[Résolu] Virus, il reste des traces tenaces

trabec54 · le 26 mars 2011

Bonjour à tous,

je constate des anomalies dans le fonctionnement de mon PC.

Après un temps relativement court, une fenêtre s'ouvre : "svchost...la mémoire ne peut être read", ensuite le PC devient trés lent, je ne peux plus ouvrir le gestionnaire de tâches, plus ouvrir de logiciel (bloc note, excel..)

J'ai tenté de suivre les méthodes de désinfection préconisées par ZEBULON et CCM, et donc utilisé roguekiller, scan en ligne avec Bitdefender et Secuser, fait un scan avec AVAST, puis ATFCLEANER, CCLEANER, MALWAREBYTES, SPYBOT...

Le résultat s'en trouve amélioré dés que je démarre. Mais après quelques temps, tout se remet à foirer et je me retrouve comme décrit ci-dessus et obligé de couper le PC en appuyant sur RESET.

Je ne sais plus quoi faire, je livre ci-dessous un rapport ZHPDIAG en espérant que l'un d'entre vous découvrira ce qui coince dans mon PC.

Avec tous mes remerciements.

TRABEC54

Rapport de ZHPDiag v1.27.1842 par Nicolas Coolman, Update du 26/03/2011

Run by Administrateur at 26/03/2011 18:48:14

Web site : ZHPDiag Outil de diagnostic

Contact : nicolascoolman@yahoo.fr

---\\ Web Browser

MSIE: Internet Explorer v6.0.2900.5512

MFIE: Mozilla Firefox 4.0 v4.0 (Defaut)

---\\ System Information

Windows XP Professional Service Pack 3 (Build 2600)

Processor: x86 Family 15 Model 44 Stepping 2, AuthenticAMD

Operating System: 32 Bits

Boot mode: Normal (Normal boot)

Total RAM: 1279 MB (51% free)

System Restore: Activé (Enable)

System drive C: has 11 GB (45%) free of 24 GB

---\\ Logged in mode

Computer Name: ORDI-XPSP2

User Name: Administrateur

All Users Names: SUPPORT_388945a0, HelpAssistant, ASPNET, Administrateur,

Unselected Option: O45,O61,O62,O65,O66,O82

Logged in as Administrator

---\\ Environnement Variables

%AppData%=C:\Documents and Settings\Administrateur\Application Data

%LocalAppData%=C:\Documents and Settings\Administrateur\Local Settings\Application Data

%StartMenu%=C:\Documents and Settings\Administrateur\Menu Démarrer

---\\ DOS/Devices

A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

C:\ Hard drive, Flash drive, Thumb drive (Free 11 Go of 24 Go)

D:\ Hard drive, Flash drive, Thumb drive (Free 35 Go of 37 Go)

E:\ Hard drive, Flash drive, Thumb drive (Free 21 Go of 88 Go)

F:\ Hard drive, Flash drive, Thumb drive (Free 123 Go of 163 Go)

H:\ Hard drive, Flash drive, Thumb drive (Free 50 Go of 50 Go)

J:\ Hard drive, Flash drive, Thumb drive (Free 14 Go of 20 Go)

K:\ Hard drive, Flash drive, Thumb drive (Free 180 Go of 195 Go)

---\\ Security Center & Tools Informations

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK

---\\ Recherche particulière de fichiers génériques

[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 19:34:04.) -- C:\Windows\Explorer.exe [1037824]

[MD5.4A6E04EA20F48D750D9BFED8600D516B] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.13/04/2008 19:33:50.) -- C:\Windows\System32\wininet.dll [670208]

[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 19:34:30.) -- C:\Windows\System32\Winlogon.exe [512000]

[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 11:40:32.) -- C:\Windows\System32\drivers\atapi.sys [96512]

[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 12:15:54.) -- C:\Windows\System32\drivers\ntfs.sys [574976]

---\\ Processus lancés

[MD5.281D26DF656E53DAB568214EE282EC46] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [638976]

[MD5.A6D3CA0FA875C62DF37DCFC0AE8FD7DB] - (.Lavasoft Limited - Ad-Aware Service Application.) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [1405384]

[MD5.ACB544D7254F366DFB48F380BC36CD25] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384]

[MD5.E4D39C6320A07EE9AF47F45D73A88496] - (.S893x8s0zcQVS7 - Pas de description.) -- C:\WINDOWS\TEMP\xuag\setup.exe [53760]

[MD5.1355EBE184F9DAB1718BC587F8A7E05E] - (.MAGIX AG - Verzeichnisüberwachung und Hilfsaufgaben fü.) -- C:\Program Files\Fichiers communs\MAGIX Services\Database\bin\FABS.exe [1253376]

[MD5.5AE26A9582E75DD7DC9228D0E79300C4] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.EXE [16006656]

[MD5.6C1B31F5C16E03153F0037AC6C451FFD] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe [2838912]

[MD5.F6987FF6C6D683F79FDCE707B071A997] - (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- E:\PAT\Logiciels\Super copier\SuperCopier2\SuperCopier2.exe [955392]

[MD5.E7704CBF568815C1CAA6E513387BD3F2] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [65536]

[MD5.5FAF80080E1F0E7244E373D48C1F09F9] - (.Ralink Technology, Corp. - RalinkRegistryWriter.) -- C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe [69632]

[MD5.CCE5D71F19AB70D969F9819B5C88438D] - (.ATI Technologies Inc. - Catalyst Control Center: Host application.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe [65536]

[MD5.7AAF26E5CEC48A364FAB61A3505668FB] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [924632]

[MD5.984845C61970645CA5283F1E31099320] - (.Nicolas Coolman - Diagnostic Tool.) -- E:\PAT\Logiciels\zhpdiag\ZHPDiag\ZHPDiag.exe [642048]

---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)

M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml

M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\babylon.xml

M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml

M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml

M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml

M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml

M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml

M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml

M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo.xml

P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - np-mswmp.) -- C:\Program Files\Mozilla Firefox\Plugins\np-mswmp.dll

P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeploytk.dll

P2 - FPN:Firefox Plugin Navigator . (.Foxit Software Company - Foxit Reader Plug-In For Firefox and Netscape.) -- C:\Program Files\Mozilla Firefox\Plugins\npFoxitReaderPlugin.dll

P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - Office Plugin for Netscape Navigator.) -- C:\Program Files\Mozilla Firefox\Plugins\NPOFF12.DLL

P2 - FPN:Firefox Plugin Navigator . (.Apple Computer, Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Computer, Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin2.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Computer, Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin3.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Computer, Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin4.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Computer, Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin5.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Computer, Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin6.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Computer, Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin7.dll

P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.5.) -- C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

P2 - FPN: [HKLM] [@ma-config.com/HardwareDetection] - (.Cybelsoft - Plugin NPAPI Ma-Config.com.) -- C:\Program Files\ma-config.com\nphardwaredetection.dll

P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 3.0.50106.0.) -- C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll

P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

P2 - FPN: [HKLM] [@pandasecurity.com/activescan] - (.Panda Security, S.L. - Panda ActiveScan 2.0 Plugin for Firefox.) -- C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll

M0 - MFSP: prefs.js [Administrateur - m10hoahi.default] Freebox, la meilleure offre ADSL : Internet, Téléphone, Télévision

M2 - MFEP: prefs.js [Administrateur - m10hoahi.default\bkmrksync@nokia.com] [] PC Sync 2 Synchronisation Extension v1.0.0.658 (.TimeIS Ltd.)

M2 - MFEP: prefs.js [Administrateur - m10hoahi.default\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}] [dwhelper] DownloadHelper v4.2 (.Michel Gutierrez.)

M2 - MFEP: prefs.js [Administrateur - m10hoahi.default\{bb628310-0ab7-11db-9cd8-0800200c9a66}] [] Ma-config.com v4.2 (.charon@ma-config.com.)

---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R0 - HKUS\S-1-5-21-1085031214-1303643608-725345543-500\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Microsoft Corporation

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Microsoft Corporation

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Microsoft Corporation

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Search Microsoft.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Microsoft Corporation

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Bibliothèque d'objets et de contrôles de do.) (No version) -- %SystemRoot%\system32\shdocvw.dll

---\\ Internet Explorer, Proxy Management (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

---\\ ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,

F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"

---\\ Browser Helper Objects de navigateur (O2)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

---\\ ---\\ Applications démarrées par registre & par dossier (O4)

O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\Windows\RTHDCPL.exe

O4 - HKLM\..\Run: [Alcmtr] . (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) -- C:\Windows\ALCMTR.exe

O4 - HKLM\..\Run: [avast5] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe

O4 - HKLM\..\Run: [startCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [superCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- E:\PAT\Logiciels\Super copier\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [AMService] . (.S893x8s0zcQVS7 - Pas de description.) -- C:\WINDOWS\TEMP\xuag\setup.exe

O4 - HKUS\S-1-5-21-1085031214-1303643608-725345543-500\..\Run: [superCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- E:\PAT\Logiciels\Super copier\SuperCopier2\SuperCopier2.exe

O4 - HKUS\S-1-5-21-1085031214-1303643608-725345543-500\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Démarrage\WlanUtility.lnk . (...) -- C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe

---\\ ---\\ Autres liens utilisateurs (O4)

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\MioTransfer.lnk . (...) -- C:\Program Files\Mio DigiWalker\Mio Transfer.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Live Messenger.lnk . (...) -- F:\WINDOWS\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe (.not file.)

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Movie Maker.lnk . (.Microsoft Corporation.) -- C:\Program Files\Movie Maker\moviemk.exe

O4 - Global Startup: C:\Documents And Settings\Administrateur\Menu Démarrer\Programmes\Assistance à distance.lnk . (.Microsoft Corporation.) -- C:\WINDOWS\system32\rcimlby.exe

O4 - Global Startup: C:\Documents And Settings\Administrateur\Menu Démarrer\Programmes\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE

O4 - Global Startup: C:\Documents And Settings\Administrateur\Menu Démarrer\Programmes\Lecteur Windows Media.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe

O4 - Global Startup: C:\Documents And Settings\Administrateur\Menu Démarrer\Programmes\Outlook Express.lnk . (.Microsoft Corporation.) -- C:\Program Files\Outlook Express\msimn.exe

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)

O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~2\Office12\EXCEL.exe

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} . (.not file.) - (.not file.)

O9 - Extra button: Uninstall BitDefender Online Scanner v8 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (.Pas de propriétaire - Pas de description.) -- C:\PROGRA~1\MICROS~2\Office12\REFBARH.ICO

O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (.Pas de propriétaire - Pas de description.) -- C:\PROGRA~1\MICROS~2\Office12\REFBARH.ICO

---\\ Winsock hijacker (Layered Service Provider) (O10)

O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll

O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll

O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll

---\\ Objets ActiveX (Downloaded Program Files)(O16)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/s can8/o s can8.cab

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://ac s .panda s oftware.com/active s can/cab s /a s 2 s tubie.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s hoc k wave/cab s /fla s h/s wfla s h.cab

---\\ Modification Domaine/Adresses DNS (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{CE5DF613-12E3-455A-82B4-76B35126BD62}: DhcpNameServer = 212.27.40.240 212.27.40.241

O17 - HKLM\System\CS1\Services\Tcpip\..\{CE5DF613-12E3-455A-82B4-76B35126BD62}: DhcpNameServer = 212.27.40.240 212.27.40.241

O17 - HKLM\System\CS2\Services\Tcpip\..\{CE5DF613-12E3-455A-82B4-76B35126BD62}: DhcpNameServer = 212.27.40.240 212.27.40.241

O17 - HKLM\System\CS3\Services\Tcpip\..\{CE5DF613-12E3-455A-82B4-76B35126BD62}: DhcpNameServer = 212.27.40.240 212.27.40.241

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)

O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\Windows\System32\Ati2evxx.dll

O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\Windows\System32\crypt32.dll

O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\Windows\System32\cryptnet.dll

O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\Windows\System32\cscdll.dll

O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll

O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll

O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll

O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\Windows\System32\sclgntfy.dll

O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\WlNotify.dll

O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll

O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll

---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\WINDOWS\system32\webcheck.dll

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll

---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)

O22 - SharedTaskScheduler: (no name) - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll

---\\ Liste des services NT non Microsoft et non désactivés (O23)

O23 - Service: (AMService) . (.S893x8s0zcQVS7 - Pas de description.) - C:\WINDOWS\TEMP\xuag\setup.exe

O23 - Service: (Ati HotKey Poller) . (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: (ATI Smart) . (.Pas de propriétaire - ATI Smart.) - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: (avast! Mail Scanner) . (.AVAST Software - avast! Service.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: (avast! Web Scanner) . (.AVAST Software - avast! Service.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: (dmadmin) . (.Microsoft Corp., Veritas Software - Processus du service Gestionnaire de disque.) - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: (Fabs) . (.MAGIX AG - Verzeichnisüberwachung und Hilfsaufgaben fü.) - C:\Program Files\Fichiers communs\MAGIX Services\Database\bin\FABS.exe

O23 - Service: (FirebirdServerMAGIXInstance) . (.MAGIX® - Firebird SQL Server - MAGIX Edition.) - C:\Program Files\Fichiers communs\MAGIX Services\Database\bin\fbserver.exe

O23 - Service: Filtre AGP version 3.0 générique Microsoft pour plates-formes à base de processeur K8 (GEARSecurity) - Clé orpheline

O23 - Service: (IDriverT) . (.Macrovision Corporation - IDriverT Module.) - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: (Lavasoft Ad-Aware Service) . (.Lavasoft Limited - Ad-Aware Service Application.) - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: (maconfservice) . (.CybelSoft - Service de détection matériel.) - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: (MSI_WLAN_Service) . (.Pas de propriétaire - WlanService.) - C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe

