D8}

O42 - Logiciel: ATI Display Driver - (.Unknown owner.) [HKLM] -- ATI Display Driver

O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin

O42 - Logiciel: Adobe Flash Player ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX

O42 - Logiciel: Adobe Reader X (10.0.1) - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-AA0000000001}

O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner

O42 - Logiciel: Cheat Engine 5.6.1 - (.Dark Byte.) [HKLM] -- Cheat Engine 5.6.1_is1

O42 - Logiciel: Coffret de pilotes Logitech Webcam Software - (.Logitech Inc..) [HKLM] -- lvdrivers_12.10

O42 - Logiciel: D-Link Wireless G DWL-G122_DWA-110 - (.D-Link.) [HKLM] -- {5F753314-628E-4C13-B8AE-BFA7FD514CBE}

O42 - Logiciel: EPSON Logiciel imprimante - (.Unknown owner.) [HKLM] -- EPSON Printer and Utilities

O42 - Logiciel: Free Video Converter V 2.91 - (.Koyote Soft.) [HKLM] -- Free Video Converter_is1

O42 - Logiciel: FrostWire 4.21.1 - (.FrostWire Team.) [HKLM] -- FrostWire

O42 - Logiciel: Java 6 Update 24 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216021FF}

O42 - Logiciel: Logiciel d'archivage WinRAR - (.Unknown owner.) [HKLM] -- WinRAR archiver

O42 - Logiciel: Logitech Webcam Software - (.Logitech Inc..) [HKLM] -- {C27BC2A2-30DD-4014-B22E-63EB0DB572F9}

O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1

O42 - Logiciel: Mega Manager - (.Megaupload Limited.) [HKLM] -- {3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}

O42 - Logiciel: Microsoft .NET Framework 2.0 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 2.0

O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs - (.Microsoft Corporation.) [HKLM] -- IDNMitigationAPIs

O42 - Logiciel: Microsoft National Language Support Downlevel APIs - (.Microsoft Corporation.) [HKLM] -- NLSDownlevelMapping

O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proofing (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002C-0409-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Shared MUI (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-006E-0409-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Shared Setup Metadata MUI (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0115-0409-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Word 2007 - (.Microsoft Corporation.) [HKLM] -- WORD

O42 - Logiciel: Microsoft Office Word 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001B-0000-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Word MUI (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001B-0409-0000-0000000FF1CE}

O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- Wudf01000

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

O42 - Logiciel: Mozilla Firefox (3.6.14) - (.Mozilla.) [HKLM] -- Mozilla Firefox (3.6.14)

O42 - Logiciel: OpenOffice.org 3.2 - (.OpenOffice.org.) [HKLM] -- {69B040CC-E9B1-4769-950E-87786C9E16AD}

O42 - Logiciel: PDFCreator - (.Frank Heindörfer, Philip Chinery.) [HKLM] -- {0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}

O42 - Logiciel: PhotoFiltre - (.Unknown owner.) [HKCU] -- PhotoFiltre

O42 - Logiciel: Pilote vidéo Pinnacle - (.Pinnacle Systems.) [HKLM] -- {5EB90C06-964F-4195-B83E-BD7E55C88415}

O42 - Logiciel: Pinnacle Studio 12 - (.Pinnacle Systems.) [HKLM] -- {D041EB9E-890A-4098-8F94-51DA194AC72A}

O42 - Logiciel: Pinnacle VideoSpin - (.Pinnacle Systems.) [HKLM] -- {FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}

O42 - Logiciel: Power Sound Editor Free - (.PowerSE Studio Inc..) [HKLM] -- Power Sound Editor Free

O42 - Logiciel: Prio v1.9.7 - (.Unknown owner.) [HKLM] -- Prio

O42 - Logiciel: Security Update for Windows XP (KB941569) - (.Microsoft Corporation.) [HKLM] -- KB941569

O42 - Logiciel: Skype Toolbars - (.Skype Technologies S.A..) [HKLM] -- {CD95D125-2992-4858-B3EF-5F6FB52FBAD6}

O42 - Logiciel: Skype™ 5.1 - (.Skype Technologies S.A..) [HKLM] -- {E633D396-5188-4E9D-8F6B-BFB8BF3467E8}

O42 - Logiciel: SoundMAX - (.Analog Devices.) [HKLM] -- {F0A37341-D692-11D4-A984-009027EC0A9C}

O42 - Logiciel: TI Connect 1.6 - (.Texas Instruments Incorporated.) [HKLM] -- {A8B94669-8654-4126-BD28-D0D2412CDED6}

O42 - Logiciel: TmNationsForever - (.Nadeo.) [HKLM] -- TmNationsForever_is1

O42 - Logiciel: Unlocker 1.9.0 - (.Cedrick Collomb.) [HKLM] -- Unlocker

O42 - Logiciel: VLC media player 0.9.9 - (.VideoLAN Team.) [HKLM] -- VLC media player

O42 - Logiciel: Windows Internet Explorer 7 - (.Microsoft Corporation.) [HKLM] -- ie7

O42 - Logiciel: Windows Media Format 11 runtime - (.Microsoft Corporation.) [HKLM] -- WMFDist11

O42 - Logiciel: Windows Media Format 11 runtime - (.Unknown owner.) [HKLM] -- Windows Media Format Runtime

O42 - Logiciel: Windows Media Player 11 - (.Microsoft Corporation.) [HKLM] -- wmp11

O42 - Logiciel: Windows Media Player 11 - (.Unknown owner.) [HKLM] -- Windows Media Player

O42 - Logiciel: avast! Free Antivirus - (.Alwil Software.) [HKLM] -- avast5

O42 - Logiciel: ffdshow [rev 3233] [2010-01-28] - (.Unknown owner.) [HKLM] -- ffdshow_is1

 

---\\ HKCU & HKLM Software Keys

[HKCU\Software\8.1]

[HKCU\Software\ALWIL Software]

[HKCU\Software\ANI]

[HKCU\Software\Ad-Remover]

[HKCU\Software\Adobe]

[HKCU\Software\Ahead]

[HKCU\Software\Analog Devices]

[HKCU\Software\Blizzard Entertainment]

[HKCU\Software\Cheat Engine]

[HKCU\Software\Classes]

[HKCU\Software\Clients]

[HKCU\Software\D-Link]

[HKCU\Software\Datastead]

[HKCU\Software\DivXNetworks]

[HKCU\Software\EPSON]

[HKCU\Software\Emulators]

[HKCU\Software\GNU]

[HKCU\Software\HookNetwork]

[HKCU\Software\Intel]

[HKCU\Software\JaboSoft]

[HKCU\Software\JavaSoft]

[HKCU\Software\LANGAGENT]

[HKCU\Software\Leadertech]

[HKCU\Software\Licenses]

[HKCU\Software\Liquid Entertainment]

[HKCU\Software\LogiShrd]

[HKCU\Software\Logitech]

[HKCU\Software\LowRegistry]

[HKCU\Software\Macromedia]

[HKCU\Software\Magnet]

[HKCU\Software\Malwarebytes' Anti-Malware]

[HKCU\Software\McAfee]

[HKCU\Software\Megaupload]

[HKCU\Software\N64 Emulation]

[HKCU\Software\Netscape]

[HKCU\Software\ODBC]

[HKCU\Software\OpenOffice.org]

[HKCU\Software\PDFCreator]

[HKCU\Software\Pinnacle Systems]

[HKCU\Software\Piriform]

[HKCU\Software\Policies]

[HKCU\Software\Regressi]

[HKCU\Software\SafeSoft]

[HKCU\Software\Sierra On-Line]

[HKCU\Software\SkypeApps]

[HKCU\Software\Skype]

[HKCU\Software\Softonic]

[HKCU\Software\Sony Creative Software]

[HKCU\Software\Texas Instruments]

[HKCU\Software\VOB]

[HKCU\Software\WinRAR SFX]

[HKCU\Software\WinRAR]

[HKCU\Software\YahooPartnerToolbar]

[HKCU\Software\ej-technologies]

[HKLM\Software\ALWIL Software]

[HKLM\Software\ANIWConnd Service]

[HKLM\Software\ANI]

[HKLM\Software\ATI Technologies Inc.]

