Heuristics.Shuriken

[ero-sennin]

je ne pourrais faire ça que demain matin a partir de 5h....

[ero-sennin]

bonjour,

voici deja le log TDSSkiller en mode sans échecs car impossible de redemarré le pc normalement:

 

2011/06/23 05:46:37.0750 1392 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15

2011/06/23 05:46:37.0921 1392 ================================================================================

2011/06/23 05:46:37.0921 1392 SystemInfo:

2011/06/23 05:46:37.0921 1392

2011/06/23 05:46:37.0921 1392 OS Version: 5.1.2600 ServicePack: 3.0

2011/06/23 05:46:37.0921 1392 Product type: Workstation

2011/06/23 05:46:37.0921 1392 ComputerName: BASCULE

2011/06/23 05:46:37.0921 1392 UserName: Administrateur

2011/06/23 05:46:37.0921 1392 Windows directory: C:\WINDOWS

2011/06/23 05:46:37.0921 1392 System windows directory: C:\WINDOWS

2011/06/23 05:46:37.0921 1392 Processor architecture: Intel x86

2011/06/23 05:46:37.0921 1392 Number of processors: 1

2011/06/23 05:46:37.0921 1392 Page size: 0x1000

2011/06/23 05:46:37.0921 1392 Boot type: Safe boot with network

2011/06/23 05:46:37.0921 1392 ================================================================================

2011/06/23 05:46:38.0921 1392 Initialize success

2011/06/23 05:46:43.0640 0668 ================================================================================

2011/06/23 05:46:43.0640 0668 Scan started

2011/06/23 05:46:43.0640 0668 Mode: Manual;

2011/06/23 05:46:43.0640 0668 ================================================================================

2011/06/23 05:46:44.0812 0668 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/06/23 05:46:44.0921 0668 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/06/23 05:46:45.0000 0668 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/06/23 05:46:45.0093 0668 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/06/23 05:46:45.0171 0668 adpu320 (e4e13ce4c85c7e45a643ba54b8c8b16b) C:\WINDOWS\system32\DRIVERS\adpu320.sys

2011/06/23 05:46:45.0234 0668 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/06/23 05:46:45.0343 0668 aec6280 (83d5419d0c68252244f9f48fb4394b38) C:\WINDOWS\system32\DRIVERS\aec6280.sys

2011/06/23 05:46:45.0437 0668 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/06/23 05:46:45.0531 0668 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/06/23 05:46:45.0609 0668 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/06/23 05:46:45.0671 0668 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/06/23 05:46:45.0734 0668 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/06/23 05:46:45.0765 0668 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/06/23 05:46:45.0859 0668 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/06/23 05:46:45.0953 0668 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/06/23 05:46:46.0015 0668 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/06/23 05:46:46.0109 0668 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/06/23 05:46:46.0203 0668 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/06/23 05:46:46.0250 0668 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/06/23 05:46:46.0312 0668 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/06/23 05:46:46.0437 0668 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys

2011/06/23 05:46:46.0531 0668 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/06/23 05:46:46.0578 0668 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/06/23 05:46:46.0765 0668 ati2mtag (cea17aa4858bc39d4e60a7d8ff460fc0) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/06/23 05:46:46.0875 0668 atiide (1842b56b3d3f195c36f62708d266b95e) C:\WINDOWS\system32\DRIVERS\atiide.sys

2011/06/23 05:46:46.0953 0668 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/06/23 05:46:47.0015 0668 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/06/23 05:46:47.0187 0668 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2011/06/23 05:46:47.0421 0668 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

2011/06/23 05:46:47.0593 0668 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys

2011/06/23 05:46:47.0687 0668 awlegacy (f7e75c620a04963c9a53c3b47da80405) C:\WINDOWS\System32\Drivers\awlegacy.sys

2011/06/23 05:46:47.0750 0668 AW_HOST (7ab1047fcc742bd4abf1016c031969ce) C:\WINDOWS\system32\drivers\aw_host5.sys

2011/06/23 05:46:47.0812 0668 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/06/23 05:46:47.0937 0668 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/06/23 05:46:47.0968 0668 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/06/23 05:46:48.0015 0668 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/06/23 05:46:48.0078 0668 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/06/23 05:46:48.0156 0668 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/06/23 05:46:48.0218 0668 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/06/23 05:46:48.0421 0668 CmdIde (e3726ad522d0bdae090671048c991ab3) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/06/23 05:46:48.0484 0668 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/06/23 05:46:48.0531 0668 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/06/23 05:46:48.0562 0668 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/06/23 05:46:48.0640 0668 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/06/23 05:46:48.0718 0668 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys

2011/06/23 05:46:48.0796 0668 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys

2011/06/23 05:46:48.0828 0668 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/06/23 05:46:48.0890 0668 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/06/23 05:46:49.0140 0668 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/06/23 05:46:49.0265 0668 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/06/23 05:46:49.0328 0668 E100B (1961f8b618e3c20df54c146b294efd2a) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/06/23 05:46:49.0421 0668 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/06/23 05:46:49.0484 0668 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/06/23 05:46:49.0562 0668 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys

2011/06/23 05:46:49.0593 0668 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/06/23 05:46:49.0656 0668 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/06/23 05:46:49.0718 0668 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/06/23 05:46:49.0734 0668 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/06/23 05:46:49.0812 0668 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/06/23 05:46:49.0875 0668 Gernuwa (ba294768509fa03fcfe766962dee3cad) C:\WINDOWS\system32\drivers\Gernuwa.sys

2011/06/23 05:46:50.0015 0668 GhPciScan (4d0e1ddfc571285a0bbabb0a534f4d3d) C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys

2011/06/23 05:46:50.0203 0668 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/06/23 05:46:50.0343 0668 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/06/23 05:46:50.0421 0668 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/06/23 05:46:50.0562 0668 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/06/23 05:46:50.0671 0668 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/06/23 05:46:50.0750 0668 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/06/23 05:46:50.0812 0668 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/06/23 05:46:50.0859 0668 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/06/23 05:46:50.0937 0668 iaStor (294110966cedd127629c5be48367c8cf) C:\WINDOWS\system32\DRIVERS\iaStor.sys

2011/06/23 05:46:51.0078 0668 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/06/23 05:46:51.0140 0668 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/06/23 05:46:51.0328 0668 IntcAzAudAddService (909d03b3b7fb7c830b74f74f4d0ea7ce) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/06/23 05:46:51.0515 0668 IntelIde (4b6da2f0a4095857a9e3f3697399d575) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/06/23 05:46:51.0578 0668 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/06/23 05:46:51.0734 0668 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/06/23 05:46:51.0765 0668 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/06/23 05:46:51.0812 0668 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/06/23 05:46:51.0875 0668 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/06/23 05:46:51.0937 0668 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/06/23 05:46:51.0984 0668 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/06/23 05:46:52.0031 0668 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/06/23 05:46:52.0093 0668 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/06/23 05:46:52.0125 0668 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/06/23 05:46:52.0171 0668 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/06/23 05:46:52.0250 0668 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/06/23 05:46:52.0359 0668 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys

2011/06/23 05:46:52.0515 0668 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys

2011/06/23 05:46:52.0578 0668 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/06/23 05:46:52.0625 0668 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys

2011/06/23 05:46:52.0671 0668 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/06/23 05:46:52.0734 0668 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/06/23 05:46:52.0796 0668 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/06/23 05:46:52.0859 0668 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/06/23 05:46:52.0890 0668 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/06/23 05:46:52.0968 0668 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/06/23 05:46:53.0031 0668 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/06/23 05:46:53.0078 0668 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/06/23 05:46:53.0140 0668 msloop (64e8b7c65eb4796939c0f64f8170821b) C:\WINDOWS\system32\DRIVERS\loop.sys

