Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Messages recommandés


bonsoir a se qui parais je serais infecté ok mais par quoi....


voici mon prescedent post


manip deja fait




j'ai essayé redémarré ,déconnecté reconnecté le cable , débranché rebranché routeur et modem )


j'ai fait tourné spybot donné quelque petit résultat que j'Ai corrigé mais rien changé vérifie mes firewall.....

j'ai vérifie avec hijack this je n'Est rien vue d'anormal mais bon ji connnais pas grand chose


voici donc mon hijackthis



ogfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:47:21, on 2011-04-29

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal


Running processes:

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe


C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Electronic Arts\EADM\EADMUI.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Electronic Arts\EADM\EADM.exe


C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [HDAudDeck] "C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Users\darwizardx\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Electronic Arts\EADM\EADMUI.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{B1D7BBA7-6FB6-4BEE-9930-3055BC19AA16}: NameServer =

O17 - HKLM\System\CS1\Services\Tcpip\..\{B1D7BBA7-6FB6-4BEE-9930-3055BC19AA16}: NameServer =

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe

O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe

O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe

O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @c:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe

O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe

O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe



End of file - 20322 bytes




Hijackthis ne montre RIEN.

De toute façon, il est inadapté aux systèmes 64 Bits, il faut oublier cet outil en ce qui te concerne.


ZHPDiag :


  • Télécharge ZHPDiag de Nicolas Coolman. et enregistre-le sur le BUREAU.
  • Double-clique sur ZHPDiag.exe pour lancer l'installation
    • Important:
      Sous Vista et Windows 7 : il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur

N'oublie pas de cocher la case qui permet de mettre un raccourci sur le Bureau.


[*]L'outil a créé 2 icônes ZHPDiag et ZHPFix sur le Bureau.


[*]Double-clique sur ZHPDiag pour lancer l'exécution

  • Important:
    Sous Vista et Windows 7 : il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur


[*]Clique sur le tournevis. tourneviszhpdiag.jpg

[*]Clique sur la loupe loupe_10.jpg pour lancer l'analyse. Tu patientes jusqu'à ce que le scan affiche 100%

Tu refermes ZHPDiag


[*]Le rapport ZHPDiag.txt se trouve sur le Bureau.

Ce rapport étant trop long pour le forum, héberge le :




désolé je vois vraiment pas ou inseré les piece jointe sur le forum zeblon mais bon sa rentre alors le voici !!!





Rapport de ZHPDiag v1.27.193 par Nicolas Coolman, Update du 28/04/2011

Run by darwizardx at 2011-04-30 11:50:01

Web site : ZHPDiag Outil de diagnostic



---\\ Web Browser

MSIE: Internet Explorer v9.0.8112.16421

GCIE: Google Chrome v10.0.648.205


---\\ System Information

Windows Vista Home Premium Edition, 64-bit Service Pack 2 (Build 6002)

Processor: AMD64 Family 16 Model 4 Stepping 2, AuthenticAMD

Operating System: 64 Bits

Boot mode: Normal (Normal boot)

Total RAM: 4094 MB (63% free)

System Restore: Activé (Enable)

System drive C: has 266 GB (44%) free of 596 GB


---\\ Logged in mode

Computer Name: PC-DE-DARWIZARD

User Name: darwizardx

All Users Names: darwizardx, Administrateur,

Unselected Option: O45,O61,O62,O65,O66,O82

Logged in as Administrator


---\\ Environnement Variables





---\\ DOS/Devices

A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

C:\ Hard drive, Flash drive, Thumb drive (Free 266 Go of 596 Go)

D:\ CD-ROM drive (Free 0 Go of 8 Go)

E:\ CD-ROM drive (Not Inserted)




---\\ Security Center & Tools Informations

[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK




---\\ Recherche particulière de fichiers génériques

[MD5.6B08E54A451B3F95E4109DBA7E594270] - (.Microsoft Corporation - Explorateur Windows.) (.2009-04-11 02:10:17.) -- C:\Windows\Explorer.exe [3079168]

[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.2008-01-20 21:48:04.) -- C:\Windows\system32\Wininit.exe [96768]

[MD5.A1236375B74EA63C75657D564890C436] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.2011-04-27 18:30:49.) -- C:\Windows\system32\wininet.dll [1126912]

[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.2009-04-11 01:28:13.) -- C:\Windows\system32\Winlogon.exe [314368]




---\\ Processus lancés

[MD5.7B878518590E826F1F3A5B1D61D405F8] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3396624]

[MD5.E83508D9A0F0D0D8449317DC6A4C5E02] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [924632]

[MD5.3B2CC09944488DB5ED5DFDC315C9AB57] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [16856]

[MD5.59E2A529D9ABCFA2024153A05FE693A1] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [644608]




---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)

M3 - MFPP: Plugins - [darwizardx] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\amazon-france.xml

M3 - MFPP: Plugins - [darwizardx] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\bing.xml

M3 - MFPP: Plugins - [darwizardx] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml

M3 - MFPP: Plugins - [darwizardx] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\eBay-france.xml

M3 - MFPP: Plugins - [darwizardx] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\google.xml

M3 - MFPP: Plugins - [darwizardx] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\wikipedia-fr.xml

M3 - MFPP: Plugins - [darwizardx] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\yahoo-france.xml

P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java Deploy.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll

P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - Office Plugin for Netscape Navigator.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\NPOFFICE.DLL

P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.0.0.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\nppdf32.dll

P2 - FPN: [HKCU] [ Update;version=8] - (.Google Inc. - Google Update.) -- C:\Users\darwizardx\AppData\Local\Google\Update\\npGoogleOneClick8.dll

P2 - FPN: [HKCU] [,version=1.0] - (.Unity Technologies ApS - Unity Player 3.1.0f4.) -- C:\Users\darwizardx\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll




---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)

G1 - GCS: Preference [user Data\Default] None

G0 - GCSP: Preference [user Data\Default][HomePage] Google




---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R0 - HKUS\S-1-5-21-1178239170-2522236887-3947781437-1000\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk

R1 - HKUS\S-1-5-21-1178239170-2522236887-3947781437-1000\Software\Microsoft\Internet Explorer\Main,Search Page = Google

R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\system32\ieframe.dll




---\\ Internet Explorer, Proxy Management (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll




---\\ ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,

F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"




---\\ Browser Helper Objects de navigateur (O2)

O2 - BHO: Windows Live ID Sign-in Helper [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll




---\\ ---\\ Applications démarrées par registre & par dossier (O4)

O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe

O4 - HKCU\..\Run: [start WingMan Profiler] Clé orpheline

O4 - HKLM\..\Wow6432Node\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe

O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll

O4 - HKUS\S-1-5-21-1178239170-2522236887-3947781437-1000\..\Run: [start WingMan Profiler] Clé orpheline




---\\ ---\\ Autres liens utilisateurs (O4)

O4 - Global Startup: C:\Users\darwizardx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\darwizardx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\darwizardx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Windows Mail\WinMail.exe

O4 - Global Startup: C:\Users\darwizardx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

O4 - Global Startup: C:\Users\darwizardx\Desktop\Crysis2 - Raccourci.lnk . (.Crytek GmbH.) -- C:\Program Files (x86)\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2.exe

O4 - Global Startup: C:\Users\darwizardx\Desktop\EVE.lnk . (.CCP hf..) -- C:\Program Files (x86)\CCP\EVE\eve.exe

O4 - Global Startup: C:\Users\darwizardx\Desktop\FMS.lnk . (...) -- C:\Program Files (x86)\FMS\FMS.exe

O4 - Global Startup: C:\Users\darwizardx\Desktop\OpenTTD.lnk . (.OpenTTD Development Team.) -- C:\Program Files\OpenTTD\openttd.exe

O4 - Global Startup: C:\Users\darwizardx\Desktop\rct2 - Raccourci.lnk . (...) -- C:\Program Files (x86)\Infogrames\RollerCoaster Tycoon 2\rct2.exe

O4 - Global Startup: C:\Users\darwizardx\Desktop\Stronghold2 - Raccourci.lnk . (.Firefly Studios.) -- C:\Program Files (x86)\Firefly Studios\Stronghold 2\Stronghold2.exe

O4 - Global Startup: C:\Users\darwizardx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk . (.Google Inc..) -- C:\Users\darwizardx\AppData\Local\Google\Chrome\Application\chrome.exe

O4 - Global Startup: C:\Users\darwizardx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\darwizardx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

O4 - Global Startup: C:\Users\darwizardx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk . (.Vuze Inc..) -- C:\Program Files (x86)\Vuze\Azureus.exe

O4 - Global Startup: C:\Users\darwizardx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe




---\\ Winsock hijacker (Layered Service Provider) (O10)

O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll

O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll

O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll

O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll

O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll

O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll




---\\ Modification Domaine/Adresses DNS (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{B1D7BBA7-6FB6-4BEE-9930-3055BC19AA16}: DhcpNameServer =

O17 - HKLM\System\CCS\Services\Tcpip\..\{BA57F1EC-1356-4BE6-99DA-CA9A389A4144}: DhcpNameServer =

O17 - HKLM\System\CS1\Services\Tcpip\..\{B1D7BBA7-6FB6-4BEE-9930-3055BC19AA16}: DhcpNameServer =

O17 - HKLM\System\CS1\Services\Tcpip\..\{BA57F1EC-1356-4BE6-99DA-CA9A389A4144}: DhcpNameServer =

O17 - HKLM\System\CS2\Services\Tcpip\..\{B1D7BBA7-6FB6-4BEE-9930-3055BC19AA16}: DhcpNameServer =

O17 - HKLM\System\CS3\Services\Tcpip\..\{B1D7BBA7-6FB6-4BEE-9930-3055BC19AA16}: DhcpNameServer =

O17 - HKLM\System\CCS\Services\Tcpip\..\{B1D7BBA7-6FB6-4BEE-9930-3055BC19AA16}: DhcpDomain = domain

O17 - HKLM\System\CS1\Services\Tcpip\..\{B1D7BBA7-6FB6-4BEE-9930-3055BC19AA16}: DhcpDomain = domain

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =




---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\Windows\System32\webcheck.dll




---\\ Liste des services NT non Microsoft et non désactivés (O23)

O23 - Service: (AMD External Events Utility) . (...) - C:\Windows\system32\atiesrxx.exe

O23 - Service: (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: (gupdate) . (...) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: (Steam Client Service) . (...) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: (wlidsvc) . (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.exe

O23 - Service: c:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (WPFFontCache_v0400) . (...) - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe




---\\ Enumération Active Desktop & MHTML Editor (O24)

O24 - Default MHTML Editor: Last - .(...) - (.not file.)




