Aide pour COMBOFIX ! infection !!

[Pascalem]

Bonjour à tous,

 

Mon antivirus détecte sans cesse (et bloque) des tentatives de connexions vers des pages web suspectes : "rollagarr0s.com" ou "fr0dsafetycheck0n.com",

et j'ai l'écran bleu à chaque fermeture de windows 7 qui redémarre alors automatiquement.

J'ai tout scanné avec mon antivirus ( ESET à jour) ainsi qu'avec MALWAREBYTES'. Rien trouvé.

Testé aussi avec: Ad-R, TDSSkiller.

J'ai fait une restauration système, et j'ai même remis une ancienne image propre (ghost) de mon lecteur C ; rien n'y fait ; il doit y avoir un fichier malicieux caché quelque part.

 

J'aurais voulu essayer avec COMBOFIX; quelqu'un peut-il m'y aider ?

[pear]

Bonjour,

 

Lancez cet outil de diagnostic:

Téléchargez ZhpDiag de Coolman

Décompresser le fichier ZHPDiag.fix sur le bureau

puis double-cliquer sur le fichier ZHPDiag.exe pour installer l'outil

Sur le bureau ,il y aura 3 icônes

 

Sous XP, double clic sur ZhpDiag

Sous Vista/7, faire un clic droit et Exécuter en tant qu'administrateur

Clic sur la Loupe pour lancer le scan

En cas de blocage sur O80, cliquez sur le tournevis pour le décocher

Postez en le rapport ZhpDiag.txt qui apparait sur le bureau

Comment poster les rapports

Vous copiez/collez tout ou partie des rapports dans un ou plusieurs messages.

Autre solution:

Aller sur le site :Ci-Joint

Appuyez sur Parcourir et chercher les rapports sur le disque,

Ensuite appuyez sur Créer le lien CJoint,

>> dans la page suivante --> ,,

une adresse http//.. sera créée

Copier /coller cette adresse dans votre prochain message.

 

[Pascalem]

Merci pear pour ton aide,

voici le rapport :

 

Rapport de ZHPDiag v1.27.1903 par Nicolas Coolman, Update du 17/04/2011

Run by P. LEMAIGRE at 21/04/2011 18:14:44

Web site : ZHPDiag Outil de diagnostic

 

 

---\\ Web Browser

MSIE: Internet Explorer v9.0.8112.16421

MFIE: Mozilla Firefox 4.0 v4.0 (Defaut)

 

---\\ System Information

Windows 7 Business Edition, 32-bit (Build 7600)

Processor: x86 Family 6 Model 30 Stepping 5, GenuineIntel

Operating System: 32 Bits

Boot mode: Normal (Normal boot)

Total RAM: 2014 MB (59% free)

System Restore: Activé (Enable)

System drive C: has 43 GB (55%) free of 78 GB

 

---\\ Logged in mode

Computer Name: PC_FELUY

User Name: P. LEMAIGRE

All Users Names: P. LEMAIGRE, OUSSAMA, Administrateur,

Unselected Option: O45,O61,O62,O65,O66,O82

Logged in as Administrator

 

---\\ Environnement Variables

%AppData%=C:\Users\P. LEMAIGRE\AppData\Roaming

%LocalAppData%=C:\Users\P. LEMAIGRE\AppData\Local

%StartMenu%=C:\Users\P. LEMAIGRE\AppData\Roaming\Microsoft\Windows\Start Menu

 

---\\ DOS/Devices

C:\ Hard drive, Flash drive, Thumb drive (Free 43 Go of 78 Go)

D:\ Hard drive, Flash drive, Thumb drive (Free 206 Go of 388 Go)

E:\ CD-ROM drive (Not Inserted)

G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

K:\ Hard drive, Flash drive, Thumb drive (Free 125 Go of 298 Go)

 

 

 

---\\ Security Center & Tools Informations

[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: Modified

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK

 

 

 

---\\ Recherche particulière de fichiers génériques

[MD5.15BC38A7492BEFE831966ADB477CF76F] - (.Microsoft Corporation - Explorateur Windows.) (.14/07/2009 02:14:20.) -- C:\Windows\Explorer.exe [2613248]

[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 02:14:45.) -- C:\Windows\system32\Wininit.exe [96256]

[MD5.A1236375B74EA63C75657D564890C436] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.17/03/2011 16:33:58.) -- C:\Windows\system32\wininet.dll [1126912]

[MD5.8EC6A4AB12B8F3759E21F8E3A388F2CF] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.14/07/2009 02:14:45.) -- C:\Windows\system32\Winlogon.exe [285696]

[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 02:26:15.) -- C:\Windows\system32\drivers\atapi.sys [21584]

[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.14/07/2009 02:20:44.) -- C:\Windows\system32\drivers\ntfs.sys [1210432]

 

 

 

---\\ Processus lancés

[MD5.B8494201B216C87A4A0303951FA864C5] - (...) -- C:\Windows\system32\FolderCastleAgent.exe [581120]

[MD5.56B4E7BC40BCAF9C4F410E06BE437662] - (.THOMSON Telecom Belgium - SpeedTouch 330 diagnostics.) -- C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe [557149]

[MD5.03B1DC67F343BF2AF8CFEC3DCA09C943] - (.ESET - ESET GUI.) -- C:\Program Files\ESET Smart Security\egui.exe [2029640]

[MD5.7AAF26E5CEC48A364FAB61A3505668FB] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [924632]

[MD5.356A22A5871AC798035E4082C0508F76] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [16856]

[MD5.D6D0AD94EFC131772C3265F242D78FCB] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [644096]

 

 

 

---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)

M3 - MFPP: Plugins - [P. LEMAIGRE] -- C:\Users\P. LEMAIGRE\AppData\Roaming\Mozilla\Firefox\Profiles\5kumbkti.default\searchplugins\bing.xml

M3 - MFPP: Plugins - [P. LEMAIGRE] -- C:\Users\P. LEMAIGRE\AppData\Roaming\Mozilla\Firefox\Profiles\5kumbkti.default\searchplugins\ddlsearch-rapidshare-megaupload.xml

M3 - MFPP: Plugins - [P. LEMAIGRE] -- C:\Users\P. LEMAIGRE\AppData\Roaming\Mozilla\Firefox\Profiles\5kumbkti.default\searchplugins\movizdbcom.xml

M3 - MFPP: Plugins - [P. LEMAIGRE] -- C:\Users\P. LEMAIGRE\AppData\Roaming\Mozilla\Firefox\Profiles\5kumbkti.default\searchplugins\telechargercom.xml

M3 - MFPP: Plugins - [P. LEMAIGRE] -- C:\Users\P. LEMAIGRE\AppData\Roaming\Mozilla\Firefox\Profiles\5kumbkti.default\searchplugins\youtube.xml

M3 - MFPP: Plugins - [P. LEMAIGRE] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml

M3 - MFPP: Plugins - [P. LEMAIGRE] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml

M3 - MFPP: Plugins - [P. LEMAIGRE] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml

M3 - MFPP: Plugins - [P. LEMAIGRE] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml

M3 - MFPP: Plugins - [P. LEMAIGRE] -- C:\Program Files\Mozilla FireFox\searchplugins\fcmdSrchddr.xml

M3 - MFPP: Plugins - [P. LEMAIGRE] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml

M3 - MFPP: Plugins - [P. LEMAIGRE] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml

M3 - MFPP: Plugins - [P. LEMAIGRE] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml

P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll

P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - Office Plugin for Netscape Navigator.) -- C:\Program Files\Mozilla Firefox\Plugins\NPOFFICE.DLL

P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.0.0.) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin2.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin3.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin4.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin5.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin6.dll

P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\Macromed\Flash\NPSWF32.dll

P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.5.9.615.) -- C:\Windows\system32\Adobe\Director\np32dsw.dll

P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) -- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_22 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

P2 - FPN: [HKLM] [@ma-config.com/HardwareDetection] - (.Cybelsoft - Plugin NPAPI Ma-Config.com.) -- C:\Program Files\ma-config.com\nphardwaredetection.dll

P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=8] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (.not file.)

P2 - FPN: [HKLM] [@veetle.com/veetleCorePlugin,version=0.9.18] - (.Veetle Inc - Version 0.9.18, Copyright 2006-2009 Veetle Inc<br><a href="http://www..'>http://www..) -- C:\Program Files\Veetle\plugins\npVeetle.dll

P2 - FPN: [HKLM] [@veetle.com/veetlePlayerPlugin,version=0.9.18] - (.Veetle Inc - Version 0.9.18, copyright 2006-2010 Veetle Inc<br><a href="http://www..) -- C:\Program Files\Veetle\Player\npvlc.dll

M0 - MFSP: prefs.js [P. LEMAIGRE - 5kumbkti.default] iGoogle

M0 - MFSP: prefs.js [P. LEMAIGRE - njbrleoy.default] iGoogle

M0 - MFSP: prefs.js [P. LEMAIGRE - nocx86ko.default] iGoogle

M2 - MFEP: prefs.js [P. LEMAIGRE - 5kumbkti.default\aging-tabs@design-noir.de] [] Aging Tabs v0.7.1 (.Dão Gottwald.)

M2 - MFEP: prefs.js [P. LEMAIGRE - 5kumbkti.default\fastdial@telega.phpnet.us] [fastdial] Fast Dial v3.4 (.telega.)

M2 - MFEP: prefs.js [P. LEMAIGRE - 5kumbkti.default\lcdclock_bloodeye@gmail.com] [] LCD Clock v0.4.2 (.Bloodeye.)

M2 - MFEP: prefs.js [P. LEMAIGRE - 5kumbkti.default\personas@christopher(2).beard] [personas] Personas v1.2.4 (.Chris Beard.)

M2 - MFEP: prefs.js [P. LEMAIGRE - 5kumbkti.default\zoomit@disruptive-innovations.com] [] Glazoom (formerly known as Zoom It!) v1.2.4 (.Disruptive Innovations SARL.)

M2 - MFEP: prefs.js [P. LEMAIGRE - 5kumbkti.default\{446c03e0-2c35-11db-a98b-0800200c9a66}] [] Favicon Picker 2 v0.6.1.14 (.Torisugari.)

M2 - MFEP: prefs.js [P. LEMAIGRE - 5kumbkti.default\{446c03e0-2c35-11db-a98b-0800200c9a66}(2)] [] Favicon Picker 2 v0.4.2.0 (.Torisugari.)

 

 

 

---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R0 - HKUS\S-1-5-21-3813675725-1958923974-2502501252-1000\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Microsoft Corporation

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Microsoft Corporation

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Microsoft Corporation

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Search Microsoft.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Microsoft Corporation

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\System32\ieframe.dll

R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0

 

 

 

---\\ Internet Explorer, Proxy Management (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.skynet.be:8080

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

 

 

 

---\\ ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: VMApplet=C:\WINDOWS\system32\SystemPropertiesPerformance.exe

 

 

 

---\\ Browser Helper Objects de navigateur (O2)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Clé orpheline

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll

 

 

 

---\\ Internet Explorer Toolbars (O3)

O3 - Toolbar: Folder Castle - {783840E6-0A18-4087-9EC7-A1CC131DF0D4} . (.Pas de propriétaire - Pas de description.) -- C:\fcToolBar.dll

 

 

 

---\\ ---\\ Applications démarrées par registre & par dossier (O4)

O4 - HKLM\..\Run: [diagnostics] Clé orpheline

O4 - HKLM\..\Run: [egui] . (.ESET - ESET GUI.) -- C:\Program Files\ESET Smart Security\egui.exe

O4 - HKCU\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-21-3813675725-1958923974-2502501252-1000\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe

 

 

 

---\\ ---\\ Autres liens utilisateurs (O4)

O4 - Global Startup: C:\Users\P. LEMAIGRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer 9.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\P. LEMAIGRE\Desktop\AD-R.lnk . (...) -- C:\Program Files\Ad-Remover\main.exe

O4 - Global Startup: C:\Users\P. LEMAIGRE\Desktop\Glary Utilities.lnk . (.Glarysoft Ltd.) -- C:\Program Files\Glary Utilities\Integrator.exe

O4 - Global Startup: C:\Users\P. LEMAIGRE\Desktop\Mes Documents.lnk . (...) -- D:\Mes Documents

O4 - Global Startup: C:\Users\P. LEMAIGRE\Desktop\My ISP connexion.lnk - Clé orpheline