[HKLM\Software\ATI Technologies]

[HKLM\Software\Adobe]

[HKLM\Software\Alpha Networks]

[HKLM\Software\Analog Devices]

[HKLM\Software\BinarySense]

[HKLM\Software\C07ft5Y]

[HKLM\Software\CODEMASTERS]

[HKLM\Software\Cheat Engine]

[HKLM\Software\Classes]

[HKLM\Software\Clients]

[HKLM\Software\D-Link]

[HKLM\Software\DivX]

[HKLM\Software\EPSON]

[HKLM\Software\FAST Multimedia]

[HKLM\Software\GNU]

[HKLM\Software\Gemplus]

[HKLM\Software\Google]

[HKLM\Software\InstalledOptions]

[HKLM\Software\Intel]

[HKLM\Software\JavaSoft]

[HKLM\Software\JreMetrics]

[HKLM\Software\Licenses]

[HKLM\Software\LogiShrd]

[HKLM\Software\Logitech]

[HKLM\Software\Macromedia]

[HKLM\Software\Malwarebytes' Anti-Malware]

[HKLM\Software\Megaupload Limited]

[HKLM\Software\Megaupload]

[HKLM\Software\MidasHeurScanner]

[HKLM\Software\MozillaPlugins]

[HKLM\Software\Mozilla]

[HKLM\Software\ODBC]

[HKLM\Software\OpenOffice.org]

[HKLM\Software\PDFCreator]

[HKLM\Software\Pegasus Imaging]

[HKLM\Software\PegasusImaging]

[HKLM\Software\Pinnacle Systems]

[HKLM\Software\Policies]

[HKLM\Software\Program Groups]

[HKLM\Software\RegisteredApplications]

[HKLM\Software\Schlumberger]

[HKLM\Software\Secure]

[HKLM\Software\Sensaura]

[HKLM\Software\Skype]

[HKLM\Software\Sony Creative Software]

[HKLM\Software\Staccato]

[HKLM\Software\TENCENT]

[HKLM\Software\Team17]

[HKLM\Software\Texas Instruments]

[HKLM\Software\VideoLAN]

[HKLM\Software\WinRAR]

[HKLM\Software\Windows 3.1 Migration Status]

[HKLM\Software\Windows]

[HKLM\Software\ej-technologies]

[HKLM\Software\mozilla.org]

 

 

---\\ Contents of the Common Files folders (O43)

O43 - CFD: 3/4/2011 - 2:59:50 PM - [34430225] ----D- C:\Program Files\Ad-Remover

O43 - CFD: 12/1/2010 - 9:44:54 PM - [114255585] ----D- C:\Program Files\Adobe

O43 - CFD: 4/8/2010 - 11:05:44 PM - [141022015] ----D- C:\Program Files\Alwil Software

O43 - CFD: 7/12/2010 - 5:57:30 PM - [2539617] ----D- C:\Program Files\Analog Devices

O43 - CFD: 4/8/2010 - 10:11:58 PM - [1126400] ----D- C:\Program Files\ANI

O43 - CFD: 1/15/2011 - 11:48:32 PM - [153422] ----D- C:\Program Files\ATI Technologies

O43 - CFD: 1/12/2011 - 9:26:50 PM - [2848199] ----D- C:\Program Files\BitDefender

O43 - CFD: 7/15/2010 - 10:39:38 AM - [2902648] ----D- C:\Program Files\CCleaner

O43 - CFD: 11/27/2010 - 5:32:52 PM - [113156838] ----D- C:\Program Files\Cheat Engine

O43 - CFD: 3/5/2011 - 12:00:50 PM - [272572581] ----D- C:\Program Files\Common Files

O43 - CFD: 4/19/2005 - 12:50:56 AM - [0] ----D- C:\Program Files\ComPlus Applications

O43 - CFD: 4/8/2010 - 10:10:58 PM - [24422583] ----D- C:\Program Files\D-Link

O43 - CFD: 4/19/2005 - 1:27:20 AM - [795104] ----D- C:\Program Files\DIFX

O43 - CFD: 11/29/2010 - 8:55:46 PM - [6530718] ----D- C:\Program Files\EPSON

O43 - CFD: 1/19/2011 - 3:38:34 PM - [16553788] ----D- C:\Program Files\ffdshow

O43 - CFD: 3/6/2011 - 11:09:48 AM - [11339104] ----D- C:\Program Files\Free Video Converter

O43 - CFD: 1/2/2011 - 8:52:34 PM - [39584780] ----D- C:\Program Files\FrostWire

O43 - CFD: 2/28/2011 - 10:42:54 AM - [0] ----D- C:\Program Files\Ideas From the Deep

O43 - CFD: 1/15/2011 - 11:49:50 PM - [28578405] --H-D- C:\Program Files\InstallShield Installation Information

O43 - CFD: 12/27/2010 - 7:05:36 PM - [3656528] ----D- C:\Program Files\Internet Explorer

O43 - CFD: 3/5/2011 - 12:00:28 PM - [90669577] ----D- C:\Program Files\Java

O43 - CFD: 11/2/2010 - 10:32:06 PM - [72951406] ----D- C:\Program Files\Logitech

O43 - CFD: 3/1/2011 - 1:45:34 PM - [4922026] ----D- C:\Program Files\Malwarebytes' Anti-Malware

O43 - CFD: 7/15/2010 - 11:18:32 AM - [7366368] ----D- C:\Program Files\Megaupload

O43 - CFD: 4/19/2005 - 12:50:18 AM - [2161159] ----D- C:\Program Files\Messenger

O43 - CFD: 12/24/2010 - 3:32:50 PM - [194108293] ----D- C:\Program Files\Microsoft Office

O43 - CFD: 12/24/2010 - 3:33:10 PM - [3178824] ----D- C:\Program Files\Microsoft Works

O43 - CFD: 12/24/2010 - 3:32:16 PM - [8152064] ----D- C:\Program Files\Microsoft.NET

O43 - CFD: 4/19/2005 - 12:52:28 AM - [10285692] ----D- C:\Program Files\Movie Maker

O43 - CFD: 3/5/2011 - 8:36:00 PM - [31736348] ----D- C:\Program Files\Mozilla Firefox

O43 - CFD: 4/19/2005 - 12:49:42 AM - [21632708] ----D- C:\Program Files\MSN

O43 - CFD: 4/19/2005 - 12:50:14 AM - [8742663] ----D- C:\Program Files\MSN Gaming Zone

O43 - CFD: 4/19/2005 - 12:52:40 AM - [3258723] ----D- C:\Program Files\NetMeeting

O43 - CFD: 4/19/2005 - 12:50:28 AM - [2805] ----D- C:\Program Files\Online Services

O43 - CFD: 11/29/2010 - 9:25:34 PM - [385032166] ----D- C:\Program Files\OpenOffice.org 3

O43 - CFD: 4/19/2005 - 12:58:12 AM - [2884992] ----D- C:\Program Files\Opera

O43 - CFD: 4/19/2005 - 12:52:36 AM - [4322949] ----D- C:\Program Files\Outlook Express

O43 - CFD: 1/31/2011 - 8:11:50 PM - [26843584] ----D- C:\Program Files\PDFCreator

O43 - CFD: 12/19/2010 - 1:02:24 PM - [3699441] ----D- C:\Program Files\PhotoFiltre

O43 - CFD: 12/31/2010 - 12:09:46 AM - [699181049] ----D- C:\Program Files\Pinnacle

O43 - CFD: 3/5/2011 - 4:45:26 PM - [0] ----D- C:\Program Files\SafeSoft

O43 - CFD: 12/24/2010 - 4:10:14 PM - [28273755] R---D- C:\Program Files\Skype

O43 - CFD: 12/3/2010 - 3:40:12 PM - [14182198] ----D- C:\Program Files\TI Education

O43 - CFD: 4/19/2005 - 12:57:30 AM - [0] --H-D- C:\Program Files\Uninstall Information

O43 - CFD: 3/3/2011 - 3:18:54 PM - [229095] ----D- C:\Program Files\Unlocker

O43 - CFD: 5/25/2010 - 11:07:32 AM - [65033045] ----D- C:\Program Files\VideoLAN

O43 - CFD: 4/19/2005 - 1:03:10 AM - [3581070] ----D- C:\Program Files\Windows Media Connect 2

O43 - CFD: 4/19/2005 - 1:03:10 AM - [8255563] ----D- C:\Program Files\Windows Media Player

O43 - CFD: 4/19/2005 - 12:50:06 AM - [3917055] ----D- C:\Program Files\Windows NT