---\\ Tâches planifiées en automatique (O39)

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1178239170-2522236887-3947781437-1000Core.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1178239170-2522236887-3947781437-1000UA.job

[MD5.00000000000000000000000000000000] [APT] [GoogleUpdateTaskMachineCore] (.Pas de propriétaire.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [GoogleUpdateTaskMachineUA] (.Pas de propriétaire.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [GoogleUpdateTaskUserS-1-5-21-1178239170-2522236887-3947781437-1000Core] (.Pas de propriétaire.) -- C:\Users\darwizardx\AppData\Local\Google\Update\GoogleUpdate.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [GoogleUpdateTaskUserS-1-5-21-1178239170-2522236887-3947781437-1000UA] (.Pas de propriétaire.) -- C:\Users\darwizardx\AppData\Local\Google\Update\GoogleUpdate.exe (.not file.)




---\\ Pilotes lancés au démarrage (O41)

O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys

O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys

O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys

O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\Windows\System32\DRIVERS\i8042prt.sys

O41 - Driver: (kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\Windows\System32\DRIVERS\kbdclass.sys

O41 - Driver: (kbdhid) . (.Microsoft Corporation - Pilote de filtre clavier HID.) - C:\Windows\System32\DRIVERS\kbdhid.sys

O41 - Driver: (mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\Windows\System32\DRIVERS\mouclass.sys

O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys

O41 - Driver: (netbt) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys

O41 - Driver: (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys

O41 - Driver: C:\Windows\system32\drivers\pacer.sys (PSched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys

O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\System32\DRIVERS\rasacd.sys

O41 - Driver: (rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERS\rdbss.sys

O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys

O41 - Driver: (RDPENCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys

O41 - Driver: (Serial) . (.Microsoft Corporation - Pilote de périphérique série.) - C:\Windows\System32\DRIVERS\serial.sys

O41 - Driver: C:\Windows\system32\tcpipcfg.dll (Smb) . (.Microsoft Corporation - SMB Transport driver.) - C:\Windows\System32\DRIVERS\smb.sys

O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys

O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys

O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys

O41 - Driver: (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys




---\\ Logiciels installés (O42)

O42 - Logiciel: AMD USB Audio Driver Filter - (.Advanced Micro Devices, Inc..) [HKLM] -- {BD3BAF20-F7C6-4D50-9862-D24DC5A04869}

O42 - Logiciel: ATI AVIVO64 Codecs - (.ATI Technologies Inc..) [HKLM] -- {D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}

O42 - Logiciel: ATI Catalyst Install Manager - (.ATI Technologies, Inc..) [HKLM] -- {F3FEB53B-0BD3-F481-A8F9-51BA46466A6A}

O42 - Logiciel: ATI Stream SDK v2 Developer - (.ATI Technologies Inc..) [HKLM] -- {80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}

O42 - Logiciel: Google Chrome - (.Google Inc..) [HKCU] -- Google Chrome

O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra - (.Microsoft Corporation.) [HKLM] -- {3E31821C-7917-367E-938E-E65FC413EA31}

O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1

O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile

O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}

O42 - Logiciel: Microsoft .NET Framework 4 Client Profile FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {4B5F58F7-C7D1-3CE3-9B37-B657F0852643}

O42 - Logiciel: Microsoft .NET Framework 4 Extended - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Extended

O42 - Logiciel: Microsoft .NET Framework 4 Extended - (.Microsoft Corporation.) [HKLM] -- {8E34682C-8118-31F1-BC4C-98CD9675E1C2}

O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {B6E3757B-5E77-3915-866A-CCFC4B8D194C}

O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable (x64) - (.Microsoft Corporation.) [HKLM] -- {6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}

O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 - (.Microsoft Corporation.) [HKLM] -- {aac9fcc4-dd9e-4add-901c-b5496a07ab2e}

O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {EE936C7A-EA40-31D5-9B65-8E3E089C3828}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 - (.Microsoft Corporation.) [HKLM] -- {8338783A-0968-3B85-AFC7-BAAE0A63DC50}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {8220EEFE-38CD-377E-8595-13398D740ACE}

O42 - Logiciel: Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 - (.Microsoft Corporation.) [HKLM] -- {DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}

O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - fra

O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack

O42 - Logiciel: TeamSpeak 3 Client - (.TeamSpeak Systems GmbH.) [HKLM] -- TeamSpeak 3 Client

O42 - Logiciel: Unity Web Player - (.Unity Technologies ApS.) [HKCU] -- UnityWebPlayer

O42 - Logiciel: Windows Live ID Sign-in Assistant - (.Microsoft Corporation.) [HKLM] -- {1B8ABA62-74F0-47ED-B18C-A43128E591B8}

O42 - Logiciel: Windows Live Language Selector - (.Microsoft Corporation.) [HKLM] -- {5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}


---\\ HKCU & HKLM Software Keys


[HKCU\Software\ALWIL Software]


[HKCU\Software\ATI Technologies Inc.]














[HKCU\Software\Blizzard Entertainment]







[HKCU\Software\DT Soft]


[HKCU\Software\Electronic Arts]







[HKCU\Software\IM Providers]



[HKCU\Software\Local AppWizard-Generated Applications]






[HKCU\Software\N64 Emulation]








[HKCU\Software\Safer Networking Limited]



[HKCU\Software\TeamSpeak 3 Client]



[HKCU\Software\VB and VBA Program Settings]


[HKCU\Software\WinRAR SFX]




[HKCU\Software\YouTube Downloader]





[HKLM\Software\ATI Technologies]










[HKLM\Software\QSound Labs, Inc.]







---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 2010-11-17 - 23:26:54 - [162307387] ----D- C:\Program Files\Alwil Software

O43 - CFD: 2010-11-17 - 22:47:38 - [23463472] ----D- C:\Program Files\ATI

O43 - CFD: 2010-11-19 - 22:08:20 - [28] ----D- C:\Program Files\ATI Technologies

O43 - CFD: 2010-12-26 - 21:13:42 - [226923943] ----D- C:\Program Files\Common Files

O43 - CFD: 2010-11-17 - 22:36:46 - [0] -SH-D- C:\Program Files\Fichiers communs

O43 - CFD: 2011-04-27 - 19:44:20 - [6667792] ----D- C:\Program Files\Internet Explorer

O43 - CFD: 2010-12-26 - 21:13:42 - [9689809] ----D- C:\Program Files\Logitech

O43 - CFD: 2006-11-02 - 11:07:28 - [94671287] ----D- C:\Program Files\Microsoft Games

O43 - CFD: 2010-11-20 - 19:15:44 - [116334702] ----D- C:\Program Files\Movie Maker

O43 - CFD: 2006-11-02 - 11:07:28 - [25757] ----D- C:\Program Files\MSBuild

O43 - CFD: 2011-01-23 - 21:44:06 - [30066402] ----D- C:\Program Files\OpenTTD

O43 - CFD: 2006-11-02 - 11:07:28 - [36351145] ----D- C:\Program Files\Reference Assemblies

O43 - CFD: 2011-02-01 - 11:53:08 - [36741940] ----D- C:\Program Files\TeamSpeak 3 Client

O43 - CFD: 2006-11-02 - 11:44:56 - [0] --H-D- C:\Program Files\Uninstall Information

O43 - CFD: 2008-01-20 - 23:09:42 - [1302528] ----D- C:\Program Files\Windows Calendar

O43 - CFD: 2010-11-20 - 19:15:44 - [2963968] ----D- C:\Program Files\Windows Collaboration

O43 - CFD: 2010-11-20 - 19:15:42 - [6394224] ----D- C:\Program Files\Windows Defender

O43 - CFD: 2010-11-20 - 19:15:44 - [9655416] ----D- C:\Program Files\Windows Journal

O43 - CFD: 2011-04-15 - 07:51:10 - [9619128] ----D- C:\Program Files\Windows Mail

O43 - CFD: 2010-11-20 - 19:15:44 - [5140215] ----D- C:\Program Files\Windows Media Player

O43 - CFD: 2010-11-17 - 22:36:46 - [8057896] ----D- C:\Program Files\Windows NT

O43 - CFD: 2010-11-20 - 19:15:44 - [16439458] ----D- C:\Program Files\Windows Photo Gallery

O43 - CFD: 2010-11-21 - 00:02:22 - [167424] ----D- C:\Program Files\Windows Portable Devices

O43 - CFD: 2010-11-20 - 19:15:44 - [6886470] ----D- C:\Program Files\Windows Sidebar

O43 - CFD: 2010-11-17 - 22:48:42 - [6089216] ----D- C:\Program Files\Common Files\ATI Technologies

O43 - CFD: 2010-12-26 - 21:13:44 - [1222582] ----D- C:\Program Files\Common Files\Logitech

O43 - CFD: 2010-11-20 - 23:50:08 - [209396561] ----D- C:\Program Files\Common Files\Microsoft Shared

O43 - CFD: 2006-11-02 - 09:33:54 - [2702] ----D- C:\Program Files\Common Files\Services

O43 - CFD: 2006-11-02 - 09:33:54 - [608256] ----D- C:\Program Files\Common Files\SpeechEngines

O43 - CFD: 2008-01-20 - 23:09:30 - [9604626] ----D- C:\Program Files\Common Files\System

O43 - CFD: 2010-11-20 - 16:24:36 - [136910585] ----D- C:\ProgramData\Adobe

O43 - CFD: 2010-11-17 - 23:26:54 - [6073934] ----D- C:\ProgramData\Alwil Software

O43 - CFD: 2006-11-02 - 11:42:18 - [0] -SH-D- C:\ProgramData\Application Data

O43 - CFD: 2010-12-28 - 13:48:10 - [1548] ----D- C:\ProgramData\Astroburn Pro

O43 - CFD: 2010-11-19 - 22:11:04 - [187] ----D- C:\ProgramData\ATI

O43 - CFD: 2010-11-18 - 14:12:12 - [821] ----D- C:\ProgramData\Blizzard

O43 - CFD: 2011-04-15 - 19:55:44 - [376850178] ----D- C:\ProgramData\Blizzard Entertainment

O43 - CFD: 2010-11-18 - 21:08:26 - [0] ----D- C:\ProgramData\Blizzard Entertainment.temp

O43 - CFD: 2010-11-17 - 22:36:46 - [0] -SH-D- C:\ProgramData\Bureau

O43 - CFD: 2011-04-12 - 20:23:58 - [0] ----D- C:\ProgramData\CCP

O43 - CFD: 2010-12-28 - 13:37:18 - [1500] ----D- C:\ProgramData\DAEMON Tools Lite

O43 - CFD: 2006-11-02 - 11:42:18 - [0] -SH-D- C:\ProgramData\Desktop

O43 - CFD: 2006-11-02 - 11:42:18 - [0] -SH-D- C:\ProgramData\Documents

O43 - CFD: 2011-03-22 - 21:34:44 - [0] ----D- C:\ProgramData\EA Core

O43 - CFD: 2011-03-28 - 19:05:26 - [257819] ----D- C:\ProgramData\Electronic Arts

O43 - CFD: 2010-11-17 - 22:36:46 - [0] -SH-D- C:\ProgramData\Favoris

O43 - CFD: 2006-11-02 - 11:42:18 - [0] -SH-D- C:\ProgramData\Favorites

O43 - CFD: 2011-03-20 - 19:22:00 - [209429222] ----D- C:\ProgramData\Firefly Studios