2011/06/23 05:46:53.0234 0668 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/06/23 05:46:53.0265 0668 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/06/23 05:46:53.0328 0668 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/06/23 05:46:53.0406 0668 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/06/23 05:46:53.0531 0668 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/06/23 05:46:53.0593 0668 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/06/23 05:46:53.0671 0668 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/06/23 05:46:53.0718 0668 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/06/23 05:46:53.0765 0668 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/06/23 05:46:53.0843 0668 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/06/23 05:46:53.0875 0668 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/06/23 05:46:53.0968 0668 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys

2011/06/23 05:46:54.0031 0668 nmwcd (28e36e677849174c910faaead3e60e9e) C:\WINDOWS\system32\drivers\ccdcmb.sys

2011/06/23 05:46:54.0062 0668 nmwcdc (3823deb17f9f6775de0187a98fa0536d) C:\WINDOWS\system32\drivers\ccdcmbo.sys

2011/06/23 05:46:54.0109 0668 nmwcdnsu (496f34fb30dd541350b29558842cd42a) C:\WINDOWS\system32\drivers\nmwcdnsu.sys

2011/06/23 05:46:54.0156 0668 nmwcdnsuc (99fbb538789888e6a48b902417f68dd4) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys

2011/06/23 05:46:54.0218 0668 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/06/23 05:46:54.0250 0668 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/06/23 05:46:54.0296 0668 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/06/23 05:46:54.0359 0668 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/06/23 05:46:54.0375 0668 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/06/23 05:46:54.0453 0668 oxpar (dab162a9890d6e127357bafdda60b2e0) C:\WINDOWS\system32\DRIVERS\oxpar.sys

2011/06/23 05:46:54.0484 0668 P3 (cecb679633523ac5eb7eb85f92dcd806) C:\WINDOWS\system32\DRIVERS\p3.sys

2011/06/23 05:46:54.0562 0668 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/06/23 05:46:54.0609 0668 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/06/23 05:46:54.0656 0668 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/06/23 05:46:54.0718 0668 PARXPORT (fb29ba96a0893516035e9100cdbeefd8) C:\WINDOWS\system32\DRIVERS\parxport.sys

2011/06/23 05:46:54.0781 0668 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys

2011/06/23 05:46:54.0828 0668 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/06/23 05:46:54.0875 0668 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/06/23 05:46:54.0937 0668 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/06/23 05:46:55.0109 0668 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/06/23 05:46:55.0140 0668 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/06/23 05:46:55.0296 0668 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/06/23 05:46:55.0343 0668 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/06/23 05:46:55.0359 0668 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/06/23 05:46:55.0437 0668 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/06/23 05:46:55.0500 0668 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/06/23 05:46:55.0578 0668 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/06/23 05:46:55.0625 0668 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/06/23 05:46:55.0656 0668 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/06/23 05:46:55.0687 0668 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/06/23 05:46:55.0734 0668 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/06/23 05:46:55.0812 0668 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/06/23 05:46:55.0843 0668 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/06/23 05:46:55.0890 0668 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/06/23 05:46:55.0953 0668 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/06/23 05:46:55.0984 0668 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/06/23 05:46:56.0062 0668 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/06/23 05:46:56.0109 0668 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/06/23 05:46:56.0171 0668 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/06/23 05:46:56.0265 0668 RTL8023xp (c8b370b2b520ac1b8bc66203fcec73db) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

2011/06/23 05:46:56.0343 0668 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/06/23 05:46:56.0421 0668 Sentinel (aebba7428a6c40cce3c5abde45190b24) C:\WINDOWS\System32\Drivers\SENTINEL.SYS

2011/06/23 05:46:56.0515 0668 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/06/23 05:46:56.0593 0668 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/06/23 05:46:56.0656 0668 sermouse (18ea7d0a8c734e7eb0b925900eb688f3) C:\WINDOWS\system32\DRIVERS\sermouse.sys

2011/06/23 05:46:56.0750 0668 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/06/23 05:46:56.0859 0668 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/06/23 05:46:56.0937 0668 SNTNLUSB (a1ff7d99b199cea1f3df371ba70d2780) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS

2011/06/23 05:46:57.0000 0668 SNXPCARD (53c9845ba14bc6dd01f65da4ca9cc898) C:\WINDOWS\system32\DRIVERS\snxpcard.sys

2011/06/23 05:46:57.0031 0668 SNXPPALX (94e241365f6fc4b35d2740c4b90de591) C:\WINDOWS\system32\DRIVERS\snxppalx.sys

2011/06/23 05:46:57.0187 0668 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/06/23 05:46:57.0265 0668 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/06/23 05:46:57.0343 0668 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/06/23 05:46:57.0406 0668 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/06/23 05:46:57.0578 0668 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2011/06/23 05:46:57.0656 0668 StillCam (3f669c9fc6411bdbc0155544aa876e46) C:\WINDOWS\system32\DRIVERS\serscan.sys

2011/06/23 05:46:57.0718 0668 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/06/23 05:46:57.0781 0668 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/06/23 05:46:57.0859 0668 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/06/23 05:46:57.0890 0668 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/06/23 05:46:58.0000 0668 SymEvent (afdcf8008d0ffe23f42071c1540f35e7) C:\Program Files\Symantec\SYMEVENT.SYS

2011/06/23 05:46:58.0046 0668 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/06/23 05:46:58.0078 0668 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/06/23 05:46:58.0125 0668 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/06/23 05:46:58.0234 0668 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/06/23 05:46:58.0281 0668 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/06/23 05:46:58.0312 0668 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/06/23 05:46:58.0359 0668 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/06/23 05:46:58.0453 0668 TosIde (b411668322c3bf4e690888706b999679) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/06/23 05:46:58.0515 0668 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys

2011/06/23 05:46:58.0609 0668 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/06/23 05:46:58.0796 0668 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/06/23 05:46:58.0859 0668 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/06/23 05:46:58.0921 0668 upperdev (b1b8bee26227dad9835019201552cb05) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys

2011/06/23 05:46:59.0000 0668 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/06/23 05:46:59.0062 0668 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/06/23 05:46:59.0140 0668 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/06/23 05:46:59.0203 0668 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/06/23 05:46:59.0281 0668 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/06/23 05:46:59.0312 0668 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/06/23 05:46:59.0375 0668 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/06/23 05:46:59.0421 0668 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys

2011/06/23 05:46:59.0468 0668 UsbserFilt (98e1ff1d732c6c7200b6c59d4ff8c1c3) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys

2011/06/23 05:46:59.0531 0668 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/06/23 05:46:59.0593 0668 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/06/23 05:46:59.0656 0668 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/06/23 05:46:59.0734 0668 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/06/23 05:46:59.0781 0668 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/06/23 05:46:59.0812 0668 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/06/23 05:46:59.0875 0668 vsbus (1c8a783e90c34d205596f1ab4a97e261) C:\WINDOWS\system32\DRIVERS\vsb.sys

2011/06/23 05:46:59.0937 0668 vserial (3377daa1cb8cac46a538c236f5f3d58f) C:\WINDOWS\system32\DRIVERS\vserial.sys

2011/06/23 05:47:00.0015 0668 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/06/23 05:47:00.0109 0668 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

2011/06/23 05:47:00.0203 0668 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/06/23 05:47:00.0515 0668 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2011/06/23 05:47:00.0609 0668 WudfPf (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/06/23 05:47:00.0687 0668 WudfRd (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/06/23 05:47:01.0046 0668 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0

2011/06/23 05:47:01.0062 0668 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/06/23 05:47:01.0093 0668 MBR (0x1B8) (1fc5d4bacddb5998bf5cb385d54eaaf4) \Device\Harddisk1\DR2

2011/06/23 05:47:01.0312 0668 ================================================================================

2011/06/23 05:47:01.0312 0668 Scan finished

2011/06/23 05:47:01.0312 0668 ================================================================================

2011/06/23 05:47:01.0343 1624 Detected object count: 1

2011/06/23 05:47:01.0343 1624 Actual detected object count: 1

2011/06/23 05:47:12.0500 1624 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/06/23 05:47:12.0500 1624 \Device\Harddisk0\DR0 - ok

2011/06/23 05:47:12.0500 1624 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure

2011/06/23 05:48:00.0171 0824 Deinitialize success

 

maintenant ca reboot je te fais l'autre scan.