O23 - Service: (Norton Ghost) - Clé orpheline

O23 - Service: (RalinkRegistryWriter) . (.Ralink Technology, Corp. - RalinkRegistryWriter.) - C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe

---\\ Enumération Active Desktop & MHTML Editor (O24)

O24 - Default MHTML Editor: Last - .(.Microsoft Corporation - Microsoft Word.) - C:\Program Files\Microsoft Office\Office10\WINWORD.exe

---\\ Tâches planifiées en automatique (O39)

O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GlaryInitialize.job

[MD5.26503ED9BDEF8DA2B78886132BA05465] [APT] [Ad-Aware Update (Weekly)] (.Lavasoft Limited.) -- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe

[MD5.45AD8AA455CA1535C57CC3DD71A60A7A] [APT] [GlaryInitialize] (.Glarysoft Ltd.) -- E:\PAT\Logiciels\Glary utilities\Glary Utilities\initialize.exe

---\\ Pilotes lancés au démarrage (O41)

O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys

O41 - Driver: (AmdK8) . (.Advanced Micro Devices - AMD Processor Driver.) - C:\Windows\System32\DRIVERS\AmdK8.sys

O41 - Driver: (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys

O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\Windows\System32\DRIVERS\i8042prt.sys

O41 - Driver: (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\Windows\System32\DRIVERS\imapi.sys

O41 - Driver: (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\Windows\System32\DRIVERS\ipsec.sys

O41 - Driver: (Kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\Windows\System32\DRIVERS\kbdclass.sys

O41 - Driver: (Mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\Windows\System32\DRIVERS\mouclass.sys

O41 - Driver: (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\Windows\System32\DRIVERS\mrxsmb.sys

O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys

O41 - Driver: (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys

O41 - Driver: (Processor) . (.Microsoft Corporation - Pilote de périphérique processeur.) - C:\Windows\System32\DRIVERS\processr.sys

O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\System32\DRIVERS\rasacd.sys

O41 - Driver: (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERS\rdbss.sys

O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys

O41 - Driver: (redbook) . (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) - C:\Windows\System32\DRIVERS\redbook.sys

O41 - Driver: (Serial) . (.Microsoft Corporation - Pilote de périphérique série.) - C:\Windows\System32\DRIVERS\serial.sys

O41 - Driver: (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\Windows\System32\DRIVERS\tcpip.sys

O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys

O41 - Driver: Carte vidéo VGA. (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys

O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys

---\\ Logiciels installés (O42)

O42 - Logiciel: AMD Processor Driver - (.AMD.) [HKLM] -- {C151CE54-E7EA-4804-854B-F515368B0798}

O42 - Logiciel: ATI AVIVO Codecs - (.ATI Technologies Inc..) [HKLM] -- {89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}

O42 - Logiciel: ATI Catalyst Registration - (.ATI Technologies Inc..) [HKLM] -- {11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}

O42 - Logiciel: ATI Parental Control & Encoder - (.Nom de votre société.) [HKLM] -- {36CDA33B-909B-4719-97D1-C4B99309BDC7}

O42 - Logiciel: ATI Problem Report Wizard - (.ATI Technologies.) [HKLM] -- {5DA6F06A-B389-407B-BF8C-1548767914D8}

O42 - Logiciel: ATI Stream SDK v2 Developer - (.ATI Technologies Inc..) [HKLM] -- {0ED98038-0885-F902-C419-669ADE471A46}

O42 - Logiciel: Ad-Aware - (.Lavasoft.) [HKLM] -- Ad-Aware

O42 - Logiciel: Ad-Aware - (.Lavasoft.) [HKLM] -- {DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}

O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin

O42 - Logiciel: Adobe Shockwave Player 11.5 - (.Adobe Systems, Inc..) [HKLM] -- Adobe Shockwave Player

O42 - Logiciel: Agfa ScanWise 1.60 - (.Pas de propriétaire.) [HKLM] -- Agfa ScanWise 1.60

O42 - Logiciel: AsusUpdate - (.Pas de propriétaire.) [HKLM] -- {587178E7-B1DF-494E-9838-FA4DD36E873C}

O42 - Logiciel: Audacity 1.2.6 - (.Pas de propriétaire.) [HKLM] -- Audacity_is1

O42 - Logiciel: BitTorrent - (.Pas de propriétaire.) [HKLM] -- BitTorrent

O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner

O42 - Logiciel: Catalyst Control Center - Branding - (.ATI.) [HKLM] -- {5FD89EA1-99C2-40EE-BBF5-20F8991ED756}

O42 - Logiciel: DVD Shrink 3.2 - (.DVD Shrink.) [HKLM] -- DVD Shrink_is1

O42 - Logiciel: EPSON Logiciel imprimante - (.SEIKO EPSON Corporation.) [HKLM] -- EPSON Printer and Utilities

O42 - Logiciel: EPSON Stylus C90_91_D92 Manuel - (.Pas de propriétaire.) [HKLM] -- EPSON Stylus C90_91_D92 Guide d'utilisation

O42 - Logiciel: FM Screen Capture Codec (Remove Only) - (.Pas de propriétaire.) [HKLM] -- FMCODEC

O42 - Logiciel: FW LiveUpdate - (.SAMSUNG.) [HKLM] -- {11F5D779-7BD9-465A-BBC4-10701386BCB9}

O42 - Logiciel: Firebird SQL Server - MAGIX Edition - (.MAGIX AG.) [HKLM] -- {34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}

O42 - Logiciel: Foxit PDF Editor - (.Pas de propriétaire.) [HKLM] -- Foxit PDF Editor

O42 - Logiciel: Foxit Reader - (.Foxit Software Company.) [HKLM] -- Foxit Reader

O42 - Logiciel: Glary Utilities 2.30.0.1066 - (.Glarysoft Ltd.) [HKLM] -- Glary Utilities_is1

O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595

O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5

O42 - Logiciel: IEEE802.11a/b/g Wireless LAN Software - (.Nom de votre société.) [HKLM] -- {902C0D79-8D7F-4956-9DCB-A223D5BF55B3}

O42 - Logiciel: Java 6 Update 17 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216017FF}

O42 - Logiciel: LedRenommer 1.7.0 - (.LED.) [HKLM] -- LedRenommer_is1

O42 - Logiciel: LiveUpdate 2.0 (Symantec Corporation) - (.Symantec Corporation.) [HKLM] -- LiveUpdate

O42 - Logiciel: MAGIX 3D Maker (embedded MSI) - (.MAGIX AG.) [HKLM] -- {9BC6BAA5-9CAF-42FF-89C2-26914261D4B9}

O42 - Logiciel: MAGIX Photo Manager 9 - (.MAGIX AG.) [HKLM] -- MAGIX Photo Manager 9 F

O42 - Logiciel: MAGIX Photo Premium 9 Version à télécharger - (.MAGIX AG.) [HKLM] -- MAGIX_MSI_Fotos_auf_CD_DVD_9_dlx

O42 - Logiciel: MAGIX Photo Premium 9 Version à télécharger - (.MAGIX AG.) [HKLM] -- {FA28F4DA-BBE9-4029-A66D-37DF9D5FDB21}

O42 - Logiciel: MAGIX Screenshare - (.MAGIX AG.) [HKLM] -- MAGIX Screenshare F

O42 - Logiciel: MAGIX Screenshare - (.MAGIX AG.) [HKLM] -- {AB30B392-6575-40EC-A7A4-6AFC0133AD8F}

O42 - Logiciel: MAGIX Speed 2 (MSI) - (.MAGIX AG.) [HKLM] -- {D6BAB758-6C56-403D-BECA-7ABEAF2E0C5B}

O42 - Logiciel: MAGIX Tirage en ligne - (.MAGIX AG.) [HKLM] -- {94B79CDE-E175-4176-BAF1-74FDEBCF1693}

O42 - Logiciel: MAGIX Xtreme Graphic Designer 5 - (.MAGIX AG.) [HKLM] -- MAGIX_MSI_XtremeGrafik5

O42 - Logiciel: MAGIX Xtreme Graphic Designer 5 - (.MAGIX AG.) [HKLM] -- {9479C435-BAFB-402B-87E7-60CFF2169D13}

O42 - Logiciel: MSXML 6.0 Parser (KB933579) - (.Microsoft Corporation.) [HKLM] -- {0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}

O42 - Logiciel: Ma-Config.com - (.Cybelsoft.) [HKLM] -- {E59DE072-ABE6-49E3-9115-3E18B2B47B01}

O42 - Logiciel: Macromedia Flash Player 8 - (.Macromedia.) [HKLM] -- {6815FCDD-401D-481E-BA88-31B4754C2B46}

O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1

O42 - Logiciel: MediaCUB - (.zoug.) [HKLM] -- {B1493D8A-C782-4ED3-A34D-8A9B8D9925BF}

O42 - Logiciel: Micro Application - Vos Photos à la Télé sur CD-DVD 2007 Edition Deluxe - (.Pas de propriétaire.) [HKLM] -- {AC50A61F-327F-4FD4-9CC3-9B491FA7E802}

O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {72AD53CC-CCC0-3757-8480-9EE176866A7C}

O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {0BD83598-C2EF-3343-847B-7D2E84599128}

O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra - (.Microsoft Corporation.) [HKLM] -- {3E31821C-7917-367E-938E-E65FC413EA31}

O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1

O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile

O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}

O42 - Logiciel: Microsoft .NET Framework 4 Client Profile FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}

O42 - Logiciel: Microsoft .NET Framework 4 Extended - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Extended

O42 - Logiciel: Microsoft .NET Framework 4 Extended - (.Microsoft Corporation.) [HKLM] -- {0A0CADCF-78DA-33C4-A350-CD51849B9702}

O42 - Logiciel: Microsoft .NET Framework 4 Extended FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {043F86B7-EE12-3399-B2CA-D0B603D87963}

O42 - Logiciel: Microsoft Office Access MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0015-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Excel MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office InfoPath MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0044-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Outlook MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001A-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] -- PROPLUS

O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (Arabic) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (Dutch) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (German) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proofing (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002C-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Publisher MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0019-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Shared MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Word MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office XP Professional avec FrontPage - (.Microsoft Corporation.) [HKLM] -- {9028040C-6000-11D3-8CFE-0050048383C9}

O42 - Logiciel: Microsoft Research AutoCollage 2008 version 1.1 - (.Microsoft Research.) [HKLM] -- {423D8FBE-EC52-40FD-B2A0-8C9C8F973FD7}

O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {7299052b-02a4-4627-81f2-1818da5d550d}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

O42 - Logiciel: Microsoft Windows Media Video 9 VCM - (.Pas de propriétaire.) [HKLM] -- WMV9_VCM

O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - fra

O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack

O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Extended FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Extended FRA Language Pack

O42 - Logiciel: Mozilla Firefox 4.0 (x86 fr) - (.Mozilla.) [HKLM] -- Mozilla Firefox 4.0 (x86 fr)

O42 - Logiciel: Nero Suite - (.Pas de propriétaire.) [HKLM] -- NeroMultiInstaller!UninstallKey

O42 - Logiciel: PDFCreator - (.Frank Heindörfer, Philip Chinery.) [HKLM] -- {0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}

O42 - Logiciel: Paint.NET v3.5 - (.dotPDN LLC.) [HKLM] -- {D3E7A2A5-A059-4A44-949B-21FBD371A8B8}

O42 - Logiciel: Panda ActiveScan 2.0 - (.Panda Security.) [HKLM] -- ActiveScan 2.0

O42 - Logiciel: PhotoFiltre Studio X - (.Pas de propriétaire.) [HKCU] -- PhotoFiltre Studio X

O42 - Logiciel: PowerQuest PartitionMagic 8.0 - (.PowerQuest.) [HKLM] -- InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}

O42 - Logiciel: QMC - (.Pas de propriétaire.) [HKCU] -- QUICKMEDIACONVERTER

O42 - Logiciel: Quick Zip 4.60.019 - (.Joseph Leung.) [HKLM] -- Quick Zip_is1

O42 - Logiciel: QuickTime - (.Apple Computer, Inc..) [HKLM] -- InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}

O42 - Logiciel: Ralink Wireless LAN - (.RaLink.) [HKLM] -- {FAB1F336-1B7C-4057-A7BC-2922CD82A781}

O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}

O42 - Logiciel: SIW version 2009.10.22 - (.Topala Software Solutions.) [HKLM] -- {AB67580-257C-45FF-B8F4-C8C30682091A}_is1

O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.) [HKLM] -- {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1

O42 - Logiciel: SuperCopier2 - (.Pas de propriétaire.) [HKLM] -- SuperCopier2

O42 - Logiciel: VIA Platform Device Manager - (.VIA Technologies, Inc..) [HKLM] -- InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}

O42 - Logiciel: VLC media player 1.1.7 - (.VideoLAN.) [HKLM] -- VLC media player

O42 - Logiciel: VirtualDubMOD 1.5.10.3 Fr - (.Trad-Fr.) [HKLM] -- {B158F76F-76AB-4115-A4F0-4C6EF6956093}_is1

O42 - Logiciel: Visual C++ 2008 x86 Runtime - (v9.0.30729) - (.Microsoft Corporation.) [HKLM] -- {F333A33D-125C-32A2-8DCE-5C5D14231E27}

O42 - Logiciel: Visual C++ 2008 x86 Runtime - v9.0.30729.01 - (.Microsoft Corporation.) [HKLM] -- {F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01

O42 - Logiciel: Windows Installer 3.1 (KB893803) - (.Microsoft Corporation.) [HKLM] -- KB893803

O42 - Logiciel: Windows Installer 3.1 (KB893803) - (.Microsoft Corporation.) [HKLM] -- KB893803v2

O42 - Logiciel: Windows Media Player 10 Hotfix - KB888656 - (.Microsoft Corporation.) [HKLM] -- KB888656

O42 - Logiciel: Windows Media Player Firefox Plugin - (.Microsoft Corp.) [HKLM] -- {69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

O42 - Logiciel: Windows XP Service Pack 3 - (.Microsoft Corporation.) [HKLM] -- Windows XP Service

O42 - Logiciel: aTube Catcher - (.DsNET.) [HKLM] -- aTube Catcher

O42 - Logiciel: avast! Free Antivirus - (.Alwil Software.) [HKLM] -- avast5

---\\ HKCU & HKLM Software Keys

[HKCU\Software\AC3Filter]

[HKCU\Software\ALWIL Software]

[HKCU\Software\ASUS]

[HKCU\Software\ATI]

[HKCU\Software\AVS4YOU]

[HKCU\Software\Ad-Remover]

[HKCU\Software\Adobe]

[HKCU\Software\Agfa]

[HKCU\Software\Audacity]

[HKCU\Software\BitDefender]

[HKCU\Software\BitTorrent]

[HKCU\Software\Classes]

[HKCU\Software\Clients]

[HKCU\Software\CocoonSoftware]

[HKCU\Software\CoreAAC]

[HKCU\Software\DT Soft]

[HKCU\Software\DVD Shrink]

[HKCU\Software\DsNET Corp.]