O43 - CFD: 2010-12-18 - 17:05:10 - [0] ----D- C:\ProgramData\Google

O43 - CFD: 2010-12-01 - 22:30:18 - [512554] ----D- C:\ProgramData\Hewlett-Packard

O43 - CFD: 2010-11-20 - 16:11:44 - [178228] ----D- C:\ProgramData\McAfee

O43 - CFD: 2010-11-20 - 16:11:46 - [856] ----D- C:\ProgramData\McAfee Security Scan

O43 - CFD: 2010-11-17 - 22:36:46 - [0] -SH-D- C:\ProgramData\Menu Démarrer

O43 - CFD: 2010-12-17 - 22:43:06 - [150524246] -S--D- C:\ProgramData\Microsoft

O43 - CFD: 2010-11-17 - 22:36:46 - [0] -SH-D- C:\ProgramData\Modèles

O43 - CFD: 2011-01-19 - 17:26:18 - [0] ----D- C:\ProgramData\PlayFirst

O43 - CFD: 2010-12-12 - 20:03:08 - [1192698] ----D- C:\ProgramData\Screaming Bee

O43 - CFD: 2011-03-19 - 15:23:06 - [61448] ----D- C:\ProgramData\Spybot - Search & Destroy

O43 - CFD: 2006-11-02 - 11:42:18 - [0] -SH-D- C:\ProgramData\Start Menu

O43 - CFD: 2006-11-02 - 11:42:18 - [0] -SH-D- C:\ProgramData\Templates

O43 - CFD: 2011-01-17 - 23:35:52 - [528] ----D- C:\ProgramData\Trymedia

O43 - CFD: 2011-01-02 - 20:18:12 - [425] ----D- C:\ProgramData\Ubisoft

O43 - CFD: 2011-04-09 - 19:09:14 - [51751309] ----D- C:\Users\darwizardx\AppData\Roaming\.minecraft

O43 - CFD: 2010-11-20 - 16:23:50 - [3279516] ----D- C:\Users\darwizardx\AppData\Roaming\Adobe

O43 - CFD: 2010-12-28 - 13:48:06 - [0] ----D- C:\Users\darwizardx\AppData\Roaming\Astroburn Pro

O43 - CFD: 2010-11-17 - 23:15:56 - [0] ----D- C:\Users\darwizardx\AppData\Roaming\ATI

O43 - CFD: 2011-04-17 - 14:37:20 - [19636614] ----D- C:\Users\darwizardx\AppData\Roaming\Azureus

O43 - CFD: 2010-12-28 - 13:43:34 - [640] ----D- C:\Users\darwizardx\AppData\Roaming\DAEMON Tools Lite

O43 - CFD: 2011-04-17 - 12:25:56 - [8306995] ----D- C:\Users\darwizardx\AppData\Roaming\EVEMon

O43 - CFD: 2010-12-18 - 17:05:42 - [396] ----D- C:\Users\darwizardx\AppData\Roaming\Google

O43 - CFD: 2010-12-27 - 20:08:02 - [165] ----D- C:\Users\darwizardx\AppData\Roaming\gtk-2.0

O43 - CFD: 2010-11-17 - 22:38:22 - [0] ----D- C:\Users\darwizardx\AppData\Roaming\Identities

O43 - CFD: 2011-01-02 - 19:57:54 - [0] ----D- C:\Users\darwizardx\AppData\Roaming\InstallShield

O43 - CFD: 2010-11-18 - 00:05:54 - [1523067] ----D- C:\Users\darwizardx\AppData\Roaming\Macromedia

O43 - CFD: 2006-11-02 - 11:07:26 - [0] ----D- C:\Users\darwizardx\AppData\Roaming\Media Center Programs

O43 - CFD: 2010-12-24 - 12:16:00 - [2231345] -S--D- C:\Users\darwizardx\AppData\Roaming\Microsoft

O43 - CFD: 2010-11-17 - 23:20:54 - [30620928] ----D- C:\Users\darwizardx\AppData\Roaming\Mozilla

O43 - CFD: 2011-04-26 - 20:51:56 - [616129] ----D- C:\Users\darwizardx\AppData\Roaming\Mumble

O43 - CFD: 2010-12-27 - 19:43:20 - [3131455] ----D- C:\Users\darwizardx\AppData\Roaming\PhotoInPress

O43 - CFD: 2011-01-19 - 17:26:18 - [33119] ----D- C:\Users\darwizardx\AppData\Roaming\PlayFirst

O43 - CFD: 2010-12-12 - 20:03:10 - [852060] ----D- C:\Users\darwizardx\AppData\Roaming\Screaming Bee

O43 - CFD: 2011-02-13 - 11:41:32 - [3379880] ----D- C:\Users\darwizardx\AppData\Roaming\TS3Client

O43 - CFD: 2011-01-02 - 20:19:00 - [178530] ----D- C:\Users\darwizardx\AppData\Roaming\Ubisoft

O43 - CFD: 2010-12-24 - 17:20:40 - [2429] ----D- C:\Users\darwizardx\AppData\Roaming\Unity

O43 - CFD: 2011-01-17 - 21:42:24 - [1304671] ----D- C:\Users\darwizardx\AppData\Roaming\vlc

O43 - CFD: 2010-12-29 - 16:14:34 - [0] ----D- C:\Users\darwizardx\AppData\Roaming\WinRAR

O43 - CFD: 2010-11-20 - 16:23:50 - [14349379] ----D- C:\Users\darwizardx\Appdata\Local\Adobe

O43 - CFD: 2010-11-17 - 22:38:18 - [0] -SH-D- C:\Users\darwizardx\Appdata\Local\Application Data

O43 - CFD: 2010-12-19 - 01:04:40 - [95871] ----D- C:\Users\darwizardx\Appdata\Local\Apps

O43 - CFD: 2010-11-17 - 23:15:56 - [70541] ----D- C:\Users\darwizardx\Appdata\Local\ATI

O43 - CFD: 2011-01-31 - 17:42:30 - [165226651] ----D- C:\Users\darwizardx\Appdata\Local\CCP

O43 - CFD: 2010-12-19 - 20:08:28 - [0] ----D- C:\Users\darwizardx\Appdata\Local\Deployment

O43 - CFD: 2011-03-28 - 19:34:44 - [2643319] ----D- C:\Users\darwizardx\Appdata\Local\Electronic Arts

O43 - CFD: 2010-12-19 - 01:14:46 - [372380770] ----D- C:\Users\darwizardx\Appdata\Local\Google

O43 - CFD: 2010-11-17 - 22:38:18 - [0] -SH-D- C:\Users\darwizardx\Appdata\Local\Historique

O43 - CFD: 2011-04-13 - 21:20:08 - [401838745] ----D- C:\Users\darwizardx\Appdata\Local\Microsoft

O43 - CFD: 2011-01-02 - 17:03:22 - [417262] ----D- C:\Users\darwizardx\Appdata\Local\Microsoft Games

O43 - CFD: 2010-11-17 - 23:20:44 - [67871917] ----D- C:\Users\darwizardx\Appdata\Local\Mozilla

O43 - CFD: 2010-12-28 - 19:36:52 - [0] ----D- C:\Users\darwizardx\Appdata\Local\My Games

O43 - CFD: 2010-12-29 - 01:08:00 - [0] ----D- C:\Users\darwizardx\Appdata\Local\SKIDROW

O43 - CFD: 2011-04-30 - 11:49:50 - [23304401] ----D- C:\Users\darwizardx\Appdata\Local\Temp

O43 - CFD: 2010-11-17 - 22:38:18 - [0] -SH-D- C:\Users\darwizardx\Appdata\Local\Temporary Internet Files

O43 - CFD: 2010-12-24 - 17:19:12 - [210158] ----D- C:\Users\darwizardx\Appdata\Local\Unity

O43 - CFD: 2010-12-18 - 17:15:20 - [3256284] ----D- C:\Users\darwizardx\Appdata\Local\VirtualStore

O43 - CFD: 2011-04-27 - 18:47:26 - [49152] ----D- C:\Users\darwizardx\Appdata\Local\Windows Live

O43 - CFD: 2010-11-20 - 23:37:48 - [6722] ----D- C:\Users\darwizardx\Appdata\Local\WindowsUpdate

O43 - CFD: 2011-01-14 - 22:47:16 - [3876512] ----D- C:\Program Files (x86)\1964

O43 - CFD: 2010-11-20 - 16:12:46 - [130540463] ----D- C:\Program Files (x86)\Adobe

O43 - CFD: 2010-11-17 - 22:49:00 - [40857] ----D- C:\Program Files (x86)\AMD

O43 - CFD: 2010-12-28 - 13:48:16 - [12038154] ----D- C:\Program Files (x86)\Astroburn Pro

O43 - CFD: 2010-11-19 - 22:09:10 - [245030] ----D- C:\Program Files (x86)\ATI

O43 - CFD: 2010-11-19 - 22:09:04 - [44815044] ----D- C:\Program Files (x86)\ATI Stream

O43 - CFD: 2010-11-17 - 23:14:02 - [64334418] ----D- C:\Program Files (x86)\ATI Technologies

O43 - CFD: 2010-12-12 - 19:57:34 - [4592130] ----D- C:\Program Files (x86)\AV VoizGame

O43 - CFD: 2011-01-19 - 17:26:08 - [131790030] ----D- C:\Program Files (x86)\bigup16

O43 - CFD: 2011-01-31 - 14:58:56 - [8258289913] ----D- C:\Program Files (x86)\CCP

O43 - CFD: 2011-03-13 - 19:15:12 - [490804008] ----D- C:\Program Files (x86)\Common Files

O43 - CFD: 2010-12-28 - 00:29:54 - [532064] ----D- C:\Program Files (x86)\Conduit

O43 - CFD: 2011-04-28 - 21:06:12 - [76049] ----D- C:\Program Files (x86)\ConduitEngine

O43 - CFD: 2011-04-29 - 21:54:34 - [11729242] ----D- C:\Program Files (x86)\DAEMON Tools Lite

O43 - CFD: 2010-12-31 - 15:53:20 - [6763244337] ----D- C:\Program Files (x86)\Eidos

O43 - CFD: 2011-03-28 - 19:05:20 - [13710634359] ----D- C:\Program Files (x86)\Electronic Arts

O43 - CFD: 2011-02-09 - 16:24:14 - [11696964] ----D- C:\Program Files (x86)\EVEMon

O43 - CFD: 2010-12-28 - 00:42:02 - [16295101] ----D- C:\Program Files (x86)\ffdshow

O43 - CFD: 2011-03-20 - 19:00:20 - [995990407] ----D- C:\Program Files (x86)\Firefly Studios

O43 - CFD: 2011-01-19 - 14:12:48 - [12777723] ----D- C:\Program Files (x86)\FMS

O43 - CFD: 2010-12-27 - 19:44:30 - [113140842] ----D- C:\Program Files (x86)\GIMP-2.0

O43 - CFD: 2010-12-18 - 21:20:12 - [118521241] ----D- C:\Program Files (x86)\Google