O43 - CFD: 4/19/2005 - 12:53:22 AM - [0] --H-D- C:\Program Files\WindowsUpdate

O43 - CFD: 4/8/2010 - 11:04:30 PM - [3887186] ----D- C:\Program Files\WinRAR

O43 - CFD: 3/6/2011 - 12:51:34 PM - [3533753] ----D- C:\Program Files\ZHPDiag

O43 - CFD: 12/1/2010 - 9:45:18 PM - [3515885] ----D- C:\Program Files\Common Files\Adobe

O43 - CFD: 1/17/2011 - 6:16:56 PM - [0] ----D- C:\Program Files\Common Files\BinarySense

O43 - CFD: 1/16/2011 - 11:44:32 AM - [1845832] ----D- C:\Program Files\Common Files\BitDefender

O43 - CFD: 12/24/2010 - 3:32:44 PM - [92976] ----D- C:\Program Files\Common Files\DESIGNER

O43 - CFD: 4/19/2005 - 1:26:34 AM - [6890256] ----D- C:\Program Files\Common Files\InstallShield

O43 - CFD: 3/5/2011 - 12:00:50 PM - [1247175] ----D- C:\Program Files\Common Files\Java

O43 - CFD: 11/2/2010 - 10:16:56 PM - [64114974] ----D- C:\Program Files\Common Files\LogiShrd

O43 - CFD: 1/16/2011 - 11:59:34 AM - [150877227] ----D- C:\Program Files\Common Files\Microsoft Shared

O43 - CFD: 4/19/2005 - 12:52:36 AM - [284160] ----D- C:\Program Files\Common Files\MSSoap

O43 - CFD: 4/19/2005 - 1:43:12 AM - [0] ----D- C:\Program Files\Common Files\ODBC

O43 - CFD: 2/6/2011 - 1:09:52 PM - [4464089] ----D- C:\Program Files\Common Files\Pinnacle

O43 - CFD: 4/19/2005 - 12:52:40 AM - [8106] ----D- C:\Program Files\Common Files\Services

O43 - CFD: 3/3/2011 - 2:04:38 PM - [2254216] ----D- C:\Program Files\Common Files\Skype

O43 - CFD: 4/19/2005 - 1:43:08 AM - [3787229] ----D- C:\Program Files\Common Files\SpeechEngines

O43 - CFD: 4/19/2005 - 12:51:58 AM - [7262591] ----D- C:\Program Files\Common Files\System

O43 - CFD: 12/3/2010 - 3:39:42 PM - [10743562] ----D- C:\Program Files\Common Files\TI Shared

O43 - CFD: 12/3/2010 - 3:39:02 PM - [14867456] ----D- C:\Program Files\Common Files\Wise Installation Wizard

O43 - CFD: 12/31/2010 - 12:09:46 AM - [316847] ----D- C:\Program Files\Common Files\Yahoo!

O43 - CFD: 2/21/2011 - 5:13:06 PM - [54139541] ----D- C:\Documents and Settings\Administrator\Application Data\.minecraft

O43 - CFD: 12/1/2010 - 9:46:00 PM - [2106528] ----D- C:\Documents and Settings\Administrator\Application Data\Adobe

O43 - CFD: 1/16/2011 - 12:29:46 PM - [480492] ----D- C:\Documents and Settings\Administrator\Application Data\BinarySense

O43 - CFD: 3/1/2011 - 7:38:30 PM - [199] ----D- C:\Documents and Settings\Administrator\Application Data\dvdcss

O43 - CFD: 3/6/2011 - 11:23:40 AM - [959] ----D- C:\Documents and Settings\Administrator\Application Data\FreeVideoConverter

O43 - CFD: 3/2/2011 - 10:16:34 AM - [22194] ----D- C:\Documents and Settings\Administrator\Application Data\fretsonfire

O43 - CFD: 3/5/2011 - 9:44:50 PM - [32506927] ----D- C:\Documents and Settings\Administrator\Application Data\FrostWire

O43 - CFD: 2/27/2011 - 12:07:04 AM - [1117] ----D- C:\Documents and Settings\Administrator\Application Data\Get from YouTube

O43 - CFD: 12/21/2010 - 12:14:10 PM - [1076] ----D- C:\Documents and Settings\Administrator\Application Data\Ideas From the Deep

O43 - CFD: 4/19/2005 - 12:57:32 AM - [0] ----D- C:\Documents and Settings\Administrator\Application Data\Identities

O43 - CFD: 4/8/2010 - 10:10:36 PM - [0] ----D- C:\Documents and Settings\Administrator\Application Data\InstallShield

O43 - CFD: 11/2/2010 - 10:17:46 PM - [345] ----D- C:\Documents and Settings\Administrator\Application Data\Leadertech

O43 - CFD: 4/8/2010 - 10:21:56 PM - [1932197] ----D- C:\Documents and Settings\Administrator\Application Data\Macromedia

O43 - CFD: 3/1/2011 - 1:45:38 PM - [208173] ----D- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

O43 - CFD: 7/15/2010 - 11:19:04 AM - [508837] ----D- C:\Documents and Settings\Administrator\Application Data\Megaupload

O43 - CFD: 2/6/2011 - 10:39:50 PM - [1538767] -S--D- C:\Documents and Settings\Administrator\Application Data\Microsoft

O43 - CFD: 4/8/2010 - 10:26:22 PM - [47901990] ----D- C:\Documents and Settings\Administrator\Application Data\Mozilla

O43 - CFD: 11/29/2010 - 9:28:14 PM - [2391873] ----D- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org

O43 - CFD: 12/19/2010 - 1:04:40 PM - [677] ----D- C:\Documents and Settings\Administrator\Application Data\PhotoFiltre

O43 - CFD: 2/9/2011 - 2:45:20 PM - [6643] ----D- C:\Documents and Settings\Administrator\Application Data\Power Sound Editor Free

O43 - CFD: 2/26/2011 - 3:23:30 PM - [945] ----D- C:\Documents and Settings\Administrator\Application Data\Regressi

O43 - CFD: 3/6/2011 - 12:32:32 PM - [5050825] ----D- C:\Documents and Settings\Administrator\Application Data\Skype

O43 - CFD: 3/6/2011 - 10:36:18 AM - [55064] ----D- C:\Documents and Settings\Administrator\Application Data\skypePM

O43 - CFD: 12/24/2010 - 4:35:40 PM - [30666] ----D- C:\Documents and Settings\Administrator\Application Data\Sony

O43 - CFD: 2/26/2011 - 10:17:00 PM - [52770905] ----D- C:\Documents and Settings\Administrator\Application Data\Sony Setup

O43 - CFD: 7/28/2010 - 5:40:58 PM - [690] ----D- C:\Documents and Settings\Administrator\Application Data\Spore

O43 - CFD: 1/2/2011 - 8:46:26 PM - [31702859] ----D- C:\Documents and Settings\Administrator\Application Data\Sun

O43 - CFD: 11/1/2010 - 3:53:38 PM - [462562] ----D- C:\Documents and Settings\Administrator\Application Data\vlc

O43 - CFD: 4/8/2010 - 11:04:52 PM - [12] ----D- C:\Documents and Settings\Administrator\Application Data\WinRAR

O43 - CFD: 5/27/2010 - 4:28:08 AM - [0] ----D- C:\Documents and Settings\Administrator\Local Settings\Application Data\2DBoy

O43 - CFD: 12/1/2010 - 9:46:00 PM - [14371893] ----D- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe

O43 - CFD: 12/21/2010 - 12:23:38 PM - [0] ----D- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment

O43 - CFD: 2/6/2011 - 1:09:48 PM - [146388992] ----D- C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations

O43 - CFD: 7/18/2010 - 11:28:34 AM - [226896] ----D- C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities

O43 - CFD: 1/23/2011 - 2:44:26 PM - [5074680] ----D- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft

O43 - CFD: 12/24/2010 - 3:30:42 PM - [0] ----D- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help

O43 - CFD: 4/8/2010 - 10:26:16 PM - [96824171] ----D- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla

O43 - CFD: 12/1/2010 - 9:46:00 PM - [0] ----D- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp

O43 - CFD: 1/19/2011 - 3:40:08 PM - [0] ----D- C:\Documents and Settings\Administrator\Local Settings\Application Data\WMTools Downloaded Files

O43 - CFD: 4/19/2005 - 12:55:24 AM - [15808] R---D- C:\WINDOWS\system32\Config\systemprofile\Start Menu\Programs\Accessories

O43 - CFD: 2/6/2011 - 1:08:42 PM - [62] R---D- C:\WINDOWS\system32\Config\systemprofile\Start Menu\Programs\Administrative Tools