[HKCU\Software\EPSON]

[HKCU\Software\FFSoft]

[HKCU\Software\Foxit Software Company]

[HKCU\Software\Foxit Software]

[HKCU\Software\Freemake]

[HKCU\Software\Freeware]

[HKCU\Software\GIGABYTE]

[HKCU\Software\GlarySoft]

[HKCU\Software\Google]

[HKCU\Software\Intel]

[HKCU\Software\JavaSoft]

[HKCU\Software\Lavasoft]

[HKCU\Software\Ligos]

[HKCU\Software\MAGIX AG]

[HKCU\Software\MAGIX Tirage en ligne]

[HKCU\Software\MICROSTAR WLAN]

[HKCU\Software\Macromedia]

[HKCU\Software\Magix]

[HKCU\Software\MainConcept]

[HKCU\Software\Malwarebytes' Anti-Malware]

[HKCU\Software\Micro Application]

[HKCU\Software\Mozilla]

[HKCU\Software\Netscape]

[HKCU\Software\ODBC]

[HKCU\Software\PC SOFT]

[HKCU\Software\PDFCreator]

[HKCU\Software\Paint.NET]

[HKCU\Software\Piriform]

[HKCU\Software\Policies]

[HKCU\Software\PowerQuest]

[HKCU\Software\Realtek]

[HKCU\Software\SFX TEAM]

[HKCU\Software\Safer Networking Limited]

[HKCU\Software\Shareaza]

[HKCU\Software\Softonic]

[HKCU\Software\Sysinternals]

[HKCU\Software\Trolltech]

[HKCU\Software\TuneUp]

[HKCU\Software\VB and VBA Program Settings]

[HKCU\Software\VirtualDub.org]

[HKCU\Software\WinRAR SFX]

[HKCU\Software\Xara]

[HKCU\Software\YahooPartnerToolbar]

[HKCU\Software\ahead]

[HKCU\Software\cybelsoft]

[HKLM\Software\ALWIL Software]

[HKLM\Software\AMD]

[HKLM\Software\ASUS]

[HKLM\Software\ATI Technologies]

[HKLM\Software\ATI]

[HKLM\Software\AVS4YOU]

[HKLM\Software\Adobe]

[HKLM\Software\Agfa]

[HKLM\Software\Aicbywkf]

[HKLM\Software\AppDataLow]

[HKLM\Software\Apple Computer, Inc.]

[HKLM\Software\AviSynth]

[HKLM\Software\C07ft5Y]

[HKLM\Software\Classes]

[HKLM\Software\Clients]

[HKLM\Software\DT Soft]

[HKLM\Software\EPSON]

[HKLM\Software\Foxit Software]

[HKLM\Software\Gemplus]

[HKLM\Software\GoodMedia]

[HKLM\Software\Google]

[HKLM\Software\InstallShield]

[HKLM\Software\InterVideo]

[HKLM\Software\JavaSoft]

[HKLM\Software\JreMetrics]

[HKLM\Software\Khronos]

[HKLM\Software\Lavasoft]

[HKLM\Software\Licenses]

[HKLM\Software\MAGIX Tirage en ligne]

[HKLM\Software\MAGIX]

[HKLM\Software\MDC]

[HKLM\Software\Macromedia]

[HKLM\Software\Magnet]

[HKLM\Software\Malwarebytes' Anti-Malware]

[HKLM\Software\Microstar]

[HKLM\Software\MimarSinan]

[HKLM\Software\MozillaPlugins]

[HKLM\Software\Mozilla]

[HKLM\Software\Nero]

[HKLM\Software\ODBC]

[HKLM\Software\PDFCreator]

[HKLM\Software\Paint.NET]

[HKLM\Software\Panda Software]

[HKLM\Software\Piriform]

[HKLM\Software\PoINT]

[HKLM\Software\Policies]

[HKLM\Software\PowerQuest]

[HKLM\Software\Program Groups]

[HKLM\Software\RALINK]

[HKLM\Software\Realtek]

[HKLM\Software\RegisteredApplications]

[HKLM\Software\SAMSUNG]

[HKLM\Software\Safer Networking Limited]

[HKLM\Software\Schlumberger]

[HKLM\Software\Symantec]

[HKLM\Software\Trad-FR]

[HKLM\Software\TrendMicro]

[HKLM\Software\TuneUp]

[HKLM\Software\Uniblue]

[HKLM\Software\VIA Technologies, Inc]

[HKLM\Software\VideoLAN]

[HKLM\Software\Windows 3.1 Migration Status]

[HKLM\Software\Xara]

[HKLM\Software\Zeb-Utility]

[HKLM\Software\ahead]

[HKLM\Software\cybelsoft]

[HKLM\Software\dvbcut.sf]

[HKLM\Software\mozilla.org]

---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 26/03/2011 - 17:49:16 - [52011986] ----D- C:\Program Files\Ad-Remover

O43 - CFD: 10/08/2010 - 17:07:58 - [16748417] ----D- C:\Program Files\Agfa

O43 - CFD: 16/10/2010 - 16:35:10 - [144119266] ----D- C:\Program Files\Alwil Software

O43 - CFD: 28/03/2007 - 21:55:06 - [3536670] ----D- C:\Program Files\AMD

O43 - CFD: 28/03/2007 - 21:58:10 - [4585785] ----D- C:\Program Files\Asus

O43 - CFD: 30/01/2011 - 16:15:46 - [17923224] ----D- C:\Program Files\ATI

O43 - CFD: 04/01/2011 - 23:13:56 - [21016410] ----D- C:\Program Files\ATI Stream

O43 - CFD: 04/01/2011 - 23:12:56 - [50898543] ----D- C:\Program Files\ATI Technologies

O43 - CFD: 19/03/2011 - 18:02:04 - [0] ----D- C:\Program Files\aTube Catcher

O43 - CFD: 14/01/2008 - 21:56:54 - [144857] ----D- C:\Program Files\AviSynth 2.5

O43 - CFD: 17/06/2008 - 20:46:34 - [795104] ----D- C:\Program Files\DIFX

O43 - CFD: 11/11/2009 - 18:33:06 - [1071088] ----D- C:\Program Files\DsNET Corp

O43 - CFD: 04/01/2011 - 22:22:00 - [9770955] ----D- C:\Program Files\EPSON

O43 - CFD: 12/03/2011 - 09:36:18 - [484456834] ----D- C:\Program Files\Fichiers communs

O43 - CFD: 23/09/2009 - 18:35:28 - [4754343] ----D- C:\Program Files\Foxit Software

O43 - CFD: 26/03/2011 - 17:24:00 - [24836506] --H-D- C:\Program Files\InstallShield Installation Information

O43 - CFD: 24/03/2011 - 18:52:32 - [2226735] ----D- C:\Program Files\Internet Explorer

O43 - CFD: 13/11/2008 - 18:58:38 - [129080846] ----D- C:\Program Files\Java

O43 - CFD: 31/01/2011 - 23:30:20 - [93413279] ----D- C:\Program Files\Lavasoft

O43 - CFD: 26/03/2011 - 16:43:04 - [5674330] ----D- C:\Program Files\ma-config.com

O43 - CFD: 12/03/2011 - 09:43:20 - [1281066136] ----D- C:\Program Files\MAGIX

O43 - CFD: 24/03/2011 - 23:47:58 - [7047] ----D- C:\Program Files\Messenger

O43 - CFD: 29/07/2008 - 21:31:06 - [361842] ----D- C:\Program Files\Microsoft ActiveSync

O43 - CFD: 28/03/2007 - 18:48:02 - [0] ----D- C:\Program Files\microsoft frontpage

O43 - CFD: 04/05/2010 - 20:23:38 - [499730282] ----D- C:\Program Files\Microsoft Office

O43 - CFD: 03/04/2010 - 15:55:42 - [15462931] ----D- C:\Program Files\Microsoft Silverlight

O43 - CFD: 04/05/2010 - 20:23:34 - [14904] ----D- C:\Program Files\Microsoft Visual Studio

O43 - CFD: 11/01/2011 - 19:09:58 - [1387249] ----D- C:\Program Files\Microsoft Visual Studio 8

O43 - CFD: 04/05/2010 - 20:24:04 - [3178824] ----D- C:\Program Files\Microsoft Works

O43 - CFD: 15/12/2010 - 19:26:58 - [8175999] ----D- C:\Program Files\Microsoft.NET

O43 - CFD: 29/03/2007 - 17:23:52 - [9217650] ----D- C:\Program Files\MicroStar

O43 - CFD: 23/06/2008 - 17:56:06 - [3637248] ----D- C:\Program Files\Mio DigiWalker

O43 - CFD: 24/03/2011 - 18:52:30 - [10374874] ----D- C:\Program Files\Movie Maker

O43 - CFD: 25/03/2011 - 18:43:34 - [34749087] ----D- C:\Program Files\Mozilla Firefox

O43 - CFD: 03/05/2010 - 19:45:24 - [26521] ----D- C:\Program Files\MSBuild

O43 - CFD: 03/05/2010 - 21:49:22 - [56698624] ----D- C:\Program Files\MSECache

O43 - CFD: 24/03/2011 - 18:52:32 - [19278399] ----D- C:\Program Files\msn

O43 - CFD: 28/03/2007 - 18:40:42 - [8745735] ----D- C:\Program Files\MSN Gaming Zone

O43 - CFD: 16/11/2009 - 21:55:50 - [6849] ----D- C:\Program Files\MSXML 6.0

O43 - CFD: 24/03/2011 - 18:50:42 - [3285523] ----D- C:\Program Files\NetMeeting

O43 - CFD: 07/06/2007 - 22:27:58 - [2859145] ----D- C:\Program Files\Notepad++

O43 - CFD: 24/03/2011 - 18:50:38 - [4379321] ----D- C:\Program Files\Outlook Express

O43 - CFD: 04/01/2011 - 22:22:00 - [29311026] ----D- C:\Program Files\Paint.NET

O43 - CFD: 25/03/2011 - 19:16:52 - [159309711] ----D- C:\Program Files\Panda Security

O43 - CFD: 22/09/2008 - 21:05:50 - [11169565] ----D- C:\Program Files\PC Connectivity Solution

O43 - CFD: 14/11/2007 - 22:09:44 - [8184569] ----D- C:\Program Files\Pixie

O43 - CFD: 04/01/2011 - 22:22:00 - [73896748] ----D- C:\Program Files\QuickTime

O43 - CFD: 26/03/2011 - 17:24:14 - [36092702] ----D- C:\Program Files\RALINK

O43 - CFD: 28/03/2007 - 21:55:36 - [44242440] ----D- C:\Program Files\Realtek

O43 - CFD: 29/02/2008 - 10:15:34 - [43571408] ----D- C:\Program Files\Realtek AC97

O43 - CFD: 16/11/2009 - 22:01:54 - [37895937] ----D- C:\Program Files\Reference Assemblies

O43 - CFD: 25/03/2011 - 18:52:58 - [1148387] ----D- C:\Program Files\RegCleaner

O43 - CFD: 29/03/2007 - 18:19:40 - [345971] ----D- C:\Program Files\S3

O43 - CFD: 27/12/2009 - 18:08:46 - [3960948] ----D- C:\Program Files\SAMSUNG

O43 - CFD: 28/03/2007 - 18:42:46 - [1032] ----D- C:\Program Files\Services en ligne

O43 - CFD: 05/09/2007 - 19:12:40 - [8102085] ----D- C:\Program Files\Symantec

O43 - CFD: 28/03/2007 - 18:52:00 - [0] --H-D- C:\Program Files\Uninstall Information

O43 - CFD: 28/03/2007 - 21:53:16 - [1900935] ----D- C:\Program Files\VIA

O43 - CFD: 24/03/2011 - 19:03:50 - [5137297] ----D- C:\Program Files\Windows Media Player

O43 - CFD: 28/02/2008 - 21:48:52 - [3348223] ----D- C:\Program Files\Windows NT

O43 - CFD: 28/03/2007 - 18:42:48 - [0] --H-D- C:\Program Files\WindowsUpdate

O43 - CFD: 12/03/2011 - 09:35:08 - [102430] ----D- C:\Program Files\WMV9_VCM

O43 - CFD: 28/03/2007 - 18:48:02 - [0] ----D- C:\Program Files\xerox

O43 - CFD: 27/12/2009 - 18:15:24 - [30200530] ----D- C:\Program Files\Fichiers Communs\Ahead

O43 - CFD: 27/08/2009 - 20:13:42 - [4357801] ----D- C:\Program Files\Fichiers Communs\ATI Technologies

O43 - CFD: 04/01/2011 - 22:22:00 - [50121206] ----D- C:\Program Files\Fichiers Communs\AVSMedia