O43 - CFD: 2011-01-17 - 20:33:14 - [37145070] ----D- C:\Program Files (x86)\Hotel Dash Suite Success

O43 - CFD: 2011-03-09 - 16:02:42 - [580081229] ----D- C:\Program Files (x86)\Infogrames

O43 - CFD: 2011-03-22 - 21:07:20 - [312857750] --H-D- C:\Program Files (x86)\InstallShield Installation Information

O43 - CFD: 2011-04-27 - 19:44:20 - [5551112] ----D- C:\Program Files (x86)\Internet Explorer

O43 - CFD: 2011-03-15 - 16:09:58 - [88407535] ----D- C:\Program Files (x86)\Java

O43 - CFD: 2010-12-24 - 12:45:08 - [126976] ----D- C:\Program Files (x86)\Linksys

O43 - CFD: 2011-01-20 - 20:46:56 - [1484003451] ----D- C:\Program Files (x86)\Maxis

O43 - CFD: 2010-11-23 - 20:17:08 - [9227693] ----D- C:\Program Files (x86)\McAfee Security Scan

O43 - CFD: 2010-12-31 - 15:28:28 - [6832967] ----D- C:\Program Files (x86)\Microsoft Games for Windows - LIVE

O43 - CFD: 2011-02-10 - 12:45:50 - [305015167] ----D- C:\Program Files (x86)\Microsoft Office

O43 - CFD: 2011-04-22 - 09:43:14 - [38388859] ----D- C:\Program Files (x86)\Microsoft Silverlight

O43 - CFD: 2011-03-22 - 21:17:06 - [979309] ----D- C:\Program Files (x86)\Microsoft WSE

O43 - CFD: 2010-12-17 - 22:43:06 - [339327] ----D- C:\Program Files (x86)\Microsoft.NET

O43 - CFD: 2011-04-29 - 22:25:48 - [33314494] ----D- C:\Program Files (x86)\Mozilla Firefox

O43 - CFD: 2006-11-02 - 11:07:28 - [25757] ----D- C:\Program Files (x86)\MSBuild

O43 - CFD: 2011-02-10 - 12:45:20 - [39944647] ----D- C:\Program Files (x86)\MSECache

O43 - CFD: 2010-11-17 - 23:33:12 - [37736965] ----D- C:\Program Files (x86)\Mumble

O43 - CFD: 2010-12-27 - 19:43:20 - [2950964] ----D- C:\Program Files (x86)\PhotoInPress

O43 - CFD: 2011-01-14 - 22:53:54 - [3528508] ----D- C:\Program Files (x86)\Project64 1.6

O43 - CFD: 2006-11-02 - 11:07:28 - [38690561] ----D- C:\Program Files (x86)\Reference Assemblies

O43 - CFD: 2010-12-12 - 20:02:10 - [13630606] ----D- C:\Program Files (x86)\Screaming Bee

O43 - CFD: 2010-12-28 - 19:36:20 - [5920677455] ----D- C:\Program Files (x86)\Sid Meier's Civilization V

O43 - CFD: 2011-04-29 - 21:58:00 - [64910767] ----D- C:\Program Files (x86)\Spybot - Search & Destroy

O43 - CFD: 2011-03-05 - 20:05:36 - [9780280756] ----D- C:\Program Files (x86)\StarCraft II

O43 - CFD: 2010-11-18 - 21:08:26 - [1824902591] ----D- C:\Program Files (x86)\StarCraft II.temp

O43 - CFD: 2011-04-29 - 21:54:52 - [148639271] ----D- C:\Program Files (x86)\Steam

O43 - CFD: 2011-01-17 - 23:34:46 - [9770] ----D- C:\Program Files (x86)\Trymedia

O43 - CFD: 2011-01-02 - 19:58:34 - [7138627592] ----D- C:\Program Files (x86)\Ubisoft

O43 - CFD: 2006-11-02 - 11:36:08 - [0] --H-D- C:\Program Files (x86)\Uninstall Information

O43 - CFD: 2011-01-17 - 23:34:12 - [255180407] ----D- C:\Program Files (x86)\Valusoft

O43 - CFD: 2010-11-17 - 22:57:12 - [10331006] ----D- C:\Program Files (x86)\VIA

O43 - CFD: 2010-12-26 - 20:43:58 - [83580374] ----D- C:\Program Files (x86)\VideoLAN

O43 - CFD: 2011-02-07 - 19:43:10 - [111077995] ----D- C:\Program Files (x86)\Vuze

O43 - CFD: 2011-04-28 - 21:06:12 - [217018] ----D- C:\Program Files (x86)\Vuze_Remote

O43 - CFD: 2010-11-20 - 19:15:42 - [1016832] ----D- C:\Program Files (x86)\Windows Calendar

O43 - CFD: 2008-01-20 - 23:09:48 - [53248] ----D- C:\Program Files (x86)\Windows Collaboration

O43 - CFD: 2008-01-20 - 23:09:42 - [504128] ----D- C:\Program Files (x86)\Windows Defender

O43 - CFD: 2011-03-31 - 11:42:40 - [56371412] ----D- C:\Program Files (x86)\Windows Live

O43 - CFD: 2011-04-15 - 07:51:10 - [8935608] ----D- C:\Program Files (x86)\Windows Mail

O43 - CFD: 2010-11-20 - 19:15:42 - [3013093] ----D- C:\Program Files (x86)\Windows Media Player

O43 - CFD: 2006-11-02 - 11:07:28 - [7957544] ----D- C:\Program Files (x86)\Windows NT

O43 - CFD: 2010-11-20 - 19:15:42 - [13528738] ----D- C:\Program Files (x86)\Windows Photo Gallery

O43 - CFD: 2010-11-21 - 00:02:22 - [134144] ----D- C:\Program Files (x86)\Windows Portable Devices

O43 - CFD: 2010-11-20 - 19:15:42 - [6527558] ----D- C:\Program Files (x86)\Windows Sidebar

O43 - CFD: 2010-12-29 - 16:14:22 - [3525683] ----D- C:\Program Files (x86)\WinRAR

O43 - CFD: 2011-03-17 - 21:11:46 - [7169630] ----D- C:\Program Files (x86)\YouTube Downloader

O43 - CFD: 2011-04-30 - 11:50:12 - [3782781] ----D- C:\Program Files (x86)\ZHPDiag

O43 - CFD: 2011-04-29 - 22:22:38 - [74832871] ----D- C:\Program Files (x86)\ZHPFix

O43 - CFD: 2011-04-17 - 14:27:14 - [53372129280] ----D- C:\Program Files (x86)\zot

O43 - CFD: 2010-11-20 - 16:13:14 - [2583085] ----D- C:\Program Files (x86)\Common Files\Adobe

O43 - CFD: 2010-11-20 - 00:06:36 - [3854957] ----D- C:\Program Files (x86)\Common Files\Blizzard Entertainment

O43 - CFD: 2010-12-17 - 22:43:32 - [86016] ----D- C:\Program Files (x86)\Common Files\DESIGNER

O43 - CFD: 2011-03-20 - 18:58:56 - [8017994] ----D- C:\Program Files (x86)\Common Files\InstallShield

O43 - CFD: 2011-02-10 - 12:45:50 - [330257464] ----D- C:\Program Files (x86)\Common Files\microsoft shared

O43 - CFD: 2006-11-02 - 09:33:54 - [2702] ----D- C:\Program Files (x86)\Common Files\Services

O43 - CFD: 2006-11-02 - 09:33:54 - [41101735] ----D- C:\Program Files (x86)\Common Files\SpeechEngines

O43 - CFD: 2011-04-29 - 21:58:44 - [0] ----D- C:\Program Files (x86)\Common Files\Steam

O43 - CFD: 2010-12-17 - 22:43:12 - [22782564] ----D- C:\Program Files (x86)\Common Files\System

O43 - CFD: 2010-11-17 - 23:48:28 - [82117491] ----D- C:\Program Files (x86)\Common Files\Windows Live




---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)

O44 - LFC:[MD5.BF1CDBA98B4705B9764F082CBC2A7C67] - 2011-04-11 - 17:36:45 ---A- . (...) -- C:\Windows\MEMORY.DMP [379755183]

O44 - LFC:[MD5.222A888A2BD6B93EF198EAC82358A9FE] - 2011-04-14 - 21:13:30 ---A- . (.Adobe Systems - Windows NT OpenType/Type 1 API Library..) -- C:\Windows\SysNative\atmlib.dll [48128]

O44 - LFC:[MD5.222A888A2BD6B93EF198EAC82358A9FE] - 2011-04-14 - 21:13:30 ---A- . (.Adobe Systems - Windows NT OpenType/Type 1 API Library..) -- C:\Windows\System32\atmlib.dll [34304]

O44 - LFC:[MD5.49199261D4E9474B3E3BCD8B3605E917] - 2011-04-14 - 21:13:30 ---A- . (.Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver.) -- C:\Windows\SysNative\atmfd.dll [367616]

O44 - LFC:[MD5.49199261D4E9474B3E3BCD8B3605E917] - 2011-04-14 - 21:13:30 ---A- . (.Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver.) -- C:\Windows\System32\atmfd.dll [292864]

O44 - LFC:[MD5.FBB3FB8272B66E4233BE2453F3A56325] - 2011-04-15 - 06:35:26 ---A- . (...) -- C:\Windows\win.ini [240]

O44 - LFC:[MD5.59993E644E618B323C8C36FBC170C62C] - 2011-04-15 - 06:52:59 ---A- . (...) -- C:\Windows\SysNative\FNTCACHE.DAT [321544]

O44 - LFC:[MD5.5587F43C82181792C7A2482DE250B671] - 2011-04-27 - 17:51:39 ---A- . (.Microsoft - Legacy GDF resource DLL.) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll [4240384]

O44 - LFC:[MD5.5587F43C82181792C7A2482DE250B671] - 2011-04-27 - 17:51:39 ---A- . (.Microsoft - Legacy GDF resource DLL.) -- C:\Windows\System32\GameUXLegacyGDFs.dll [4240384]

O44 - LFC:[MD5.4B333D3CC96AE66BD754329FD2989EE2] - 2011-04-27 - 18:30:46 ---A- . (...) -- C:\Windows\SysNative\ieuinit.inf [72822]

O44 - LFC:[MD5.4B333D3CC96AE66BD754329FD2989EE2] - 2011-04-27 - 18:30:48 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [72822]

O44 - LFC:[MD5.ECD81B99477AB4A93D7838EB40B870D0] - 2011-04-27 - 18:30:58 ---A- . (...) -- C:\Windows\SysNative\icrav03.rat [8798]

O44 - LFC:[MD5.6D21D0A95286DCD09E354B612F592EB7] - 2011-04-27 - 18:30:58 ---A- . (...) -- C:\Windows\SysNative\ticrf.rat [1988]

O44 - LFC:[MD5.ECD81B99477AB4A93D7838EB40B870D0] - 2011-04-27 - 18:30:58 ---A- . (...) -- C:\Windows\System32\icrav03.rat [8798]