[ero-sennin]

le scan:

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

 

Mis à jour par TeamXscript le 12/04/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

Site web: http://www.teamxscript.org

 

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 06:00:54 le 23/06/2011, Mode normal

 

Microsoft Windows XP Professionnel Service Pack 3 (X86)

Administrateur@BASCULE ( )

 

============== RECHERCHE ==============

 

 

Fichier trouvé: C:\WINDOWS\system32\ConduitEngine.tmp

Dossier trouvé: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Conduit

Dossier trouvé: C:\Program Files\Conduit

Dossier trouvé: C:\Documents and Settings\Administrateur\Local Settings\Application Data\ConduitEngine

Dossier trouvé: C:\Program Files\ConduitEngine

 

Clé trouvée: HKLM\Software\Classes\CLSID\{0D7C08E0-D594-40B1-BEF4-DB640B1C26C6}

Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0D7C08E0-D594-40B1-BEF4-DB640B1C26C6}

Clé trouvée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}

Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}

Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}

Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

Clé trouvée: HKLM\Software\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

Clé trouvée: HKLM\Software\Classes\Conduit.Engine

Clé trouvée: HKLM\Software\Classes\Toolbar.CT2643111

Clé trouvée: HKLM\Software\Conduit

Clé trouvée: HKLM\Software\conduitEngine

Clé trouvée: HKLM\Software\Live-Player

Clé trouvée: HKCU\Software\Conduit

Clé trouvée: HKCU\Software\conduitEngine

Clé trouvée: HKCU\Software\Grand Virtual

Clé trouvée: HKCU\Software\Live-Player

Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{983A6E07-3E26-4675-8038-241453C26C70}

 

 

============== SCAN ADDITIONNEL ==============

 

**** Mozilla Firefox Version [4.0.1 (fr)] ****

 

Plugins\npdeployJava1.dll (Oracle)

HKLM_MozillaPlugins\Adobe Reader (x)

Searchplugins\bing.xml ( hxxp://www.bing.com/search)

Components\browsercomps.dll (Mozilla Foundation)

 

-- C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\75rakxfh.default --

Extensions\plugin@yontoo.com (Yontoo Layers)

Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Administrateur\\Mes documents\\Téléchargements

Prefs.js - browser.search.defaultenginename, MyStart Rechercher

Prefs.js - browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

Prefs.js - browser.startup.homepage, hxxp://news.google.fr/

Prefs.js - browser.startup.homepage_override.buildID, 20110413222027

Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1

Prefs.js - keyword.URL, hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=

 

========================================

 

**** Google Chrome Version [3.0.195.27] ****

 

 

-- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default --

Preferences - default_search_provider: "Google" (Activé: ) (?)

Preferences - urls_to_restore_on_startup:

 

========================================

 

**** Internet Explorer Version [8.0.6001.18702] ****

 

HKCU_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU_Main|Start Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157

HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Start Page - hxxp://fr.msn.com/

HKCU_URLSearchHooks|{d0b1518e-3e45-4d16-a23b-4d90ef938e44} - "Audacity-tools Toolbar" (C:\Program Files\Audacity-tools\prxtbAud0.dll)

HKCU_Toolbar\WebBrowser|{D0B1518E-3E45-4D16-A23B-4D90EF938E44} (C:\Program Files\Audacity-tools\prxtbAud0.dll)

HKLM_Toolbar|{d0b1518e-3e45-4d16-a23b-4d90ef938e44} (C:\Program Files\Audacity-tools\prxtbAud0.dll)

HKLM_ElevationPolicy\{3B5FED79-25A0-489A-A789-608C11C1373B} - C:\Program Files\Audacity-tools\Audacity-toolsToolbarHelper1.exe (?)

HKLM_ElevationPolicy\{983A6E07-3E26-4675-8038-241453C26C70} - C:\Program Files\ConduitEngine\ConduitEngineHelper.exe (?)

HKLM_ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} - C:\Program Files\Java\jre6\bin\ssvagent.exe (Oracle)

HKLM_ElevationPolicy\{CD45A71A-0D21-4A90-AFD3-6B067EEE3F9B} - C:\Documents and Settings\Administrateur\Local Settings\Application Data\Conduit\CT2643111\Audacity-toolsAutoUpdaterHelper.exe (?)

HKLM_Extensions\{90EAE591-7E7E-434a-8E28-ECFD00071806} - "PokerStars.fr" (C:\Program Files\PokerStars.FR\main.ico)

HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)

BHO\{02478D38-C3F9-4efb-9B51-7695ECA05670} (?)

BHO\{30F9B915-B755-4826-820B-08FBA6BD249D} - "Conduit Engine " (C:\Program Files\ConduitEngine\prxConduitEngine.dll)

BHO\{d0b1518e-3e45-4d16-a23b-4d90ef938e44} - "Audacity-tools Toolbar" (C:\Program Files\Audacity-tools\prxtbAud0.dll)

 

========================================

 

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)

C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)

 

C:\Ad-Report-SCAN[1].txt - 23/06/2011 06:00:59 (783 Octet(s))

 

Fin à: 06:01:55, 23/06/2011

 

============== E.O.F ==============

 

clean:

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

 

Mis à jour par TeamXscript le 12/04/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

Site web: http://www.teamxscript.org

 

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 06:03:19 le 23/06/2011, Mode normal

 

Microsoft Windows XP Professionnel Service Pack 3 (X86)

Administrateur@BASCULE ( )

 

============== ACTION(S) ==============

 

 

Fichier supprimé: C:\WINDOWS\system32\ConduitEngine.tmp

Dossier supprimé: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Conduit

Dossier supprimé: C:\Program Files\Conduit

Dossier supprimé: C:\Documents and Settings\Administrateur\Local Settings\Application Data\ConduitEngine

Dossier supprimé: C:\Program Files\ConduitEngine

 

(!) -- Fichiers temporaires supprimés.

 

 

Clé supprimée: HKLM\Software\Classes\CLSID\{0D7C08E0-D594-40B1-BEF4-DB640B1C26C6}

Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0D7C08E0-D594-40B1-BEF4-DB640B1C26C6}

Clé supprimée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}

Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}

Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}

Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

Clé supprimée: HKLM\Software\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

Clé supprimée: HKLM\Software\Classes\Conduit.Engine

Clé supprimée: HKLM\Software\Classes\Toolbar.CT2643111

Clé supprimée: HKLM\Software\Conduit

Clé supprimée: HKLM\Software\conduitEngine

Clé supprimée: HKLM\Software\Live-Player

Clé supprimée: HKCU\Software\Conduit

Clé supprimée: HKCU\Software\conduitEngine

Clé supprimée: HKCU\Software\Grand Virtual

Clé supprimée: HKCU\Software\Live-Player

Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{983A6E07-3E26-4675-8038-241453C26C70}

 

 

============== SCAN ADDITIONNEL ==============

 

**** Mozilla Firefox Version [4.0.1 (fr)] ****

 

Plugins\npdeployJava1.dll (Oracle)

HKLM_MozillaPlugins\Adobe Reader (x)

Searchplugins\bing.xml ( hxxp://www.bing.com/search)

Components\browsercomps.dll (Mozilla Foundation)

 

-- C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\75rakxfh.default --

Extensions\plugin@yontoo.com (Yontoo Layers)

Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Administrateur\\Mes documents\\Téléchargements

Prefs.js - browser.search.defaultenginename, MyStart Rechercher

Prefs.js - browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

Prefs.js - browser.startup.homepage, hxxp://news.google.fr/

Prefs.js - browser.startup.homepage_override.buildID, 20110413222027

Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1

Prefs.js - keyword.URL, hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=

 

========================================

 

**** Google Chrome Version [3.0.195.27] ****

 

 

-- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default --

Preferences - default_search_provider: "Google" (Activé: ) (?)