O43 - CFD: 29/01/2010 - 19:33:22 - [92976] ----D- C:\Program Files\Fichiers Communs\Designer

O43 - CFD: 18/03/2010 - 19:11:16 - [27647135] ----D- C:\Program Files\Fichiers Communs\InstallShield

O43 - CFD: 05/04/2007 - 22:02:00 - [25143442] ----D- C:\Program Files\Fichiers Communs\Java

O43 - CFD: 29/03/2007 - 17:28:48 - [23486620] ----D- C:\Program Files\Fichiers Communs\Logitech

O43 - CFD: 12/03/2011 - 09:40:38 - [12643572] ----D- C:\Program Files\Fichiers Communs\MAGIX Services

O43 - CFD: 12/03/2011 - 09:36:18 - [1774080] ----D- C:\Program Files\Fichiers Communs\MAGIX Shared

O43 - CFD: 04/05/2010 - 20:24:02 - [255495041] ----D- C:\Program Files\Fichiers Communs\Microsoft Shared

O43 - CFD: 28/03/2007 - 18:42:02 - [284160] ----D- C:\Program Files\Fichiers Communs\MSSoap

O43 - CFD: 29/03/2007 - 17:53:00 - [2274787] ----D- C:\Program Files\Fichiers Communs\Nero

O43 - CFD: 22/09/2008 - 21:07:06 - [2666430] ----D- C:\Program Files\Fichiers Communs\Nokia

O43 - CFD: 11/01/2011 - 19:10:34 - [0] ----D- C:\Program Files\Fichiers Communs\ODBC

O43 - CFD: 22/09/2008 - 21:07:06 - [3303424] ----D- C:\Program Files\Fichiers Communs\PCSuite

O43 - CFD: 28/03/2007 - 18:42:06 - [8106] ----D- C:\Program Files\Fichiers Communs\Services

O43 - CFD: 28/03/2007 - 20:37:20 - [3787229] ----D- C:\Program Files\Fichiers Communs\SpeechEngines

O43 - CFD: 24/03/2011 - 21:26:28 - [57379] ----D- C:\Program Files\Fichiers Communs\Symantec Shared

O43 - CFD: 24/03/2011 - 18:50:34 - [41112916] ----D- C:\Program Files\Fichiers Communs\System

O43 - CFD: 13/06/2008 - 22:07:12 - [140346] ----D- C:\Documents and Settings\Administrateur\Application Data\AccurateRip

O43 - CFD: 15/11/2008 - 19:04:06 - [8395269] ----D- C:\Documents and Settings\Administrateur\Application Data\Adobe

O43 - CFD: 01/04/2007 - 10:39:24 - [41265] ----D- C:\Documents and Settings\Administrateur\Application Data\Ahead

O43 - CFD: 16/06/2008 - 19:37:24 - [1712] ----D- C:\Documents and Settings\Administrateur\Application Data\Apple Computer

O43 - CFD: 17/01/2008 - 20:50:18 - [118443] ----D- C:\Documents and Settings\Administrateur\Application Data\Creative

O43 - CFD: 13/06/2008 - 22:06:26 - [62104] ----D- C:\Documents and Settings\Administrateur\Application Data\dBpoweramp

O43 - CFD: 04/01/2011 - 22:21:54 - [231] ----D- C:\Documents and Settings\Administrateur\Application Data\dvdcss

O43 - CFD: 04/01/2011 - 22:21:54 - [45] ----D- C:\Documents and Settings\Administrateur\Application Data\Identities

O43 - CFD: 05/09/2007 - 19:19:14 - [3628] ----D- C:\Documents and Settings\Administrateur\Application Data\IsolatedStorage

O43 - CFD: 29/03/2007 - 18:46:24 - [5373462] ----D- C:\Documents and Settings\Administrateur\Application Data\Macromedia

O43 - CFD: 02/04/2007 - 21:39:08 - [3687203] ----D- C:\Documents and Settings\Administrateur\Application Data\Micro Application

O43 - CFD: 08/02/2009 - 16:44:54 - [16446202] -S--D- C:\Documents and Settings\Administrateur\Application Data\Microsoft

O43 - CFD: 04/01/2011 - 22:21:54 - [10839748] ----D- C:\Documents and Settings\Administrateur\Application Data\Mozilla

O43 - CFD: 14/06/2008 - 14:56:02 - [27937] ----D- C:\Documents and Settings\Administrateur\Application Data\Mp3tag

O43 - CFD: 04/01/2011 - 22:21:54 - [1563] ----D- C:\Documents and Settings\Administrateur\Application Data\Nokia

O43 - CFD: 04/01/2011 - 22:21:54 - [96933] ----D- C:\Documents and Settings\Administrateur\Application Data\Notepad++

O43 - CFD: 17/06/2008 - 20:52:08 - [13086] ----D- C:\Documents and Settings\Administrateur\Application Data\PC Suite

O43 - CFD: 10/11/2009 - 18:35:58 - [353] ----D- C:\Documents and Settings\Administrateur\Application Data\PhotoFiltre Studio X

O43 - CFD: 03/09/2009 - 17:07:00 - [538464316] ----D- C:\Documents and Settings\Administrateur\Application Data\Pro Cycling Manager 2008

O43 - CFD: 04/01/2011 - 22:21:54 - [82988] ----D- C:\Documents and Settings\Administrateur\Application Data\Scribus

O43 - CFD: 04/01/2011 - 22:21:54 - [4424823] ----D- C:\Documents and Settings\Administrateur\Application Data\Shareaza

O43 - CFD: 05/04/2007 - 22:04:12 - [2979210] ----D- C:\Documents and Settings\Administrateur\Application Data\Sun

O43 - CFD: 19/09/2008 - 21:45:34 - [442265] ----D- C:\Documents and Settings\Administrateur\Application Data\vlc

O43 - CFD: 06/03/2008 - 20:41:10 - [1950597] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Ahead

O43 - CFD: 16/06/2008 - 19:37:08 - [317198] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Apple Computer

O43 - CFD: 07/05/2009 - 21:21:04 - [5545] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\ApplicationHistory

O43 - CFD: 28/07/2008 - 20:44:14 - [75664] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\ATI

O43 - CFD: 02/01/2010 - 22:48:24 - [0] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google

O43 - CFD: 10/03/2008 - 21:49:26 - [15889317] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Identities

O43 - CFD: 07/05/2009 - 20:49:20 - [3565] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\IsolatedStorage

O43 - CFD: 11/03/2008 - 18:32:12 - [0] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Logitech-LS

O43 - CFD: 08/02/2009 - 16:45:06 - [339904663] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft

O43 - CFD: 28/02/2008 - 22:41:46 - [96650343] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla

O43 - CFD: 29/03/2007 - 17:24:36 - [23] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\MSI_WLAN

O43 - CFD: 13/06/2007 - 21:47:56 - [0] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Shareaza

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)

O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 26/03/2011 - 18:44:35 -S-A- . (...) -- C:\WINDOWS\bootstat.dat [2048]

O44 - LFC:[MD5.C411E746BA62967D7DDF947F0DD5AA6D] - 26/03/2011 - 18:44:24 ---A- . (...) -- C:\aaw7boot.log [8251]

O44 - LFC:[MD5.17FD62B6236569D86C6CF9BB223BB3D0] - 26/03/2011 - 18:43:45 ---A- . (...) -- C:\WINDOWS\WindowsUpdate.log [108739]

O44 - LFC:[MD5.BAD1621C0DD3765AECE90009F9FA2299] - 26/03/2011 - 18:43:33 ---A- . (...) -- C:\Ad-Report-CLEAN[2].txt [3299]

O44 - LFC:[MD5.9C374D0AFD7D10094863662A67087827] - 26/03/2011 - 18:42:28 ---A- . (...) -- C:\Ad-Report-SCAN[2].txt [3189]

O44 - LFC:[MD5.D221324FB8991979778E322589205A0B] - 26/03/2011 - 17:51:01 ---A- . (...) -- C:\Ad-Report-CLEAN[1].txt [10407]

O44 - LFC:[MD5.CEB50808E198385007D7783D2EA9F80F] - 26/03/2011 - 17:49:54 ---A- . (...) -- C:\Ad-Report-SCAN[1].txt [10464]

O44 - LFC:[MD5.FC0AB05D45080924526698A81620B262] - 26/03/2011 - 17:39:51 ---A- . (...) -- C:\WINDOWS\setupapi.log [110649]

O44 - LFC:[MD5.C7F0D7AA3A3C2DF333AFDD593106F39F] - 26/03/2011 - 17:29:20 ---A- . (.VIA Technologies, Inc. - ATA/ATAPI devices Hot-Plug/DIPM monitor.) -- C:\WINDOWS\System32\drivers\xfilt.sys [23192]

O44 - LFC:[MD5.C147AFA614B9925479D47CD173329789] - 26/03/2011 - 17:29:20 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\WINDOWS\System32\drivers\videX32.sys [13976]

O44 - LFC:[MD5.023867B6606FBABCDD52E089C4A507DA] - 26/03/2011 - 17:24:35 ---A- . (.Cisco Systems, Inc. - IEEE 802.1X Protocol Driver.) -- C:\WINDOWS\System32\drivers\AegisP.sys [21361]

O44 - LFC:[MD5.5C2552357BF48F223F637374B098B45B] - 26/03/2011 - 17:24:26 ---A- . (.Ralink Technology Inc. - RT2500 802.11g Wireless Adapter Driver.) -- C:\WINDOWS\System32\drivers\RT2500.sys [238208]

O44 - LFC:[MD5.5366CC0D48DBCA72187616D31924D4A0] - 26/03/2011 - 17:07:45 ---A- . (.Advanced Micro Devices, Inc. - Radeon Video Acceleration Universal Driver.) -- C:\WINDOWS\System32\ativvamv.dll [1112576]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 26/03/2011 - 17:07:42 ---A- . (...) -- C:\WINDOWS\setupact.log [0]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 26/03/2011 - 17:07:42 ---A- . (...) -- C:\WINDOWS\setuperr.log [0]

O44 - LFC:[MD5.B2A236DC65E90170A369164384EFB460] - 26/03/2011 - 16:59:41 ---A- . (.Advanced Micro Devices - AMD High Definition Audio Function Driver.) -- C:\WINDOWS\System32\drivers\AtihdXP3.sys [101904]

O44 - LFC:[MD5.F6DE787EDF11CC6DB512FBCB92E2C7E5] - 26/03/2011 - 14:04:50 ---A- . (...) -- C:\PhysicalDisk0_MBR.bin [512]

O44 - LFC:[MD5.3441D7EDDD3E293DD337FD1E1EDFE72D] - 26/03/2011 - 14:02:25 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]

O44 - LFC:[MD5.7A6FF0E6F2B921849D2EB9FE7CE09499] - 26/03/2011 - 14:02:24 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]

O44 - LFC:[MD5.53F647BE062C55E3A18C68608FFD105B] - 25/03/2011 - 19:19:25 ---A- . (.Panda Security, S.L. - Anti-malware Driver Support.) -- C:\WINDOWS\System32\drivers\RkPavproc1.sys [17544]

O44 - LFC:[MD5.3ADB8BD6154A3EF87496E8FCE9C22493] - 25/03/2011 - 19:17:09 ---A- . (.Panda Security, S.L. - Panda Boot Driver.) -- C:\WINDOWS\System32\drivers\pavboot.sys [28552]

O44 - LFC:[MD5.74B16466565398D753128997B71DD157] - 25/03/2011 - 17:28:43 ---A- . (...) -- C:\WINDOWS\SchedLgU.Txt [11630]

O44 - LFC:[MD5.E6D35F3AA51A65EB35C1F2340154A25E] - 24/03/2011 - 23:23:59 ---A- . (...) -- C:\WINDOWS\System32\drivers\kvjniha.sys [54016]

O44 - LFC:[MD5.B2B47B1004FF0662505E975A2D5BAC03] - 24/03/2011 - 19:07:58 ---A- . (...) -- C:\WINDOWS\System32\PerfStringBackup.INI [1267586]

O44 - LFC:[MD5.C89A50E11A81A33EA36395DCCBCCB487] - 24/03/2011 - 19:07:58 ---A- . (...) -- C:\WINDOWS\System32\perfc009.dat [84578]

O44 - LFC:[MD5.8045779366C7193397C9F84B6AFD1866] - 24/03/2011 - 19:07:58 ---A- . (...) -- C:\WINDOWS\System32\perfc00C.dat [100892]

O44 - LFC:[MD5.C6B1BDAE42505F946AE98A1D5CD46796] - 24/03/2011 - 19:07:58 ---A- . (...) -- C:\WINDOWS\System32\perfh009.dat [496094]

O44 - LFC:[MD5.CAD871807723420C0C0772DC1582CE81] - 24/03/2011 - 19:07:58 ---A- . (...) -- C:\WINDOWS\System32\perfh00C.dat [568520]

O44 - LFC:[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - 24/03/2011 - 19:02:55 ---A- . (...) -- C:\WINDOWS\WMSysPr9.prx [316640]

O44 - LFC:[MD5.5C174F8108BAB900D3AB1DF1A29A58E5] - 24/03/2011 - 19:01:05 ---A- . (...) -- C:\WINDOWS\System32\spupdwxp.log [90]

O44 - LFC:[MD5.E35B2BE925A84F7394306733C1682872] - 24/03/2011 - 18:59:10 ---A- . (...) -- C:\WINDOWS\System32\wpa.dbl [2206]

O44 - LFC:[MD5.CEC914BFBFBA967CEDB959CE40D9DDFA] - 24/03/2011 - 18:58:09 ---A- . (...) -- C:\WINDOWS\System32\FNTCACHE.DAT [451680]

O44 - LFC:[MD5.7794C3221F670DE270586A2CF6E68383] - 24/03/2011 - 18:48:43 RSHA- . (...) -- C:\ntldr [252240]