O4 - Global Startup: C:\Users\P. LEMAIGRE\Desktop\Screamer Radio.lnk . (.Steamcore.se.) -- C:\Program Files\Screamer Radio\screamer.exe

O4 - Global Startup: C:\Users\P. LEMAIGRE\Desktop\SmsDiscount.lnk . (.SmsDiscount.) -- C:\Program Files\SmsDiscount\SmsDiscount.exe

O4 - Global Startup: C:\Users\P. LEMAIGRE\Desktop\Windows Live Messenger .lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

O4 - Global Startup: C:\Users\P. LEMAIGRE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\P. LEMAIGRE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe

 

 

 

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)

O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.exe

 

 

 

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\PROGRA~1\MICROS~4\OFFICE11\REFBARH.ICO

 

 

 

---\\ Winsock hijacker (Layered Service Provider) (O10)

O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll

O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll

O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll

O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d’affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll

O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll

O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll

 

 

 

---\\ Objets ActiveX (Downloaded Program Files)(O16)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} () - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

 

 

 

---\\ Modification Domaine/Adresses DNS (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{D69D37CF-3819-4AAC-B1C2-033A0D2E0B50}: NameServer = 195.238.2.21 195.238.2.22

O17 - HKLM\System\CS1\Services\Tcpip\..\{D69D37CF-3819-4AAC-B1C2-033A0D2E0B50}: NameServer = 195.238.2.21 195.238.2.22

O17 - HKLM\System\CS2\Services\Tcpip\..\{D69D37CF-3819-4AAC-B1C2-033A0D2E0B50}: NameServer = 195.238.2.21 195.238.2.22

 

 

 

---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

 

 

 

---\\ Liste des services NT non Microsoft et non désactivés (O23)

O23 - Service: C:\Windows\system32\Alg.exe (AMD External Events Utility) . (.AMD - AMD External Events Service Module.) - C:\Windows\system32\atiesrxx.exe

O23 - Service: (EhttpSrv) . (.ESET - ESET HTTP Server Service.) - C:\Program Files\ESET Smart Security\EHttpSrv.exe

O23 - Service: (ekrn) . (.ESET - ESET Service.) - C:\Program Files\ESET Smart Security\ekrn.exe

O23 - Service: (gupdate) - Clé orpheline

O23 - Service: (IDriverT) . (.Macrovision Corporation - IDriverT Module.) - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: (LMS) . (.Intel Corporation - Local Manageability Service.) - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: (maconfservice) . (.CybelSoft - Service de détection matériel.) - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: (McComponentHostService) . (.McAfee, Inc. - Component Host Service.) - C:\Program Files\McAfee Security Scan\3.0.199\McCHSvc.exe

O23 - Service: Nero BackItUp Scheduler 4.0 (Nero BackItUp Scheduler 4.0) . (.Nero AG - Nero BackItUp.) - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: (Norton Ghost) . (.Symantec Corporation - Service Module.) - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: (ServiceLayer) . (.Nokia - ServiceLayer Module.) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: (st330service) . (.THOMSON Telecom Belgium - SpeedTouch Host Service.) - C:\Program Files\Thomson\ST330\service\st330service.exe

O23 - Service: (TomTomHOMEService) . (.TomTom - Windows Service for TomTom HOME.) - C:\Program Files\TomTom HOME\TomTomHOMEService.exe

O23 - Service: (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: C:\Windows\system32\Wat\WatUX.exe (WatAdminSvc) . (...) - C:\Windows\system32\Wat\WatAdminSvc.exe

 

 

 

---\\ Enumération Active Desktop & MHTML Editor (O24)

O24 - Default MHTML Editor: Last - .(...) - (.not file.)

 

 

 

---\\ Tâches planifiées en automatique (O39)

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Folder Castle Agent.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GlaryInitialize.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

[MD5.B8494201B216C87A4A0303951FA864C5] [APT] [Folder Castle Agent] (.Pas de propriétaire.) -- C:\Windows\system32\FolderCastleAgent.exe

[MD5.923E02CA12F54B2F086DDB9C683E46E5] [APT] [GlaryInitialize] (.Glarysoft Ltd.) -- C:\Program Files\Glary Utilities\initialize.exe

[MD5.00000000000000000000000000000000] [APT] [GoogleUpdateTaskMachineCore] (.Pas de propriétaire.) -- C:\Program Files\Google\Update\GoogleUpdate.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [GoogleUpdateTaskMachineUA] (.Pas de propriétaire.) -- C:\Program Files\Google\Update\GoogleUpdate.exe (.not file.)

[MD5.346376C397D9687F1995F33AEAB5A8BC] [APT] [{28648F9C-9FB9-49D6-985C-81CF2452BCEF}] (.Pas de propriétaire.) -- K:\Mes Documents\Programmes\Folder Castle 1.2 with serial\FolderCastle.exe

[MD5.00000000000000000000000000000000] [APT] [{4EF18D59-E094-4D43-A8FF-A20AF0A38D21}] (.Pas de propriétaire.) -- C:\Program Files\Philips Display\SmartControl\dthtml.exe (.not file.)

 

 

 

---\\ Pilotes lancés au démarrage (O41)

O41 - Driver: (30976231) . (. - .) - C:\Windows\System32\DRIVERS\30976231.sys (.not file.)

O41 - Driver: (30976232) . (. - .) - C:\Windows\System32\DRIVERS\30976232.sys (.not file.)

O41 - Driver: C:\Windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys

O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys

O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys

O41 - Driver: C:\Windows\system32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\System32\drivers\csc.sys

O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys

O41 - Driver: C:\Windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys

O41 - Driver: (ehdrv) . (.ESET - ESET Helper driver.) - C:\Windows\System32\DRIVERS\ehdrv.sys

O41 - Driver: (EIO) . (. - .) - C:\Windows\System32\DRIVERS\EIO.sys (.not file.)

O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\System32\DRIVERS\mssmbios.sys

O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys

O41 - Driver: C:\Windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys

O41 - Driver: C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys

O41 - Driver: C:\Windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys

O41 - Driver: C:\Windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\System32\DRIVERS\rdbss.sys

O41 - Driver: C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys

O41 - Driver: C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys

O41 - Driver: C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys

O41 - Driver: (SASDIFSV) . (.SUPERAdBlocker.com and SUPERAntiSpyware.com - SASDIFSV.SYS.) - C:\Program Files\SUPERAntiSpyware\SASDIFSV.sys

O41 - Driver: (SASKUTIL) . (.SUPERAdBlocker.com and SUPERAntiSpyware.com - SASKUTIL.SYS.) - C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

O41 - Driver: (Serial) . (.Microsoft Corporation - Pilote de périphérique série.) - C:\Windows\System32\DRIVERS\serial.sys

O41 - Driver: setup_9.0.0.722_21.04.2011_14-54drv (setup_9.0.0.722_21.04.2011_14-54drv) . (. - .) - C:\Windows\System32\DRIVERS\3097623.sys (.not file.)

O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys

O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys

O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys

O41 - Driver: C:\Windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys

O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys

 

 

 

---\\ Logiciels installés (O42)

O42 - Logiciel: ATI Catalyst Install Manager - (.ATI Technologies, Inc..) [HKLM] -- {5968F27A-66E6-171E-5311-0A74D74AAD9B}

O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX

O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin

O42 - Logiciel: Adobe Reader X - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-AA0000000001}

O42 - Logiciel: Adobe Shockwave Player 11.5 - (.Adobe Systems, Inc..) [HKLM] -- Adobe Shockwave Player

O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] -- {DCE8CD14-FBF5-4464-B9A4-E18E473546C7}

O42 - Logiciel: BCWipe 3.0 - (.Pas de propriétaire.) [HKLM] -- BCWipe

O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner

O42 - Logiciel: CPUID CPU-Z 1.56 - (.Pas de propriétaire.) [HKLM] -- CPUID CPU-Z_is1

O42 - Logiciel: Canon MP Navigator EX 3.1 - (.Pas de propriétaire.) [HKLM] -- MP Navigator EX 3.1

O42 - Logiciel: Canon MX350 series MP Drivers - (.Pas de propriétaire.) [HKLM] -- {1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX350_series

O42 - Logiciel: Canon Utilities My Printer - (.Pas de propriétaire.) [HKLM] -- CanonMyPrinter

O42 - Logiciel: DirectVobSub (remove only) - (.Pas de propriétaire.) [HKLM] -- DirectVobSub

O42 - Logiciel: Folder Castle 1.2 - (.Pas de propriétaire.) [HKLM] -- FC_is1

O42 - Logiciel: GIMP 2.6.11 - (.The GIMP Team.) [HKLM] -- WinGimp-2.0_is1

O42 - Logiciel: Glary Utilities 2.33.0.1158 - (.Glarysoft Ltd.) [HKLM] -- Glary Utilities_is1

O42 - Logiciel: Google Earth - (.Google.) [HKLM] -- {C768790F-04FB-11E0-9B2C-001AA037B01E}

O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3

O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {133742BA-6F46-4D3E-85AF-78631D9AD8B8}

O42 - Logiciel: Intel® Management Engine Components - (.Intel Corporation.) [HKLM] -- {65153EA5-8B6E-43B6-857B-C6E4FC25798A}

O42 - Logiciel: Java 6 Update 22 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216022FF}

O42 - Logiciel: KeePass Password Safe 2.14 - (.Dominik Reichl.) [HKLM] -- KeePassPasswordSafe2_is1

O42 - Logiciel: Logiciel d'archivage WinRAR - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver

O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

O42 - Logiciel: Ma-Config.com - (.Cybelsoft.) [HKLM] -- {0810B8B7-7539-41D3-983E-6127FCF1CC9E}

O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1

O42 - Logiciel: McAfee Security Scan Plus - (.McAfee, Inc..) [HKLM] -- McAfee Security Scan

O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile

O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}

O42 - Logiciel: Microsoft .NET Framework 4 Client Profile FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}

O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

O42 - Logiciel: Microsoft Corporation - (.Microsoft Corporation.) [HKLM] -- {B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}

O42 - Logiciel: Microsoft LifeCam - (.Microsoft Corporation.) [HKLM] -- {5FC7AB5C-61FC-42DF-A923-5139BCF10D42}

O42 - Logiciel: Microsoft Office FrontPage 2003 - (.Microsoft Corporation.) [HKLM] -- {9017040C-6000-11D3-8CFE-0150048383C9}

O42 - Logiciel: Microsoft Office Professional Edition 2003 - (.Microsoft Corporation.) [HKLM] -- {9011040C-6000-11D3-8CFE-0150048383C9}

O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {7299052b-02a4-4627-81f2-1818da5d550d}

O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {837b34e3-7c30-493c-8f6a-2b0f04e2912c}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

O42 - Logiciel: Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 - (.Microsoft Corporation.) [HKLM] -- {196BB40D-1578-3D01-B289-BEFC77A11A1E}

O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack

O42 - Logiciel: Mozilla Firefox 4.0 (x86 fr) - (.Mozilla.) [HKLM] -- Mozilla Firefox 4.0 (x86 fr)

O42 - Logiciel: Mozilla Thunderbird (3.1.9) - (.Mozilla.) [HKLM] -- Mozilla Thunderbird (3.1.9)

O42 - Logiciel: MyDefrag v4.3.1 - (.J.C. Kessels.) [HKLM] -- MyDefrag v4.3.1_is1

O42 - Logiciel: MyTomTom 3.0.2.267 - (.TomTom.) [HKLM] -- MyTomTom

O42 - Logiciel: Nero 9 - (.Nero AG.) [HKLM] -- {14b8866d-381d-443e-b939-7e59591aaaf6}

O42 - Logiciel: Nokia Connectivity Cable Driver - (.Nokia.) [HKLM] -- {F1FDAA01-988C-423F-AC12-0D8F333943FD}

O42 - Logiciel: Nokia Software Updater - (.Nokia Corporation.) [HKLM] -- {4D568C38-0552-4CDD-A643-01FAFA2957EF}

O42 - Logiciel: Norton Ghost - (.Symantec Corporation.) [HKLM] -- {B0255743-165B-4BD5-8DA8-37DFB9930012}