O43 - CFD: 4/19/2005 - 1:42:28 AM - [84] R---D- C:\WINDOWS\system32\Config\systemprofile\Start Menu\Programs\Startup

 

 

---\\ Last modified or created files under Windows and System32 (O44)

O44 - LFC:[MD5.59F1080EF324BDD5A63975AB721247B3] - 2/24/2011 - 8:00:07 PM ---A- . (...) -- C:\WINDOWS\MegaManager.INI [50]

O44 - LFC:[MD5.A3E700D78EEC390F1208098CDCA5C6B6] - 2/6/2011 - 1:10:02 PM ---A- . (.Pinnacle Systems GmbH - Pinnacle Marvin Discrete Bus Enumerator.) -- C:\WINDOWS\System32\drivers\MarvinBus.sys [171520]

O44 - LFC:[MD5.110605EE0400AF6D3C81BD48BE88D371] - 2/7/2011 - 6:32:12 AM ---A- . (...) -- C:\WINDOWS\System32\FNTCACHE.DAT [246312]

O44 - LFC:[MD5.0C41B286FCB82116E49B076125DDBDDB] - 2/9/2011 - 1:54:10 PM ---A- . (.NCT - NCTAudioCDGrabber2 ActiveX DLL.) -- C:\WINDOWS\System32\NCTAudioCDGrabber2.dll [835584]

O44 - LFC:[MD5.BB825317BCE50FC7D2A05E5DE245AA25] - 2/9/2011 - 1:54:10 PM ---A- . (.Online Media Technologies Ltd. - NCTAudioEditor2 ActiveX DLL.) -- C:\WINDOWS\System32\NCTAudioEditor2.dll [880640]

O44 - LFC:[MD5.3861E1268367854B74E0EAAD860C97FE] - 2/9/2011 - 1:54:11 PM ---A- . (.NCT Company Ltd. - NCTAudioFile2 ActiveX DLL.) -- C:\WINDOWS\System32\NCTAudioFile2.dll [1986560]

O44 - LFC:[MD5.D34D1DB92FF97C4E477DC0EC8DE3CF96] - 2/9/2011 - 1:54:11 PM ---A- . (.NCT Company Ltd. - NCTWMAFile2 ActiveX DLL.) -- C:\WINDOWS\System32\NCTWMAFile2.dll [348160]

O44 - LFC:[MD5.BDF4A283DE3AB7F9EA53FC3440D5B8AC] - 2/9/2011 - 1:54:11 PM ---A- . (.Online Media Technologies Ltd. - NCTAudioInformation2 ActiveX DLL.) -- C:\WINDOWS\System32\NCTAudioInformation2.dll [1212416]

O44 - LFC:[MD5.2FA689F048FECADF3DFE933D7800868F] - 2/9/2011 - 1:54:11 PM ---A- . (.Online Media Technologies Ltd. - NCTAudioPlayer2 ActiveX DLL.) -- C:\WINDOWS\System32\NCTAudioPlayer2.dll [458752]

O44 - LFC:[MD5.1322B7D39350F31C893697CF5B28D826] - 2/9/2011 - 1:54:11 PM ---A- . (.Online Media Technologies Ltd. - NCTAudioRecord2 ActiveX DLL.) -- C:\WINDOWS\System32\NCTAudioRecord2.dll [458752]

O44 - LFC:[MD5.2A64380F486E3C5791985EBCA471D312] - 2/9/2011 - 1:54:11 PM ---A- . (.Online Media Technologies Ltd. - NCTAudioTransform2 ActiveX DLL.) -- C:\WINDOWS\System32\NCTAudioTransform2.dll [602112]

O44 - LFC:[MD5.A9462C25FDCD8117800FB83AB17527BF] - 2/9/2011 - 1:54:11 PM ---A- . (.Online Media Technologies Ltd. - NCTAudioVisualization2 ActiveX DLL.) -- C:\WINDOWS\System32\NCTAudioVisualization2.dll [479232]

O44 - LFC:[MD5.E143C6F7397DE0440D7E3B5E15F208A4] - 2/9/2011 - 1:54:11 PM ---A- . (.Online Media Technologies Ltd. - NCTTextToAudio2 ActiveX DLL.) -- C:\WINDOWS\System32\NCTTextToAudio2.dll [417792]

O44 - LFC:[MD5.836E0E09CA9869BE7EB39EF2CF3602C7] - 3/1/2011 - 1:45:26 PM ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbam.sys [20952]

O44 - LFC:[MD5.D68E165C3123ABA3B1282EDDB4213BD8] - 3/1/2011 - 1:45:31 PM ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [38224]

O44 - LFC:[MD5.2FF716181C4B662EA9C20D1512E28058] - 3/2/2011 - 10:12:36 AM ---A- . (...) -- C:\WINDOWS\System32\d3d9caps.dat [1324]

O44 - LFC:[MD5.E5718D68F752ADB4D0F814CFCE7DB702] - 3/23/2006 - 12:56:50 PM ---A- . (...) -- C:\WINDOWS\System32\NCTWMAProfiles.prx [113486]

O44 - LFC:[MD5.9E23160D06EA7E127FD2725898F72440] - 3/3/2011 - 2:18:49 PM ---A- . (...) -- C:\PhysicalDisk0_MBR.bin [512]

O44 - LFC:[MD5.8205F1F92DA814E5195362F900F5A1EA] - 3/4/2011 - 3:00:52 PM ---A- . (...) -- C:\Ad-Report-CLEAN[1].txt [3033]

O44 - LFC:[MD5.CD50C36E02970A219B0FE8BADA8A837E] - 3/5/2011 - 12:00:26 PM ---A- . (...) -- C:\WINDOWS\System32\jupdate-1.6.0_24-b07.log [4551]

O44 - LFC:[MD5.68288DA42BC798992A42CD59061B199D] - 3/5/2011 - 12:00:31 PM ---A- . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\WINDOWS\System32\java.exe [145184]

O44 - LFC:[MD5.5BF8BA1B854D7DFCE1F47E58852B3D8F] - 3/5/2011 - 12:00:31 PM ---A- . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\WINDOWS\System32\javaw.exe [145184]

O44 - LFC:[MD5.58DC5CBDC930AF070B177843810F2C85] - 3/5/2011 - 12:00:31 PM ---A- . (.Sun Microsystems, Inc. - Java Web Start Launcher.) -- C:\WINDOWS\System32\javaws.exe [157472]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 3/5/2011 - 8:57:44 PM ---A- . (...) -- C:\WINDOWS\setuperr.log [0]

O44 - LFC:[MD5.788498FC45154E5E9BF119C4E3A601F6] - 3/6/2011 - 10:34:55 AM ---A- . (...) -- C:\WINDOWS\System32\wpa.dbl [2206]

O44 - LFC:[MD5.F821E9B4C0B96992B450CA0B240532BB] - 3/6/2011 - 11:23:38 AM ---A- . (...) -- C:\WINDOWS\win.ini [737]

O44 - LFC:[MD5.E0EECD63C436E2CBDDB9458872AFA0CB] - 3/6/2011 - 11:33:38 AM ---A- . (...) -- C:\WINDOWS\System32\ANIWZCSUSERNAME{E5208E30-CA4C-4FC5-A404-336D115F3C7B} [14]

O44 - LFC:[MD5.00648E86D8C4BCBACACB476B997C17A5] - 3/6/2011 - 12:04:47 PM ---A- . (...) -- C:\WINDOWS\WindowsUpdate.log [5196]

O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 3/6/2011 - 12:05:44 PM -S-A- . (...) -- C:\WINDOWS\bootstat.dat [2048]

O44 - LFC:[MD5.B0ED1200E915817C00DCFD7F84EE1200] - 3/6/2011 - 12:06:00 PM ---A- . (...) -- C:\WINDOWS\wiaservc.log [48]

O44 - LFC:[MD5.B0ED1200E915817C00DCFD7F84EE1200] - 3/6/2011 - 12:06:05 PM ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 3/6/2011 - 12:06:06 PM ---A- . (...) -- C:\WINDOWS\0.log [0]

O44 - LFC:[MD5.AEE9262F1C3766881DD8227B3EB46CBF] - 3/6/2011 - 12:06:08 PM ---A- . (...) -- C:\WINDOWS\System32\ANIWZCSUSERNAME [7]