O44 - LFC:[MD5.C6BF0EFBBD1ECF0D2372EFF8C1C74650] - 24/03/2011 - 18:39:13 ---A- . (...) -- C:\WINDOWS\System32\d3d9caps.dat [664]

O44 - LFC:[MD5.DBA91CD5A3A68302967C03213E52BDE8] - 24/03/2011 - 18:36:28 --HA- . (...) -- C:\WINDOWS\QTFont.qfn [54156]

O44 - LFC:[MD5.CFEDED305519282BCAC83D0A1AE52E13] - 24/03/2011 - 06:35:07 ---A- . (...) -- C:\WINDOWS\DCEBoot.exe [11264]

O44 - LFC:[MD5.A59F6806FDB6C66625F0C7657C39F726] - 24/03/2011 - 06:35:07 ---A- . (...) -- C:\WINDOWS\RegBootClean.exe [102400]

O44 - LFC:[MD5.E6D35F3AA51A65EB35C1F2340154A25E] - 23/03/2011 - 23:55:52 ---A- . (...) -- C:\WINDOWS\System32\drivers\ojrsxcx.sys [54016]

O44 - LFC:[MD5.E1034D757709F37F2D1EBD96D5EAD02B] - 23/03/2011 - 23:49:06 ---A- . (...) -- C:\WINDOWS\QTFont.for [1409]

O44 - LFC:[MD5.D68E165C3123ABA3B1282EDDB4213BD8] - 23/03/2011 - 23:45:13 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [38224]

O44 - LFC:[MD5.836E0E09CA9869BE7EB39EF2CF3602C7] - 23/03/2011 - 23:45:08 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbam.sys [20952]

O44 - LFC:[MD5.1088D6AF540B5DE2810B9D7DF0664414] - 13/03/2011 - 18:22:26 ---A- . (...) -- C:\WINDOWS\wininit.ini [95]

O44 - LFC:[MD5.5866F5AC5FA90002CC1275789B715A60] - 10/03/2011 - 20:54:52 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [116]

O44 - LFC:[MD5.B41665A43EC69D48E428CF2B2BB3F2EA] - 08/02/2011 - 13:55:21 ---A- . (...) -- C:\WINDOWS\System32\lsdelete.exe [16432]

O44 - LFC:[MD5.8737F6F4C8EC1E2A9EA5516F1B3AE1AD] - 28/12/2006 - 12:01:32 ---A- . (...) -- C:\WINDOWS\002934_.tmp [19569]

---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)

O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll

---\\ Export de clé d'application autorisée (O47)

O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe

O47 - AAKE:Key Export SP - "E:\PAT\Logiciels\Shareaza\Shareaza.exe" [Enabled] .(.Shareaza Development Team - Shareaza Ultimate File Sharing.) -- E:\PAT\Logiciels\Shareaza\Shareaza.exe

O47 - AAKE:Key Export SP - "E:\PAT\Logiciels\Bit Torrent\BitTorrent.exe" [Enabled] .(.BitTorrent, Inc. - BitTorrent.) -- E:\PAT\Logiciels\Bit Torrent\BitTorrent.exe

O47 - AAKE:Key Export SP - "C:\Program Files\ma-config.com\maconfservice.exe" [Enabled] .(.CybelSoft - Service de détection matériel.) -- C:\Program Files\ma-config.com\maconfservice.exe

O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe

O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

---\\ Image File Execution Options (IFEO) (O50)

O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d

---\\ MountPoints2 Shell Key (O51)

O51 - MPSK:{4f28550c-d169-11df-8e49-0013d36d8219}\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- I:\DPFMate.exe (.not file.)

---\\ Trojan Driver Search Data (HKLM) (O52)

O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm

O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll

O52 - TDSD: \Drivers32\"vidc.I420"="i420vfw.dll" . (.www.helixcommunity.org - Helix I420 YUV Codec.) -- C:\WINDOWS\System32\i420vfw.dll

O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll

O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll

O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\System32\ir41_32.ax

O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm

O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax

O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\System32\ir50_32.dll

O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm

O52 - TDSD: \Drivers32\"vidc.yv12"="yv12vfw.dll" . (.www.helixcommunity.org - Helix YV12 YUV Codec.) -- C:\WINDOWS\System32\yv12vfw.dll

O52 - TDSD: \Drivers32\"VIDC.FMVC"="fmcodec.dll" . (.Fox Magic Software - FM Screen Capture Codec (VFW).) -- C:\WINDOWS\System32\fmcodec.dll

O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm

O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax

O52 - TDSD: \drivers.desc\"ir50_32.dll"="Indeo® video 5.10" . (.Pas de propriétaire - Pas de description.) -- (.not file.)

O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm

---\\ Microsoft Control Security Providers (O54)

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll

---\\ Microsoft Windows Policies System (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=

O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1

---\\ Microsoft Windows Policies Explorer (O56)

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145

O56 - MWPE:[HKCU\...\policies\Explorer] - "ClearDocsOnExit"=64

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoRecentDocsMenu"=1

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoCDBurning"=1

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoStartBanner"=

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSMHelp"=0

O56 - MWPE:[HKCU\...\policies\Explorer] - "ClearRecentDocsOnExit"=1

O56 - MWPE:[HKCU\...\policies\Explorer] - "MemCheckBoxInRunDlg"=1

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSMBalloonTip"=1

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDesktopCleanupWizard"=1

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWelcomeScreen"=1

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoAutoUpdate"=1

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoCDBurning"=1

---\\ Liste des Drivers Système (O58)

O58 - SDL:[MD5.8D488938E2F7048906F1FBD3AF394887] - 07/09/2010 - 15:46:51 ---A- . (.AVAST Software - avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP.) -- C:\WINDOWS\system32\drivers\aavmker4.sys [28880]

O58 - SDL:[MD5.023867B6606FBABCDD52E089C4A507DA] - 26/03/2011 - 17:24:35 ---A- . (.Cisco Systems, Inc. - IEEE 802.1X Protocol Driver.) -- C:\WINDOWS\system32\drivers\AegisP.sys [21361]

O58 - SDL:[MD5.31FFDE1BE912D7CBD3F189FEB61F86B6] - 01/07/2006 - 22:42:58 ---A- . (.Advanced Micro Devices - AMD Processor Driver.) -- C:\WINDOWS\system32\drivers\AmdK8.sys [43520]

O58 - SDL:[MD5.D48659BB24C48345D926ECB45C1EBDF5] - 13/08/2004 - 19:56:20 R--A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\WINDOWS\system32\drivers\ASACPI.sys [5810]

O58 - SDL:[MD5.DE91D0D73C3E61E6826D98FAC2FAC729] - 28/04/2004 - 00:26:48 ---A- . (...) -- C:\WINDOWS\system32\drivers\ASUSHWIO.SYS [5824]

O58 - SDL:[MD5.A0D86B8AC93EF95620420C7A24AC5344] - 07/09/2010 - 15:47:07 ---A- . (.AVAST Software - avast! File System Access Blocking Driver.) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys [17744]

O58 - SDL:[MD5.570158B3B6FABC239992B42F5D23E5DF] - 07/09/2010 - 15:47:16 ---A- . (.AVAST Software - avast! File System Filter Driver for Windows NT/2000.) -- C:\WINDOWS\system32\drivers\aswmon.sys [94544]

O58 - SDL:[MD5.7D880C76A285A41284D862E2D798EC0D] - 07/09/2010 - 15:47:19 ---A- . (.AVAST Software - avast! File System Filter Driver for Windows XP.) -- C:\WINDOWS\system32\drivers\aswmon2.sys [100176]

O58 - SDL:[MD5.69823954BBD461A73D69774928C9737E] - 07/09/2010 - 15:47:46 ---A- . (.AVAST Software - avast! TDI RDR Driver.) -- C:\WINDOWS\system32\drivers\aswRdr.sys [23376]

O58 - SDL:[MD5.7ECC2776638B04553F9A85BD684C3ABF] - 07/09/2010 - 15:52:03 ---A- . (.AVAST Software - avast! self protection module.) -- C:\WINDOWS\system32\drivers\aswSP.sys [165584]

O58 - SDL:[MD5.095ED820A926AA8189180B305E1BCFC9] - 07/09/2010 - 15:52:25 ---A- . (.AVAST Software - avast! TDI Filter Driver.) -- C:\WINDOWS\system32\drivers\aswTdi.sys [46672]

O58 - SDL:[MD5.C2B6F2161ABD498D2B453050FFC81812] - 27/01/2011 - 00:34:30 ---A- . (.ATI Technologies Inc. - ATI Radeon WindowsNT Miniport Driver.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys [6406656]

O58 - SDL:[MD5.B2A236DC65E90170A369164384EFB460] - 17/11/2010 - 13:03:56 ---A- . (.Advanced Micro Devices - AMD High Definition Audio Function Driver.) -- C:\WINDOWS\system32\drivers\AtihdXP3.sys [101904]

O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 24/08/2001 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\drivers\cinemst2.sys [262528]

O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 24/08/2001 - 13:00:00 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys [11776]

O58 - SDL:[MD5.E9648254056BCE81A85380C0C3647DC4] - 17/08/2001 - 21:13:08 ---A- . (.VIA Technologies, Inc. - NDIS 5.0 miniport driver.) -- C:\WINDOWS\system32\drivers\fetnd5.sys [27165]

O58 - SDL:[MD5.E6D35F3AA51A65EB35C1F2340154A25E] - 24/03/2011 - 23:23:59 ---A- . (...) -- C:\WINDOWS\system32\drivers\kvjniha.sys [54016]

O58 - SDL:[MD5.B7C19EC8B0DD7EFA58AD41FFEB8B8CDA] - 03/12/2010 - 10:05:34 ---A- . (.Lavasoft AB - Boot Driver.) -- C:\WINDOWS\system32\drivers\Lbd.sys [64288]

O58 - SDL:[MD5.A084C8846531BC12F6D44843C6FB48D8] - 15/03/2004 - 09:03:18 ---A- . (.Ralink Technology Inc. - Sample Driver for Ralink 802.11g Wireless PCI Adapters.) -- C:\WINDOWS\system32\drivers\M2500.sys [104448]

O58 - SDL:[MD5.836E0E09CA9869BE7EB39EF2CF3602C7] - 20/12/2010 - 18:08:40 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbam.sys [20952]

O58 - SDL:[MD5.D68E165C3123ABA3B1282EDDB4213BD8] - 20/12/2010 - 18:09:00 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys [38224]

O58 - SDL:[MD5.E0096877B06DAA0ABED30934007A7486] - 26/03/2004 - 16:19:28 ---A- . (.802.11 Wireless - NDIS Driver for 802.11 Wireless Adapters.) -- C:\WINDOWS\system32\drivers\MS24ksta.sys [62080]

O58 - SDL:[MD5.2757244711C312F42DB0DD0BEE217BDF] - 24/03/2004 - 10:46:32 ---A- . (.Ralink Technology Inc. - Sample Driver for Ralink 802.11g Wireless PCI Adapters.) -- C:\WINDOWS\system32\drivers\MS25kap.sys [90752]

O58 - SDL:[MD5.A084C8846531BC12F6D44843C6FB48D8] - 17/03/2004 - 15:04:34 ---A- . (.Ralink Technology Inc. - Sample Driver for Ralink 802.11g Wireless PCI Adapters.) -- C:\WINDOWS\system32\drivers\MS25ksta.sys [104448]

O58 - SDL:[MD5.A9796CDFBBBB6D5CFE3792693D8627DD] - 09/03/2004 - 11:34:52 ---A- . (.ZyDAS Technology Corporation - ZD1201 802.11b USB MP-Driver(XP).) -- C:\WINDOWS\system32\drivers\ms6823.SYS [55168]

O58 - SDL:[MD5.1B383E75FFE25CA46887EBF5AC95913F] - 10/11/2003 - 15:25:30 ---A- . (.ZyDAS Technology Corporation - ZD1201 802.11b USB MP-Driver(XP).) -- C:\WINDOWS\system32\drivers\ms6823ap.SYS [44288]

O58 - SDL:[MD5.A9796CDFBBBB6D5CFE3792693D8627DD] - 09/03/2004 - 11:34:52 ---A- . (.ZyDAS Technology Corporation - ZD1201 802.11b USB MP-Driver(XP).) -- C:\WINDOWS\system32\drivers\ms6823sta.sys [55168]

O58 - SDL:[MD5.693DB36881C3AE56064B1861BE28CDA7] - 19/02/2004 - 17:08:38 ---A- . (.PCTEL Inc. - PCTEL Software Access Point.) -- C:\WINDOWS\system32\drivers\ms6826ap.SYS [367047]

O58 - SDL:[MD5.3102F13AFDCDFBFE1467BF03BF027CB1] - 19/02/2004 - 17:08:54 ---A- . (.GlobespanVirata, Inc. - PRISM Wireless NDIS 5.1 Driver.) -- C:\WINDOWS\system32\drivers\MS6826sta.sys [336800]

O58 - SDL:[MD5.AE96075A3AED5C40F1EAD477EA94ACD7] - 19/02/2004 - 10:51:02 ---A- . (.Broadcom Corporation - BCM 802.11g Network Adapter wireless driver.) -- C:\WINDOWS\system32\drivers\ms68bm.sys [300928]

O58 - SDL:[MD5.DC0F6C76603A88BCF943FFF093444FD1] - 13/11/2003 - 10:50:26 ---A- . (.ATMEL - NDIS 5.0/5.1 driver.) -- C:\WINDOWS\system32\drivers\msi505x.sys [99328]

O58 - SDL:[MD5.56DE0C4BFDFC973BC6FCADA6F76C9957] - 03/03/2004 - 11:01:06 ---A- . (.GlobespanVirata, Inc. - PRISM Wireless NDIS 5.1 Driver.) -- C:\WINDOWS\system32\drivers\MSI68ICB.sys [418240]