O42 - Logiciel: PC Connectivity Solution - (.Nokia.) [HKLM] -- {A5A70E61-FEAB-4CEC-977C-BE0EF8DC05AB}

O42 - Logiciel: QT Lite 4.0.0 - (.Pas de propriétaire.) [HKLM] -- quicktime_lite_is1

O42 - Logiciel: SUPERAntiSpyware - (.SUPERAntiSpyware.com.) [HKLM] -- {CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}

O42 - Logiciel: SereneScreen Aquarium - (.Prolific Publishing, Inc..) [HKLM] -- SereneScreen Aquarium_is1

O42 - Logiciel: Skype™ 5.0 - (.Skype Technologies S.A..) [HKLM] -- {E633D396-5188-4E9D-8F6B-BFB8BF3467E8}

O42 - Logiciel: SmsDiscount - (.Finarea S.A. Switzerland.) [HKLM] -- SmsDiscount_is1

O42 - Logiciel: SopCast 3.3.2 - (.www.sopcast.com.) [HKLM] -- SopCast

O42 - Logiciel: SpeedTouch 330 - (.Pas de propriétaire.) [HKLM] -- SpeedTouch 330

O42 - Logiciel: TomTom HOME 2.8.1.2218 - (.TomTom.) [HKLM] -- TomTom HOME

O42 - Logiciel: VLC media player 1.1.5 - (.VideoLAN.) [HKLM] -- VLC media player

O42 - Logiciel: Veetle TV 0.9.18 - (.Veetle, Inc.) [HKLM] -- Veetle TV

O42 - Logiciel: VirtualDub 1.9.6 Fr - (.Trad-Fr.) [HKLM] -- {1FF7993C-23B1-4C91-B1F6-09D13C57A06A}_is1

O42 - Logiciel: VirtualDub Plugin Pack 1.0.0.6 Fr - (.Trad-Fr.) [HKLM] -- {D6E6B04E-0498-4794-B272-2EDE12E02837}_is1

O42 - Logiciel: Visual Studio C++ 9.0 Runtime - (.TomTom International B.V..) [HKLM] -- {08C7A49D-2B12-46F6-8B41-26D3B0D1C01F}

O42 - Logiciel: VobSub v2.23 (Remove Only) - (.Pas de propriétaire.) [HKLM] -- VobSub

O42 - Logiciel: WhiteCap - (.SoundSpectrum.) [HKLM] -- WhiteCap

O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {B3B487E7-6171-4376-9074-B28082CEB504}

O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {3175E049-F9A9-4A3D-8F19-AC9FB04514D1}

O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {445B183D-F4F1-45C8-B9DB-F11355CA657B}

O42 - Logiciel: eMule - (.Pas de propriétaire.) [HKLM] -- eMule

O42 - Logiciel: neroxml - (.Nero AG.) [HKLM] -- {56C049BE-79E9-4502-BEA7-9754A3E60F9B}

O42 - Logiciel: µTorrent - (.Pas de propriétaire.) [HKLM] -- uTorrent

 

---\\ HKCU & HKLM Software Keys

[HKCU\Software\AC3filter]

[HKCU\Software\AMD]

[HKCU\Software\ASUS]

[HKCU\Software\ATI]

[HKCU\Software\Ad-Remover]

[HKCU\Software\Adobe]

[HKCU\Software\Antanda]

[HKCU\Software\AppDataLow\IEPro]

[HKCU\Software\AppDataLow\Software\Adobe]

[HKCU\Software\AppDataLow\Software\Microsoft]

[HKCU\Software\AppDataLow\Software]

[HKCU\Software\AppDataLow]

[HKCU\Software\Apple Computer, Inc.]

[HKCU\Software\BitTorrent]

[HKCU\Software\CDDB]

[HKCU\Software\CanonBJ]

[HKCU\Software\Canon]

[HKCU\Software\Classes]

[HKCU\Software\Clients]

[HKCU\Software\CoreVorbis]

[HKCU\Software\CrystalIdea Software]

[HKCU\Software\DivX]

[HKCU\Software\ESET]

[HKCU\Software\FLEXnet]

[HKCU\Software\Foxit Software]

[HKCU\Software\GNU]

[HKCU\Software\Gabest]

[HKCU\Software\GlarySoft]

[HKCU\Software\Google]

[HKCU\Software\Haali]

[HKCU\Software\HookNetwork]

[HKCU\Software\IM Providers]

[HKCU\Software\JavaSoft]

[HKCU\Software\Jetico]

[HKCU\Software\KasperskyLab]

[HKCU\Software\Licenses]

[HKCU\Software\MONOGRAM]

[HKCU\Software\Macromedia]

[HKCU\Software\Macrovision]

[HKCU\Software\Magix]

[HKCU\Software\MagneticSoft]

[HKCU\Software\Malwarebytes' Anti-Malware]

[HKCU\Software\MyDefrag]

[HKCU\Software\Nero]

[HKCU\Software\Netscape]

[HKCU\Software\Nokia]

[HKCU\Software\Nuance]

[HKCU\Software\ODBC]

[HKCU\Software\Piriform]

[HKCU\Software\Policies]

[HKCU\Software\Portrait Displays]

[HKCU\Software\SUPERAntiSpyware.com]

[HKCU\Software\ScanSoft]

[HKCU\Software\Screamer Radio]

[HKCU\Software\SereneScreen]

[HKCU\Software\SkypeApps]

[HKCU\Software\Skype]

[HKCU\Software\SmsDiscount]

[HKCU\Software\Softonic]

[HKCU\Software\TomTom]

[HKCU\Software\VB and VBA Program Settings]

[HKCU\Software\Veetle]

[HKCU\Software\VirtualDub.org]

[HKCU\Software\WinRAR SFX]

[HKCU\Software\WinRAR]

[HKCU\Software\Xara]

[HKCU\Software\YahooPartnerToolbar]

[HKCU\Software\cybelsoft]

[HKCU\Software\eMule]

[HKCU\Software\madFlac]

[HKCU\Software\techPowerUp]

[HKLM\Software\<company>]

[HKLM\Software\AMD]

[HKLM\Software\ATI Technologies]

[HKLM\Software\Adobe]

[HKLM\Software\Ahead]

[HKLM\Software\AppDataLow]

[HKLM\Software\Apple Computer, Inc.]

[HKLM\Software\Apple Inc.]

[HKLM\Software\Canon]

[HKLM\Software\Classes]

[HKLM\Software\Clients]

[HKLM\Software\DirectShowFilters]

[HKLM\Software\ESET]

[HKLM\Software\GNU]

[HKLM\Software\Google]

[HKLM\Software\HaaliMkx]

[HKLM\Software\InstallShield]

[HKLM\Software\Intel]

[HKLM\Software\JavaSoft]

[HKLM\Software\Jetico]

[HKLM\Software\JreMetrics]

[HKLM\Software\Licenses]

[HKLM\Software\MAGIX]

[HKLM\Software\Macromedia]

[HKLM\Software\Malwarebytes' Anti-Malware]

[HKLM\Software\MozillaPlugins]

[HKLM\Software\Mozilla]

[HKLM\Software\Nero]

[HKLM\Software\Nokia Mobile Phones]

[HKLM\Software\Nokia]

[HKLM\Software\ODBC]

[HKLM\Software\OMSI]

[HKLM\Software\PC Connectivity Solution]

[HKLM\Software\PCSuite]

[HKLM\Software\Piriform]

[HKLM\Software\Policies]

[HKLM\Software\QuickTimeLite]

[HKLM\Software\RegisteredApplications]

[HKLM\Software\SUPERAntiSpyware.com]

[HKLM\Software\SereneScreen]

[HKLM\Software\Skype]

[HKLM\Software\Sonic]

[HKLM\Software\SpeedTouch]

[HKLM\Software\Symantec]

[HKLM\Software\The Silicon Realms Toolworks]

[HKLM\Software\Thomson]

[HKLM\Software\TomTom]

[HKLM\Software\Trad-FR]

[HKLM\Software\TrendMicro]

[HKLM\Software\Veetle]

[HKLM\Software\VideoLAN]

[HKLM\Software\Volatile]

[HKLM\Software\WinRAR]

[HKLM\Software\cybelsoft]

[HKLM\Software\mozilla.org]

 

 

 

---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 21/04/2011 - 15:33:32 - [16384] -SH-D- C:\Program Files\%APPDATA%

O43 - CFD: 20/04/2011 - 17:31:44 - [63265941] ----D- C:\Program Files\Ad-Remover

O43 - CFD: 22/01/2011 - 15:07:52 - [113684709] ----D- C:\Program Files\Adobe

O43 - CFD: 22/03/2011 - 19:57:54 - [118100523] ----D- C:\Program Files\ATI

O43 - CFD: 1/12/2010 - 18:00:58 - [81715044] ----D- C:\Program Files\Canon

O43 - CFD: 29/11/2010 - 11:10:40 - [18458274] --H-D- C:\Program Files\CanonBJ

O43 - CFD: 24/02/2011 - 17:08:30 - [3653664] ----D- C:\Program Files\CCleaner

O43 - CFD: 21/04/2011 - 17:22:56 - [584757809] ----D- C:\Program Files\Common Files

O43 - CFD: 28/12/2010 - 13:29:10 - [4593934] ----D- C:\Program Files\CPU-Z

O43 - CFD: 14/07/2009 - 11:01:44 - [83226132] ----D- C:\Program Files\DVD Maker

O43 - CFD: 30/11/2010 - 18:04:20 - [10906334] ----D- C:\Program Files\eMule

O43 - CFD: 21/04/2011 - 15:51:54 - [502938150] ----D- C:\Program Files\ESET

O43 - CFD: 29/11/2010 - 00:40:36 - [61037640] ----D- C:\Program Files\ESET Smart Security

O43 - CFD: 28/11/2010 - 18:19:46 - [0] -SH-D- C:\Program Files\Fichiers communs

O43 - CFD: 19/12/2010 - 16:05:26 - [15183201] ----D- C:\Program Files\Foxit Software

O43 - CFD: 20/02/2011 - 12:58:10 - [113127538] ----D- C:\Program Files\GIMP-2.0

O43 - CFD: 19/03/2011 - 16:45:16 - [19547436] ----D- C:\Program Files\Glary Utilities

O43 - CFD: 26/02/2011 - 15:26:06 - [87214428] ----D- C:\Program Files\Google

O43 - CFD: 28/11/2010 - 23:13:42 - [574466] --H-D- C:\Program Files\InstallShield Installation Information

O43 - CFD: 23/02/2011 - 18:41:52 - [13598430] ----D- C:\Program Files\Intel

O43 - CFD: 17/03/2011 - 17:41:50 - [5172620] ----D- C:\Program Files\Internet Explorer

O43 - CFD: 20/03/2011 - 10:48:30 - [233984] ----D- C:\Program Files\ITknowledge24

O43 - CFD: 27/12/2010 - 13:01:50 - [88449412] ----D- C:\Program Files\Java

O43 - CFD: 30/11/2010 - 18:07:08 - [3960893] ----D- C:\Program Files\Jetico

O43 - CFD: 22/03/2011 - 20:45:36 - [3343399] ----D- C:\Program Files\JkDefrag v4.3.1

O43 - CFD: 6/03/2011 - 15:08:42 - [4503275] ----D- C:\Program Files\KeePass

O43 - CFD: 22/03/2011 - 19:39:16 - [5657562] ----D- C:\Program Files\ma-config.com

O43 - CFD: 16/01/2011 - 11:55:26 - [4922023] ----D- C:\Program Files\Malwarebytes' Anti-Malware

O43 - CFD: 21/04/2011 - 12:38:14 - [10760471] ----D- C:\Program Files\McAfee Security Scan

O43 - CFD: 30/11/2010 - 17:42:42 - [226432] ----D- C:\Program Files\Microsoft

O43 - CFD: 12/12/2010 - 12:39:00 - [147812402] ----D- C:\Program Files\Microsoft Games

O43 - CFD: 29/11/2010 - 11:04:20 - [52656089] ----D- C:\Program Files\Microsoft LifeCam

O43 - CFD: 30/11/2010 - 17:51:50 - [274255863] ----D- C:\Program Files\Microsoft Office

O43 - CFD: 30/11/2010 - 17:52:04 - [200035] ----D- C:\Program Files\Microsoft.NET

O43 - CFD: 21/04/2011 - 13:21:10 - [35855182] ----D- C:\Program Files\Mozilla Firefox