O44 - LFC:[MD5.E0EECD63C436E2CBDDB9458872AFA0CB] - 3/6/2011 - 12:06:16 PM ---A- . (...) -- C:\WINDOWS\System32\ANIWZCSUSERNAME{A566577F-209F-49A4-9A8E-873FAC0473D3} [14]

O44 - LFC:[MD5.A95B3169B768AC54E5DD8AAB93FB24E9] - 3/6/2011 - 12:06:57 PM ---A- . (...) -- C:\WINDOWS\setupact.log [232]

O44 - LFC:[MD5.F2E198084A92A2FE2013F1E3D120E3E2] - 3/6/2011 - 12:07:00 PM ---A- . (...) -- C:\WINDOWS\setupapi.log [28959]

O44 - LFC:[MD5.ADC725F84BE549A71818D7904B2F6A87] - 3/6/2011 - 12:10:03 PM ---A- . (...) -- C:\WINDOWS\System32\PerfStringBackup.INI [458340]

O44 - LFC:[MD5.7259DAD9C61CDE3B343C32F2EB8E49BD] - 3/6/2011 - 12:10:03 PM ---A- . (...) -- C:\WINDOWS\System32\perfc009.dat [58596]

O44 - LFC:[MD5.75AE0B75E86DD7713F52041C92B0A4F6] - 3/6/2011 - 12:10:03 PM ---A- . (...) -- C:\WINDOWS\System32\perfh009.dat [392296]

O44 - LFC:[MD5.1AF376D0494291C0E920E15CDA72F7A1] - 3/6/2011 - 12:45:55 PM ---A- . (...) -- C:\WINDOWS\ie8_main.log [1706]

 

 

---\\ Operations and functions at Windows Explorer startup (O46)

O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll

 

 

---\\ Export authorized application key (O47)

O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Microsoft® Remote Desktop Help Session Manager.) -- C:\WINDOWS\system32\sessmgr.exe

O47 - AAKE:Key Export SP - "C:\Documents and Settings\Administrator\Desktop\Warcraft III\Warcraft III.exe" [Enabled] .(.Unknown owner - No comment.) -- C:\Documents and Settings\Administrator\Desktop\Warcraft III\Warcraft III.exe (.not file.)

O47 - AAKE:Key Export SP - "E:\Jeux Etienne\MMORPG\Worms 4\WORMS 4 MAYHEM.EXE" [Disabled] .(.Unknown owner - No comment.) -- E:\Jeux Etienne\MMORPG\Worms 4\WORMS 4 MAYHEM.exe (.not file.)

O47 - AAKE:Key Export SP - "C:\Program Files\Skype\Plugin Manager\skypePM.exe" [Enabled] .(.Skype Technologies - Skype Extras Manager.) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe" [Enabled] .(.Pinnacle Systems - Render Manager.) -- C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe" [Enabled] .(.Pinnacle Systems - umi.) -- C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe" [Enabled] .(.Pinnacle Systems - Pinnacle VideoSpin program file.) -- C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe

O47 - AAKE:Key Export SP - "C:\Program Files\FrostWire\FrostWire.exe" [Enabled] .(.FrostWire Group - FrostWire.) -- C:\Program Files\FrostWire\FrostWire.exe

O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\dpnsvr.exe" [Enabled] .(.Microsoft Corporation - Microsoft DirectPlay8 Server.) -- C:\WINDOWS\system32\dpnsvr.exe

O47 - AAKE:Key Export SP - "E:\Jeux Etienne\RTS\Impossible Créature\IC.exe" [Enabled] .(.Unknown owner - No comment.) -- E:\Jeux Etienne\RTS\Impossible Créature\IC.exe (.not file.)

O47 - AAKE:Key Export SP - "E:\Jeux Etienne\RTS\Warcraft III Frozen Throne\war3.exe" [Enabled] .(.Unknown owner - No comment.) -- E:\Jeux Etienne\RTS\Warcraft III Frozen Throne\war3.exe (.not file.)

O47 - AAKE:Key Export SP - "E:\Jeux Etienne\RTS\Warcraft III\War3.exe" [Enabled] .(.Unknown owner - No comment.) -- E:\Jeux Etienne\RTS\Warcraft III\War3.exe (.not file.)

O47 - AAKE:Key Export SP - "E:\Logiciels\Pinnacle Studio 12 Plus\Programs\RM.exe" [Enabled] .(.Unknown owner - No comment.) -- E:\Logiciels\Pinnacle Studio 12 Plus\Programs\RM.exe (.not file.)

O47 - AAKE:Key Export SP - "E:\Logiciels\Pinnacle Studio 12 Plus\Programs\Studio.exe" [Enabled] .(.Unknown owner - No comment.) -- E:\Logiciels\Pinnacle Studio 12 Plus\Programs\Studio.exe (.not file.)

O47 - AAKE:Key Export SP - "E:\Logiciels\Pinnacle Studio 12 Plus\Programs\umi.exe" [Enabled] .(.Unknown owner - No comment.) -- E:\Logiciels\Pinnacle Studio 12 Plus\Programs\umi.exe (.not file.)

O47 - AAKE:Key Export SP - "E:\Jeux Etienne\Sport - (MMO)RG\TmNationsForever\TmForever.exe" [Enabled] .(.Unknown owner - No comment.) -- E:\Jeux Etienne\Sport - (MMO)RG\TmNationsForever\TmForever.exe (.not file.)

O47 - AAKE:Key Export SP - "F:\Jeux Etienne\Sport - (MMO)RG\TmNationsForever\TmForever.exe" [Enabled] .(.Unknown owner - No comment.) -- F:\Jeux Etienne\Sport - (MMO)RG\TmNationsForever\TmForever.exe

O47 - AAKE:Key Export SP - "F:\Jeux Etienne\FPS\Halo\halo.exe" [Enabled] .(.Microsoft Corporation - Halo.) -- F:\Jeux Etienne\FPS\Halo\halo.exe

O47 - AAKE:Key Export SP - "C:0\Jeux Etienne\FPS\Halo\halo.exe" [Enabled] Orphean Key

O47 - AAKE:Key Export SP - "C:0\Jeux Etienne\Sport - (MMO)RG\TmNationsForever\TmForever.exe" [Enabled] Orphean Key

O47 - AAKE:Key Export SP - "C:\Program Files\Skype\Phone\Skype.exe" [Enabled] .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe

O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Microsoft® Remote Desktop Help Session Manager.) -- C:\WINDOWS\system32\sessmgr.exe

 

 

---\\ Local Security Authority-LSA Deny (O48)

O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\System32\msv1_0.dll

O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Windows Security Configuration Editor Client Engine.) -- C:\WINDOWS\System32\scecli.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\System32\msv1_0.dll

 

 

---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)

O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - DSP Group TrueSpeech Audio Codec for MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm

O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll

O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\ir32_32.dll

O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\ir32_32.dll

O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\System32\ir41_32.ax

O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm

O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax

O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\System32\ir50_32.dll

O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm

O52 - TDSD: \Drivers32\"vidc.mjpg"="pvmjpg30.dll" . (.Pegasus Imaging Corporation - PICVideo M-JPEG 3 codec.) -- C:\WINDOWS\System32\pvmjpg30.dll

O52 - TDSD: \Drivers32\"VIDC.FFDS"="ff_vfw.dll" . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\ff_vfw.dll

O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm

O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax

O52 - TDSD: \drivers.desc\"ir50_32.dll"="Indeo® video 5.10" . (.Unknown owner - No comment.) -- (.not file.)