Preferences - urls_to_restore_on_startup:

 

========================================

 

**** Internet Explorer Version [8.0.6001.18702] ****

 

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896

HKCU_Main|Start Page - hxxp://fr.msn.com/

HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm

HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Start Page - hxxp://fr.msn.com/

HKCU_URLSearchHooks|{d0b1518e-3e45-4d16-a23b-4d90ef938e44} - "Audacity-tools Toolbar" (C:\Program Files\Audacity-tools\prxtbAud0.dll)

HKCU_Toolbar\WebBrowser|{D0B1518E-3E45-4D16-A23B-4D90EF938E44} (C:\Program Files\Audacity-tools\prxtbAud0.dll)

HKLM_Toolbar|{d0b1518e-3e45-4d16-a23b-4d90ef938e44} (C:\Program Files\Audacity-tools\prxtbAud0.dll)

HKLM_ElevationPolicy\{3B5FED79-25A0-489A-A789-608C11C1373B} - C:\Program Files\Audacity-tools\Audacity-toolsToolbarHelper1.exe (?)

HKLM_ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} - C:\Program Files\Java\jre6\bin\ssvagent.exe (Oracle)

HKLM_ElevationPolicy\{CD45A71A-0D21-4A90-AFD3-6B067EEE3F9B} - C:\Documents and Settings\Administrateur\Local Settings\Application Data\Conduit\CT2643111\Audacity-toolsAutoUpdaterHelper.exe (x)

HKLM_Extensions\{90EAE591-7E7E-434a-8E28-ECFD00071806} - "PokerStars.fr" (C:\Program Files\PokerStars.FR\main.ico)

HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)

BHO\{02478D38-C3F9-4efb-9B51-7695ECA05670} (?)

BHO\{d0b1518e-3e45-4d16-a23b-4d90ef938e44} - "Audacity-tools Toolbar" (C:\Program Files\Audacity-tools\prxtbAud0.dll)

 

========================================

 

C:\Program Files\Ad-Remover\Quarantine: 15 Fichier(s)

C:\Program Files\Ad-Remover\Backup: 14 Fichier(s)

 

C:\Ad-Report-CLEAN[1].txt - 23/06/2011 06:03:25 (838 Octet(s))

C:\Ad-Report-SCAN[1].txt - 23/06/2011 06:00:59 (5525 Octet(s))

 

Fin à: 06:04:36, 23/06/2011

 

============== E.O.F ==============

 

a noté que entre les 2 j'ai été obligé de re-téléchargé le log.

Modifié le 23 juin 2011 par ero-sennin

[Apollo]

Bonjour,

 

Télécharge TFC par OldTimer et enregistre-le sur le bureau.

 

• Fais un double clic sur TFC.exe pour le lancer. (Note: Si tu es sous Vista/7, fais un clic droit sur le fichier et choisis Exécuter en tant qu'Administrateur).
  
• L'outil va fermer tous les programmes lors de son exécution, donc vérifie que tu as sauvegardé tout ton travail en cours avant de commencer.
  
• Clique sur le bouton Start pour lancer le processus. Selon la fréquence à laquelle tu supprimes tes fichiers temporaires, cela peut durer de quelques secondes à une minute ou deux. Laisse le programme s'exécuter sans l'interrompre.
  
• Lorsqu'il a terminé, l'outil devrait faire redémarrer ton système. S'il ne le fait pas, fais redémarrer manuellement le PC pour parachever le nettoyage.