O43 - CFD: 21/04/2011 - 13:21:10 - [36660473] ----D- C:\Program Files\Mozilla Thunderbird

O43 - CFD: 14/07/2009 - 06:52:32 - [25757] ----D- C:\Program Files\MSBuild

O43 - CFD: 16/03/2011 - 18:43:44 - [14068091] ----D- C:\Program Files\MyTomTom 3

O43 - CFD: 10/12/2010 - 17:19:24 - [583114314] ----D- C:\Program Files\Nero

O43 - CFD: 14/12/2010 - 17:24:04 - [5890445] ----D- C:\Program Files\Nokia

O43 - CFD: 7/12/2010 - 19:11:42 - [184270103] ----D- C:\Program Files\Norton Ghost

O43 - CFD: 14/12/2010 - 17:24:16 - [13467734] ----D- C:\Program Files\PC Connectivity Solution

O43 - CFD: 18/03/2011 - 17:02:06 - [64903518] ----D- C:\Program Files\QuickTime Lite

O43 - CFD: 14/07/2009 - 06:52:32 - [38593281] ----D- C:\Program Files\Reference Assemblies

O43 - CFD: 7/12/2010 - 19:06:38 - [5856953] ----D- C:\Program Files\Screamer Radio

O43 - CFD: 24/12/2010 - 18:07:22 - [132734] ----D- C:\Program Files\ScreenAquarium

O43 - CFD: 30/11/2010 - 17:58:22 - [14940124] R---D- C:\Program Files\Skype

O43 - CFD: 9/03/2011 - 18:24:32 - [15387977] ----D- C:\Program Files\SmsDiscount

O43 - CFD: 4/03/2011 - 17:16:58 - [9574928] ----D- C:\Program Files\SopCast

O43 - CFD: 1/12/2010 - 18:33:08 - [14918976] ----D- C:\Program Files\SoundSpectrum

O43 - CFD: 21/04/2011 - 12:57:04 - [55200476] ----D- C:\Program Files\SUPERAntiSpyware

O43 - CFD: 28/11/2010 - 18:59:40 - [30107551] ----D- C:\Program Files\Thomson

O43 - CFD: 8/03/2011 - 19:12:46 - [0] ----D- C:\Program Files\TomTom DesktopSuite

O43 - CFD: 8/03/2011 - 19:15:10 - [50621857] ----D- C:\Program Files\TomTom HOME

O43 - CFD: 20/03/2011 - 18:10:22 - [22486] ----D- C:\Program Files\TomTom International B.V

O43 - CFD: 14/07/2009 - 06:53:24 - [0] --H-D- C:\Program Files\Uninstall Information

O43 - CFD: 30/01/2011 - 14:58:36 - [395640] ----D- C:\Program Files\uTorrent

O43 - CFD: 19/12/2010 - 14:32:06 - [10428379] ----D- C:\Program Files\Veetle

O43 - CFD: 10/12/2010 - 19:24:22 - [80529230] ----D- C:\Program Files\VideoLAN

O43 - CFD: 22/03/2011 - 18:47:08 - [9164908] ----D- C:\Program Files\VirtualDub

O43 - CFD: 21/04/2011 - 17:49:10 - [0] ----D- C:\Program Files\Virus Removal Tool

O43 - CFD: 27/02/2011 - 15:17:22 - [47593972] ----D- C:\Program Files\Win7codecs

O43 - CFD: 14/07/2009 - 10:39:40 - [3049984] ----D- C:\Program Files\Windows Defender

O43 - CFD: 25/12/2010 - 16:47:46 - [7013496] ----D- C:\Program Files\Windows Journal

O43 - CFD: 14/12/2010 - 17:14:56 - [45806173] ----D- C:\Program Files\Windows Live

O43 - CFD: 14/07/2009 - 10:39:40 - [6180864] ----D- C:\Program Files\Windows Mail

O43 - CFD: 14/07/2009 - 10:39:40 - [6910891] ----D- C:\Program Files\Windows Media Player

O43 - CFD: 28/11/2010 - 18:19:46 - [12194484] ----D- C:\Program Files\Windows NT

O43 - CFD: 14/07/2009 - 10:39:40 - [4417800] ----D- C:\Program Files\Windows Photo Viewer

O43 - CFD: 14/07/2009 - 06:52:34 - [189440] ----D- C:\Program Files\Windows Portable Devices

O43 - CFD: 14/07/2009 - 10:39:40 - [26765193] ----D- C:\Program Files\Windows Sidebar

O43 - CFD: 11/03/2011 - 19:36:04 - [3921490] ----D- C:\Program Files\WinRAR

O43 - CFD: 21/04/2011 - 18:15:06 - [3753320] ----D- C:\Program Files\ZHPDiag

O43 - CFD: 22/01/2011 - 15:07:56 - [3515373] ----D- C:\Program Files\Common Files\Adobe

O43 - CFD: 30/11/2010 - 17:47:42 - [86016] ----D- C:\Program Files\Common Files\DESIGNER

O43 - CFD: 1/12/2010 - 18:26:12 - [9736491] ----D- C:\Program Files\Common Files\InstallShield

O43 - CFD: 27/12/2010 - 13:02:08 - [1243079] ----D- C:\Program Files\Common Files\Java

O43 - CFD: 30/11/2010 - 17:52:04 - [157907862] ----D- C:\Program Files\Common Files\microsoft shared

O43 - CFD: 10/12/2010 - 17:22:28 - [204870118] ----D- C:\Program Files\Common Files\Nero

O43 - CFD: 14/12/2010 - 17:23:40 - [44066788] ----D- C:\Program Files\Common Files\Nokia

O43 - CFD: 28/11/2010 - 23:13:42 - [0] ----D- C:\Program Files\Common Files\Portrait Displays

O43 - CFD: 23/02/2011 - 18:40:54 - [419877] ----D- C:\Program Files\Common Files\postureAgent

O43 - CFD: 14/07/2009 - 04:37:06 - [2702] ----D- C:\Program Files\Common Files\Services

O43 - CFD: 14/07/2009 - 04:37:06 - [41103783] ----D- C:\Program Files\Common Files\SpeechEngines

O43 - CFD: 7/12/2010 - 19:11:42 - [9987720] ----D- C:\Program Files\Common Files\Symantec Shared

O43 - CFD: 14/07/2009 - 10:39:40 - [17234563] ----D- C:\Program Files\Common Files\System

O43 - CFD: 28/11/2010 - 21:55:06 - [94176909] ----D- C:\Program Files\Common Files\Windows Live

O43 - CFD: 22/01/2011 - 15:16:46 - [136910585] ----D- C:\ProgramData\Adobe

O43 - CFD: 18/03/2011 - 17:02:06 - [13488] ----D- C:\ProgramData\Apple Computer

O43 - CFD: 14/07/2009 - 06:53:56 - [0] -SH-D- C:\ProgramData\Application Data

O43 - CFD: 28/11/2010 - 18:19:46 - [0] -SH-D- C:\ProgramData\Bureau

O43 - CFD: 29/11/2010 - 11:11:30 - [22194629] --H-D- C:\ProgramData\CanonBJ

O43 - CFD: 25/12/2010 - 16:59:00 - [2517] --H-D- C:\ProgramData\CanonIJScan

O43 - CFD: 14/07/2009 - 06:53:56 - [0] -SH-D- C:\ProgramData\Desktop

O43 - CFD: 14/07/2009 - 06:53:56 - [0] -SH-D- C:\ProgramData\Documents

O43 - CFD: 30/11/2010 - 18:55:18 - [0] ----D- C:\ProgramData\eMule

O43 - CFD: 29/11/2010 - 00:40:26 - [74687871] ----D- C:\ProgramData\ESET

O43 - CFD: 21/04/2011 - 12:30:06 - [1211] ----D- C:\ProgramData\F-Secure

O43 - CFD: 28/11/2010 - 18:19:46 - [0] -SH-D- C:\ProgramData\Favoris

O43 - CFD: 14/07/2009 - 06:53:56 - [0] -SH-D- C:\ProgramData\Favorites

O43 - CFD: 14/12/2010 - 17:22:14 - [93143056] ----D- C:\ProgramData\Installations

O43 - CFD: 21/04/2011 - 17:47:16 - [216022] ----D- C:\ProgramData\Kaspersky Lab

O43 - CFD: 22/03/2011 - 19:39:12 - [1204422] ----D- C:\ProgramData\ma-config.com

O43 - CFD: 16/01/2011 - 11:55:26 - [6592487] ----D- C:\ProgramData\Malwarebytes

O43 - CFD: 21/04/2011 - 12:38:08 - [112626] ----D- C:\ProgramData\McAfee

O43 - CFD: 21/04/2011 - 12:38:24 - [840] ----D- C:\ProgramData\McAfee Security Scan

O43 - CFD: 28/11/2010 - 18:19:46 - [0] -SH-D- C:\ProgramData\Menu Démarrer

O43 - CFD: 30/11/2010 - 17:47:18 - [551656662] -S--D- C:\ProgramData\Microsoft

O43 - CFD: 28/11/2010 - 18:19:46 - [0] -SH-D- C:\ProgramData\Modèles

O43 - CFD: 10/12/2010 - 17:17:36 - [9626717] ----D- C:\ProgramData\Nero

O43 - CFD: 14/12/2010 - 17:25:36 - [148824172] ----D- C:\ProgramData\Nokia

O43 - CFD: 14/12/2010 - 17:27:30 - [11120] ----D- C:\ProgramData\PC Suite

O43 - CFD: 30/11/2010 - 17:58:20 - [18007040] ----D- C:\ProgramData\Skype

O43 - CFD: 14/07/2009 - 06:53:56 - [0] -SH-D- C:\ProgramData\Start Menu

O43 - CFD: 27/12/2010 - 13:02:08 - [119] ----D- C:\ProgramData\Sun

O43 - CFD: 20/04/2011 - 16:37:04 - [0] ----D- C:\ProgramData\SUPERAntiSpyware.com

O43 - CFD: 7/12/2010 - 19:13:54 - [1855370] ----D- C:\ProgramData\Symantec

O43 - CFD: 13/02/2011 - 15:13:46 - [0] ---AD- C:\ProgramData\TEMP

O43 - CFD: 14/07/2009 - 06:53:56 - [0] -SH-D- C:\ProgramData\Templates

O43 - CFD: 8/03/2011 - 19:15:40 - [0] ----D- C:\ProgramData\TomTom

O43 - CFD: 27/02/2011 - 15:17:24 - [26343938] ----D- C:\ProgramData\Win7codecs

O43 - CFD: 25/12/2010 - 16:52:58 - [1981] ----D- C:\ProgramData\zeon

O43 - CFD: 22/01/2011 - 15:16:02 - [5306986] ----D- C:\Users\P. LEMAIGRE\AppData\Roaming\Adobe

O43 - CFD: 28/11/2010 - 19:29:30 - [0] ----D- C:\Users\P. LEMAIGRE\AppData\Roaming\ATI

O43 - CFD: 25/12/2010 - 17:07:46 - [49672] ----D- C:\Users\P. LEMAIGRE\AppData\Roaming\Canon

O43 - CFD: 1/01/2011 - 11:39:36 - [199] ----D- C:\Users\P. LEMAIGRE\AppData\Roaming\dvdcss

O43 - CFD: 29/11/2010 - 00:41:00 - [0] ----D- C:\Users\P. LEMAIGRE\AppData\Roaming\ESET

O43 - CFD: 21/04/2011 - 12:30:16 - [0] ----D- C:\Users\P. LEMAIGRE\AppData\Roaming\f-secure

O43 - CFD: 5/12/2010 - 15:30:02 - [573] ----D- C:\Users\P. LEMAIGRE\AppData\Roaming\FFSJ

O43 - CFD: 25/12/2010 - 16:56:54 - [139] ----D- C:\Users\P. LEMAIGRE\AppData\Roaming\FLEXnet

O43 - CFD: 1/01/2011 - 15:41:36 - [55] ----D- C:\Users\P. LEMAIGRE\AppData\Roaming\FLV Extract

O43 - CFD: 13/02/2011 - 15:15:36 - [146233] ----D- C:\Users\P. LEMAIGRE\AppData\Roaming\GlarySoft

O43 - CFD: 6/03/2011 - 16:40:48 - [0] ----D- C:\Users\P. LEMAIGRE\AppData\Roaming\GrabPro