O58 - SDL:[MD5.3B374B6A0A50BC97B8A4DC54F150D0C8] - 10/11/2003 - 15:25:30 ---A- . (.Ralink Technology Inc. - Sample Driver for Ralink 802.11 Wireless PCI Adapters.) -- C:\WINDOWS\system32\drivers\msiralap.sys [37376]

O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 24/08/2001 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\nikedrv.sys [12032]

O58 - SDL:[MD5.E6D35F3AA51A65EB35C1F2340154A25E] - 23/03/2011 - 23:55:52 ---A- . (...) -- C:\WINDOWS\system32\drivers\ojrsxcx.sys [54016]

O58 - SDL:[MD5.3ADB8BD6154A3EF87496E8FCE9C22493] - 30/06/2009 - 10:37:16 ---A- . (.Panda Security, S.L. - Panda Boot Driver.) -- C:\WINDOWS\system32\drivers\pavboot.sys [28552]

O58 - SDL:[MD5.87D211BA1E9759E26B6296E625A31CE8] - 16/09/2002 - 18:07:24 ---A- . (.PowerQuest Corporation - PowerQuest Boot Mode Driver..) -- C:\WINDOWS\system32\drivers\PQNTDRV.sys [4228]

O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 24/08/2001 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys [17792]

O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 24/08/2001 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers\rio8drv.sys [12032]

O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 24/08/2001 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\riodrv.sys [12032]

O58 - SDL:[MD5.53F647BE062C55E3A18C68608FFD105B] - 07/10/2009 - 16:28:50 ---A- . (.Panda Security, S.L. - Anti-malware Driver Support.) -- C:\WINDOWS\system32\drivers\RkPavproc1.sys [17544]

O58 - SDL:[MD5.5C2552357BF48F223F637374B098B45B] - 09/02/2009 - 10:52:00 ---A- . (.Ralink Technology Inc. - RT2500 802.11g Wireless Adapter Driver.) -- C:\WINDOWS\system32\drivers\RT2500.sys [238208]

O58 - SDL:[MD5.8FDEB52DE660E17BAAA41E974974C444] - 04/03/2006 - 04:12:10 R---- . (.Realtek Semiconductor Corp. - Realtek® High Definition Audio Function Driver.) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys [4244480]

O58 - SDL:[MD5.C1AE5D1F53285D79A0B73A62AF20734F] - 31/01/2011 - 23:37:53 ---A- . (.Sunbelt Software - Anti-Rootkit Engine.) -- C:\WINDOWS\system32\drivers\SBREDrv.sys [98392]

O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/04/2008 - 09:39:16 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\secdrv.sys [20480]

O58 - SDL:[MD5.58EF1200E915817C00FCFD7F2CF01200] - 29/01/2010 - 00:00:00 ---A- . (...) -- C:\WINDOWS\system32\drivers\sptd.sys [721904]

O58 - SDL:[MD5.D74A8EC75305F1D3CFDE7C7FC1BD62A9] - 24/08/2001 - 13:00:00 ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\drivers\tsbvcap.sys [21376]

O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 24/08/2001 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys [58112]

O58 - SDL:[MD5.C147AFA614B9925479D47CD173329789] - 11/02/2010 - 11:59:18 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\WINDOWS\system32\drivers\videX32.sys [13976]

O58 - SDL:[MD5.C0F55CC0903CFDC819F6D857402B697C] - 06/01/2005 - 19:02:10 ---A- . (.VIA Technologies, Inc. - VIA USB Host Controller Lower Filter Driver.) -- C:\WINDOWS\system32\drivers\vulfnth.sys [6912]

O58 - SDL:[MD5.545D98A7F61AF1C7C4AD38B8F333E0B7] - 07/06/2005 - 18:51:38 ---A- . (.VIA Technologies, Inc. - VIA USB Roothub Lower Filter Driver.) -- C:\WINDOWS\system32\drivers\vulfntr.sys [11264]

O58 - SDL:[MD5.C7F0D7AA3A3C2DF333AFDD593106F39F] - 11/02/2010 - 11:59:48 ---A- . (.VIA Technologies, Inc. - ATA/ATAPI devices Hot-Plug/DIPM monitor.) -- C:\WINDOWS\system32\drivers\xfilt.sys [23192]

O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 24/08/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]

O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 24/08/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]

O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 24/08/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]

O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 24/08/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]

O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 03/08/2004 - 21:46:56 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]

O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 24/08/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]

O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 24/08/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]

O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 24/08/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]

O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 24/08/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]

O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 24/08/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]

O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 03/08/2004 - 21:45:26 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]

O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 03/08/2004 - 21:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]

O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 03/08/2004 - 21:45:12 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]

O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 03/08/2004 - 21:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]

O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 03/08/2004 - 21:45:14 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]

O58 - SDL:[MD5.CEEF86CB35ABE95C40A88784F5B631AD] - 01/07/2003 - 21:26:16 ---A- . (.Printing Communications Assoc., Inc. (PCAUS - PCAUSA NDIS 5.0 Protocol Driver.) -- C:\WINDOWS\system32\PCANDIS5.SYS [16128]

---\\ Liste des outils de nettoyage (O63)

O63 - Logiciel: Ad-Remover par C_XX - (.C_XX.) [HKLM] -- Ad-Remover

O63 - Logiciel: ZHPDiag 1.27 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1

---\\ Liste des services Legacy (O64)

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\AAVMKER4.sys - (.not file.) - avast! Asynchronous Virus Monitor (Aavmker4) .(...) - LEGACY_AAVMKER4

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\AegisP.sys - AEGIS Protocol (IEEE 802.1x) v3.7.5.0 (AegisP) .(.Cisco Systems, Inc. - IEEE 802.1X Protocol Driver.) - LEGACY_AEGISP

O64 - Services: CurCS - C:\WINDOWS\system32\drivers\afd.sys - AFD (AFD) .(.Microsoft Corporation - Ancillary Function Driver for WinSock.) - LEGACY_AFD

O64 - Services: CurCS - C:\WINDOWS\System32\alg.exe - Service de la passerelle de la couche Application (ALG) .(.Microsoft Corporation - Application Layer Gateway Service.) - LEGACY_ALG

O64 - Services: CurCS - C:\WINDOWS\TEMP\xuag\setup.exe - AMService (AMService) .(.S893x8s0zcQVS7 - Pas de description.) - LEGACY_AMSERVICE

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Gestion d'applications (AppMgmt) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_APPMGMT

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\ASWFSBLK.sys - (.not file.) - aswFsBlk (aswFsBlk) .(...) - LEGACY_ASWFSBLK

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\ASWMON2.sys - (.not file.) - avast! Standard Shield Support (aswMon2) .(...) - LEGACY_ASWMON2

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\ASWRDR.sys - (.not file.) - aswRdr (aswRdr) .(...) - LEGACY_ASWRDR

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\ASWSP.sys - (.not file.) - avast! Self Protection (aswSP) .(...) - LEGACY_ASWSP

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\ASWTDI.sys - (.not file.) - avast! Network Shield Support (aswTdi) .(...) - LEGACY_ASWTDI

O64 - Services: CurCS - C:\WINDOWS\system32\Ati2evxx.exe - Ati HotKey Poller (Ati HotKey Poller) .(.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - LEGACY_ATI_HOTKEY_POLLER

O64 - Services: CurCS - C:\WINDOWS\system32\ati2sgag.exe - ATI Smart (ATI Smart) .(.Pas de propriétaire - ATI Smart.) - LEGACY_ATI_SMART

O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Audio Windows (AudioSrv) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_AUDIOSRV

O64 - Services: CurCS - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe - avast! Antivirus (avast! Antivirus) .(.AVAST Software - avast! Service.) - LEGACY_AVAST!_ANTIVIRUS

O64 - Services: CurCS - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe - avast! Mail Scanner (avast! Mail Scanner) .(.AVAST Software - avast! Service.) - LEGACY_AVAST!_MAIL_SCANNER

O64 - Services: CurCS - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe - avast! Web Scanner (avast! Web Scanner) .(.AVAST Software - avast! Service.) - LEGACY_AVAST!_WEB_SCANNER

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\BEEP.sys - Beep (Beep) .(...) - LEGACY_BEEP

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Service de transfert intelligent en arrière-plan (BITS) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_BITS

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Explorateur d'ordinateur (Browser) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_BROWSER

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\CDFS.sys - cdfs (cdfs) .(...) - LEGACY_CDFS

O64 - Services: CurCS - (.not file.) - (.not file.) - Application système COM+ (COMSysApp) .(...) - LEGACY_COMSYSAPP

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Services de cryptographie (CryptSvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_CRYPTSVC

O64 - Services: CurCS - (.not file.) - (.not file.) - Lanceur de processus serveur DCOM (DcomLaunch) .(...) - LEGACY_DCOMLAUNCH

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Client DHCP (Dhcp) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_DHCP

O64 - Services: CurCS - C:\WINDOWS\System32\dmadmin.exe - Service d'administration du Gestionnaire de disque logique (dmadmin) .(.Microsoft Corp., Veritas Software - Processus du service Gestionnaire de disque.) - LEGACY_DMADMIN

O64 - Services: CurCS - C:\Windows\System32\drivers\dmboot.sys - dmboot (dmboot) .(.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disq.) - LEGACY_DMBOOT

O64 - Services: CurCS - C:\Windows\System32\drivers\dmload.sys - dmload (dmload) .(.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) - LEGACY_DMLOAD

O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Gestionnaire de disque logique (dmserver) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_DMSERVER

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Client DNS (Dnscache) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_DNSCACHE

O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Service de rapport d'erreurs (ERSvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_ERSVC

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Système d'événements de COM+ (EventSystem) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_EVENTSYSTEM

O64 - Services: CurCS - C:\Program Files\Fichiers communs\MAGIX Services\Database\bin\FABS.exe - FABS - Helping agent for MAGIX media database (Fabs) .(.MAGIX AG - Verzeichnisüberwachung und Hilfsaufgaben fü.) - LEGACY_FABS

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\FASTFAT.sys - fastfat (fastfat) .(...) - LEGACY_FASTFAT

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\FIPS.sys - Fips (Fips) .(...) - LEGACY_FIPS

O64 - Services: CurCS - C:\Windows\System32\drivers\fltmgr.sys - FltMgr (FltMgr) .(.Microsoft Corporation - Microsoft Filesystem Filter Manager.) - LEGACY_FLTMGR

O64 - Services: CurCS - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe - Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) .(.Microsoft Corporation - PresentationFontCache.exe.) - LEGACY_FONTCACHE3.0.0.0

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\FS_REC.sys - Fs_Rec (Fs_Rec) .(...) - LEGACY_FS_REC

O64 - Services: CurCS - C:\WINDOWS\System32\GEARSec.exe (.not file.) - GEARSecurity (GEARSecurity) .(...) - LEGACY_GEARSECURITY

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\msgpc.sys - Classificateur de paquets générique (Gpc) .(.Microsoft Corporation - MS General Packet Classifier.) - LEGACY_GPC

O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Aide et support (helpsvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_HELPSVC

O64 - Services: CurCS - C:\Windows\System32\Drivers\HTTP.sys - HTTP (HTTP) .(.Microsoft Corporation - HTTP Protocol Stack.) - LEGACY_HTTP

O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - HTTP SSL (HTTPFilter) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_HTTPFILTER

O64 - Services: CurCS - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe - InstallDriver Table Manager (IDriverT) .(.Macrovision Corporation - IDriverT Module.) - LEGACY_IDRIVERT

O64 - Services: CurCS - (.not file.) - InCD File System (InCDfs) .(...) - LEGACY_INCDFS

O64 - Services: CurCS - (.not file.) - InCDrec (InCDrec) .(...) - LEGACY_INCDREC

O64 - Services: CurCS - (.not file.) - InCD Helper (InCDsrv) .(...) - LEGACY_INCDSRV

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\ipnat.sys - Traducteur d'adresses réseau IP (IpNat) .(.Microsoft Corporation - IP Network Address Translator.) - LEGACY_IPNAT

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\ipsec.sys - Pilote IPSEC (IPSec) .(.Microsoft Corporation - IPSec Driver.) - LEGACY_IPSEC

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\KSECDD.sys - ksecdd (ksecdd) .(...) - LEGACY_KSECDD

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Serveur (lanmanserver) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_LANMANSERVER

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Station de travail (LanmanWorkstation) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_LANMANWORKSTATION

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\Lbd.sys - Lbd (Lbd) .(.Lavasoft AB - Boot Driver.) - LEGACY_LBD

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Assistance TCP/IP NetBIOS (LmHosts) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_LMHOSTS

O64 - Services: CurCS - C:\Program Files\ma-config.com\maconfservice.exe - Ma-Config Service (maconfservice) .(.CybelSoft - Service de détection matériel.) - LEGACY_MACONFSERVICE

O64 - Services: CurCS - (.not file.) - mbr (mbr) .(...) - LEGACY_MBR

O64 - Services: CurCS - (.not file.) - mchInjDrv (mchInjDrv) .(...) - LEGACY_MCHINJDRV

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MNMDD.sys - mnmdd (mnmdd) .(...) - LEGACY_MNMDD

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MODEM.sys - modem (modem) .(...) - LEGACY_MODEM

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MOUNTMGR.sys - (.not file.) - mountmgr (mountmgr) .(...) - LEGACY_MOUNTMGR

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\mrxdav.sys - Redirecteur client WebDav (MRxDAV) .(.Microsoft Corporation - Windows NT WebDav Minirdr.) - LEGACY_MRXDAV

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\mrxsmb.sys - MRXSMB (MRxSmb) .(.Microsoft Corporation - Windows NT SMB Minirdr.) - LEGACY_MRXSMB