O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm

O52 - TDSD: \drivers.desc\"pvmjpg30.dll"="PICVideo 3 M-JPEG VfW Codec" . (.Pegasus Imaging Corporation - PICVideo M-JPEG 3 codec.) -- C:\WINDOWS\System32\pvmjpg30.dll

O52 - TDSD: \drivers.desc\"ff_vfw.dll"="ffdshow video encoder" . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\ff_vfw.dll

 

 

---\\ ShareTools MSconfig StartupReg (SMSR) (O53)

O53 - SMSR:HKLM\...\startupreg\Adobe ARM [Key] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

O53 - SMSR:HKLM\...\startupreg\Adobe Reader Speed Launcher [Key] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe

O53 - SMSR:HKLM\...\startupreg\LogitechQuickCamRibbon [Key] . (.Unknown owner - No comment.) -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

O53 - SMSR:HKLM\...\startupreg\SunJavaUpdateSched [Key] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe

 

 

---\\ Microsoft Control Security Providers (MCSP) (O54)

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - DPA Client for 32 bit platforms.) -- C:\WINDOWS\system32\msapsspc.dll

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Digest SSPI Authentication Package.) -- C:\WINDOWS\system32\digest.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - DPA Client for 32 bit platforms.) -- C:\WINDOWS\system32\msapsspc.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Digest SSPI Authentication Package.) -- C:\WINDOWS\system32\digest.dll

 

 

---\\ Microsoft Windows Policies System (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=

O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "DisableCAD"=1

O55 - MWPS:[HKLM\...\Policies\System] - "DisableStatusMessages"=0

O55 - MWPS:[HKLM\...\Policies\System] - "VerboseStatus"=1

O55 - MWPS:[HKLM\...\Policies\System] - "NoInternetOpenWith"=1

 

 

---\\ Microsoft Windows Policies Explorer (MWPE) (O56)

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoResolveTrack"=1

O56 - MWPE:[HKCU\...\policies\Explorer] - "LinkResolveIgnoreLinkInfo"=1

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoResolveSearch"=1

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoStartBanner"=1

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSMConfigurePrograms"=1

O56 - MWPE:[HKCU\...\policies\Explorer] - "MemCheckBoxInRunDlg"=1

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSharedDocuments"=1

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoActiveDesktop"=1

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoRecentDocsMenu"=1

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoRemoteRecursiveEvents"=1

O56 - MWPE:[HKLM\...\policies\Explorer] - "MemCheckBoxInRunDlg"=1

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoCDBurning"=1

O56 - MWPE:[HKLM\...\policies\Explorer] - "StartMenuFavorites"=0

O56 - MWPE:[HKLM\...\policies\Explorer] - "Start_ShowMyComputer"=1

O56 - MWPE:[HKLM\...\policies\Explorer] - "Start_ShowMyDocs"=1

O56 - MWPE:[HKLM\...\policies\Explorer] - "Start_ShowMyMusic"=0

O56 - MWPE:[HKLM\...\policies\Explorer] - "Start_ShowRun"=1

O56 - MWPE:[HKLM\...\policies\Explorer] - "Start_ShowSearch"=0

O56 - MWPE:[HKLM\...\policies\Explorer] - "AllowLegacyWebView"=1

O56 - MWPE:[HKLM\...\policies\Explorer] - "AllowUnhashedWebView"=1

 

 

---\\ System Drivers List (SDL) (O58)

O58 - SDL:[MD5.479C9835B91147BE1A92CB76FAD9C6DE] - 1/13/2011 - 9:37:11 AM ---A- . (.AVAST Software - avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP.) -- C:\WINDOWS\system32\drivers\aavmker4.sys [29392]

O58 - SDL:[MD5.CBA53C5E29AE0A0CE76F9A2BE3A40D9E] - 1/13/2011 - 9:37:09 AM ---A- . (.AVAST Software - avast! File System Access Blocking Driver.) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys [17744]

O58 - SDL:[MD5.701D741F60983B0319560523294E5D5B] - 1/13/2011 - 9:39:50 AM ---A- . (.AVAST Software - avast! File System Filter Driver for Windows NT/2000.) -- C:\WINDOWS\system32\drivers\aswmon.sys [94544]

O58 - SDL:[MD5.A1C52B822B7B8A5C2162D38F579F97B7] - 1/13/2011 - 9:40:04 AM ---A- . (.AVAST Software - avast! File System Filter Driver for Windows XP.) -- C:\WINDOWS\system32\drivers\aswmon2.sys [100176]

O58 - SDL:[MD5.B6E8C5874377A42756C282FAC2E20836] - 1/13/2011 - 9:37:30 AM ---A- . (.AVAST Software - avast! TDI RDR Driver.) -- C:\WINDOWS\system32\drivers\aswRdr.sys [23632]

O58 - SDL:[MD5.B93A553C9B0F14263C8F016A44C3258C] - 1/13/2011 - 9:41:16 AM ---A- . (.AVAST Software - avast! self protection module.) -- C:\WINDOWS\system32\drivers\aswSP.sys [294608]

O58 - SDL:[MD5.1408421505257846EB336FEEEF33352D] - 1/13/2011 - 9:40:16 AM ---A- . (.AVAST Software - avast! TDI Filter Driver.) -- C:\WINDOWS\system32\drivers\aswTdi.sys [47440]

O58 - SDL:[MD5.C0B86ECB324E50F6BBD529F9D5C6B24B] - 2/11/2010 - 8:38:10 AM ---A- . (.ATI Technologies Inc. - ATI Radeon WindowsNT Miniport Driver.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys [3565056]

O58 - SDL:[MD5.B562592B7F5759C99E179CA467ECFB4C] - 5/3/2008 - 1:00:00 PM ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\drivers\cinemst2.sys [262528]

O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 5/3/2008 - 1:00:00 PM ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys [11776]

O58 - SDL:[MD5.4EF3F74439AA644BCD8DDC0ED88A5D01] - 7/17/2009 - 3:23:46 PM ---A- . (.Ralink Technology, Corp. - Ralink 802.11 USB Wireless Adapter Driver.) -- C:\WINDOWS\system32\drivers\Dr71WU.sys [476544]

O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 5/3/2008 - 1:00:00 PM ---A- . (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\drivers\hdaudbus.sys [144384]

O58 - SDL:[MD5.1A7DB7A00A4B0D8DA24CD691A4547291] - 10/7/2009 - 1:46:36 AM ---A- . (...) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys [25752]

O58 - SDL:[MD5.A3E700D78EEC390F1208098CDCA5C6B6] - 9/23/2005 - 11:18:32 PM ---A- . (.Pinnacle Systems GmbH - Pinnacle Marvin Discrete Bus Enumerator.) -- C:\WINDOWS\system32\drivers\MarvinBus.sys [171520]

O58 - SDL:[MD5.836E0E09CA9869BE7EB39EF2CF3602C7] - 12/20/2010 - 6:08:40 PM ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbam.sys [20952]

O58 - SDL:[MD5.D68E165C3123ABA3B1282EDDB4213BD8] - 12/20/2010 - 6:09:00 PM ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys [38224]

O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 5/3/2008 - 1:00:00 PM ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\nikedrv.sys [12032]

O58 - SDL:[MD5.7574729C73D923949F375FA1C7E8A255] - 2/9/2007 - 10:24:52 AM ---A- . (.Xeno - Prio Network Activity Driver.) -- C:\WINDOWS\system32\drivers\prio.sys [34328]

O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 5/3/2008 - 1:00:00 PM ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys [17792]

O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 5/3/2008 - 1:00:00 PM ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers\rio8drv.sys [12032]

O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 5/3/2008 - 1:00:00 PM ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\riodrv.sys [12032]

O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 5/3/2008 - 1:00:00 PM ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\secdrv.sys [20480]

O58 - SDL:[MD5.B9C7617C1E8AB6FDFF75D3C8DAFCB4C8] - 9/17/2004 - 8:02:54 AM ---A- . (.Creative Technology Ltd. - Creative WDM Audio Driver.) -- C:\WINDOWS\system32\drivers\senfilt.sys [732928]

O58 - SDL:[MD5.392834ADB35DEB199B03AE6A6CAAB23A] - 1/28/2004 - 3:03:26 PM ---A- . (.Texas Instruments Incorporated - SilvrLnk.sys.) -- C:\WINDOWS\system32\drivers\SilvrLnk.sys [21456]

O58 - SDL:[MD5.C6D9959E493682F872A639B6EC1B4A08] - 1/27/2005 - 2:31:06 PM ---A- . (.Analog Devices, Inc. - SoundMAX Integrated Digital Audio.) -- C:\WINDOWS\system32\drivers\smwdm.sys [260352]

O58 - SDL:[MD5.A1124EBC672AA3AE1B327096C1DCC346] - 2/4/2004 - 10:27:56 AM ---A- . (.Texas Instruments Incorporated - tiehdusb.sys.) -- C:\WINDOWS\system32\drivers\tiehdusb.sys [49536]

O58 - SDL:[MD5.D74A8EC75305F1D3CFDE7C7FC1BD62A9] - 5/3/2008 - 1:00:00 PM ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\drivers\tsbvcap.sys [21376]

O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 5/3/2008 - 1:00:00 PM ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys [58112]

O58 - SDL:[MD5.2953A157A783BFC06F42F99FEFA5EB07] - 2/9/2009 - 5:10:04 PM ---A- . (.Unknown owner - ANIO (NT5) Driver.) -- C:\WINDOWS\system32\ANIO.sys [29411]