O43 - CFD: 23/03/2011 - 08:22:50 - [165] ----D- C:\Users\P. LEMAIGRE\AppData\Roaming\gtk-2.0

O43 - CFD: 28/11/2010 - 18:20:02 - [0] ----D- C:\Users\P. LEMAIGRE\AppData\Roaming\Identities

O43 - CFD: 26/12/2010 - 12:15:04 - [0] ----D- C:\Users\P. LEMAIGRE\AppData\Roaming\InstallShield

O43 - CFD: 21/04/2011 - 14:46:08 - [14552] ----D- C:\Users\P. LEMAIGRE\AppData\Roaming\KeePass

O43 - CFD: 28/11/2010 - 21:50:24 - [31009] ----D- C:\Users\P. LEMAIGRE\AppData\Roaming\Macromedia

O43 - CFD: 25/12/2010 - 16:54:00 - [543] ----D- C:\Users\P. LEMAIGRE\AppData\Roaming\Macrovision

O43 - CFD: 16/01/2011 - 11:55:30 - [0] ----D- C:\Users\P. LEMAIGRE\AppData\Roaming\Malwarebytes

O43 - CFD: 14/07/2009 - 11:00:42 - [0] ----D- C:\Users\P. LEMAIGRE\AppData\Roaming\Media Center Programs

O43 - CFD: 19/03/2011 - 09:15:08 - [19167031] -S--D- C:\Users\P. LEMAIGRE\AppData\Roaming\Microsoft

O43 - CFD: 6/03/2011 - 17:05:10 - [423] ----D- C:\Users\P. LEMAIGRE\AppData\Roaming\MiniDm

O43 - CFD: 28/11/2010 - 21:12:42 - [28256870] ----D- C:\Users\P. LEMAIGRE\AppData\Roaming\Mozilla

O43 - CFD: 10/12/2010 - 17:26:54 - [515368] ----D- C:\Users\P. LEMAIGRE\AppData\Roaming\Nero

O43 - CFD: 14/12/2010 - 17:27:28 - [354] ----D- C:\Users\P. LEMAIGRE\AppData\Roaming\PC Suite

O43 - CFD: 21/04/2011 - 13:21:10 - [2626856] ----D- C:\Users\P. LEMAIGRE\AppData\Roaming\Skype

O43 - CFD: 10/12/2010 - 18:15:38 - [8487] ----D- C:\Users\P. LEMAIGRE\AppData\Roaming\SmsDiscount

O43 - CFD: 1/12/2010 - 18:34:18 - [664] ----D- C:\Users\P. LEMAIGRE\AppData\Roaming\SoundSpectrum

O43 - CFD: 20/04/2011 - 16:37:04 - [79947951] ----D- C:\Users\P. LEMAIGRE\AppData\Roaming\SUPERAntiSpyware.com

O43 - CFD: 8/12/2010 - 17:40:50 - [336] ----D- C:\Users\P. LEMAIGRE\AppData\Roaming\Symantec

O43 - CFD: 29/11/2010 - 14:14:46 - [345872540] ----D- C:\Users\P. LEMAIGRE\AppData\Roaming\Thunderbird

O43 - CFD: 8/03/2011 - 19:15:30 - [40015356] ----D- C:\Users\P. LEMAIGRE\AppData\Roaming\TomTom

O43 - CFD: 21/04/2011 - 13:21:10 - [1702733] ----D- C:\Users\P. LEMAIGRE\AppData\Roaming\uTorrent

O43 - CFD: 13/02/2011 - 16:33:00 - [1599623] ----D- C:\Users\P. LEMAIGRE\AppData\Roaming\vlc

O43 - CFD: 27/02/2011 - 15:17:24 - [1025] ----D- C:\Users\P. LEMAIGRE\AppData\Roaming\Win7codecs

O43 - CFD: 5/12/2010 - 16:26:44 - [485] ----D- C:\Users\P. LEMAIGRE\AppData\Roaming\WinRAR

O43 - CFD: 25/12/2010 - 16:55:14 - [53130] ----D- C:\Users\P. LEMAIGRE\AppData\Roaming\Zeon

O43 - CFD: 28/11/2010 - 18:19:52 - [0] -SH-D- C:\Users\P. LEMAIGRE\Appdata\Local\Application Data

O43 - CFD: 28/11/2010 - 19:29:30 - [61878] ----D- C:\Users\P. LEMAIGRE\Appdata\Local\ATI

O43 - CFD: 3/12/2010 - 16:59:44 - [1827394] ----D- C:\Users\P. LEMAIGRE\Appdata\Local\ElevatedDiagnostics

O43 - CFD: 31/12/2010 - 14:41:46 - [225008] ----D- C:\Users\P. LEMAIGRE\Appdata\Local\eMule

O43 - CFD: 7/12/2010 - 19:09:10 - [649264] ----D- C:\Users\P. LEMAIGRE\Appdata\Local\ESET

O43 - CFD: 26/02/2011 - 15:26:16 - [1946] ----D- C:\Users\P. LEMAIGRE\Appdata\Local\Google

O43 - CFD: 28/11/2010 - 18:19:52 - [0] -SH-D- C:\Users\P. LEMAIGRE\Appdata\Local\Historique

O43 - CFD: 17/03/2011 - 17:36:54 - [603520] ----D- C:\Users\P. LEMAIGRE\Appdata\Local\Hook Network

O43 - CFD: 22/01/2011 - 15:16:02 - [293132272] ----D- C:\Users\P. LEMAIGRE\Appdata\Local\Microsoft

O43 - CFD: 26/02/2011 - 15:07:58 - [638912] ----D- C:\Users\P. LEMAIGRE\Appdata\Local\Microsoft Games

O43 - CFD: 28/11/2010 - 21:12:38 - [76004664] ----D- C:\Users\P. LEMAIGRE\Appdata\Local\Mozilla

O43 - CFD: 26/12/2010 - 17:09:24 - [4140] ----D- C:\Users\P. LEMAIGRE\Appdata\Local\Nero

O43 - CFD: 26/02/2011 - 13:34:52 - [50291] ----D- C:\Users\P. LEMAIGRE\Appdata\Local\SlimWare Utilities Inc

O43 - CFD: 8/12/2010 - 17:40:50 - [1706] ----D- C:\Users\P. LEMAIGRE\Appdata\Local\Symantec_Corporation

O43 - CFD: 21/04/2011 - 18:14:26 - [49911869] ----D- C:\Users\P. LEMAIGRE\Appdata\Local\Temp

O43 - CFD: 28/11/2010 - 18:19:52 - [0] -SH-D- C:\Users\P. LEMAIGRE\Appdata\Local\Temporary Internet Files

O43 - CFD: 10/12/2010 - 16:56:48 - [9069651] ----D- C:\Users\P. LEMAIGRE\Appdata\Local\Thunderbird

O43 - CFD: 16/03/2011 - 18:44:00 - [655898450] ----D- C:\Users\P. LEMAIGRE\Appdata\Local\TomTom

O43 - CFD: 28/11/2010 - 18:19:56 - [0] ----D- C:\Users\P. LEMAIGRE\Appdata\Local\VirtualStore

O43 - CFD: 28/11/2010 - 22:00:24 - [28672] ----D- C:\Users\P. LEMAIGRE\Appdata\Local\Windows Live

O43 - CFD: 9/02/2011 - 19:12:48 - [6055539] ----D- C:\Users\P. LEMAIGRE\Appdata\Local\Xara

 

 

 

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)

O44 - LFC:[MD5.827C60BD193D43B0D35F19D424593CF1] - 21/04/2011 - 16:55:22 ---A- . (...) -- C:\Windows\System32\PerfStringBackup.INI [1549700]

O44 - LFC:[MD5.BABA9B1E5C56A91304CC5B5FBD4CE94B] - 21/04/2011 - 16:55:22 ---A- . (...) -- C:\Windows\System32\perfc009.dat [106190]

O44 - LFC:[MD5.7229DC2D88BF00123D3A742AB513F2A7] - 21/04/2011 - 16:55:22 ---A- . (...) -- C:\Windows\System32\perfc00C.dat [130548]

O44 - LFC:[MD5.A46EF2D08ABF71C5E6A2D99181E80C68] - 21/04/2011 - 16:55:22 ---A- . (...) -- C:\Windows\System32\perfh009.dat [615810]

O44 - LFC:[MD5.B8483DB432E96516D3D81C8940DFA56B] - 21/04/2011 - 16:55:22 ---A- . (...) -- C:\Windows\System32\perfh00C.dat [704242]

O44 - LFC:[MD5.DCBB8CF68DD8CEAD28C438F7D82B37C4] - 21/04/2011 - 16:50:56 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]

O44 - LFC:[MD5.CA4B339DF5F385B68D2A2BEF84C194B5] - 21/04/2011 - 15:46:05 --HA- . (...) -- C:\Windows\hfdriver.dat [766]

O44 - LFC:[MD5.D2A58B6B8A9FDB198628CFB98BEE0441] - 21/04/2011 - 15:25:34 ---A- . (...) -- C:\lopR.txt [11329]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 21/04/2011 - 12:23:51 ---A- . (...) -- C:\Windows\ativpsrm.bin [0]

O44 - LFC:[MD5.F494A37E807F125C439E21C848B6D6DC] - 21/04/2011 - 11:44:36 ---A- . (...) -- C:\Windows\System32\eod2e1g.log [814]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 20/04/2011 - 15:40:59 RSHA- . (...) -- C:\IO.SYS [0]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 20/04/2011 - 15:40:59 RSHA- . (...) -- C:\MSDOS.SYS [0]

O44 - LFC:[MD5.B56C828246735BC2FF7342D1A750996B] - 25/03/2011 - 18:22:05 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [9792]

O44 - LFC:[MD5.B56C828246735BC2FF7342D1A750996B] - 25/03/2011 - 18:22:04 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [9792]

O44 - LFC:[MD5.7D7E6B1E4E14BC13FE7856812CE84C86] - 14/01/2008 - 09:52:24 ---A- . (...) -- C:\Windows\System32\fcdll.dll [461312]

 

 

 

---\\ Trojan Driver Search Data (HKLM) (O52)

O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\iccvid.dll

O52 - TDSD: \Drivers32\"vidc.XVID"="xvidvfw.dll" . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\xvidvfw.dll

O52 - TDSD: \Drivers32\"VIDC.FFDS"="ff_vfw.dll" . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\ff_vfw.dll

O52 - TDSD: \Drivers32\"vidc.x264"="x264vfw.dll" . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\x264vfw.dll

O52 - TDSD: \Drivers32\"msacm.ac3filter"="ac3filter.acm" . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\ac3filter.acm

O52 - TDSD: \Drivers32\"msacm.avis"="ff_acm.acm" . (.Pas de propriétaire - ffdshow Audio Decoder.) -- C:\Windows\System32\ff_acm.acm

O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

O52 - TDSD: \drivers.desc\"wdmaud.drv"="Pilote de fonction UAA 1.1 Microsoft pour High Definition Audio" . (.Pas de propriétaire - Pas de description.) -- (.not file.)