O64 - Services: CurCS - C:\WINDOWS\system32\msdtc.exe - Distributed Transaction Coordinator (MSDTC) .(.Microsoft Corporation - MS DTC console program.) - LEGACY_MSDTC

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MSFS.sys - Msfs (Msfs) .(...) - LEGACY_MSFS

O64 - Services: CurCS - C:\WINDOWS\system32\msiexec.exe - Windows Installer (MSIServer) .(.Microsoft Corporation - Windows® installer.) - LEGACY_MSISERVER

O64 - Services: CurCS - C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe - MSI_WLAN_Service (MSI_WLAN_Service) .(.Pas de propriétaire - WlanService.) - LEGACY_MSI_WLAN_SERVICE

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MUP.sys - (.not file.) - Mup (Mup) .(...) - LEGACY_MUP

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NDIS.sys - (.not file.) - Pilote système NDIS (NDIS) .(...) - LEGACY_NDIS

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\ndistapi.sys - Pilote TAPI NDIS d'accès distant (NdisTapi) .(.Microsoft Corporation - NDIS 3.0 connection wrapper driver.) - LEGACY_NDISTAPI

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\ndisuio.sys - NDIS mode utilisateur E/S Protocole (Ndisuio) .(.Microsoft Corporation - NDIS User mode I/O Driver.) - LEGACY_NDISUIO

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NDPROXY.sys - NDProxy (NDProxy) .(...) - LEGACY_NDPROXY

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\netbios.sys - Interface NetBIOS (NetBIOS) .(.Microsoft Corporation - NetBIOS interface driver.) - LEGACY_NETBIOS

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\netbt.sys - NetBIOS sur TCP/IP (NetBT) .(.Microsoft Corporation - MBT Transport driver.) - LEGACY_NETBT

O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Connexions réseau (Netman) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_NETMAN

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - NLA (Network Location Awareness) (Nla) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_NLA

O64 - Services: CurCS - E:\PAT\Logiciels\Ghost\Agent\PQV2iSvc.exe (.not file.) - Norton Ghost (Norton Ghost) .(...) - LEGACY_NORTON_GHOST

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NPFS.sys - Npfs (Npfs) .(...) - LEGACY_NPFS

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NTFS.sys - ntfs (ntfs) .(...) - LEGACY_NTFS

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Stockage amovible (NtmsSvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_NTMSSVC

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NULL.sys - Null (Null) .(...) - LEGACY_NULL

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\PARTMGR.sys - (.not file.) - PartMgr (PartMgr) .(...) - LEGACY_PARTMGR

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\PARVDM.sys - ParVdm (ParVdm) .(...) - LEGACY_PARVDM

O64 - Services: CurCS - C:\Windows\System32\drivers\pavboot.sys - pavboot (pavboot) .(.Panda Security, S.L. - Panda Boot Driver.) - LEGACY_PAVBOOT

O64 - Services: CurCS - C:\WINDOWS\system32\PCANDIS5.sys - PCANDIS5 NDIS Protocol Driver (PCANDIS5) .(.Printing Communications Assoc., Inc. (PCAUS - PCAUSA NDIS 5.0 Protocol Driver.) - LEGACY_PCANDIS5

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\pciide.sys - PCIIde (PCIIde) .(.Microsoft Corporation - Pilote de bus générique PCI IDE.) - LEGACY_PCIIDE

O64 - Services: CurCS - (.not file.) - PQIMount (PQIMount) .(...) - LEGACY_PQIMOUNT

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\PQNTDRV.sys - PQNTDrv (PQNTDrv) .(...) - LEGACY_PQNTDRV

O64 - Services: CurCS - (.not file.) - PQV2i (PQV2i) .(...) - LEGACY_PQV2I

O64 - Services: CurCS - C:\WINDOWS\system32\lsass.exe - Emplacement protégé (ProtectedStorage) .(.Microsoft Corporation - LSA Shell (Export Version).) - LEGACY_PROTECTEDSTORAGE

O64 - Services: CurCS - C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe - Ralink Registry Writer (RalinkRegistryWriter) .(.Ralink Technology, Corp. - RalinkRegistryWriter.) - LEGACY_RALINKREGISTRYWRITER

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\rasacd.sys - Pilote de connexion automatique d'accès distant (RasAcd) .(.Microsoft Corporation - RAS Automatic Connection Driver.) - LEGACY_RASACD

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Gestionnaire de connexions d'accès distant (RasMan) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_RASMAN

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\rdbss.sys - Rdbss (Rdbss) .(.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - LEGACY_RDBSS

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\RDPCDD.sys - RDPCDD (RDPCDD) .(.Microsoft Corporation - RDP Miniport.) - LEGACY_RDPCDD

O64 - Services: CurCS - (.not file.) - RDPNP (RDPNP) .(...) - LEGACY_RDPNP

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Accès à distance au Registre (RemoteRegistry) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_REMOTEREGISTRY

O64 - Services: CurCS - C:\WINDOWS\system32\drivers\RkPavproc1.sys - RkPavproc1 (RkPavproc1) .(.Panda Security, S.L. - Anti-malware Driver Support.) - LEGACY_RKPAVPROC1

O64 - Services: CurCS - (.not file.) - (.not file.) - Appel de procédure distante (RPC) (RpcSs) .(...) - LEGACY_RPCSS

O64 - Services: CurCS - C:\WINDOWS\system32\lsass.exe - Gestionnaire de comptes de sécurité (SamSs) .(.Microsoft Corporation - LSA Shell (Export Version).) - LEGACY_SAMSS

O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Planificateur de tâches (Schedule) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SCHEDULE

O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Connexion secondaire (seclogon) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SECLOGON

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Notification d'événement système (SENS) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SENS

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Pare-feu Windows / Partage de connexion Internet (SharedAccess) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SHAREDACCESS

O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Détection matériel noyau (ShellHWDetection) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SHELLHWDETECTION

O64 - Services: CurCS - C:\WINDOWS\system32\spoolsv.exe - Spouleur d'impression (Spooler) .(.Microsoft Corporation - Spooler SubSystem App.) - LEGACY_SPOOLER

O64 - Services: CurCS - C:\Windows\System32\Drivers\sptd.sys - sptd (sptd) .(...) - LEGACY_SPTD

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\sr.sys - Pilote de filtre de restauration système (sr) .(.Microsoft Corporation - Pilote de filtre de système de fichiers pou.) - LEGACY_SR

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Service de restauration système (srservice) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SRSERVICE

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\srv.sys - Srv (Srv) .(.Microsoft Corporation - Server driver.) - LEGACY_SRV

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Service de découvertes SSDP (SSDPSRV) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SSDPSRV

O64 - Services: CurCS - (.not file.) - SSHNAS (SSHNAS) .(...) - LEGACY_SSHNAS

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Acquisition d'image Windows (WIA) (stisvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_STISVC

O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Téléphonie (TapiSrv) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_TAPISRV

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\tcpip.sys - Pilote du protocole TCP/IP (Tcpip) .(.Microsoft Corporation - TCP/IP Protocol Driver.) - LEGACY_TCPIP

O64 - Services: CurCS - (.not file.) - (.not file.) - Services Terminal Server (TermService) .(...) - LEGACY_TERMSERVICE

O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Thèmes (Themes) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_THEMES

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Client de suivi de lien distribué (TrkWks) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_TRKWKS

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\UDFS.sys - Udfs (Udfs) .(...) - LEGACY_UDFS

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Hôte de périphérique universel Plug-and-Play (upnphost) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_UPNPHOST

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\VGA.sys - vga (vga) .(...) - LEGACY_VGA

O64 - Services: CurCS - C:\WINDOWS\system32\drivers\vga.sys - VgaSave (VgaSave) .(.Microsoft Corporation - VGA/Super VGA Video Driver.) - LEGACY_VGASAVE

O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - PCI Bus r0c9c Support (vhdjeavl) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_VHDJEAVL

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\viaide.sys - ViaIde (ViaIde) .(.Microsoft Corporation - Generic PCI IDE Bus Driver.) - LEGACY_VIAIDE

O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\VOLSNAP.sys - VolSnap (VolSnap) .(...) - LEGACY_VOLSNAP

O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Horloge Windows (W32Time) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_W32TIME

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\wanarp.sys - Pilote ARP IP d'accès distant (Wanarp) .(.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - LEGACY_WANARP

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - WebClient (WebClient) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WEBCLIENT

O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Infrastructure de gestion Windows (winmgmt) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WINMGMT

O64 - Services: CurCS - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe - Windows Presentation Foundation Font Cache 4.0.0.0 (WPFFontCache_v0400) .(.Microsoft Corporation - wpffontcache_v0400.exe.) - LEGACY_WPFFONTCACHE_V0400

O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Centre de sécurité (wscsvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WSCSVC

O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Mises à jour automatiques (wuauserv) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WUAUSERV

O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Configuration automatique sans fil (WZCSVC) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WZCSVC

---\\ File Associations Shell Spawning (O67)

O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll

O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe

O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll

O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe

---\\ Start Menu Internet (O68)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

---\\ Search Browser Infection (O69)

O69 - SBI: SearchScopes [HKCU] ${searchCLSID} [DefaultScope] - (@ieframe.dll,-12512) - Bing

---\\ Internet Feature Controls (O81)

O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe

O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe

---\\ Scan Additionnel (O88)

Database Version : 2639 - (26/03/2011)

[HKCR\bittorrent] =>Adware.BHO

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBar

[HKLM\Software\Classes\bittorrent] =>Adware.BHO

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBar

---\\ Recherche détournement de DNS routeur (O89)

Serveur : dns1.proxad.net

Address: 212.27.40.240

Nom : www.l.google.com

Addresses: 209.85.147.99, 209.85.147.103, 209.85.147.106, 209.85.147.147

209.85.147.105, 209.85.147.104

Aliases: www.google.fr, www.google.com

---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)

SS - | Auto 24/03/2011 53760 | (AMService) . (.S893x8s0zcQVS7.) - C:\WINDOWS\TEMP\xuag\setup.exe

SR - | Auto 26/01/2011 638976 | (Ati HotKey Poller) . (.ATI Technologies Inc..) - C:\WINDOWS\system32\Ati2evxx.exe

SS - | Auto 25/09/2009 593920 | (ATI Smart) . (...) - C:\WINDOWS\system32\ati2sgag.exe

SR - | Auto 07/09/2010 40384 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

SR - | Demand 07/09/2010 40384 | (avast! Mail Scanner) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

SR - | Demand 07/09/2010 40384 | (avast! Web Scanner) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\System32\dmadmin.exe

SS - | Auto 27/08/2009 1253376 | (Fabs) . (.MAGIX AG.) - C:\Program Files\Fichiers communs\MAGIX Services\Database\bin\FABS.exe

SS - | Demand 07/08/2008 3276800 | (FirebirdServerMAGIXInstance) . (.MAGIX®.) - C:\Program Files\Fichiers communs\MAGIX Services\Database\bin\fbserver.exe

SS - | Auto 07/08/2008 0 | (GEARSecurity) . (...) - C:\WINDOWS\System32\GEARSec.exe

SS - | Demand 03/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

SS - | Demand 30/12/2009 153376 | (JavaQuickStarterService) . (.Sun Microsystems, Inc..) - C:\Program Files\Java\jre6\bin\jqs.exe

SR - | Auto 08/03/2011 1405384 | (Lavasoft Ad-Aware Service) . (.Lavasoft Limited.) - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

SS - | Demand 23/03/2011 311744 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe

SS - | Auto 11/05/2004 180224 | (MSI_WLAN_Service) . (...) - C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe

SS - | Disabled 11/05/2004 0 | (Norton Ghost) . (...) - E:\PAT\Logiciels\Ghost\Agent\PQV2iSvc.exe

SR - | Auto 23/04/2008 69632 | (RalinkRegistryWriter) . (.Ralink Technology, Corp..) - C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe

---\\ Recherche Master Boot Record Infection (MBR)(O80)

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, GMER - Rootkit Detector and Remover

Run by Administrateur at 26/03/2011 18:50:07

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys xfilt.sys ACPI.sys hal.dll atapi.sys splu.sys >>UNKNOWN [0x8A4F1938]<<

C:\WINDOWS\system32\drivers\xfilt.sys VIA Technologies, Inc. VIA filter driver

splu.sys

1 ntkrnlpa!IofCallDriver[0x804EE120] -> \Device\Harddisk0\DR0[0x8A407AB8]

3 CLASSPNP[0xF74C7FD7] -> ntkrnlpa!IofCallDriver[0x804EE120] -> [0x8A547B10]

5 xfilt[0xF74E8026] -> ntkrnlpa!IofCallDriver[0x804EE120] -> \Device\00000078[0x8A458C80]

7 ACPI[0xF7244620] -> ntkrnlpa!IofCallDriver[0x804EE120] -> \Device\Ide\IdeDeviceP0T0L0-3[0x8A490D98]

kernel: MBR read successfully

detected hooks:

\Device\Ide\IdeDeviceP2T0L0-25 -> \??\IDE#DiskMAXTOR_STM3802110A______________________3.AAJ___#5&318fba88&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

\Driver\atapi DriverStartIo -> 0x8A43627F

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)

Written by ad13, http://ad13.gee k s tog

Run by Administrateur at 26/03/2011 18:50:10

Use the desktop link 'MBRCheck' to have full report

Dump file Name : C:\PhysicalDisk0_MBR.bin

---\\ Liste des émulateurs de CD/DVD (Hook du MBR)

O58 - SDL:[MD5.58EF1200E915817C00FCFD7F2CF01200] - 29/01/2010 - 00:00:00 ---A- . (...) -- C:\WINDOWS\system32\drivers\sptd.sys [721904]

End of the scan (1130 lines in 01mn 55s)(0)

Modifié le 29 mars 2011 par trabec54

Apollo · le 26 mars 2011

Soir,

Télécharge TDSSKiller de Kaspersky sur ton bureau.