 

~~~~~~~~~~~~~~~~~

Télécharge Malwarebytes' Anti-Malware (MBAM).

 

Malwarebytes : Malwarebytes Anti-Malware is a free download that removes viruses and malware from your computer clique pour la version FREE et enregistre l'exécutable sur le bureau.

 

Si MBAM est déjà installé, aller directement à la mise à jour puis à l'analyse.

 

Ce logiciel est à garder.

 

Uniquement en cas de problème de mise à jour:

 

Télécharger mises à jour MBAM

 

Exécute le fichier après l'installation de MBAM

 

Connecter les supports amovibles (clés usb etc.) avant de lancer l'analyse.

 

• Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  
• Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  
• Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  
• Sélectionne "Exécuter un examen complet"
  
• Clique sur "Rechercher"
  
• L'analyse démarre, le scan est relativement long, c'est normal.
  
• A la fin de l'analyse, un message s'affiche :

  L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  
• Ferme tes navigateurs.
  
• Si des malwares ont été détectés, clique sur Afficher les résultats.
  Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  
• MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

Si MBAM demande à redémarrer le pc, fais-le.

 

Si au redémarrage Windows te dit qu'il a bloqué certains programmes de démarrage, clique sur la bulle puis sur Exécuter les programmes bloqués/Malwarebytes Anti-Malware.

 

@++

[ero-sennin]

je suis en train de faire le scan MBAM je te le poste avant midi si c'est fini sinon demain.

Par contre petite question, as tu une idée ou j'ai attrapé ça? je fais relativement attention sur cet ordi(pas de téléchargement,pas de site "douteux"...) et qu'est ce qui ta mis sur la piste de TDSS?

Encore une question est ce que je dois changer les mot de passr de mes comptes mails et autres?

Merci

[Apollo]

Re,

 

et qu'est ce qui ta mis sur la piste de TDSS?

Déjà rien qu'à l'impossibilité d'héberger des rapports

 

Beh, à notre époque, on chope un rogue ou le rootkit TDSS rien qu'en surfant hein.

 

Mais il y a moyen d'éviter ça: perso, si je vois un message me disant que mon ordi est plein d'erreurs et d'infections, je ne clique sur rien, je ne ferme pas la fenêtre. J'ouvre le gestionnaire des tâches et je fais fin de tâche, tout bêtement...

 

Regarde l'exemple dans ma signature: "comment de pas se faire infecter par windows recovery", c'est un exemple de rogue. Clique sur le lien pour avoir l'explication.

 

@++

[ero-sennin]

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

 

Version de la base de données: 6923

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

23/06/2011 13:11:30

mbam-log-2011-06-23 (13-11-30).txt

 

Type d'examen: Examen complet (C:\|E:\|)

Elément(s) analysé(s): 362520

Temps écoulé: 2 heure(s), 10 minute(s), 11 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 1

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

c:\documents and settings\administrateur\Bureau\rk_quarantine\setup.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.

[Apollo]

Bonjour,

 

Comment va la machine?

 

Pour te répondre à propos des mots de passe, il vaut mieux les changer oui.

Tu devrais utiliser un manager de mots de passe qui les retiendra pour toi et qui surtout, les rend invisibles/cryptés.

 

Regarde ici (keypass): Apollo Et Compagnie Protéger son pc gratuitement.

 

Fais un nouveau scan ZHPDiag stp.

 

@++

[ero-sennin]

Rapport de ZHPDiag v1.27.2343 par Nicolas Coolman, Update du 22/06/2011

Run by Administrateur at 24/06/2011 13:12:02

Web site : ZHPDiag Outil de diagnostic

 

 

---\\ Web Browser

MSIE: Internet Explorer v8.0.6001.18702

MFIE: Mozilla Firefox 5.0 v (Defaut)

GCIE: Google Chrome v3.0.195.27

 

---\\ System Information

Windows XP Professional Service Pack 3 (Build 2600)

Processor: x86 Family 15 Model 6 Stepping 4, GenuineIntel

Operating System: 32 Bits

Boot mode: Normal (Normal boot)

Total RAM: 894.1 MB (41% free)

System Restore: Activé (Enable)

System drive C: has 42 GB (55%) free of 75 GB

 

---\\ Logged in mode

Computer Name: BASCULE

User Name: Administrateur

All Users Names: Utilisateur, SUPPORT_388945a0, HelpAssistant, ASPNET, Administrateur,

Unselected Option: O45,O61,O62,O65,O66,O82

Logged in as Administrator

 

---\\ Environnement Variables

%AppData%=C:\Documents and Settings\Administrateur\Application Data

%LocalAppData%=C:\Documents and Settings\Administrateur\Local Settings\Application Data

%StartMenu%=C:\Documents and Settings\Administrateur\Menu Démarrer

 

---\\ DOS/Devices

A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

C:\ Hard drive, Flash drive, Thumb drive (Free 42 Go of 75 Go)

D:\ CD-ROM drive (Not Inserted)

E:\ Floppy drive, Flash card reader, USB Key (Free 3 Go of 4 Go)

 

 

 

---\\ Security Center & Tools Informations

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableTaskMgr: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableRegistryTools: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK

 

 

 

---\\ Recherche particulière de fichiers génériques

[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 03:34:03.) -- C:\WINDOWS\Explorer.exe [1037824]

[MD5.42F5E14E33D79C236680468B1E4999F4] - (.Microsoft Corporation - Internet Extensions for Win32.) (.25/04/2011 17:06:11.) -- C:\WINDOWS\system32\wininet.dll [916480]

[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 03:34:28.) -- C:\WINDOWS\system32\Winlogon.exe [512000]

[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 19:40:30.) -- C:\WINDOWS\system32\drivers\atapi.sys [96512]

[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 20:15:53.) -- C:\WINDOWS\system32\drivers\ntfs.sys [574976]

 

 

 

---\\ Etat des fichiers cachés

~ Mes images (My Pictures) : 2/5

~ Mes musiques (My Musics) : 1/6

~ Mes Videos (My Videos) : 1/2

~ Mes Favoris (My Favorites) : 2/23

~ Mes Documents (My Documents) : 16/3638

~ Mon Bureau (My Desktop) : 2/188

~ Menu demarrer (Programs) : 6/54

~ Dossier utilisateur (AppData) : 2/3915

 

 

 

---\\ Processus lancés

[MD5.C4AFF249D5CA2713CD9E83715DBAE6CE] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [401408]

[MD5.A5BCBAF0477C4869B67E0195AEA4A9CD] - (.Avira GmbH - Antivirus Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [136360]

[MD5.A5F28C8E37B3D4F310F1B52F4DB4B47F] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe [140952]

[MD5.33F7659872C1C2CE295FBD1754B63957] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.EXE [16248320]

[MD5.43D3CAA08B2C5B491057D22915772661] - (.Symantec Corporation - Norton Ghost Start.) -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe [94208]

[MD5.64C4C17BF6A40FF1CD21205E6FD415B8] - (.ATI Technologies Inc. - CLI Application (Command Line Interface).) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE [45056]

[MD5.93DB1FF92B03D24738A71E6E4992DFD3] - (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [248552]

[MD5.2DFCB2393528446AEB9FB861A8FC39AB] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [421160]

[MD5.9D5E8B45BD348DF0882C69EED0E83111] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [281768]

[MD5.F6987FF6C6D683F79FDCE707B071A997] - (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe [955392]

[MD5.AD64BA3A75821E03C0049C7C20A90C99] - (.CANON INC. - Canon Advanced Printing Technology RPC Serv.) -- C:\WINDOWS\system32\CNAB3RPK.EXE [63112]

[MD5.A0FB385B6281D694F8930C2EF85C453E] - (.SEIKO EPSON CORPORATION - eEBAPI Core Process module.) -- C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe [90112]

[MD5.9E55BE76FD60425608D6CF433EEF7D5A] - (...) -- C:\Program Files\PROGRESS\bin\AdmSrvc.exe [20480]

[MD5.62F7FD637CE42ADDA3748E1B6E8780D2] - (.Avira GmbH - Antivirus On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [269480]

[MD5.5CD99ED69406C713F40EDEDB2E93B96F] - (...) -- C:\Program Files\PROGRESS\jre\bin\java.exe [20542]

[MD5.018857EAD9A077A56AEDFC0E5EF7A24A] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [37664]

[MD5.F832F1505AD8B83474BD9A5B1B985E01] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [345376]

[MD5.CDE000884FD7BAF0C1FDFE029B0891DE] - (.Avira GmbH - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [76968]

[MD5.BC9C77FAC763D84BFDF09B55D4B41AFA] - (.Symantec Corporation - Norton Ghost Start.) -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe [200704]

[MD5.E4AE0CBC0B55A5FAA6996E38CE6C981B] - (.Oracle - Java Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376]

[MD5.EC60491A5FF57700F10FE0403F7DCAD4] - (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [366640]

[MD5.FD306FBCCE7ADB1077B709742E7148E9] - (...) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096]

[MD5.83D4D1B5834E9EFC546461F728861018] - (...) -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\NVIDIA Corporation\Update\daemonupd.exe [19456]

[MD5.D2F4F32B59440011174B4F8137AF4E0C] - (.Microsoft Corporation - SQL Server VSS Writer.) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [87904]

[MD5.0CA8C2E721617AA2F923A8151C96FB33] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [820008]