O52 - TDSD: \drivers.desc\"ff_vfw.dll"="ffdshow video encoder" . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\ff_vfw.dll

O52 - TDSD: \drivers.desc\"x264vfw.dll"="H264 Video codec" . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\x264vfw.dll

O52 - TDSD: \drivers.desc\"xvidvfw.dll"="Xvid MPEG-4 Video Codec" . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\xvidvfw.dll

O52 - TDSD: \drivers.desc\"ac3filter.acm"="AC3Filter ACM codec" . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\ac3filter.acm

O52 - TDSD: \drivers.desc\"ff_acm.acm"="ffdshow ACM codec" . (.Pas de propriétaire - ffdshow Audio Decoder.) -- C:\Windows\System32\ff_acm.acm

 

 

 

---\\ ShareTools MSconfig StartupReg (O53)

O53 - SMSR:HKLM\...\startupreg\SUPERAntiSpyware [Key] . (.SUPERAntiSpyware.com - SUPERAntiSpyware Application.) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

 

 

 

---\\ Microsoft Control Security Providers (O54)

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll

 

 

 

---\\ Microsoft Windows Policies System (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3

O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1

O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0

O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0

O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=

O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0

O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=1

 

 

 

---\\ Microsoft Windows Policies Explorer (O56)

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145

 

 

 

---\\ Liste des Drivers Système (O58)

O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [422976]

O58 - SDL:[MD5.0C676BC278D5B59FF5ABD57BBE9123F2] - 14/07/2009 - 02:26:17 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [297552]

O58 - SDL:[MD5.7C7B5EE4B7B822EC85321FE23A27DB33] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\system32\drivers\adpu320.sys [146512]

O58 - SDL:[MD5.0D40BCF52EA90FC7DF2AEAB6503DEA44] - 14/07/2009 - 02:26:15 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [14400]

O58 - SDL:[MD5.2101A86C25C154F8314B24EF49D7FBC2] - 14/07/2009 - 02:26:15 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\system32\drivers\amdsata.sys [79952]

O58 - SDL:[MD5.EA43AF0C423FF267355F74E7A53BDABA] - 14/07/2009 - 02:26:15 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows fa.) -- C:\Windows\system32\drivers\amdsbs.sys [159312]

O58 - SDL:[MD5.B81C2B5616F6420A9941EA093A92B150] - 14/07/2009 - 02:26:15 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\system32\drivers\amdxata.sys [23616]

O58 - SDL:[MD5.2932004F49677BD84DBC72EDB754FFB3] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [76368]

O58 - SDL:[MD5.5D6F36C46FD283AE1B57BD2E9FEB0BC7] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [86608]

O58 - SDL:[MD5.B6E6B264E9C4D0AD0E97AF8434C8754D] - 17/02/2009 - 18:22:14 ---A- . (.ASUSTeK Computer Inc. - ASUS Virtual Video Capture Device Driver.) -- C:\Windows\system32\drivers\asusgsb.sys [15232]

O58 - SDL:[MD5.95B1E9804CA10D096C0383F7C6684950] - 17/11/2010 - 13:04:24 ---A- . (.Advanced Micro Devices - AMD High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\AtihdW73.sys [101392]

O58 - SDL:[MD5.D05CF4523E0C04EF82454ABFD84FDC1D] - 27/01/2011 - 00:36:14 ---A- . (.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) -- C:\Windows\system32\drivers\atikmdag.sys [7566848]

O58 - SDL:[MD5.92DC2E0AE49148F83B24D89C737B0C97] - 27/01/2011 - 23:13:10 ---A- . (.Advanced Micro Devices, Inc. - AMD multi-vendor Miniport Driver.) -- C:\Windows\system32\drivers\atikmpag.sys [238592]

O58 - SDL:[MD5.409AAFBD2642813F2C1BB446C816E354] - 17/02/2009 - 18:22:14 ---A- . (.ASUSTeK Computer Inc. - ATKDispLowFilter.) -- C:\Windows\system32\drivers\ATKDispLowFilter.sys [30976]

O58 - SDL:[MD5.BD8869EB9CDE6BBE4508D869929869EE] - 14/07/2009 - 23:02:49 ---A- . (.Broadcom Corporation - Pilote unifié NDIS6.x Broadcom NetXtreme Gigabit Ethernet..) -- C:\Windows\system32\drivers\b57nd60x.sys [229888]

O58 - SDL:[MD5.8ACD4A0E6CE972882EE6DB31C83CAD4C] - 14/09/2007 - 05:46:44 ---A- . (.Jetico, Inc. - BCSwap Swap File Encrypting Driver.) -- C:\Windows\system32\drivers\bcswap.sys [91496]

O58 - SDL:[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - 14/07/2009 - 23:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [13568]

O58 - SDL:[MD5.56801AD62213A41F6497F96DEE83755A] - 14/07/2009 - 23:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [5248]

O58 - SDL:[MD5.845B8CE732E67F3B4133164868C666EA] - 14/07/2009 - 01:57:25 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [272128]

O58 - SDL:[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - 14/07/2009 - 23:53:32 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [62336]

O58 - SDL:[MD5.BD456606156BA17E60A04E18016AE54B] - 14/07/2009 - 23:53:33 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [12160]

O58 - SDL:[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - 14/07/2009 - 23:53:33 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [11904]

O58 - SDL:[MD5.1A231ABEC60FD316EC54C66715543CEC] - 14/07/2009 - 23:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\system32\drivers\bxvbdx.sys [430080]

O58 - SDL:[MD5.C3963D85B721A7F80D8A55F4E2867A3A] - 26/02/2010 - 14:32:44 ---A- . (.Nokia - Nokia USB Phone Bus Driver.) -- C:\Windows\system32\drivers\ccdcmb.sys [18176]

O58 - SDL:[MD5.3859C69A77793180548802DAC9F34A38] - 26/02/2010 - 14:32:44 ---A- . (.Nokia - Nokia USB Phone Bus Driver.) -- C:\Windows\system32\drivers\ccdcmbo.sys [22528]

O58 - SDL:[MD5.C537B1DB64D495B9B4717B4D6D9EDBF2] - 14/07/2009 - 02:26:21 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [15952]

O58 - SDL:[MD5.C2EB4539A4F6AB6EDD01BDC191619975] - 9/11/2010 - 14:35:30 ---A- . (.CPUID - CPUID Driver.) -- C:\Windows\system32\drivers\cpuz135_x32.sys [21992]

O58 - SDL:[MD5.8B30250D573A8F6B4BD23195160D8707] - 14/07/2009 - 02:20:28 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys [70720]

O58 - SDL:[MD5.E31464CE787E3A0FFEA55BAA591897F0] - 14/05/2009 - 15:41:10 ---A- . (.ESET - Amon monitor.) -- C:\Windows\system32\drivers\eamon.sys [114472]

O58 - SDL:[MD5.2C95A7A87E4272C1FFF9BAF579677DB3] - 14/05/2009 - 15:47:14 ---A- . (.ESET - ESET Helper driver.) -- C:\Windows\system32\drivers\ehdrv.sys [107256]

O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [453712]

O58 - SDL:[MD5.C2C9A92B560A775C65B89E78DCB6951A] - 14/05/2009 - 15:49:22 ---A- . (.ESET - ESET Personal Firewall driver.) -- C:\Windows\system32\drivers\epfw.sys [133000]

O58 - SDL:[MD5.73FC7C4A5952B5493C6BE2708D1538C0] - 14/05/2009 - 15:49:26 ---A- . (.ESET - ESET Personal Firewall NDIS filter.) -- C:\Windows\system32\drivers\epfwndis.sys [33096]

O58 - SDL:[MD5.5211FB96523E6C1AEE19D6FB4D57CE25] - 14/05/2009 - 15:49:32 ---A- . (.ESET - ESET Personal Firewall driver.) -- C:\Windows\system32\drivers\epfwwfp.sys [38240]

O58 - SDL:[MD5.024E1B5CAC09731E4D868E64DBFB4AB0] - 14/07/2009 - 23:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\system32\drivers\evbdx.sys [3100160]

O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 14/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\system32\drivers\hcw85cir.sys [26624]

O58 - SDL:[MD5.A88485DC6A7136C10D9A6C7E38FDFE3C] - 18/09/2009 - 03:54:14 ---A- . (.Intel Corporation - Intel® Management Engine Interface.) -- C:\Windows\system32\drivers\HECI.sys [41088]

O58 - SDL:[MD5.353694EF44517C3CADF0444AD3C403B7] - 29/01/2008 - 21:02:08 ---A- . (...) -- C:\Windows\system32\drivers\hfdriver.sys [18944]

O58 - SDL:[MD5.295FDC419039090EB8B49FFDBB374549] - 14/07/2009 - 02:20:28 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\system32\drivers\HpSAMD.sys [67152]

O58 - SDL:[MD5.934AF4D7C5F457B9F0743F4299B77B67] - 14/07/2009 - 02:20:36 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\system32\drivers\iaStorV.sys [332352]

O58 - SDL:[MD5.4173FF5708F3236CF25195FECD742915] - 14/07/2009 - 02:20:36 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [41040]

O58 - SDL:[MD5.77BDE7B7060D063702F3AF3482895536] - 28/11/2010 - 17:59:39 ---A- . (.THOMSON Telecom Belgium - SpeedTouch WDM Library.) -- C:\Windows\system32\drivers\lpwdm.sys [16128]

O58 - SDL:[MD5.EB119A53CCF2ACC000AC71B065B78FEF] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [95824]

O58 - SDL:[MD5.8ADE1C877256A22E49B75D1CC9161F9C] - 14/07/2009 - 02:20:37 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [89168]

O58 - SDL:[MD5.DC9DC3D3DAA0E276FD2EC262E38B11E9] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas2.sys [54864]

O58 - SDL:[MD5.0A036C7D7CAB643A7F07135AC47E0524] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [96848]

O58 - SDL:[MD5.836E0E09CA9869BE7EB39EF2CF3602C7] - 20/12/2010 - 18:08:40 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys [20952]

O58 - SDL:[MD5.D68E165C3123ABA3B1282EDDB4213BD8] - 20/12/2010 - 18:09:00 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbamswissarmy.sys [38224]

O58 - SDL:[MD5.0FFF5B045293002AB38EB1FD1FC2FB74] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7 for x86.) -- C:\Windows\system32\drivers\megasas.sys [30800]

O58 - SDL:[MD5.DCBAB2920C75F390CAF1D29F675D03D6] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys [235584]

O58 - SDL:[MD5.1D85C4B390B0EE09C7A46B91EFB2C097] - 14/07/2009 - 02:20:44 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [44624]

O58 - SDL:[MD5.338F83EE9CB9E15EEACF0CBB90218CBF] - 26/02/2010 - 14:21:22 ---A- . (.Nokia - Nokia USB Phone Bus Driver.) -- C:\Windows\system32\drivers\nmwcdnsu.sys [137344]

O58 - SDL:[MD5.D15BAC979144FB69ED28F97B2DD84D48] - 26/02/2010 - 14:21:22 ---A- . (.Nokia - Nokia USB Phone Generic Client.) -- C:\Windows\system32\drivers\nmwcdnsuc.sys [8320]

O58 - SDL:[MD5.3F3D04B1D08D43C16EA7963954EC768D] - 14/07/2009 - 02:20:44 ---A- . (.NVIDIA Corporation - NVIDIA® nForce RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [117312]

O58 - SDL:[MD5.C99F251A5DE63C6F129CF71933ACED0F] - 14/07/2009 - 02:20:44 ---A- . (.NVIDIA Corporation - NVIDIA® nForce Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [142416]

O58 - SDL:[MD5.FD2041E9BA03DB7764B2248F02475079] - 26/08/2008 - 10:26:12 ---A- . (.Nokia - PCCS Mode Change Filter Driver.) -- C:\Windows\system32\drivers\pccsmcfd.sys [18816]

O58 - SDL:[MD5.AB95ECF1F6659A60DDC166D8315B0751] - 14/07/2009 - 02:19:04 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [1383488]

O58 - SDL:[MD5.B4DD51DD25182244B86737DC51AF2270] - 14/07/2009 - 02:19:04 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [106064]

O58 - SDL:[MD5.7DFD48E24479B68B258D8770121155A0] - 14/07/2009 - 23:02:52 ---A- . (.Realtek Corporation - Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver.) -- C:\Windows\system32\drivers\Rt86win7.sys [139776]

O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/07/2009 - 21:50:20 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys [20480]

O58 - SDL:[MD5.A9F0486851BECB6DDA1D89D381E71055] - 14/07/2009 - 02:19:04 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\system32\drivers\sisraid2.sys [40016]

O58 - SDL:[MD5.3727097B55738E2F554972C3BE5BC1AA] - 14/07/2009 - 02:19:04 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys [77888]

O58 - SDL:[MD5.C9FA6A70C051FC59D22C2E4CD211AD9B] - 28/11/2010 - 17:59:39 ---A- . (.THOMSON Telecom Belgium - SpeedTouch 330 usb-driver.) -- C:\Windows\system32\drivers\st330.sys [30464]

O58 - SDL:[MD5.0017202EB0224F82706F04ED35AB23C2] - 28/11/2010 - 17:59:39 ---A- . (.THOMSON Telecom Belgium - SpeedTouch vbus driver.) -- C:\Windows\system32\drivers\stbus.sys [12672]

O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 14/07/2009 - 02:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\system32\drivers\stexstor.sys [21072]