Ou: http://support.kaspersky.com/fr/downloads/utils/tdsskiller.zip ; décompresse le zip.

Double-clique sur TDSSKiller.exe

L'écran de TDSSKiller s'affiche:

Cliquer sur Start scan pour lancer l'analyse.

NB: TDSSKiller proposera des options: Delete, Skip ou Cure, il ne faut pas modifier ces options! (Supprimer, ignorer, "soigner")

Lorsque l'outil a terminé son travail d'inspection, si des nuisibles ("Malicious objects") ont été trouvés,

vérifier que l'option Cure est sélectionnée, puis cliquer sur le bouton Continue puis sur le bouton Reboot now.

Envoyer en réponse:

*- Le rapport de TDSSKiller (contenu du fichier SystemDrive \TDSSKiller.Version_Date_Heure_log.txt)

[systemDrive représente la partition sur laquelle est installé le système, généralement C:] .

trabec54 · le 26 mars 2011

Bonsoir Apollo,

ci-dessous le rapport de TDSSKILLER.

Merci pour ton aide.

2011/03/27 00:25:56.0468 1280 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/03/27 00:25:56.0734 1280 ================================================================================

2011/03/27 00:25:56.0734 1280 SystemInfo:

2011/03/27 00:25:56.0734 1280

2011/03/27 00:25:56.0734 1280 OS Version: 5.1.2600 ServicePack: 3.0

2011/03/27 00:25:56.0734 1280 Product type: Workstation

2011/03/27 00:25:56.0734 1280 ComputerName: ORDI-XPSP2

2011/03/27 00:25:56.0734 1280 UserName: Administrateur

2011/03/27 00:25:56.0734 1280 Windows directory: C:\WINDOWS

2011/03/27 00:25:56.0734 1280 System windows directory: C:\WINDOWS

2011/03/27 00:25:56.0734 1280 Processor architecture: Intel x86

2011/03/27 00:25:56.0734 1280 Number of processors: 1

2011/03/27 00:25:56.0734 1280 Page size: 0x1000

2011/03/27 00:25:56.0734 1280 Boot type: Normal boot

2011/03/27 00:25:56.0734 1280 ================================================================================

2011/03/27 00:25:57.0593 1280 Initialize success

2011/03/27 00:26:05.0765 2516 ================================================================================

2011/03/27 00:26:05.0765 2516 Scan started

2011/03/27 00:26:05.0765 2516 Mode: Manual;

2011/03/27 00:26:05.0765 2516 ================================================================================

2011/03/27 00:26:06.0093 2516 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys

2011/03/27 00:26:06.0296 2516 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/03/27 00:26:06.0390 2516 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/03/27 00:26:06.0546 2516 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/03/27 00:26:06.0656 2516 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2011/03/27 00:26:06.0781 2516 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys

2011/03/27 00:26:07.0078 2516 AmdK8 (31ffde1be912d7cbd3f189feb61f86b6) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

2011/03/27 00:26:07.0375 2516 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys

2011/03/27 00:26:07.0468 2516 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys

2011/03/27 00:26:07.0546 2516 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys

2011/03/27 00:26:07.0640 2516 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys

2011/03/27 00:26:07.0718 2516 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys

2011/03/27 00:26:07.0796 2516 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/03/27 00:26:07.0875 2516 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/03/27 00:26:08.0343 2516 ati2mtag (c2b6f2161abd498d2b453050ffc81812) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/03/27 00:26:08.0765 2516 AtiHDAudioService (b2a236dc65e90170a369164384efb460) C:\WINDOWS\system32\drivers\AtihdXP3.sys

2011/03/27 00:26:08.0859 2516 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/03/27 00:26:08.0937 2516 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/03/27 00:26:09.0062 2516 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/03/27 00:26:09.0156 2516 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/03/27 00:26:09.0281 2516 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/03/27 00:26:09.0359 2516 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/03/27 00:26:09.0437 2516 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/03/27 00:26:09.0843 2516 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/03/27 00:26:09.0984 2516 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys

2011/03/27 00:26:10.0156 2516 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys

2011/03/27 00:26:10.0234 2516 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/03/27 00:26:10.0328 2516 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/03/27 00:26:10.0500 2516 driverhardwarev2 (a694d8db6d360a3bbb0bd1517f1c1aee) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys

2011/03/27 00:26:10.0593 2516 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/03/27 00:26:10.0718 2516 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/03/27 00:26:10.0828 2516 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/03/27 00:26:10.0921 2516 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys

2011/03/27 00:26:10.0984 2516 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys

2011/03/27 00:26:11.0093 2516 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/03/27 00:26:11.0171 2516 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/03/27 00:26:11.0265 2516 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/03/27 00:26:11.0343 2516 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/03/27 00:26:11.0437 2516 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys

2011/03/27 00:26:11.0562 2516 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/03/27 00:26:11.0640 2516 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/03/27 00:26:11.0843 2516 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/03/27 00:26:12.0078 2516 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/03/27 00:26:12.0218 2516 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/03/27 00:26:12.0453 2516 IntcAzAudAddService (8fdeb52de660e17baaa41e974974c444) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/03/27 00:26:12.0671 2516 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/03/27 00:26:12.0750 2516 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/03/27 00:26:12.0812 2516 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/03/27 00:26:12.0906 2516 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/03/27 00:26:12.0984 2516 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/03/27 00:26:13.0062 2516 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/03/27 00:26:13.0156 2516 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/03/27 00:26:13.0250 2516 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/03/27 00:26:13.0343 2516 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/03/27 00:26:13.0421 2516 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/03/27 00:26:13.0531 2516 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys

2011/03/27 00:26:13.0609 2516 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys

2011/03/27 00:26:13.0734 2516 M2500 (a084c8846531bc12f6d44843c6fb48d8) C:\WINDOWS\system32\DRIVERS\M2500.sys

2011/03/27 00:26:13.0843 2516 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/03/27 00:26:13.0937 2516 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys

2011/03/27 00:26:14.0031 2516 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/03/27 00:26:14.0093 2516 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/03/27 00:26:14.0250 2516 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/03/27 00:26:14.0343 2516 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/03/27 00:26:14.0468 2516 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/03/27 00:26:14.0578 2516 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/03/27 00:26:14.0656 2516 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/03/27 00:26:14.0734 2516 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/03/27 00:26:14.0812 2516 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/03/27 00:26:14.0890 2516 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

2011/03/27 00:26:14.0968 2516 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/03/27 00:26:15.0062 2516 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/03/27 00:26:15.0171 2516 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/03/27 00:26:15.0250 2516 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/03/27 00:26:15.0328 2516 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/03/27 00:26:15.0437 2516 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/03/27 00:26:15.0515 2516 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/03/27 00:26:15.0609 2516 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/03/27 00:26:15.0734 2516 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/03/27 00:26:15.0859 2516 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/03/27 00:26:15.0953 2516 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/03/27 00:26:16.0031 2516 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/03/27 00:26:16.0093 2516 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/03/27 00:26:16.0203 2516 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/03/27 00:26:16.0296 2516 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/03/27 00:26:16.0375 2516 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/03/27 00:26:16.0453 2516 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys

2011/03/27 00:26:16.0515 2516 PCANDIS5 (ceef86cb35abe95c40a88784f5b631ad) C:\WINDOWS\system32\PCANDIS5.SYS

2011/03/27 00:26:16.0609 2516 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/03/27 00:26:16.0750 2516 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/03/27 00:26:16.0859 2516 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/03/27 00:26:17.0234 2516 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/03/27 00:26:17.0390 2516 PQNTDrv (87d211ba1e9759e26b6296e625a31ce8) C:\WINDOWS\system32\drivers\PQNTDrv.sys

2011/03/27 00:26:17.0531 2516 Processor (e19c9632ac828f6f214391e2bdda11cb) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/03/27 00:26:17.0640 2516 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/03/27 00:26:17.0718 2516 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/03/27 00:26:18.0078 2516 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/03/27 00:26:18.0187 2516 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/03/27 00:26:18.0296 2516 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/03/27 00:26:18.0359 2516 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/03/27 00:26:18.0468 2516 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/03/27 00:26:18.0546 2516 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/03/27 00:26:18.0640 2516 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/03/27 00:26:18.0750 2516 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/03/27 00:26:18.0859 2516 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/03/27 00:26:18.0937 2516 RkPavproc1 (53f647be062c55e3a18c68608ffd105b) C:\WINDOWS\system32\drivers\RkPavproc1.sys

2011/03/27 00:26:19.0031 2516 RT2500 (5c2552357bf48f223f637374b098b45b) C:\WINDOWS\system32\DRIVERS\RT2500.sys

2011/03/27 00:26:19.0140 2516 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/03/27 00:26:19.0250 2516 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/03/27 00:26:19.0343 2516 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/03/27 00:26:19.0437 2516 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/03/27 00:26:19.0640 2516 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/03/27 00:26:19.0734 2516 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys

2011/03/27 00:26:19.0750 2516 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9

2011/03/27 00:26:19.0750 2516 sptd - detected Locked file (1)

2011/03/27 00:26:19.0843 2516 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/03/27 00:26:19.0937 2516 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/03/27 00:26:20.0046 2516 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/03/27 00:26:20.0140 2516 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/03/27 00:26:20.0437 2516 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/03/27 00:26:20.0531 2516 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/03/27 00:26:20.0640 2516 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/03/27 00:26:20.0718 2516 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/03/27 00:26:20.0812 2516 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/03/27 00:26:20.0953 2516 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/03/27 00:26:21.0109 2516 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/03/27 00:26:21.0218 2516 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/03/27 00:26:21.0312 2516 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/03/27 00:26:21.0406 2516 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/03/27 00:26:21.0484 2516 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/03/27 00:26:21.0546 2516 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/03/27 00:26:21.0625 2516 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/03/27 00:26:21.0718 2516 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/03/27 00:26:21.0812 2516 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/03/27 00:26:21.0906 2516 videX32 (c147afa614b9925479d47cd173329789) C:\WINDOWS\system32\DRIVERS\videX32.sys

2011/03/27 00:26:22.0000 2516 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/03/27 00:26:22.0078 2516 vulfnths (c0f55cc0903cfdc819f6d857402b697c) C:\WINDOWS\System32\Drivers\vulfnth.sys

2011/03/27 00:26:22.0156 2516 vulfntrs (545d98a7f61af1c7c4ad38b8f333e0b7) C:\WINDOWS\System32\Drivers\vulfntr.sys

2011/03/27 00:26:22.0250 2516 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/03/27 00:26:22.0421 2516 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/03/27 00:26:22.0593 2516 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/03/27 00:26:22.0687 2516 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/03/27 00:26:22.0812 2516 xfilt (c7f0d7aa3a3c2df333afdd593106f39f) C:\WINDOWS\system32\DRIVERS\xfilt.sys

2011/03/27 00:26:22.0890 2516 \HardDisk1 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/03/27 00:26:22.0968 2516 ================================================================================

2011/03/27 00:26:22.0968 2516 Scan finished

2011/03/27 00:26:22.0968 2516 ================================================================================

2011/03/27 00:26:22.0984 0948 Detected object count: 2

2011/03/27 00:27:04.0218 0948 Locked file(sptd) - User select action: Skip

2011/03/27 00:27:04.0281 0948 \HardDisk1 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/03/27 00:27:04.0281 0948 \HardDisk1 - ok

2011/03/27 00:27:04.0281 0948 Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Cure

Apollo · le 27 mars 2011

Bonjour,

1) Télécharger ATF Cleaner par Atribune.

Installe-le sur le bureau. (A conserver car très utile après chaque séance de surf)

Double-clique ATF-Cleaner.exe afin de lancer le programme.
--> Sous Vista/Seven: Clic droit/exécuter en temps qu'administrateur.

Sous l'onglet Main, choisis : Select All
Cliquer sur le bouton Empty Selected

Si tu utilises le navigateur Firefox :

Clique Firefox au haut et choisis : Select All
Cliquer le bouton Empty Selected
NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

Clique Opera au haut et choisis : Select All
Cliquer le bouton Empty Selected
NOTE : Si tu veux conserver tes mots de passe sauvegardés, cliquer No à l'invite.

Clique Exit, du menu principal, afin de fermer le programme.

Pour obtenir du Support technique, double-clique l'adresse électronique située au bas de chacun des menus.

-------------------------------------------

2) Télécharge Malwarebytes' Anti-Malware (MBAM)

Ou ici: Télécharger Malwarebytes' Anti-Malware sur 01net Telecharger.com

Si MBAM est déjà installé, aller directement à la mise à jour puis à l'analyse.

Ce logiciel est à garder.

Uniquement en cas de problème de mise à jour:

Télécharger mises à jour MBAM

Exécute le fichier après l'installation de MBAM

Connecter les supports amovibles (clés usb etc.) avant de lancer l'analyse.

Double clique sur le fichier téléchargé pour lancer le processus d'installation.
Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
Sélectionne "Exécuter un examen complet"
Clique sur "Rechercher"
L'analyse démarre, le scan est relativement long, c'est normal.
A la fin de l'analyse, un message s'affiche :
L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

Si MBAM demande à redémarrer le pc, fais-le.

!!! Ne pas vider la quarantaine sans avis !!! (en cas de faux-positifs toujours possibles.)

Malwarebytes' Anti-Malware Support - Malwarebytes Forum

+++

trabec54 · le 27 mars 2011

ci-dessous le rapport de MBAM.

Merci

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Version de la base de données: 6182

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

27/03/2011 13:08:17

mbam-log-2011-03-27 (13-08-17).txt

Type d'examen: Examen complet (C:\|D:\|E:\|F:\|H:\|J:\|K:\|)

Elément(s) analysé(s): 286330

Temps écoulé: 1 heure(s), 14 minute(s), 5 seconde(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 1

Processus mémoire infecté(s):