[MD5.83359E96CB692787E555DA6A98B0832B] - (...) -- C:\Program Files\PROGRESS\bin\prowin32.exe [19592]

[MD5.5A4DA252B2C0550AB83D129C02CF6C19] - (.Microsoft Corporation - Service de cliché instantané de volumes Mic.) -- C:\WINDOWS\System32\vssvc.exe [295424]

[MD5.0DAD93BB0FECF5016AE3C06CBB0A873B] - (.Microsoft Corporation - COM Surrogate.) -- C:\WINDOWS\system32\dllhost.exe [5120]

[MD5.3146161FDD10943C81E49ACF3E2ACBE9] - (.Microsoft Corporation - NTVDM.EXE.) -- C:\WINDOWS\system32\ntvdm.exe [421888]

[MD5.AD09A367BF5EDAF9FEBC141668B3E1C1] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [660480]

[MD5.16190230DB16E8E6155E21ABD1E6AEC9] - (.Mozilla Messaging - Thunderbird.) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe [12594352]

 

 

 

---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)

C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\75rakxfh.default\prefs.js

M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml

M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml

M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml

M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml

M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml

M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml

M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml

P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.0.) -- C:\Program Files\Mozilla Firefox\Plugins\np32dsw.dll

P2 - FPN:Firefox Plugin Navigator . (.Oracle - NPRuntime Script Plug-in Library for Java Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll

P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape "9.4.5".) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin2.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin3.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin4.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin5.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin6.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin7.dll

P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.0.) -- C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

P2 - FPN: [HKLM] [@Apple.com/iTunes,version=1.0] - (...) -- C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) -- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Oracle - Next Generation Java Plug-in 1.6.0_21 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.60531.0.) -- c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=14.0.8081.0709] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape "9.4.5".) -- C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

P2 - FPN: [HKCU] [@adobe.com/FlashPlayer] - (...) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=8] - (.Google Inc. - Google Update.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll

M0 - MFSP: prefs.js [Administrateur - 75rakxfh.default] Google Actualités

M2 - MFEP: prefs.js [Administrateur - 75rakxfh.default\plugin@yontoo.com] [] Yontoo Layers v1.20.00 (.Yontoo LLC.)

M2 - MFEP: prefs.js [Administrateur - 75rakxfh.default\{20a82645-c095-46ed-80e3-08825760534b}] [MicrosoftCG] Microsoft .NET Framework Assistant v1.2.1 (.Microsoft.)

 

 

 

---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

G1 - GCS: Preference [user Data\Default] None

G0 - GCSP: Preference [user Data\Default][HomePage] Google Actualités

 

 

 

---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R0 - HKUS\S-1-5-21-1002427806-3131019563-1079468491-500\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Microsoft Corporation

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Microsoft Corporation

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Microsoft Corporation

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Search Microsoft.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Microsoft Corporation

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.19072 (longhorn_ie8_gdr.110420-1700)) -- C:\WINDOWS\system32\ieframe.dll

R3 - URLSearchHook: Audacity-tools Toolbar - {d0b1518e-3e45-4d16-a23b-4d90ef938e44} . (.Conduit Ltd. - Conduit Toolbar.) (6.3.2.0) -- C:\Program Files\Audacity-tools\prxtbAud0.dll

R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1

 

 

 

---\\ Internet Explorer, Proxy Management (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

 

 

 

---\\ ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,

F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"

 

 

 

---\\ Browser Helper Objects de navigateur (O2)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} Clé orpheline

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Audacity-tools - {d0b1518e-3e45-4d16-a23b-4d90ef938e44} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Audacity-tools\prxtbAud0.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Oracle - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Oracle - Java Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

 

 

 

---\\ Internet Explorer Toolbars (O3)

O3 - Toolbar: Audacity-tools Toolbar - {d0b1518e-3e45-4d16-a23b-4d90ef938e44} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Audacity-tools\prxtbAud0.dll

 

 

 

---\\ ---\\ Applications démarrées par registre & par dossier (O4)

O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe

O4 - HKLM\..\Run: [skyTel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\WINDOWS\SkyTel.exe

O4 - HKLM\..\Run: [Alcmtr] . (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) -- C:\WINDOWS\ALCMTR.exe

O4 - HKLM\..\Run: [ATICCC] . (...) -- C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe

O4 - HKLM\..\Run: [GhostStartTrayApp] . (.Symantec Corporation - Norton Ghost Start.) -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] . (.Microsoft Corporation - Microsoft IME.) -- C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

O4 - HKLM\..\Run: [iMEKRMIG6.1] . (.Microsoft Corporation - Microsoft Korean IME 2002.) -- C:\WINDOWS\ime\imkr6_1\IMEKRMIG.exe

O4 - HKLM\..\Run: [MSPY2002] . (...) -- C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe

O4 - HKLM\..\Run: [PHIME2002ASync] . (.Microsoft Corporation - ???????? 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

O4 - HKLM\..\Run: [PHIME2002A] . (.Microsoft Corporation - ???????? 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

O4 - HKLM\..\Run: [KernelFaultCheck] Clé orpheline

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe

O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [superCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] . (.Microsoft Corporation - Watson Subscriber for SENS Network Notifica.) -- C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe

O4 - HKUS\S-1-5-18\..\Run: [AMService] C:\WINDOWS\TEMP\wppkgx\setup.exe (.not file.)

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] . (.Microsoft Corporation - Watson Subscriber for SENS Network Notifica.) -- C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe

O4 - HKUS\S-1-5-18\..\Run: [AMService] C:\WINDOWS\TEMP\wppkgx\setup.exe (.not file.)

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe

O4 - HKUS\S-1-5-21-1002427806-3131019563-1079468491-500\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-1002427806-3131019563-1079468491-500\..\Run: [superCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Démarrage\EPSON Status Monitor 3 Environment Check 2.lnk . (.SEIKO EPSON CORPORATION.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe

 

 

 

---\\ ---\\ Autres liens utilisateurs (O4)

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe Reader 9.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A94000000001}\SC_Reader.ico

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Apple Software Update.lnk . (...) -- C:\WINDOWS\Installer\{C41300B9-185D-475E-BFEC-39EF732F19B1}\AppleSoftwareUpdateIco.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Inkscape.lnk . (.inkscape.org.) -- C:\Program Files\Inkscape\inkscape.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Safari.lnk . (...) -- C:\WINDOWS\Installer\{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}\SafariIco.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Symantec pcAnywhere.LNK . (.Symantec Corporation.) -- C:\Program Files\Symantec\pcAnywhere\winaw32.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Movie Maker.lnk . (.Microsoft Corporation.) -- C:\Program Files\Movie Maker\moviemk.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Search.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O4 - Global Startup: C:\Documents And Settings\Administrateur\Menu Démarrer\Programmes\Assistance à distance.lnk . (.Microsoft Corporation.) -- C:\WINDOWS\system32\rcimlby.exe

O4 - Global Startup: C:\Documents And Settings\Administrateur\Menu Démarrer\Programmes\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Documents And Settings\Administrateur\Menu Démarrer\Programmes\Outlook Express.lnk . (.Microsoft Corporation.) -- C:\Program Files\Outlook Express\msimn.exe

O4 - Global Startup: C:\Documents And Settings\Administrateur\Menu Démarrer\Programmes\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe

 

 

 

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)