O44 - LFC:[MD5.6D21D0A95286DCD09E354B612F592EB7] - 2011-04-27 - 18:30:58 ---A- . (...) -- C:\Windows\System32\ticrf.rat [1988]

O44 - LFC:[MD5.98B894AE314173C3AE1952FBFB8A6205] - 2011-04-27 - 18:31:07 ---A- . (...) -- C:\Windows\IE9_main.log [3133]

O44 - LFC:[MD5.5BD404FECCB9DA0A146D3C91F4E8F088] - 2011-04-28 - 21:21:18 ---A- . (...) -- C:\Windows\dd_vcredistMSI68C5.txt [461654]

O44 - LFC:[MD5.541D1301E786485A44E556C00AAFD239] - 2011-04-28 - 21:21:18 ---A- . (...) -- C:\Windows\dd_vcredistUI68C5.txt [11646]

O44 - LFC:[MD5.35FE64CA0642FF66D08F639555BAEA79] - 2011-04-28 - 21:21:53 ---A- . (...) -- C:\Windows\dd_vcredistMSI697F.txt [464080]

O44 - LFC:[MD5.A1F3A20F91AF356DF70F3A65CC012C7C] - 2011-04-28 - 21:21:53 ---A- . (...) -- C:\Windows\dd_vcredistUI697F.txt [11614]

O44 - LFC:[MD5.3C4128824694D6DF3226FAC5BD297C79] - 2011-04-29 - 20:58:21 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [4576]

O44 - LFC:[MD5.3C4128824694D6DF3226FAC5BD297C79] - 2011-04-29 - 20:58:21 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [4576]

O44 - LFC:[MD5.E0123AF44CE8BB0C30ECF04468F979E4] - 2011-04-29 - 21:00:40 ---A- . (...) -- C:\ZHPExportRegistry-2011-04-29-22-00-40.txt [1656912]

O44 - LFC:[MD5.DE752DCBD640DA22D415FEE37C627BB2] - 2011-04-29 - 21:03:27 ---A- . (...) -- C:\Windows\PFRO.log [13706]

O44 - LFC:[MD5.4D4A430CA655CA0060B6F6216372EB02] - 2011-04-29 - 21:22:51 ---A- . (...) -- C:\ZHPRegY0.zhp [1714]

O44 - LFC:[MD5.59A60F0952AC6AE7D8CC15A559EBFA3B] - 2011-04-30 - 08:10:43 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]

O44 - LFC:[MD5.77D60CA892F1D29C984D933B461749EE] - 2011-04-30 - 08:16:09 ---A- . (...) -- C:\Windows\SysNative\PerfStringBackup.INI [6606]

O44 - LFC:[MD5.26583113F54E8FF2ADF8736BBD9133AB] - 2011-04-30 - 08:16:09 ---A- . (...) -- C:\Windows\SysNative\perfc009.dat [1434224]

O44 - LFC:[MD5.F2C79F5368B8F2B88A35A24EDD279596] - 2011-04-30 - 08:16:09 ---A- . (...) -- C:\Windows\SysNative\perfc00C.dat [1632192]

O44 - LFC:[MD5.E1FD0787DCA641FEEF30648C69AE00BE] - 2011-04-30 - 08:16:09 ---A- . (...) -- C:\Windows\SysNative\perfh009.dat [2033164]

O44 - LFC:[MD5.D0F5B97A18211D5100625AAAA23E2CFF] - 2011-04-30 - 08:16:09 ---A- . (...) -- C:\Windows\SysNative\perfh00C.dat [5129406]

O44 - LFC:[MD5.D0EE1700D64DFB7500DCFD7EA4EF1700] - 2011-04-30 - 09:53:03 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1823410]




---\\ MountPoints2 Shell Key (O51)

O51 - MPSK:{c0c75b4f-f2bb-11df-abd4-806e6f6e6963}\AutoRun\command. (.Pas de propriétaire - Blizzard Installer.) -- D:\Installer.exe




---\\ Trojan Driver Search Data (HKLM) (O52)

O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm




---\\ Microsoft Control Security Providers (O54)

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TS Single Sign On Security Package.) -- C:\Windows\system32\credssp.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TS Single Sign On Security Package.) -- C:\Windows\system32\credssp.dll




---\\ Microsoft Windows Policies System (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=2

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1

O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1

O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0

O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=

O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0

O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0




---\\ Microsoft Windows Policies Explorer (O56)

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1

O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0

O56 - MWPE:[HKLM\...\policies\Explorer] - "BindDirectlyToPropertySetStorage"=0




---\\ Liste des Drivers Système (O58)

O58 - SDL:[MD5.F14215E37CF124104575073F782111D2] - 2008-01-20 - 21:46:53 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [486456]

O58 - SDL:[MD5.7D05A75E3066861A6610F7EE04FF085C] - 2008-01-20 - 21:46:54 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [342584]

O58 - SDL:[MD5.820A201FE08A0C345B3BEDBC30E1A77C] - 2008-01-20 - 21:46:54 ---A- . (.Adaptec, Inc. - Adaptec LH Ultra160 Driver (X64).) -- C:\Windows\system32\drivers\adpu160m.sys [126520]

O58 - SDL:[MD5.9B4AB6854559DC168FBB4C24FC52E794] - 2008-01-20 - 21:47:27 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\system32\drivers\adpu320.sys [185912]

O58 - SDL:[MD5.157D0898D4B73F075CE9FA26B482DF98] - 2008-01-20 - 21:46:50 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [15976]

O58 - SDL:[MD5.D52A2E98C5EEFF88CED28793B6B04D84] - 2007-10-11 - 20:40:14 ---A- . (.Advanced Micro Devices - AMD PCI SATA/IDE Bus Driver.) -- C:\Windows\system32\drivers\amdide64.sys [10632]

O58 - SDL:[MD5.BA8417D4765F3988FF921F30F630E303] - 2008-01-20 - 21:46:52 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [90680]

O58 - SDL:[MD5.9D41C435619733B34CC16A511E644B11] - 2008-01-20 - 21:47:00 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [91192]

O58 - SDL:[MD5.6936198F2CC25B39CF5262436C80DF46] - 2006-10-31 - 17:23:42 ---A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\Windows\system32\drivers\ASACPI.sys [15680]

O58 - SDL:[MD5.6923740DB573B46FDDA13E1DF412C577] - 2011-01-13 - 03:37:12 ---A- . (.AVAST Software - avast! File System Access Blocking Driver.) -- C:\Windows\system32\drivers\aswFsBlk.sys [20560]

O58 - SDL:[MD5.DE001B988B58BFD453F667842655B22E] - 2011-01-13 - 03:37:23 ---A- . (.AVAST Software - avast! File System Minifilter for Windows 2003/Vista.) -- C:\Windows\system32\drivers\aswMonFlt.sys [62032]

O58 - SDL:[MD5.E0D1002D7FA65DD023788B17F714E682] - 2011-01-13 - 03:37:34 ---A- . (.AVAST Software - avast! TDI RDR Driver.) -- C:\Windows\system32\drivers\aswRdr.sys [29264]

O58 - SDL:[MD5.C3EAFDC0F533425614430A112BA71E9A] - 2011-01-13 - 03:41:44 ---A- . (.AVAST Software - avast! self protection module.) -- C:\Windows\system32\drivers\aswSP.sys [273488]

O58 - SDL:[MD5.0226FFBC420D8FB67BA3B9DBDD1F2DCA] - 2011-01-13 - 03:40:20 ---A- . (.AVAST Software - avast! TDI Filter Driver.) -- C:\Windows\system32\drivers\aswTdi.sys [51792]

O58 - SDL:[MD5.BC873A64C71209313C97ECB7D02F7AE8] - 2010-09-24 - 07:46:18 ---A- . (.ATI Technologies, Inc. - ATI High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\AtihdLH6.sys [115216]

O58 - SDL:[MD5.E9C0C72EFEABB3995E1E15E77B032E62] - 2008-10-15 - 01:05:04 ---A- . (.ATI Research Inc. - Ati High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\AtiHdmi.sys [178176]

O58 - SDL:[MD5.522A8BD1414CC7517FAEC907F138DB9C] - 2010-10-27 - 23:00:14 ---A- . (.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) -- C:\Windows\system32\drivers\atikmdag.sys [8012288]

O58 - SDL:[MD5.F712C26D40BF3CD2C020BB518E8150B1] - 2010-10-26 - 21:14:22 ---A- . (.Advanced Micro Devices, Inc. - AMD multi-vendor Miniport Driver.) -- C:\Windows\system32\drivers\atikmpag.sys [287232]

O58 - SDL:[MD5.DB0D3DE15EDC96E7529FC0D3F7760894] - 2008-04-27 - 19:25:06 ---A- . (.ATI Technologies Inc. - ATI PCIE Driver for ATI PCIE chipset.) -- C:\Windows\system32\drivers\AtiPcie.sys [16400]

O58 - SDL:[MD5.F09EEE9EDC320B5E1501F749FDE686C8] - 2006-09-18 - 16:30:15 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [18432]

O58 - SDL:[MD5.B114D3098E9BDB8BEA8B053685831BE6] - 2006-09-18 - 16:30:15 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [8704]

O58 - SDL:[MD5.F0F0BA4D815BE446AA6A4583CA3BCA9B] - 2006-11-02 - 03:43:25 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [86528]

O58 - SDL:[MD5.A6ECA2151B08A09CACECA35C07F05B42] - 2006-09-18 - 16:30:18 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [47104]

O58 - SDL:[MD5.B79968002C277E869CF38BD22CD61524] - 2006-09-18 - 16:30:18 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [14976]

O58 - SDL:[MD5.A87528880231C54E75EA7A44943B38BF] - 2006-09-19 - 06:42:33 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [14720]

O58 - SDL:[MD5.E5D5499A1C50A54B5161296B6AFE6192] - 2008-01-20 - 21:46:50 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [18024]

O58 - SDL:[MD5.222CB641B4B8A1D1126F8033F9FD6A00] - 2006-11-02 - 06:50:06 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys [88168]

O58 - SDL:[MD5.264CEE7B031A9D6C827F3D0CB031F2FE] - 2008-01-20 - 21:46:56 ---A- . (.Intel Corporation - Intel® PRO/1000 Adapter NDIS 6 deserialized driver.) -- C:\Windows\system32\drivers\E1G6032E.sys [146176]

O58 - SDL:[MD5.C4636D6E10469404AB5308D9FD45ED07] - 2008-01-20 - 21:46:59 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [397368]

O58 - SDL:[MD5.D7109A1E6BD2DFDBCBA72A6BC626A13B] - 2008-01-20 - 21:46:59 ---A- . (.Hewlett-Packard Company - Smart Array Storport Driver.) -- C:\Windows\system32\drivers\HpCISSs.sys [47672]

O58 - SDL:[MD5.3E3BF3627D886736D0B4E90054F929F6] - 2008-01-20 - 21:46:59 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver (base).) -- C:\Windows\system32\drivers\iaStorV.sys [290872]