O58 - SDL:[MD5.ACF780F3DCE634A0B8ECE6E3CD505C9C] - 5/12/2007 - 3:39:32 PM ---A- . (.ANI - ANIO (NDIS4) Driver.) -- C:\WINDOWS\system32\anio4.sys [11904]

O58 - SDL:[MD5.329507873BFA0CE31BA9DFA65450A306] - 2/9/2009 - 5:36:00 PM ---A- . (.Unknown owner - ANIO (NT5) Driver.) -- C:\WINDOWS\system32\ANIO64.sys [48640]

O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 5/3/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9029]

O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 5/3/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]

O58 - SDL:[MD5.A7132943D717E33EE35F71B465BB2467] - 7/17/2009 - 3:23:56 PM ---A- . (.Ralink Technology, Corp. - Ralink 802.11 USB Wireless Adapter Driver.) -- C:\WINDOWS\system32\Dr71WU98.sys [479360]

O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 5/3/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4768]

O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 5/3/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]

O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 5/3/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]

O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 5/3/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27866]

O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 5/3/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]

O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 5/3/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]

O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 5/3/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]

O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 5/3/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]

O58 - SDL:[MD5.4FE09F868CE65B334B42862C372C69CC] - 5/3/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33840]

O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 5/3/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]

O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 5/3/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]

O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 5/3/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]

O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 5/3/2008 - 1:00:00 PM ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]

O58 - SDL:[MD5.FCFCF5770B220454BD6164DC3561F11F] - 5/12/2007 - 1:44:48 PM ---A- . (.Ralink Technology Inc. - Sample Driver for Ralink 802.11g Wireless USB Adapters.) -- C:\WINDOWS\system32\rt25u98.sys [247808]

 

 

---\\ List all tools cleaner (LATC) (O63)

O63 - Logiciel: Ad-Remover par C_XX - (.C_XX.) [HKLM] -- Ad-Remover

O63 - Logiciel: ZHPDiag 1.27 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1

 

 

---\\ File Associations Shell Spawning (O67)

O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\Windows\System32\shell32.dll

O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe

O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\WINDOWS\regedit.exe

O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\Windows\System32\shell32.dll

O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\WINDOWS\regedit.exe

 

 

---\\ Start Menu Internet (SMI) (O68)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

 

 

---\\ Search Browser Infection (SBI) (O69)

O69 - SBI: SearchScopes [HKCU] ${searchCLSID} [DefaultScope] - (@ieframe.dll,-12512) - http://search.live.com

O69 - SBI: SearchScopes [HKCU] {9EA44D8B-84D5-478A-9639-9E066F9F50A7} - (Google) - http://www.google.com'>http://www.google.com'>http://www.google.com'>http://www.google.com'>http://www.google.com

O69 - SBI: SearchScopes [HKUS\.DEFAULT] {9EA44D8B-84D5-478A-9639-9E066F9F50A7} [DefaultScope] - (Google) - http://www.google.com

O69 - SBI: SearchScopes [HKUS\S-1-5-18] {9EA44D8B-84D5-478A-9639-9E066F9F50A7} [DefaultScope] - (Google) - http://www.google.com

O69 - SBI: SearchScopes [HKUS\S-1-5-19] {9EA44D8B-84D5-478A-9639-9E066F9F50A7} [DefaultScope] - (Google) - http://www.google.com

O69 - SBI: SearchScopes [HKUS\S-1-5-20] {9EA44D8B-84D5-478A-9639-9E066F9F50A7} [DefaultScope] - (Google) - http://www.google.com

 

 

---\\ Search Particular Root Folder (SPRF) (O84)

[MD5.48B4731B0411C91D02A9E089082093EF] [sPRF] (.Unknown owner - No comment.) -- C:\Program Files\vlc-1.1.4-win32.exe [19657194]

 

 

---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)

SR - | Auto 7/7/2009 151552 | (ANIWConnService) . (.Unknown owner.) - C:\WINDOWS\system32\ANIWConnService.exe

SS - | Auto 8/21/2009 102400 | (ANIWZCSdService) . (.Wireless Service.) - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

SR - | Auto 2/11/2010 602112 | (Ati HotKey Poller) . (.ATI Technologies Inc..) - C:\WINDOWS\system32\Ati2evxx.exe

SS - | Auto 2/10/2010 593920 | (ATI Smart) . (.Unknown owner.) - C:\WINDOWS\system32\ati2sgag.exe

SR - | Auto 1/13/2011 40384 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

SS - | Demand 5/3/2008 224768 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\System32\dmadmin.exe

SR - | Auto 2/2/2011 153376 | (JavaQuickStarterService) . (.Sun Microsystems, Inc..) - C:\Program Files\Java\jre6\bin\jqs.exe

SS - | Disabled 10/7/2009 154136 | (LVPrcSrv) . (.Logitech Inc..) - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

 

 

---\\ Search Master Boot Record Infection (MBR)(O80)

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net

Run by Administrator at 3/6/2011 12:52:09 PM

 

device: opened successfully

user: MBR read successfully

 

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS

1 ntkrnlpa!IofCallDriver[0x804EF196] -> \Device\Harddisk0\DR0[0x8678BAB8]

3 CLASSPNP[0xF7652FD7] -> ntkrnlpa!IofCallDriver[0x804EF196] -> \Device\Ide\IdeDeviceP0T0L0-4[0x8675BB00]

kernel: MBR read successfully

user & kernel MBR OK

 

 

---\\ Search Master Boot Record Infection (MBRCheck)(O80)

Written by ad13, http://ad13.geekstog

Run by Administrator at 3/6/2011 12:52:11 PM

Use the desktop link 'MBRCheck' to have full report

Dump file Name : C:\PhysicalDisk0_MBR.bin

 

 

 

End of the scan (835 lines in 49mn AMs)(0)

 

 

 

leminou :

DDE n°1 (là ou je veux copier en priorité) : Prise USB / FAT32

DDE n°2 : Prise USB / NTFS

 

Dans le GdesPeriph Je n'ai pas de point d'interrogation sauf pour Ethernet Controller.

 

 

mais, mais...

AVEC SUPERCOPIER CA A L'AIR DE FONCTIONNER !!!!

Merci !!! (Mais je cri pas victoire trop tot on attend de voir, mais les quelques copies de avi se sont faites)

Modifié le 6 mars 2011 par NxxS

[bleuet]

Salut !

 

Ask.com a été nettoyé.

Avec ZHPDiag, tu dois avoir un autre programme = MBRCheck. Lance le. Son rapport sera sauvé sur le Bureau.

Charge MBR.exe et garde le rapport.>

 

Infection au rootkit mbr.exe

>

 

http://www2.gmer.net/mbr/mbr.exe

 

 

Peux-tu demander le transfert de ton sujet sur le forum "éradication malwares". Il y a peut être du suspect au niveau de ton DD et là je dois passer la main.

 

 

Bleuet (06/03/2011)

[NxxS]

Okay je vais voir çà.

Mais avant, un DD ce defragmente t il ?

Le mien commence à vrai des bruits que j'aime pas.

 

Antivir est vraiment mieux ?

 

 

MBRCheck, version 1.2.3

© 2010, AD

 

Command-line:

Windows Version: Windows XP Professional

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x0000003c

 

Kernel Drivers (total 122):

0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

0x806E4000 \WINDOWS\system32\hal.dll

0xF7B12000 \WINDOWS\system32\KDCOM.DLL

0xF7A22000 \WINDOWS\system32\BOOTVID.dll

0xF74E3000 ACPI.sys

0xF7B14000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xF74D2000 pci.sys

0xF7612000 isapnp.sys

0xF7BDA000 pciide.sys

0xF7892000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xF7622000 MountMgr.sys

0xF74B3000 ftdisk.sys

0xF7B16000 dmload.sys

0xF748D000 dmio.sys

0xF789A000 PartMgr.sys

0xF7632000 VolSnap.sys

0xF7475000 atapi.sys

0xF7642000 disk.sys

0xF7652000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xF7455000 fltMgr.sys

0xF743E000 KSecDD.sys

0xF73B1000 Ntfs.sys

0xF7384000 NDIS.sys

0xF736A000 Mup.sys

0xF7842000 \SystemRoot\system32\DRIVERS\intelppm.sys

0xF6A29000 \SystemRoot\system32\DRIVERS\ati2mtag.sys

0xF62E8000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xF7962000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0xF62C4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xF796A000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xF6284000 \SystemRoot\system32\drivers\smwdm.sys