O9 - Extra button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} -- C:\Program Files\PokerStars.FR\main.ico (.not file.)

O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- C:\Program Files\PokerStars.FR\main.ico (.not file.)

O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe

 

 

 

---\\ Winsock hijacker (Layered Service Provider) (O10)

O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll

O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll

O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll

O10 - WLSP:\000000000004\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files\Bonjour\mdnsNSP.dll

 

 

 

---\\ Piratage de l'Option 'Rétablir les paramètres Web' (O14)

O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

 

 

 

---\\ Objets ActiveX (Downloaded Program Files)(O16)

O16 - DPF: Microsoft XML Parser for Java - (Microsoft XML Parser for Java) - (.not file.) - C:\WINDOWS\Java\classes\xmldso.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207725063500

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211262261125

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

 

 

 

---\\ Modification Domaine/Adresses DNS (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{8C696093-235E-4402-ADA6-32B632AF437F}: DhcpNameServer = 212.27.40.240 212.27.40.241

O17 - HKLM\System\CS1\Services\Tcpip\..\{8C696093-235E-4402-ADA6-32B632AF437F}: DhcpNameServer = 212.27.40.240 212.27.40.241

O17 - HKLM\System\CS2\Services\Tcpip\..\{8C696093-235E-4402-ADA6-32B632AF437F}: DhcpNameServer = 212.27.40.240 212.27.40.241

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241

 

 

 

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)

O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\Windows\System32\Ati2evxx.dll

O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\Windows\System32\crypt32.dll

O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\Windows\System32\cryptnet.dll

O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\Windows\System32\cscdll.dll

O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll

O20 - Winlogon Notify: PCANotify . (.Symantec Corporation - Winlogon Notification package.) -- C:\Windows\System32\PCANotify.dll

O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll

O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll

O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\Windows\System32\sclgntfy.dll

O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\WlNotify.dll

O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll

O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\Windows\System32\WgaLogon.dll

O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll

 

 

 

---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} . (.Microsoft Corporation - Moniteur et dossier UPNP Tray.) -- C:\WINDOWS\system32\upnpui.dll

 

 

 

---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)

O22 - SharedTaskScheduler: (no name) - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll

 

 

 

---\\ Liste des services NT non Microsoft et non désactivés (O23)

O23 - Service: AdminService for PROGRESS 9.1D (AdminService9.1D) . (...) - C:\Program Files\PROGRESS\bin\AdmSrvc.exe

O23 - Service: AMService (AMService) . (...) - C:\WINDOWS\TEMP\wppkgx\setup.exe (.not file.)

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device (Apple Mobile Device) . (.Apple Inc. - MobileDeviceService.) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: (Ati HotKey Poller) . (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Service Bonjour (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: EpsonBidirectionalService (EpsonBidirectionalService) . (.SEIKO EPSON CORPORATION - eEBAPI Core Process module.) - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe

O23 - Service: GhostStartService (GhostStartService) . (.Symantec Corporation - Norton Ghost Start.) - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

O23 - Service: Service Google Update (gupdate1c9a8607c225e66) (gupdate1c9a8607c225e66) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Oracle - Java Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NMSAccessU (NMSAccessU) . (...) - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Update Service (nvUpdService) . (...) - C:\Documents and Settings\NetworkService\Local Settings\Application Data\NVIDIA Corporation\Update\daemonupd.exe

 

 

 

---\\ Enumération Active Desktop & MHTML Editor (O24)

O24 - Default MHTML Editor: Last - .(...) - (.not file.)

 

 

 

---\\ Tâches planifiées en automatique (O39)

O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{E9AEF152-64B6-4746-A11D-B5CF6BC46F63}.job

[MD5.626A24ED1228580B9518C01930936DF9] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe

[MD5.626A24ED1228580B9518C01930936DF9] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe

 

 

 

---\\ Pilotes lancés au démarrage (O41)

O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys

O41 - Driver: (avgio) . (.Avira GmbH - Avira AntiVir Support for Minifilter.) - C:\Program Files\Avira\AntiVir Desktop\avgio.sys

O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for Security Enhancement.) - C:\WINDOWS\System32\DRIVERS\avipbb.sys

O41 - Driver: (awlegacy) . (.Symantec Corporation - pcAnywhere Legacy Driver.) - C:\WINDOWS\system32\Drivers\awlegacy.sys

O41 - Driver: (AW_HOST) . (.Symantec Corporation - pcAnywhere Host Driver for Windows 2000.) - C:\WINDOWS\System32\drivers\aw_host5.sys

O41 - Driver: (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\WINDOWS\System32\DRIVERS\cdrom.sys

O41 - Driver: (GhPciScan) . (.Symantec Corporation - Symantec Ghost PCI Scanner Kernal Mode Driv.) - C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys

O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\WINDOWS\System32\DRIVERS\i8042prt.sys

O41 - Driver: (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\WINDOWS\System32\DRIVERS\imapi.sys

O41 - Driver: (intelppm) . (.Microsoft Corporation - Pilote de périphérique processeur.) - C:\WINDOWS\System32\DRIVERS\intelppm.sys

O41 - Driver: (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\WINDOWS\System32\DRIVERS\ipsec.sys

O41 - Driver: (Kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\WINDOWS\System32\DRIVERS\kbdclass.sys

O41 - Driver: (kbdhid) . (.Microsoft Corporation - Pilote de filtre souris HID.) - C:\WINDOWS\System32\DRIVERS\kbdhid.sys

O41 - Driver: (Mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\WINDOWS\System32\DRIVERS\mouclass.sys

O41 - Driver: (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\WINDOWS\System32\DRIVERS\mrxsmb.sys

O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\WINDOWS\System32\DRIVERS\netbios.sys

O41 - Driver: (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\WINDOWS\System32\DRIVERS\netbt.sys

O41 - Driver: (oxpar) . (.OEM - OXPCI Parallel Port Driver.) - C:\WINDOWS\System32\DRIVERS\oxpar.sys

O41 - Driver: (P3) . (.Microsoft Corporation - Pilote de périphérique processeur.) - C:\WINDOWS\System32\DRIVERS\p3.sys

O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\WINDOWS\System32\DRIVERS\rasacd.sys

O41 - Driver: (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\WINDOWS\System32\DRIVERS\rdbss.sys

O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\WINDOWS\System32\DRIVERS\RDPCDD.sys

O41 - Driver: (redbook) . (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) - C:\WINDOWS\System32\DRIVERS\redbook.sys

O41 - Driver: (Serial) . (.Microsoft Corporation - Pilote de périphérique série.) - C:\WINDOWS\System32\DRIVERS\serial.sys

O41 - Driver: (ssmdrv) . (.Avira GmbH - AVIRA SnapShot Driver.) - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys

O41 - Driver: (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\WINDOWS\System32\DRIVERS\tcpip.sys

O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\WINDOWS\System32\DRIVERS\termdd.sys

O41 - Driver: Carte vidéo VGA. (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys

 

 

 

---\\ Logiciels installés (O42)

O42 - Logiciel: "GNU gdb 5.2.1" - (.MinGW.) [HKLM] -- SOURCE-NAVIGATOR_is1

O42 - Logiciel: 7-Zip 4.57 - (.Pas de propriétaire.) [HKLM] -- 7-Zip

O42 - Logiciel: ATI Catalyst Control Center - (.Pas de propriétaire.) [HKLM] -- {6D95960A-1DA7-43D2-AE9B-17CAFE20C6A5}

O42 - Logiciel: ATI Display Driver - (.Pas de propriétaire.) [HKLM] -- ATI Display Driver

O42 - Logiciel: ActivePerl 5.8.9 Build 827 - (.ActiveState.) [HKLM] -- {7AC5676E-F31F-4D1F-817F-1D313AE67928}

O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin

O42 - Logiciel: Adobe Flash Player ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX

O42 - Logiciel: Adobe Reader 9.4.5 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A94000000001}

O42 - Logiciel: Adobe Shockwave Player - (.Adobe Systems, Inc..) [HKLM] -- Adobe Shockwave Player

O42 - Logiciel: Advanced Port Scanner v1.3 - (.Pas de propriétaire.) [HKLM] -- Advanced Port Scanner v1.3

O42 - Logiciel: Analyseur MSXML 6.0 - (.Microsoft Corporation.) [HKLM] -- {5903C48B-E953-47B8-A651-B9222C483057}

O42 - Logiciel: Apple Application Support - (.Apple Inc..) [HKLM] -- {EE6097DD-05F4-4178-9719-D3170BF098E8}