O58 - SDL:[MD5.8C3951AD2FE886EF76C7B5027C3125D3] - 2006-11-02 - 07:02:39 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [44648]

O58 - SDL:[MD5.63C766CDC609FF8206CB447A65ABBA4A] - 2006-11-02 - 07:02:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\system32\drivers\iteatapi.sys [37480]

O58 - SDL:[MD5.1281FE73B17664631D12F643CBEA3F59] - 2006-11-02 - 07:02:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\system32\drivers\iteraid.sys [37480]

O58 - SDL:[MD5.073508533E422CE8BCEE234EB35CEEBF] - 2009-08-05 - 06:18:34 ---A- . (.Atheros Communications, Inc. - Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller.) -- C:\Windows\system32\drivers\L1E60x64.sys [57856]

O58 - SDL:[MD5.ACBE1AF32D3123E330A07BFBC5EC4A9B] - 2008-01-20 - 21:46:51 ---A- . (.LSI Logic - LSI Logic Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [113720]

O58 - SDL:[MD5.799FFB2FC4729FA46D2157C0065B3525] - 2008-01-20 - 21:46:56 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [105016]

O58 - SDL:[MD5.F445FF1DAAD8A226366BFAF42551226B] - 2008-01-20 - 21:47:01 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [113720]

O58 - SDL:[MD5.5C5CD6AACED32FB26C3FB34B3DCF972F] - 2008-01-20 - 21:46:59 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x.) -- C:\Windows\system32\drivers\megasas.sys [35896]

O58 - SDL:[MD5.859BC2436B076C77C159ED694ACFE8F8] - 2008-01-20 - 21:46:56 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys [438328]

O58 - SDL:[MD5.3C200630A89EF2C0864D515B7A75802E] - 2006-11-02 - 07:02:24 ---A- . (.LSI Logic Corporation - MegaRAID RAID Controller Driver for Windows Vista/Longhorn for.) -- C:\Windows\system32\drivers\Mraid35x.sys [39016]

O58 - SDL:[MD5.4AC08BD6AF2DF42E0C3196D826C8AEA7] - 2006-11-02 - 07:03:03 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [51816]

O58 - SDL:[MD5.2C040B7ADA5B06F6FACADAC8514AA034] - 2008-01-20 - 21:46:54 ---A- . (.NVIDIA Corporation - NVIDIA® nForce RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [128056]

O58 - SDL:[MD5.F7EA0FE82842D05EDA3EFDD376DBFDBA] - 2008-01-20 - 21:46:54 ---A- . (.NVIDIA Corporation - NVIDIA® nForce Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [54328]

O58 - SDL:[MD5.0B83F4E681062F3839BE2EC1D98FD94A] - 2008-01-20 - 21:46:52 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [1221176]

O58 - SDL:[MD5.E1C80F8D4D1E39EF9595809C1369BF2A] - 2006-11-02 - 06:50:27 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [124008]

O58 - SDL:[MD5.8B56BDCE6A303DDE63D63440D1CF9AD1] - 2010-07-01 - 14:21:50 ---A- . (.Screaming Bee LLC - Screaming Bee Audio Driver.) -- C:\Windows\system32\drivers\ScreamingBAudio64.sys [38992]

O58 - SDL:[MD5.3EA8A16169C26AFBEB544E0E48421186] - 2006-09-29 - 18:51:44 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys [23040]

O58 - SDL:[MD5.3A2F769FAB9582BC720E11EA1DFB184D] - 2008-01-20 - 21:47:26 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys [78392]

O58 - SDL:[MD5.D0EE1700D64DFB7500DCFD7EA4EF1700] - 2010-12-28 - 00:00:00 ---A- . (...) -- C:\Windows\system32\drivers\sptd.sys [834544]

O58 - SDL:[MD5.2F26A2C6FC96B29BEFF5D8ED74E6625B] - 2006-11-02 - 07:02:52 ---A- . (.LSI Logic - LSI Logic 8XX SCSI Miniport Driver.) -- C:\Windows\system32\drivers\symc8xx.sys [49256]

O58 - SDL:[MD5.A909667976D3BCCD1DF813FED517D837] - 2006-11-02 - 07:02:37 ---A- . (.LSI Logic - LSI Logic Hi-Perf SCSI Miniport Driver.) -- C:\Windows\system32\drivers\sym_hi.sys [44648]

O58 - SDL:[MD5.36887B56EC2D98B9C362F6AE4DE5B7B0] - 2006-11-02 - 07:02:47 ---A- . (.LSI Logic - LSI Logic Ultra160 SCSI Miniport Driver.) -- C:\Windows\system32\drivers\sym_u3.sys [48232]

O58 - SDL:[MD5.697F0446134CDC8F99E69306184FBBB4] - 2008-01-20 - 21:46:56 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\system32\drivers\uliahci.sys [284728]

O58 - SDL:[MD5.31707F09846056651EA2C37858F5DDB0] - 2006-11-02 - 06:50:54 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\system32\drivers\ulsata.sys [148072]

O58 - SDL:[MD5.85E5E43ED5B48C8376281BAB519271B7] - 2008-01-20 - 21:46:52 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series x64 Windows Driver.) -- C:\Windows\system32\drivers\ulsata2.sys [174696]

O58 - SDL:[MD5.DB07F39CB6F36B46EA681E754A0EC588] - 2008-03-19 - 18:28:52 ---A- . (.Advanced Micro Devices Inc. - AMD USB Filter Driver.) -- C:\Windows\system32\drivers\usbfilter.sys [26168]

O58 - SDL:[MD5.4A441CEF86DD95692984FCE11D8FD530] - 2008-12-18 - 22:43:18 ---A- . (.VIA Technologies, Inc. - VIA High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\viahduaa.sys [1048064]

O58 - SDL:[MD5.8294B6C3FDB6C33F24E150DE647ECDAA] - 2008-01-20 - 21:46:50 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys [18024]

O58 - SDL:[MD5.A68F455ED2673835209318DD61BFBB0E] - 2008-01-20 - 21:47:25 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys [149048]

O58 - SDL:[MD5.CDA299EC031613957C97F758D9B732CB] - 2005-04-12 - 07:21:52 ---A- . (.Logitech Inc. - Logitech WingMan Hid Filter Driver.) -- C:\Windows\system32\drivers\WmFilter.sys [29568]

O58 - SDL:[MD5.19166026A93206F9C6A8CD3A1F010AE4] - 2007-12-28 - 02:22:02 ---A- . (...) -- C:\Windows\SysWOW64\drivers\ASUSHWIO.SYS [10296]




---\\ Liste des services Legacy (O64)

O64 - Services: CurCS - 1899-12-30 - C:\Windows\System32\DRIVERS\amdide64.sys - amdide64(amdide64) .(.Advanced Micro Devices - AMD PCI SATA/IDE Bus Driver.) - LEGACY_AMDIDE64

O64 - Services: CurCS - 1899-12-30 - C:\Windows\System32\DRIVERS\atikmdag.sys - amdkmdag(amdkmdag) .(.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) - LEGACY_AMDKMDAG

O64 - Services: CurCS - C:\Windows\system32\Drivers\ASWFSBLK.sys - (.not file.) - aswFsBlk (aswFsBlk) .(...) - LEGACY_ASWFSBLK

O64 - Services: CurCS - 1899-12-30 - C:\Windows\system32\drivers\aswMonFlt.sys - aswMonFlt(aswMonFlt) .(.AVAST Software - avast! File System Minifilter for Windows 2.) - LEGACY_ASWMONFLT

O64 - Services: CurCS - C:\Windows\system32\Drivers\ASWRDR.sys - (.not file.) - aswRdr (aswRdr) .(...) - LEGACY_ASWRDR

O64 - Services: CurCS - C:\Windows\system32\Drivers\ASWSP.sys - (.not file.) - aswSP (aswSP) .(...) - LEGACY_ASWSP

O64 - Services: CurCS - C:\Windows\system32\Drivers\ASWTDI.sys - (.not file.) - avast! Network Shield Support (aswTdi) .(...) - LEGACY_ASWTDI

O64 - Services: CurCS - C:\Windows\system32\Drivers\FASTFAT.sys - (.not file.) - FAT12/16/32 File System Driver (fastfat) .(...) - LEGACY_FASTFAT

O64 - Services: CurCS - C:\Windows\system32\Drivers\FS_REC.sys - Fs_Rec (Fs_Rec) .(...) - LEGACY_FS_REC

O64 - Services: CurCS - C:\Windows\system32\Drivers\MSFS.sys - Msfs (Msfs) .(...) - LEGACY_MSFS

O64 - Services: CurCS - C:\Windows\system32\Drivers\NDPROXY.sys - NDProxy (NDProxy) .(...) - LEGACY_NDPROXY

O64 - Services: CurCS - C:\Windows\system32\Drivers\NPFS.sys - Npfs (Npfs) .(...) - LEGACY_NPFS

O64 - Services: CurCS - C:\Windows\system32\Drivers\NTFS.sys - Ntfs (Ntfs) .(...) - LEGACY_NTFS

O64 - Services: CurCS - C:\Windows\system32\Drivers\NULL.sys - Null (Null) .(...) - LEGACY_NULL

O64 - Services: CurCS - C:\Windows\system32\Drivers\SECDRV.sys - (.not file.) - Security Driver (secdrv) .(...) - LEGACY_SECDRV

O64 - Services: CurCS - C:\Windows\system32\Drivers\SPLDR.sys - (.not file.) - Security Processor Loader Driver (spldr) .(...) - LEGACY_SPLDR

O64 - Services: CurCS - C:\Windows\System32\Drivers\sptd.sys - sptd (sptd) .(...) - LEGACY_SPTD




---\\ File Associations Shell Spawning (O67)

O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe

O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe

O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe

O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe




---\\ Start Menu Internet (O68)

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe




---\\ Search Browser Infection (O69)

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - Bing

O69 - SBI: SearchScopes [HKCU] {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} [DefaultScope] - (DAEMON Search) - :: EXPLORE




---\\ Recherche particuliere à la racine de certains dossiers (O84)

[MD5.C1574878D1310230982E6D0176073EB4] [sPRF] (.Pas de propriétaire - Pas de description.) -- C:\Users\darwizardx\AppData\Local\Temp\NuruMassage.Pack1[].torrent [21945]

[MD5.A3C897570ADF1D27D18042F18AFAC15E] [sPRF] (.Pas de propriétaire - Pas de description.) -- C:\Users\darwizardx\AppData\Local\Temp\NuruMassage.Pack2[].torrent [27500]

[MD5.AE331E1956DCAFB4748EE5EF4E83473E] [sPRF] (.Pas de propriétaire - Pas de description.) -- C:\Users\darwizardx\AppData\Local\Temp\NuruMassage.Pack3[].torrent [27449]

[MD5.E40261CE2056F7BB4DD5F690C665C49C] [sPRF] (.Pas de propriétaire - Pas de description.) -- C:\Users\darwizardx\AppData\Local\Temp\NuruMassage.Pack4[].torrent [25651]

[MD5.EC5795997D077AA972EC3CD44A39A60F] [sPRF] (.Pas de propriétaire - Pas de description.) -- C:\Users\darwizardx\AppData\Local\Temp\NuruMassage.Pack5[].torrent [25787]

[MD5.49F076C069F5B825BA5BFD78E9C22A49] [sPRF] (.Pas de propriétaire - Pas de description.) -- C:\Users\darwizardx\AppData\Local\Temp\NuruMassage.Pack6[].torrent [24460]

[MD5.71EA857B02F778B3D54BA59444A9F802] [sPRF] (.Microsoft Corporation - Win32 Cabinet Self-Extractor.) -- C:\Users\darwizardx\AppData\Local\Temp\rootsupd.exe [336280]

[MD5.D2D7AD244F109B757CD4F9F44A75CB9F] [sPRF] (.Macrovision Corporation - Setup.exe.) -- C:\Users\darwizardx\AppData\Local\Temp\_isA4DF.exe [459400]




---\\ Firewall Active Exception List (FirewallRules) (O87)

O87 - FAEL: "FPS-SpoolSvc-In-TCP" |In - Private - P6 - TRUE | .(...) -- C:\Windows\system32\spoolsv.exe (.not file.)