0xF6260000 \SystemRoot\system32\drivers\portcls.sys

0xF76C2000 \SystemRoot\system32\drivers\drmk.sys

0xF623D000 \SystemRoot\system32\drivers\ks.sys

0xF618A000 \SystemRoot\system32\drivers\senfilt.sys

0xF6176000 \SystemRoot\system32\DRIVERS\parport.sys

0xF76D2000 \SystemRoot\system32\DRIVERS\serial.sys

0xF6E39000 \SystemRoot\system32\DRIVERS\serenum.sys

0xF76E2000 \SystemRoot\system32\DRIVERS\imapi.sys

0xF76F2000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xF7702000 \SystemRoot\system32\DRIVERS\redbook.sys

0xF7D4E000 \SystemRoot\system32\DRIVERS\audstub.sys

0xF7712000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xF6E31000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xF615F000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xF7033000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xF7023000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xF7972000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xF614E000 \SystemRoot\system32\DRIVERS\psched.sys

0xF7013000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xF797A000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xF7982000 \SystemRoot\system32\DRIVERS\raspti.sys

0xF611E000 \SystemRoot\system32\DRIVERS\rdpdr.sys

0xF7003000 \SystemRoot\system32\DRIVERS\termdd.sys

0xF7992000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xF799A000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xF7B52000 \SystemRoot\system32\DRIVERS\swenum.sys

0xF6098000 \SystemRoot\system32\DRIVERS\update.sys

0xF7AC2000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xF6018000 \SystemRoot\system32\DRIVERS\MarvinBus.sys

0xF7732000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xF7762000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xF7B62000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xF7B70000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xF7C59000 \SystemRoot\System32\Drivers\Null.SYS

0xF7B72000 \SystemRoot\System32\Drivers\Beep.SYS

0xF78D2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xF78DA000 \SystemRoot\System32\drivers\vga.sys

0xF7B74000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xF7B76000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xF78E2000 \SystemRoot\System32\Drivers\Msfs.SYS

0xF78EA000 \SystemRoot\System32\Drivers\Npfs.SYS

0xF7AB2000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xED718000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xED6BF000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xF7782000 \SystemRoot\System32\Drivers\aswTdi.SYS

0xED699000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xF7792000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xED671000 \SystemRoot\system32\DRIVERS\netbt.sys

0xF790A000 \SystemRoot\System32\Drivers\aswRdr.SYS

0xED64F000 \SystemRoot\System32\drivers\afd.sys

0xF77A2000 \SystemRoot\system32\DRIVERS\netbios.sys

0xED624000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xED5B4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xF77B2000 \SystemRoot\System32\Drivers\Fips.SYS

0xED4CD000 \SystemRoot\System32\Drivers\aswSP.SYS

0xF78F2000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0xF7912000 \SystemRoot\System32\Drivers\Aavmker4.SYS

0xF7AC6000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xF77F2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xEDE1B000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0xB89D1000 \SystemRoot\system32\DRIVERS\Dr71WU.sys

0xF6FC3000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xB70DC000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xF7BCA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xF7AF6000 \SystemRoot\System32\drivers\Dxapi.sys

0xED4B5000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xF7BF9000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF012000 \SystemRoot\System32\ati2dvag.dll

0xBF065000 \SystemRoot\System32\ati2cqag.dll

0xBF0FE000 \SystemRoot\System32\atikvmag.dll

0xBF182000 \SystemRoot\System32\atiok3x2.dll

0xBF1CD000 \SystemRoot\System32\ati3duag.dll

0xBF572000 \SystemRoot\System32\ativvaxx.dll

0xB9E2A000 \SystemRoot\System32\Drivers\aswFsBlk.SYS

0xED74F000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xB456E000 \SystemRoot\System32\Drivers\aswMon2.SYS

0xB4401000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xF7B8C000 \SystemRoot\System32\Drivers\ParVdm.SYS

0xED47D000 \??\C:\WINDOWS\system32\ANIO.SYS

0xB43C4000 \SystemRoot\system32\drivers\wdmaud.sys

0xB92A0000 \SystemRoot\system32\drivers\sysaudio.sys

0xB409A000 \SystemRoot\system32\DRIVERS\srv.sys

0xB3E51000 \SystemRoot\System32\Drivers\HTTP.sys

0xB3BD9000 \SystemRoot\system32\DRIVERS\mouhid.sys

0xB97D4000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0xF7902000 \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys

0xB39A5000 \SystemRoot\System32\Drivers\Fastfat.SYS

0xAB280000 \SystemRoot\system32\drivers\kmixer.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

 

Processes (total 37):

0 System Idle Process

4 System

832 C:\WINDOWS\system32\smss.exe

880 csrss.exe

912 C:\WINDOWS\system32\winlogon.exe

956 C:\WINDOWS\system32\services.exe

968 C:\WINDOWS\system32\lsass.exe

1120 C:\WINDOWS\system32\ati2evxx.exe

1136 C:\WINDOWS\system32\svchost.exe

1188 svchost.exe

1236 C:\WINDOWS\system32\svchost.exe

1316 svchost.exe

1352 svchost.exe

1568 C:\WINDOWS\system32\ati2evxx.exe

1688 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

252 C:\WINDOWS\system32\spoolsv.exe

508 C:\WINDOWS\system32\ANIWConnService.exe

652 C:\Program Files\Java\jre6\bin\jqs.exe

780 C:\WINDOWS\explorer.exe

868 C:\WINDOWS\system32\svchost.exe

1592 alg.exe

1780 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

1800 C:\Program Files\D-Link\DWL-G122_DWA-110\AirGCFG.exe

2452 C:\Program Files\Analog Devices\Core\smax4pnp.exe

2540 C:\Program Files\Alwil Software\Avast5\AvastUI.exe

2604 C:\Program Files\Unlocker\UnlockerAssistant.exe

2652 C:\Program Files\Common Files\Java\Java Update\jusched.exe

2660 C:\Program Files\Skype\Phone\Skype.exe

2672 C:\WINDOWS\system32\ctfmon.exe

3948 C:\Program Files\Skype\Plugin Manager\skypePM.exe

4040 C:\Program Files\SuperCopier2\SuperCopier2.exe

3544 C:\Program Files\Megaupload\Mega Manager\MegaManager.exe

3316 C:\Program Files\Mozilla Firefox\firefox.exe

3336 C:\Program Files\Mozilla Firefox\plugin-container.exe

764 C:\WINDOWS\explorer.exe

3580 <unknown>

3452 C:\Program Files\ZHPDiag\mbrcheck.exe

 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\E: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (FAT32)

\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

 

PhysicalDrive0 Model Number: Maxtor32049H2B, Rev: YAH815Y0

PhysicalDrive2 Model Number: WD5000BMV External, Rev: 1.75

PhysicalDrive1 Model Number: MAXTOR STM3250820A, Rev: 3.AA

 

Size Device Name MBR Status

--------------------------------------------

19 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

465 GB \\.\PhysicalDrive2 RE: Unknown MBR code

SHA1: D90653CCC05EE39D4D44E1F67C33297D65F3ED4F

232 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

 

 

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

 

Done!

 

Modifié le 6 mars 2011 par NxxS

[bleuet]

Salut !

 

OUI. Antivir a fait ses preuves.

Il faut défragmenter un DD. Soit passer par le défragmenteur de XP soit par un importé. Tu as DEFRAGGLER qui est pas mal.

 

Les bruits peuvent être soit ceux d'une défaillance matériel du DD soit le bras de lecture qui cherche les données. On arrive quand même à faire le distinguo.

>>

Démarrer > tous les programmes > accessoires > outils système > défragmenteur de disque > griser la partition C: et analyser pour voir le rapport.

 

Peux-tu nettoyer ton disque C: >

Clic droit dessus > nettoyage disque.

 

Le dernier DIAG montre une infection niveau DD. Le rapport MBRCheck semble suspect. D'où ma demande de transfert de ton sujet.

 

 

Bleuet (06/03/2011)

Modifié le 7 mars 2011 par bleuet

[leminou]

Bonjour,

 

Petite précision, tu as un disque en FAT32, la taille maxi des fichiers et de 4 Go.

[bleuet]

Bonjour,

 

Petite précision, tu as un disque en FAT32, la taille maxi des fichiers et de 4 Go.

 

 

Et oui !

 

Il a 348 MB à transférer.

 

 

Bleuet (07/03/2011)