O58 - SDL:[MD5.0A9484E3CDAFB529B392B5E9EBBC4AA6] - 28/11/2010 - 17:59:39 ---A- . (.THOMSON Telecom Belgium - SpeedTouch PPP Adapter.) -- C:\Windows\system32\drivers\stppp.sys [32000]

O58 - SDL:[MD5.7168EA26833301750562BFD0A16A66D3] - 26/02/2011 - 13:54:33 ---A- . (...) -- C:\Windows\system32\drivers\SWDUMon.sys [11232]

O58 - SDL:[MD5.5C66E6AA29DAD1875CC74662DD13C87E] - 28/03/2007 - 20:29:12 ---A- . (.StorageCraft - StorageCraft Volume Snap-Shot.) -- C:\Windows\system32\drivers\symsnap.sys [131944]

O58 - SDL:[MD5.0CCADC7391021376EDBB8AA649D04E68] - 26/02/2010 - 14:32:46 ---A- . (.Nokia - Filter Driver for Nokia USB Phone Bus Driver.) -- C:\Windows\system32\drivers\usbser_lowerflt.sys [8192]

O58 - SDL:[MD5.68B4F83CCCF70A2FF32EE142C234332A] - 26/02/2010 - 14:32:58 ---A- . (.Nokia - Filter Driver for Nokia USB Phone Bus Driver.) -- C:\Windows\system32\drivers\usbser_lowerfltj.sys [8192]

O58 - SDL:[MD5.16662738E1AB857FB91ED2D4065440B0] - 28/03/2007 - 20:29:10 ---A- . (.Symantec Corporation - V2iMount.sys - Image Mounting Device Driver.) -- C:\Windows\system32\drivers\v2imount.sys [37864]

O58 - SDL:[MD5.E43574F6A56A0EE11809B48C09E4FD3C] - 14/07/2009 - 02:19:10 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys [16976]

O58 - SDL:[MD5.6666A8DDCF315635FC3C13F18C944B19] - 28/03/2007 - 20:23:50 ---A- . (.Symantec Corporation - VProEventMonitor.Sys - Event Monitoring driver.) -- C:\Windows\system32\drivers\vproeventmonitor.sys [14072]

O58 - SDL:[MD5.9DFA0CC2F8855A04816729651175B631] - 14/07/2009 - 02:19:11 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys [141904]

O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\system32\ANSI.SYS [9029]

O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 22:40:44 ---A- . (...) -- C:\Windows\system32\country.sys [27097]

O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 22:40:40 ---A- . (...) -- C:\Windows\system32\HIMEM.SYS [4768]

O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\system32\KEY01.SYS [42809]

O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\system32\KEYBOARD.SYS [42537]

O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 22:40:23 ---A- . (...) -- C:\Windows\system32\NTDOS.SYS [27866]

O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 22:40:31 ---A- . (...) -- C:\Windows\system32\NTDOS404.SYS [29146]

O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 22:40:35 ---A- . (...) -- C:\Windows\system32\NTDOS411.SYS [29370]

O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 22:40:39 ---A- . (...) -- C:\Windows\system32\NTDOS412.SYS [29274]

O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 22:40:27 ---A- . (...) -- C:\Windows\system32\NTDOS804.SYS [29146]

O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 22:40:11 ---A- . (...) -- C:\Windows\system32\NTIO.SYS [33952]

O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 22:40:15 ---A- . (...) -- C:\Windows\system32\NTIO404.SYS [34672]

O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 22:40:17 ---A- . (...) -- C:\Windows\system32\NTIO411.SYS [35776]

O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 22:40:19 ---A- . (...) -- C:\Windows\system32\NTIO412.SYS [35536]

O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 22:40:13 ---A- . (...) -- C:\Windows\system32\NTIO804.SYS [34672]

 

 

 

---\\ Liste des outils de nettoyage (O63)

O63 - Logiciel: Ad-Remover par C_XX - (.C_XX.) [HKLM] -- Ad-Remover

O63 - Logiciel: HijackThis 2.0.2 - (.TrendMicro.) [HKLM] -- HijackThis

O63 - Logiciel: ZHPDiag 1.27 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1

O63 - Logiciel: Lop SD - (.AngelDark & Eric71.)

 

 

 

---\\ Liste des services Legacy (O64)

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\30976231.sys (.not file.) - 30976231 (30976231) .(...) - LEGACY_30976231

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\30976232.sys (.not file.) - 30976232 Boot Guard Driver (30976232) .(...) - LEGACY_30976232

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\atikmdag.sys - amdkmdag (amdkmdag) .(.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) - LEGACY_AMDKMDAG

O64 - Services: CurCS - C:\Windows\system32\Drivers\BEEP.sys - (.not file.) - Beep (Beep) .(...) - LEGACY_BEEP

O64 - Services: CurCS - C:\Windows\system32\drivers\cpuz135_x32.sys - cpuz135 (cpuz135) .(.CPUID - CPUID Driver.) - LEGACY_CPUZ135

O64 - Services: CurCS - C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys - driverhardwarev2 (driverhardwarev2) .(.CybelSoft - Driver NT Ma-Config.com.) - LEGACY_DRIVERHARDWAREV2

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\eamon.sys - eamon (eamon) .(.ESET - Amon monitor.) - LEGACY_EAMON

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\ehdrv.sys - ehdrv (ehdrv) .(.ESET - ESET Helper driver.) - LEGACY_EHDRV

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\epfw.sys - epfw (epfw) .(.ESET - ESET Personal Firewall driver.) - LEGACY_EPFW

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\epfwwfp.sys - epfwwfp (epfwwfp) .(.ESET - ESET Personal Firewall driver.) - LEGACY_EPFWWFP

O64 - Services: CurCS - C:\Windows\system32\Drivers\FASTFAT.sys - (.not file.) - FAT12/16/32 File System Driver (fastfat) .(...) - LEGACY_FASTFAT

O64 - Services: CurCS - C:\Windows\system32\Drivers\FS_REC.sys - Fs_Rec (Fs_Rec) .(...) - LEGACY_FS_REC

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\hfdriver.sys - HFDrv (HFDrv) .(...) - LEGACY_HFDRV

O64 - Services: CurCS - (.not file.) - klmd24 (klmd24) .(...) - LEGACY_KLMD24

O64 - Services: CurCS - (.not file.) - klmd25 (klmd25) .(...) - LEGACY_KLMD25

O64 - Services: CurCS - (.not file.) - mbr (mbr) .(...) - LEGACY_MBR

O64 - Services: CurCS - C:\Windows\system32\Drivers\MSFS.sys - Msfs (Msfs) .(...) - LEGACY_MSFS

O64 - Services: CurCS - C:\Windows\system32\Drivers\NDPROXY.sys - NDProxy (NDProxy) .(...) - LEGACY_NDPROXY

O64 - Services: CurCS - C:\Windows\system32\Drivers\NPFS.sys - Npfs (Npfs) .(...) - LEGACY_NPFS

O64 - Services: CurCS - C:\Windows\system32\Drivers\NTFS.sys - Ntfs (Ntfs) .(...) - LEGACY_NTFS

O64 - Services: CurCS - C:\Windows\system32\Drivers\NULL.sys - Null (Null) .(...) - LEGACY_NULL

O64 - Services: CurCS - C:\Program Files\SUPERAntiSpyware\SASDIFSV.sys - SASDIFSV (SASDIFSV) .(.SUPERAdBlocker.com and SUPERAntiSpyware.com - SASDIFSV.SYS.) - LEGACY_SASDIFSV

O64 - Services: CurCS - C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys - SASKUTIL (SASKUTIL) .(.SUPERAdBlocker.com and SUPERAntiSpyware.com - SASKUTIL.SYS.) - LEGACY_SASKUTIL

O64 - Services: CurCS - C:\Windows\system32\Drivers\SECDRV.sys - (.not file.) - Security Driver (secdrv) .(...) - LEGACY_SECDRV

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\3097623.sys (.not file.) - setup_9.0.0.722_21.04.2011_14-54drv (setup_9.0.0.722_21.04.2011_14-54drv) .(...) - LEGACY_SETUP_9.0.0.722_21.04.2011_14-54DRV

O64 - Services: CurCS - C:\Windows\system32\Drivers\SPLDR.sys - (.not file.) - Security Processor Loader Driver (spldr) .(...) - LEGACY_SPLDR

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\symsnap.sys - Symantec Volume Snap Shot Driver (symsnap) .(.StorageCraft - StorageCraft Volume Snap-Shot.) - LEGACY_SYMSNAP

O64 - Services: CurCS - C:\Windows\system32\Drivers\utixmta5.sys (.not file.) - AVZ Kernel Driver (utixmta5) .(...) - LEGACY_UTIXMTA5

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\v2imount.sys - Symantec V2i Mount Driver (v2imount) .(.Symantec Corporation - V2iMount.sys - Image Mounting Device Driver.) - LEGACY_V2IMOUNT

 

 

 

---\\ File Associations Shell Spawning (O67)

O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe

O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe

O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe

O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe

 

 

 

---\\ Start Menu Internet (O68)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

 

 

 

---\\ Search Browser Infection (O69)

O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - Bing

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - Bing

O69 - SBI: SearchScopes [HKCU] {AA8FD75C-C057-469F-881B-C3467C0137A5} [DefaultScope] - (iGoogle) - Google

O69 - SBI: SearchScopes [HKCU] {C2E6D0D0-6712-4F32-81A1-D1CBE2C54E6F} - (Wikipédia (fr)) - Wikipédia, l'encyclopédie libre

O69 - SBI: SearchScopes [HKCU] {F44091AC-508E-438C-A1CE-5D64E5712DEC} - (YouTube) - http://www.youtube.com

 

 

 

---\\ Internet Feature Controls (O81)

O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe

O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe

 

 

 

---\\ Recherche particuliere à la racine de certains dossiers (O84)

[MD5.5923BA07BC3FA1301B971C0541E87350] [sPRF] (.SUPERAntiSpyware.com - SUPERAntiSpyware Update Application.) -- C:\Users\P. LEMAIGRE\AppData\Local\Temp\SSUPDATE.EXE [355056]

 

 

 

---\\ Firewall Active Exception List (FirewallRules) (O87)

O87 - FAEL: "FPS-SpoolSvc-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Application sous-système spouleur.) -- C:\Windows\system32\spoolsv.exe

O87 - FAEL: "FPS-SpoolSvc-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Application sous-système spouleur.) -- C:\Windows\system32\spoolsv.exe

O87 - FAEL: "CoreNet-GP-LSASS-Out-TCP" | Out - Domain - P6 - TRUE | .(.Microsoft Corporation - Local Security Authority Process.) -- C:\Windows\system32\lsass.exe

O87 - FAEL: "RemoteSvcAdmin-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Applications Services et Contrôleur.) -- C:\Windows\system32\services.exe

O87 - FAEL: "RemoteSvcAdmin-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Applications Services et Contrôleur.) -- C:\Windows\system32\services.exe

O87 - FAEL: "NetPres-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe

O87 - FAEL: "NetPres-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe

O87 - FAEL: "NetPres-WSD-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe

O87 - FAEL: "NetPres-WSD-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe

O87 - FAEL: "NetPres-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe

O87 - FAEL: "NetPres-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe

O87 - FAEL: "SPPSVC-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Service de la plateforme de protection logicielle Microsoft.) -- C:\Windows\system32\sppsvc.exe

O87 - FAEL: "SPPSVC-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Service de la plateforme de protection logicielle Microsoft.) -- C:\Windows\system32\sppsvc.exe

O87 - FAEL: "{6E0A8009-7568-406F-AC95-4CA58317D74F}" |In - Public - P6 - TRUE | .(...) -- C:\Users\P. LEMAIGRE\AppData\Local\Temp\stInstall.exe (.not file.)

O87 - FAEL: "{A957AB2E-BAFD-4B11-AC63-2DA01AFDA674}" |In - Public - P17 - TRUE | .(...) -- C:\Users\P. LEMAIGRE\AppData\Local\Temp\stInstall.exe (.not file.)