O87 - FAEL: "FPS-SpoolSvc-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\spoolsv.exe (.not file.)

O87 - FAEL: "CoreNet-GP-LSASS-Out-TCP" |Out - Domain - P6 - TRUE | .(...) -- C:\Windows\system32\lsass.exe (.not file.)

O87 - FAEL: "WinCollab-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Windows Meeting Space.) -- C:\Program Files\Windows Collaboration\WinCollab.exe

O87 - FAEL: "WinCollab-In-UDP" | In - Domain - P17 - TRUE | .(.Microsoft Corporation - Windows Meeting Space.) -- C:\Program Files\Windows Collaboration\WinCollab.exe

O87 - FAEL: "WinCollab-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Windows Meeting Space.) -- C:\Program Files\Windows Collaboration\WinCollab.exe

O87 - FAEL: "WinCollab-In-TCP" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Windows Meeting Space.) -- C:\Program Files\Windows Collaboration\WinCollab.exe

O87 - FAEL: "WinCollab-DFSR-Out-TCP" |Out - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\dfsr.exe (.not file.)

O87 - FAEL: "WinCollab-DFSR-In-TCP" |In - Domain - P6 - TRUE | .(...) -- C:\Windows\system32\dfsr.exe (.not file.)

O87 - FAEL: "RemoteSvcAdmin-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Applications Services et Contrôleur.) -- C:\Windows\system32\services.exe

O87 - FAEL: "RemoteSvcAdmin-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Applications Services et Contrôleur.) -- C:\Windows\system32\services.exe

O87 - FAEL: "NetPres-Out-TCP" |Out - Public - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)

O87 - FAEL: "NetPres-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)

O87 - FAEL: "NetPres-WSD-Out-UDP" |Out - Domain - P17 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)

O87 - FAEL: "NetPres-WSD-In-UDP" |In - Domain - P17 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)

O87 - FAEL: "NetPres-Out-TCP-NoScope" |Out - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)

O87 - FAEL: "NetPres-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)

O87 - FAEL: "{F05B569B-9DF0-4A56-A9DD-169ED9C47BD8}" | In - Public - P6 - TRUE | .(.Blizzard Entertainment - Blizzard Launcher.) -- C:\Users\Public\Games\World of Warcraft\Launcher.exe

O87 - FAEL: "{79591F24-6E0D-4F77-B5D0-3B0B1ADF03C2}" | In - Public - P17 - TRUE | .(.Blizzard Entertainment - Blizzard Launcher.) -- C:\Users\Public\Games\World of Warcraft\Launcher.exe

O87 - FAEL: "{E3F3E972-9AEB-4099-8FD6-24CF56527763}" | In - Public - P6 - TRUE | .(.Blizzard Entertainment - Blizzard Downloader.) -- C:\Users\Public\Games\World of Warcraft\WoW-

O87 - FAEL: "{D6536DD6-6BA1-4C09-A636-781AACDEF7A8}" | In - Public - P17 - TRUE | .(.Blizzard Entertainment - Blizzard Downloader.) -- C:\Users\Public\Games\World of Warcraft\WoW-

O87 - FAEL: "{BF091B97-45C8-4B0B-979D-058E5A3913C0}" | In - Public - P6 - TRUE | .(.Blizzard Entertainment - Blizzard Launcher.) -- C:\Program Files (x86)\StarCraft II\StarCraft II.exe

O87 - FAEL: "{573EF456-5743-45F6-9FD1-6FFD18B2DED3}" | In - Public - P17 - TRUE | .(.Blizzard Entertainment - Blizzard Launcher.) -- C:\Program Files (x86)\StarCraft II\StarCraft II.exe

O87 - FAEL: "TCP Query User{82C8FEC6-5F3E-48E4-9806-FB2E356D270F}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" | In - Public - P6 - TRUE | .(.Blizzard Entertainment, Inc..) -- C:\program files (x86)\starcraft ii\versions\base16939\sc2.e

O87 - FAEL: "UDP Query User{340C86D8-23E6-4009-94CC-7B4F7979DF8F}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" | In - Public - P17 - TRUE | .(.Blizzard Entertainment, Inc..) -- C:\program files (x86)\starcraft ii\versions\base16939\sc2.

O87 - FAEL: "{59B1FFAF-CA10-4B0C-AA13-42825FF6B6FA}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Public\Games\World of Warcraft\Launcher.patch.exe (.not file.)

O87 - FAEL: "{CDAD9456-07C8-40DE-8284-FD528F5A510D}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Public\Games\World of Warcraft\Launcher.patch.exe (.not file.)

O87 - FAEL: "{FD2DAE45-CD07-4BA4-A99A-CAC4028831C3}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.)

O87 - FAEL: "{F20F41D8-9881-4EB8-A75F-DA3715AF5578}" |In - Public - P6 - TRUE | .(...) -- C:\Windows\system32\spoolsv.exe (.not file.)

O87 - FAEL: "{B7D43BD1-E4E3-4C31-BF61-E9A5EA858BA9}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Public\Games\World of Warcraft\Blizzard Downloader.exe (.not file.)

O87 - FAEL: "{8030A402-9A90-4AFE-8B76-D2A0EFCA6E6A}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Public\Games\World of Warcraft\Blizzard Downloader.exe (.not file.)

O87 - FAEL: "TCP Query User{9FE3DCA6-CC66-472A-A0A5-6F69A1FBEF32}C:\program files (x86)\google\google earth\plugin\geplugin.exe" | In - Public - P6 - TRUE | .(.Google - Google Earth.) -- C:\program files (x86)\google\google earth\plugin\geplugin.exe

O87 - FAEL: "UDP Query User{170A86F4-C3AB-4967-B24B-7E61EC7766C6}C:\program files (x86)\google\google earth\plugin\geplugin.exe" | In - Public - P17 - TRUE | .(.Google.) -- C:\program files (x86)\google\google earth\plugin\geplugin.exe

O87 - FAEL: "TCP Query User{87521235-A214-408C-BCD9-5D9DAA605661}C:\program files (x86)\linksys\logviewer\logviewer.exe" | In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\linksys\logviewer\logviewer.exe

O87 - FAEL: "UDP Query User{54A7F5CB-D760-4178-824E-3B4A981754E3}C:\program files (x86)\linksys\logviewer\logviewer.exe" | In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\linksys\logviewer\logviewer.exe

O87 - FAEL: "TCP Query User{8B5C84C1-76C0-4BB5-A59A-43E5B69B2798}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" | In - Private - P6 - TRUE | .(.Blizzard Entertainment, Inc..) -- C:\program files (x86)\starcraft ii\versions\base16939\sc2.

O87 - FAEL: "UDP Query User{2731C62D-B059-44C2-8ED9-C750C0C81762}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" | In - Private - P17 - TRUE | .(.Blizzard Entertainment, Inc..) -- C:\program files (x86)\starcraft ii\versions\base16939\sc2

O87 - FAEL: "TCP Query User{697D326C-A7D3-4669-A1B5-8C45A2C05C66}C:\program files (x86)\vuze\azureus.exe" | In - Public - P6 - TRUE | .(.Vuze Inc. - Pas de description.) -- C:\program files (x86)\vuze\azureus.exe

O87 - FAEL: "UDP Query User{3DBBF9FF-8C94-4D66-8520-EA851E1BED66}C:\program files (x86)\vuze\azureus.exe" | In - Public - P17 - TRUE | .(.Vuze Inc. - Pas de description.) -- C:\program files (x86)\vuze\azureus.exe

O87 - FAEL: "TCP Query User{B7D981E9-96CC-4A25-AAEB-F1AC083EE344}C:\program files (x86)\mozilla firefox\firefox.exe" | In - Private - P6 - TRUE | .(.Mozilla Corporation - Firefox.) -- C:\program files (x86)\mozilla firefox\firefox.exe

O87 - FAEL: "UDP Query User{C49CDEA6-D066-464B-A023-8D2992398D99}C:\program files (x86)\mozilla firefox\firefox.exe" | In - Private - P17 - TRUE | .(.Mozilla Corporation - Firefox.) -- C:\program files (x86)\mozilla firefox\firefox.exe

O87 - FAEL: "TCP Query User{1FA05B66-5444-42AF-9684-BED3C1BD2990}C:\program files (x86)\eidos\battlestations pacific\bsp.exe" | In - Private - P6 - TRUE | .(.EIDOS.) -- C:\program files (x86)\eidos\battlestations pacific\bsp.exe

O87 - FAEL: "UDP Query User{600B3166-2100-4456-B48A-67C4BF9F14C8}C:\program files (x86)\eidos\battlestations pacific\bsp.exe" | In - Private - P17 - TRUE | .(.EIDOS.) -- C:\program files (x86)\eidos\battlestations pacific\bsp.exe

O87 - FAEL: "{93D29B9C-8D27-47B0-A8F2-CE8689DB1178}" | In - Private - P6 - TRUE | .(.Ubisoft - Assassin's Creed Game.) -- C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe

O87 - FAEL: "{9489E1E7-45B7-45A8-A80D-658E0F1FDDEC}" | In - Private - P17 - TRUE | .(.Ubisoft - Assassin's Creed Game.) -- C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe

O87 - FAEL: "{375C6C03-235E-4F4E-AE8F-3DB3D02A73CE}" | In - Private - P6 - TRUE | .(.Ubisoft - Assassin's Creed Game.) -- C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe

O87 - FAEL: "{9E74A1DE-6A45-4F31-9B93-A8577D490081}" | In - Private - P17 - TRUE | .(.Ubisoft - Assassin's Creed Game.) -- C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe

O87 - FAEL: "{986B2115-A0F3-4080-89BF-3BC8A309733A}" | In - Private - P6 - TRUE | .(.Ubisoft - Autopatch system.) -- C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe

O87 - FAEL: "{F8272176-17ED-4538-BA1E-CDEB8AA1B67A}" | In - Private - P17 - TRUE | .(.Ubisoft - Autopatch system.) -- C:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe

O87 - FAEL: "TCP Query User{A621F84A-3E6A-4572-9E3E-7EB004509EBB}C:\program files (x86)\google\google earth\plugin\geplugin.exe" | In - Private - P6 - TRUE | .(.Google.) -- C:\program files (x86)\google\google earth\plugin\geplugin.exe

O87 - FAEL: "UDP Query User{15EEF726-9A79-4EB4-B405-C5EF0D22BD30}C:\program files (x86)\google\google earth\plugin\geplugin.exe" | In - Private - P17 - TRUE | .(.Google.) -- C:\program files (x86)\google\google earth\plugin\geplugin.exe

O87 - FAEL: "{6677F8E0-A764-4942-BEC8-86F4F5C05758}" | In - Private - P6 - TRUE | .(.Vuze Inc. - Pas de description.) -- C:\Program Files (x86)\Vuze\Azureus.exe

O87 - FAEL: "{D1ADEE95-4D33-48E6-A182-3FA83FA427C8}" | In - Private - P17 - TRUE | .(.Vuze Inc. - Pas de description.) -- C:\Program Files (x86)\Vuze\Azureus.exe

O87 - FAEL: "TCP Query User{F41D5746-4BC6-40CC-95EB-F328AE816B17}C:\program files (x86)\videolan\vlc\vlc.exe" | In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\videolan\vlc\vlc.exe

O87 - FAEL: "UDP Query User{9BA889F1-7BA0-41A1-A79B-79EA0E6AF488}C:\program files (x86)\videolan\vlc\vlc.exe" | In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\videolan\vlc\vlc.exe

O87 - FAEL: "TCP Query User{89E353A2-E1D8-41D5-A613-43FF70A50D30}C:\program files (x86)\starcraft ii\starcraft ii.exe" | In - Private - P6 - TRUE | .(.Blizzard Entertainment.) -- C:\program files (x86)\starcraft ii\starcraft ii.exe

O87 - FAEL: "UDP Query User{E34F3380-4370-4447-8B85-7531FC710AEE}C:\program files (x86)\starcraft ii\starcraft ii.exe" | In - Private - P17 - TRUE | .(.Blizzard Entertainment.) -- C:\program files (x86)\starcraft ii\starcraft ii.exe

O87 - FAEL: "TCP Query User{C841BC19-1E45-440D-8242-C5CD2133DC79}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" | In - Private - P6 - TRUE | .(.Blizzard Entertainment.) -- C:\program files (x86)\starcraft ii\support\blizzarddownloade

O87 - FAEL: "UDP Query User{0C7684B0-97DE-4A73-BACB-9BCB52E1990C}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" | In - Private - P17 - TRUE | .(.Blizzard Entertainment.) -- C:\program files (x86)\starcraft ii\support\blizzarddownload

O87 - FAEL: "TCP Query User{F26F2581-501A-4516-8140-B26597733D45}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" | In - Private - P6 - TRUE | .(.Blizzard Entertainment, Inc..) -- C:\program files (x86)\starcraft ii\versions\base17326\sc2.

O87 - FAEL: "UDP Query User{A26E1332-0D38-45A7-A717-2675FF046B21}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" | In - Private - P17 - TRUE | .(.Blizzard Entertainment, Inc..) -- C:\program files (x86)\starcraft ii\versions\base17326\sc2

O87 - FAEL: "TCP Query User{90B37B7D-1EC8-4C78-BA30-FB473AD244F0}C:\program files (x86)\ccp\eve\bin\exefile.exe" | In - Private - P6 - TRUE | .(.CCP hf. - CCP ExeFile.) -- C:\program files (x86)\ccp\eve\bin\exefile.exe

O87 - FAEL: "UDP Query User{9AAB2855-62A0-4EC9-9E75-07953132F17D}C:\program files (x86)\ccp\eve\bin\exefile.exe" | In - Private - P17 - TRUE | .(.CCP hf. - CCP ExeFile.) -- C:\program files (x86)\ccp\eve\bin\exefile.exe

O87 - FAEL: "TCP Query User{9DA0D456-52A9-427B-A67E-DAE22AE29C47}C:\users\public\games\world of warcraft\launcher.patch.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\public\games\world of warcraft\launcher.patch.exe (.not file.)

O87 - FAEL: "UDP Query User{7E96D1C6-2B1D-4D30-9373-DB4F6A80F9B5}C:\users\public\games\world of warcraft\launcher.patch.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\public\games\world of warcraft\launcher.patch.exe (.not file.)

O87 - FAEL: "TCP Query User{CA22D630-187F-4768-A7C3-DA8E0CA3D61F}C:\users\public\games\world of warcraft\temp\wow-" |In - Private - P6 - TRUE | .(...) -- C:\users\public\games\world of warcraft\temp\wow-

O87 - FAEL: "UDP Query User{7989F59B-4230-4C4E-9FC4-6E200D372539}C:\users\public\games\world of warcraft\temp\wow-" |In - Private - P17 - TRUE | .(...) -- C:\users\public\games\world of warcraft\temp\wow-

O87 - FAEL: "{64AAAB4A-B9BA-4CC3-A50A-E3C9682BD8C3}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\Steam\Steam.exe (.not file.)

O87 - FAEL: "{842F4556-D899-41C1-A02C-CBC4F5527797}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\Steam\Steam.exe (.not file.)

O87 - FAEL: "{B76C3187-9A03-4B03-8DA5-C1F53F499EA8}" | In - Private - P6 - TRUE | .(.Firefly Studios - Stronghold 2.) -- C:\Program Files (x86)\Firefly Studios\Stronghold 2\Stronghold2.exe

O87 - FAEL: "{075943BA-8F23-430E-AD9B-8D1D84BC6F99}" | In - Private - P17 - TRUE | .(.Firefly Studios - Stronghold 2.) -- C:\Program Files (x86)\Firefly Studios\Stronghold 2\Stronghold2.exe

O87 - FAEL: "TCP Query User{9D73C0FD-1B88-41C3-99B7-4D600EDD1256}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" | In - Private - P6 - TRUE | .(.Crytek GmbH.) -- C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysi

O87 - FAEL: "UDP Query User{8EB529D5-6695-42BB-A48A-CDDEA81D6C5E}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" | In - Private - P17 - TRUE | .(.Crytek GmbH.) -- C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crys

O87 - FAEL: "{98AF3ACD-58E2-4075-A8E2-60BA24E86CB8}" | In - Private - P6 - TRUE | .(.Blizzard Entertainment - Blizzard Launcher.) -- C:\Users\Public\Games\World of Warcraft\Launcher.exe

O87 - FAEL: "{97DE6089-F850-4183-8E0D-E37C4942B3F4}" | In - Private - P17 - TRUE | .(.Blizzard Entertainment - Blizzard Launcher.) -- C:\Users\Public\Games\World of Warcraft\Launcher.exe




---\\ Scan Additionnel (O88)

Database Version : 6367 - (28/04/2011)

Number of Keys Founds (Clés trouvées) : 15

Number of Directories Founds (Dossiers trouvés) : 4


[HKLM\Software\Classes\Conduit.Engine] =>Toolbar.Conduit

[HKLM\Software\Wow6432Node\Classes\Conduit.Engine] =>Toolbar.Conduit

[HKLM\Software\Classes\Toolbar.ct2504091] =>Adware.Agent

[HKLM\Software\Wow6432Node\Classes\Toolbar.ct2504091] =>Adware.Agent

[HKCU\Software\Conduit] =>Toolbar.Conduit

[HKCU\Software\AppDataLow\Software\Conduit] =>Toolbar.Conduit

[HKLM\Software\Conduit] =>Toolbar.Conduit

[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit

[HKCU\Software\AppDataLow\Software\conduitEngine] =>Toolbar.Conduit

[HKLM\Software\conduitEngine] =>Toolbar.Conduit

[HKLM\Software\Wow6432Node\conduitEngine] =>Toolbar.Conduit

[HKCU\Software\AppDataLow\Toolbar] =>Toolbar.Conduit

[HKLM\Software\Trymedia Systems] =>Adware.Trymedia

[HKLM\Software\Wow6432Node\Trymedia Systems] =>Adware.Trymedia

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine] =>Toolbar.Conduit

C:\ProgramData\Trymedia =>Adware.Trymedia

C:\Program Files (x86)\Conduit =>Toolbar.Conduit

C:\Program Files (x86)\ConduitEngine =>Toolbar.Conduit

C:\Program Files (x86)\Trymedia =>Adware.Trymedia




---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)

SS - | Auto 0 | (AMD External Events Utility) . (...) - C:\Windows\system32\atiesrxx.exe

SR - | Auto 2011-01-13 40384 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

SS - | Auto 2011-01-13 0 | (gupdate) . (...) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - | Demand 2011-01-13 0 | (Steam Client Service) . (...) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

SS - | Demand 2011-01-13 0 | c:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (WPFFontCache_v0400) . (...) - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe

SR - | Auto 2008-01-20 21504 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\system32\svchost.exe




---\\ Recherche Master Boot Record Infection (MBR)(O80)

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover

Run by darwizardx at 2011-04-30 11:51:44


device: opened successfully

user: error reading MBR


Disk trace:

error: Read Descripteur non valide

kernel: error reading MBR




---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)

Written by ad13, http://ad13.geekstog

Run by darwizardx at 2011-04-30 11:51:46


********* Dump file Name *********





---\\ Liste des émulateurs de CD/DVD (Hook du MBR)

O58 - SDL:[MD5.D0EE1700D64DFB7500DCFD7EA4EF1700] - 2010-12-28 - 00:00:00 ---A- . (...) -- C:\Windows\system32\drivers\sptd.sys [834544]




End of the scan (902 lines in 01mn 45s)(0)




Il n'y a pourtant rien de compliqué à héberger un fichier texte sur ci-joint... Enfin bon.


Si vous êtes sous Vista/seven:, Désactiver provisoirement l'UAC


:arrow: Télécharge USBFIX de TeamXscript et enregistre le sur ton bureau.


NB: Certains antivirus hurlent sur les processus de l'outil; c'est un faux-positif, ignorer les alertes ou désactiver provisoirement l'antivirus. Si vous ne savez pas comment faire, reportez-vous à cet article.


  • Si tu es sous XP, Double-clique sur USBFix.exe pour le lancer.
    Si tu es sous Vista, Clique droit sur USBFix.exe et choisis Exécuter en tant qu'administrateur.
  • Clique sur Recherche et laisse l'outil travailler
  • Une fenêtre de te demandant de bancher tous les périphériques externes que tu as pu utiliser ces derniers jours (clés USB, lecteurs MP3, disques durs externes, etc ...) va apparaitre.
    Branche le matériel puis clique sur OK pour poursuivre.
  • Patiente le temps d'exécution du scan.
  • A la fin, un rapport va être généré (C:/USBFix.txt). Copie-colle l'intégralité de son contenu dans ta prochaine réponse.


  • Tonton a modifié le titre en Désinfection de mon PC, SVP

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
  • Créer...