O87 - FAEL: "{A79E1F2C-3CD6-43B6-9202-9CAE6BD5D678}" | In - Public - P6 - TRUE | .(.THOMSON Telecom Belgium - SpeedTouch Host Service.) -- C:\Program Files\Thomson\ST330\service\st330service.exe

O87 - FAEL: "{9A96D201-4B5E-4779-877C-66A67FAA561F}" | In - Public - P17 - TRUE | .(.THOMSON Telecom Belgium - SpeedTouch Host Service.) -- C:\Program Files\Thomson\ST330\service\st330service.exe

O87 - FAEL: "{27A973B5-828A-4C6D-975B-DC5F46118036}" | In - Private - P6 - TRUE | .(.Microsoft Corporation - LifeCam.exe.) -- C:\Program Files\Microsoft LifeCam\LifeCam.exe

O87 - FAEL: "{5E71D263-1EEA-4B2F-98AD-50F58D847326}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - LifeCam.exe.) -- C:\Program Files\Microsoft LifeCam\LifeCam.exe

O87 - FAEL: "{3CE45211-846A-44BB-B3B1-5EE865D84F7F}" | In - Private - P6 - TRUE | .(.Microsoft Corporation - LifeEnC2.exe.) -- C:\Program Files\Microsoft LifeCam\LifeEnC2.exe

O87 - FAEL: "{E63F54E8-3437-4628-9EA2-E4C1E07BA3C3}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - LifeEnC2.exe.) -- C:\Program Files\Microsoft LifeCam\LifeEnC2.exe

O87 - FAEL: "{6A95E6E2-5AE6-4F8F-A163-4F7F1B1DA5E4}" | In - Private - P6 - TRUE | .(.Microsoft Corporation - LifeExp.exe.) -- C:\Program Files\Microsoft LifeCam\LifeExp.exe

O87 - FAEL: "{B9366607-E59D-4643-9F6E-92177B62A181}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - LifeExp.exe.) -- C:\Program Files\Microsoft LifeCam\LifeExp.exe

O87 - FAEL: "{091E05B5-0B28-4F03-8D73-C0A360E8BE71}" | In - Private - P6 - TRUE | .(.Microsoft Corporation - LifeTray.exe.) -- C:\Program Files\Microsoft LifeCam\LifeTray.exe

O87 - FAEL: "{1E09EF88-98A4-4353-B48F-B9263F964942}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - LifeTray.exe.) -- C:\Program Files\Microsoft LifeCam\LifeTray.exe

O87 - FAEL: "{4758364A-CD90-404D-A89D-39EBD14532D5}" | In - Private - P6 - TRUE | .(.SmsDiscount - Client to make VoIP calls..) -- C:\Program Files\SmsDiscount\SmsDiscount.exe

O87 - FAEL: "{0A15838E-30B0-4055-B9E6-F44A3BC8A9B4}" | In - Private - P17 - TRUE | .(.SmsDiscount - Client to make VoIP calls..) -- C:\Program Files\SmsDiscount\SmsDiscount.exe

O87 - FAEL: "{BDBC9446-1521-4D12-8EA1-C3CFE0F382E1}" | In - None - P17 - TRUE | .(.Microsoft Corporation - Windows Live Call.) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe

O87 - FAEL: "{3A1F3817-DD2D-4716-B2D3-3FA2BD10280D}" | In - None - P17 - TRUE | .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

O87 - FAEL: "{86B34562-BC29-462F-BFBA-CA45CDF01EC7}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe

O87 - FAEL: "{61056657-540F-4F85-9FF9-47BB83FE5281}" | In - Public - P6 - TRUE | .(.SmsDiscount - Client to make VoIP calls..) -- C:\Program Files\SmsDiscount\SmsDiscount.exe

O87 - FAEL: "{E59FA9EF-0F11-49C3-9B38-9B5CDF5375E6}" | In - Public - P17 - TRUE | .(.SmsDiscount - Client to make VoIP calls..) -- C:\Program Files\SmsDiscount\SmsDiscount.exe

O87 - FAEL: "{ED805724-6195-4C8E-ADE1-C64C0A66FEDC}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe

O87 - FAEL: "{BDC68A81-ABED-4CF1-AA42-1E2B551508E7}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe

O87 - FAEL: "{A1E0F55D-AB61-47CE-A421-3AFD0BC7B104}" | In - Private - P6 - TRUE | .(.CybelSoft - Service de détection matériel.) -- C:\Program Files\ma-config.com\maconfservice.exe

O87 - FAEL: "{060C6E04-FB6E-4D10-86B8-3267BC19B1F2}" | In - Private - P17 - TRUE | .(.CybelSoft - Service de détection matériel.) -- C:\Program Files\ma-config.com\maconfservice.exe

 

 

 

---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)

SR - | Auto 27/01/2011 176128 | (AMD External Events Utility) . (.AMD.) - C:\Windows\system32\atiesrxx.exe

SS - | Demand 14/05/2009 20680 | (EhttpSrv) . (.ESET.) - C:\Program Files\ESET Smart Security\EHttpSrv.exe

SR - | Auto 14/05/2009 731840 | (ekrn) . (.ESET.) - C:\Program Files\ESET Smart Security\ekrn.exe

SS - | Disabled 14/05/2009 0 | (gupdate) . (...) - C:\Program Files\Google\Update\GoogleUpdate.exe

SS - | Demand 14/11/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

SR - | Auto 16/04/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

SS - | Demand 10/03/2011 311744 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe

SS - | Demand 23/02/2011 237008 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.0.199\McCHSvc.exe

SS - | Disabled 24/09/2008 935208 | Nero BackItUp Scheduler 4.0 (Nero BackItUp Scheduler 4.0) . (.Nero AG.) - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

SS - | Demand 28/03/2007 3290728 | (Norton Ghost) . (.Symantec Corporation.) - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

SS - | Demand 20/10/2010 630272 | (ServiceLayer) . (.Nokia.) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

SR - | Auto 19/03/2011 581632 | (st330service) . (.THOMSON Telecom Belgium.) - C:\Program Files\Thomson\ST330\service\st330service.exe

SR - | Auto 9/03/2011 92592 | (TomTomHOMEService) . (.TomTom.) - C:\Program Files\TomTom HOME\TomTomHOMEService.exe

SR - | Auto 16/04/2010 2533400 | (UNS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

SS - | Demand 29/11/2010 1343400 | C:\Windows\system32\Wat\WatUX.exe (WatAdminSvc) . (...) - C:\Windows\system32\Wat\WatAdminSvc.exe

 

 

 

---\\ Recherche Master Boot Record Infection (MBR)(O80)

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover

Run by P. LEMAIGRE at 21/04/2011 18:15:42

 

device: opened successfully

user: MBR read successfully

 

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85F184F0]<<

1 ntkrnlpa!IofCallDriver[0x82C45458] -> \Device\Harddisk0\DR0[0x85EF5A58]

3 CLASSPNP[0x837B059E] -> ntkrnlpa!IofCallDriver[0x82C45458] -> [0x85DA8918]

5 ACPI[0x834983B2] -> ntkrnlpa!IofCallDriver[0x82C45458] -> \IdeDeviceP2T0L0-2[0x85D9F030]

\Driver\atapi[0x85EF9618] -> IRP_MJ_CREATE -> 0x85F184F0

error: Read Un périphérique attaché au système ne fonctionne pas correctement.

kernel: MBR read successfully

user & kernel MBR OK

 

 

 

---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)

Written by ad13, http://ad13.geekstog

Run by P. LEMAIGRE at 21/04/2011 18:15:44

 

********* Dump file Name *********

C:\PhysicalDisk0_MBR.bin

 

 

 

End of the scan (1035 lines in 01mn 00s)(0)

[pear]

Bonsoir,

 

Télécharger load_tdsskiller de Loup Blanc sur le Bureau

Cet outil est conçu pour automatiser différentes tâches proposées par TDSSKiller, un fix de Kaspersky.

• Lancer load_tdsskiller en double-cliquant dessus :
  l'outil va se connecter au Net pour télécharger une copie à jour de TDSSKiller et lancer le scan
  
• Un message dans la fenêtre noire d'invite de commande vous demandera d'appuyer sur une touche pour continuer
  
• Le rapport s'affichera automatiquement : copier-coller son contenu dans la prochaine réponse
  (le fichier est également présent ici : C:\tdsskiller\report.txt)
  
• Redémarrer le PC

 

 

 

 

Combofix est un logiciel très puissant qui ne doit pas être utilisé sans une aide compétente sous peine de risquer des dommages irréversibles.

Veuillez noter que ce logiciel est régulièrement mis à jour et que la version téléchargée sera obsolète dans quelques jours.

 

Télécharger combofix.exe de sUBs

et sauvegardez le sur le bureau

 

Fermez ou désactivez tous les programmes Antivirus, Antispyware, Pare-feu actifs car ils pourraient perturber le fonctionnement de cet outil

Pour cela:

Démarrer->Exécuter->Msconfig->Démarrage : décochez les protections Antivirus, Antispyware,Teatimer

 

Cela est absolument nécessaire au succès de la procédure.

Bien évidemment, vous les rétablirez ensuite.

Double cliquer sur combofix.exe pour le lancer.

Ne pas fermer la fenêtre qui vient de s'ouvrir , le bureau serait vide et cela pourrait entraîner un plantage du programme!

Pour lancer le scan

Connecter tous les disques amovibles (disque dur externe, clé USB…).

Taper sur la touche 1 pour démarrer le scan.

Si pour une raison quelconque, combofix ne se lançait pas,

Sous Vista, désactivez l'UAC

Démarrez en mode sans échec, choisissez le compte Administrateur, lancez Combofix

Si vous avez un message de Combofix disant que votre antivirus est actif alors que vous l'avez désactivé, recommencez la procédure en mode sans échec

Lorsque ComboFix tourne, ne touchez plus du tout à votre ordinateur, vous risqueriez de planter le programme.

 

Le scan pourrait prendre un certain temps, il y a 50 procédures successives:

Patientez au moins 30 minutes pendant l'analyse.

Si le programme gèle (+ de 30 minutes), fermez le en cliquant le "X" au haut à droite de la fenêtre.

A la fin,,un rapport sera généré : postez en le contenu dans un prochain message.

Si le rapport est trop long, postez le en deux fois.

Il se trouve à c:\combofix.txt

[Pascalem]

Alors voilà ; Combofix chez moi ne fonctionne pas ( mode administrateur, antivirus désactivé); pas même en mode sans échec ; au moment où il décompresse , l'écran devient noir (pas de message d'erreur) , windows s'éteint avec un bref écran bleu que j'ai pas le temps de lire.

 

Quant à TDSSKILLER, il ne fonctionne plus non plus ; ce midi j'avais réussi en mode sans échec, et j'avais le rappport suivant :

 

2011/04/21 12:51:13.0503 TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23

2011/04/21 12:51:13.0503 ================================================================================

2011/04/21 12:51:13.0503 SystemInfo:

2011/04/21 12:51:13.0503

2011/04/21 12:51:13.0503 OS Version: 6.1.7600 ServicePack: 0.0

2011/04/21 12:51:13.0503 Product type: Workstation

2011/04/21 12:51:13.0503 ComputerName: PC_FELUY

2011/04/21 12:51:13.0503 UserName: P. LEMAIGRE

2011/04/21 12:51:13.0503 Windows directory: C:\Windows

2011/04/21 12:51:13.0503 System windows directory: C:\Windows

2011/04/21 12:51:13.0503 Processor architecture: Intel x86

2011/04/21 12:51:13.0503 Number of processors: 4

2011/04/21 12:51:13.0503 Page size: 0x1000

2011/04/21 12:51:13.0503 Boot type: Safe boot

2011/04/21 12:51:13.0503 ================================================================================

2011/04/21 12:51:18.0136 Initialize success

2011/04/21 12:51:33.0486 ================================================================================

2011/04/21 12:51:33.0486 Scan started

2011/04/21 12:51:33.0486 Mode: Manual;

2011/04/21 12:51:33.0486 ================================================================================

2011/04/21 12:51:41.0021 ================================================================================

2011/04/21 12:51:41.0021 Scan finished

2011/04/21 12:51:41.0021 ================================================================================

2011/04/21 12:52:04.0671 ================================================================================

2011/04/21 12:52:04.0671 Scan started

2011/04/21 12:52:04.0671 Mode: Manual;

2011/04/21 12:52:04.0671 ================================================================================

2011/04/21 12:52:11.0785 ================================================================================

2011/04/21 12:52:11.0785 Scan finished

2011/04/21 12:52:11.0785

[Pascalem]

Je dois m'absenter pour quelques jours, jusque mardi.

Si mon problème n'était pas résolu, je mettrai un nouveau post.

Merci à tous.