O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM] -- {308B6AEA-DE50-4666-996D-0FA461719D6B}

O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] -- {C41300B9-185D-475E-BFEC-39EF732F19B1}

O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] -- {D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}

O42 - Logiciel: Audacity-tools Toolbar - (.Pas de propriétaire.) [HKLM] -- Audacity-tools Toolbar

O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM] -- Avira AntiVir Desktop

O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM] -- {2A981294-F14C-4F0F-9627-D793270922F8}

O42 - Logiciel: CCleaner (remove only) - (.Piriform.) [HKLM] -- CCleaner

O42 - Logiciel: CDBurnerXP - (.CDBurnerXP.) [HKLM] -- {7E265513-8CDA-4631-B696-F40D983F3B07}_is1

O42 - Logiciel: Canon LBP3000 - (.Pas de propriétaire.) [HKLM] -- Canon LBP3000

O42 - Logiciel: Chinese Traditional Fonts Support For Adobe Reader 9 - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-2448-0000-900000000003}

O42 - Logiciel: CodeBlocks - (.The Code::Blocks Team.) [HKCU] -- CodeBlocks

O42 - Logiciel: Debugging Tools for Windows (x86) - (.Microsoft Corporation.) [HKLM] -- {300A2961-B2B5-4889-9CB9-5C2A570D08AD}

O42 - Logiciel: EPSON Logiciel imprimante - (.Pas de propriétaire.) [HKLM] -- EPSON Printer and Utilities

O42 - Logiciel: Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français) - (.Microsoft Corporation.) [HKLM] -- {3380F354-C5F7-4E71-8F51-EEE6C3F06C62}

O42 - Logiciel: GDR 4053 for SQL Server Database Services 2005 ENU (KB970892) - (.Microsoft Corporation.) [HKLM] -- KB970892_SQL9

O42 - Logiciel: GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892) - (.Microsoft Corporation.) [HKLM] -- KB970892_SQLTools9

O42 - Logiciel: GIMP 2.6.10 - (.The GIMP Team.) [HKLM] -- WinGimp-2.0_is1

O42 - Logiciel: Galerie de photos Windows Live - (.Microsoft Corporation.) [HKLM] -- {B131E59D-202C-43C6-84C9-68F0C37541F1}

O42 - Logiciel: Google Chrome - (.Google Inc..) [HKCU] -- Google Chrome

O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

O42 - Logiciel: Google Earth - (.Google.) [HKLM] -- {B3FED300-806C-11E0-A0D0-B8AC6F97B88E}

O42 - Logiciel: Guide d'utilisation LX300+II_LX1170II - (.Pas de propriétaire.) [HKLM] -- Guide d'utilisation LX300+II_LX1170II

O42 - Logiciel: High Definition Audio - KB888111 - (.Microsoft Corporation.) [HKLM] -- KB888111WXPSP2

O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595

O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484

O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399) - (.Microsoft Corporation.) [HKLM] -- KB929399

O42 - Logiciel: Hotfix for Windows Media Format SDK (KB902344) - (.Microsoft Corporation.) [HKLM] -- KB902344

O42 - Logiciel: Hotfix for Windows XP (KB915800-v4) - (.Microsoft Corporation.) [HKLM] -- KB915800-v4

O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5

O42 - Logiciel: Hotfix for Windows XP (KB976002-v5) - (.Microsoft Corporation.) [HKLM] -- KB976002-v5

O42 - Logiciel: INEDI Version 4.00 - (.Pas de propriétaire.) [HKLM] -- INEDI400

O42 - Logiciel: ImgBurn 2.3.2.0 Fr - (.Pas de propriétaire.) [HKLM] -- {75ADEFA2-D4FF-4B37-9E93-4306E6AC176B}_is1

O42 - Logiciel: Inkscape 0.47 - (.Pas de propriétaire.) [HKLM] -- Inkscape

O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3

O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {46ABBC54-1872-4AA3-95E2-F2C063A63F31}

O42 - Logiciel: Java 6 Update 18 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216018F0}

O42 - Logiciel: Java 6 Update 21 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216021FF}

O42 - Logiciel: Lecteur Windows Media 11 - (.Pas de propriétaire.) [HKLM] -- Windows Media Player

O42 - Logiciel: LibreOffice 3.3 - (.LibreOffice.) [HKLM] -- {CEE2613D-3B53-4447-BA2D-E88C08272581}

O42 - Logiciel: LiveReg (Symantec Corporation) - (.Symantec Corporation.) [HKLM] -- LiveReg

O42 - Logiciel: LiveUpdate 1.80 (Symantec Corporation) - (.Symantec Corporation.) [HKLM] -- LiveUpdate

O42 - Logiciel: MSDN Library pour les éditions Microsoft Visual Studio 2008 Express - (.Microsoft Corporation.) [HKLM] -- MSDN Library for Microsoft Visual Studio 2008 Express Editions

O42 - Logiciel: MSVC80_x86_v2 - (.Nokia.) [HKLM] -- {6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}

O42 - Logiciel: MSVC90_x86 - (.Nokia.) [HKLM] -- {AF111648-99A1-453E-81DD-80DBBF6DAD0D}

O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

O42 - Logiciel: Malwarebytes' Anti-Malware version 1.51.0.1200 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1

O42 - Logiciel: Messenger Plus! Live - (.Patchou.) [HKLM] -- Messenger Plus! Live

O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Microsoft.) [HKLM] -- {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Pas de propriétaire.) [HKLM] -- Microsoft .NET Framework 1.1 (1033)

O42 - Logiciel: Microsoft .NET Framework 1.1 French Language Pack - (.Microsoft.) [HKLM] -- {9A394342-4A68-4EBA-85A6-55B559F4E700}

O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB2416447) - (.Pas de propriétaire.) [HKLM] -- M2416447

O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB979906) - (.Pas de propriétaire.) [HKLM] -- M979906

O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {72AD53CC-CCC0-3757-8480-9EE176866A7C}

O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {0BD83598-C2EF-3343-847B-7D2E84599128}

O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra - (.Microsoft Corporation.) [HKLM] -- {3E31821C-7917-367E-938E-E65FC413EA31}

O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1

O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP - (.Microsoft Corporation.) [HKLM] -- MSCompPackV1

O42 - Logiciel: Microsoft Document Explorer 2008 - (.Microsoft Corporation.) [HKLM] -- Microsoft Document Explorer 2008

O42 - Logiciel: Microsoft Document Explorer 2008 - (.Microsoft Corporation.) [HKLM] -- {6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}

O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs - (.Microsoft Corporation.) [HKLM] -- IDNMitigationAPIs

O42 - Logiciel: Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 - (.Microsoft Corporation.) [HKLM] -- Wdf01007

O42 - Logiciel: Microsoft National Language Support Downlevel APIs - (.Microsoft Corporation.) [HKLM] -- NLSDownlevelMapping

O42 - Logiciel: Microsoft SQL Server 2005 - (.Microsoft Corporation.) [HKLM] -- Microsoft SQL Server 2005

O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] - (.Microsoft Corporation.) [HKLM] -- {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

O42 - Logiciel: Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) - (.Microsoft Corporation.) [HKLM] -- {480DBB60-F0B6-45F2-B26F-1A2E11197791}

O42 - Logiciel: Microsoft SQL Server 2005 Tools Express Edition - (.Microsoft Corporation.) [HKLM] -- {3F59A7E0-BC01-4435-9E93-C7D7015C21DA}

O42 - Logiciel: Microsoft SQL Server Native Client - (.Microsoft Corporation.) [HKLM] -- {1E2DA2E2-ABCD-461E-AD01-3D85D61DE5F6}

O42 - Logiciel: Microsoft SQL Server VSS Writer - (.Microsoft Corporation.) [HKLM] -- {A30179B7-997A-4D47-AA43-57AE59A9C78B}

O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.5 - (.Microsoft Corporation.) [HKLM] -- Wudf01005

O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {770657D0-A123-3C07-8E44-1C83EC895118}

O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

O42 - Logiciel: Microsoft Visual C++ 2008 Express Edition - FRA - (.Microsoft Corporation.) [HKLM] -- {15473D70-D791-3B5E-B174-2FD19EC0D017}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 - (.Microsoft Corporation.) [HKLM] -- {86CE85E6-DBAC-3FFD-B977-E4B79F83C909}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 - (.Microsoft Corporation.) [HKLM] -- {FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 - (.Microsoft Corporation.) [HKLM] -- {9BE518E6-ECC6-35A9-88E4-87755C07200F}

O42 - Logiciel: Microsoft Visual C++ 2008 Express - Français - (.Microsoft Corporation.) [HKLM] -- Microsoft Visual C++ 2008 Express Edition - FRA

O42 - Logiciel: Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework - (.Microsoft.) [HKLM] -- {AB47EEE8-507B-331F-AA28-B7C7257F014C}

O42 - Logiciel: Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 - (.Microsoft Corporation.) [HKLM] -- {07FCBED5-94C3-4F94-B9D3-360FA27C7B06}

O42 - Logiciel: Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries - (.Microsoft Corporation.) [HKLM] -- {842FAF7C-50EF-4463-9B8F-6222E1384D7D}

O42 - Logiciel: Microsoft Windows SDK for Windows Server 2008 (6001.18000.367) - (.Microsoft Corporation.) [HKLM] -- SDKSetup_6.0.6001.18000

O42 - Logiciel: MinGW 3.4.2 - (.MinGW Binary Package Collection.) [HKLM] -- MinGW 3.4.2

O42 - Logiciel: Module de controle - (.Pas de propriétaire.) [HKLM] -- ST6UNST #1

O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - fra

O42 - Logiciel: Mozilla Firefox 5.0 (x86 fr) - (.Mozilla.) [HKLM] -- Mozilla Firefox 5.0 (x86 fr)

O42 - Logiciel: Mozilla Thunderbird (3.1.10) - (.Mozilla.) [HKLM] -- Mozilla Thunderbird (3.1.10)

O42 - Logiciel: Multimedia Tools - Audacity - (.Pas de propriétaire.) [HKLM] -- Multimedia Tools - Audacity

O42 - Logiciel: NetMos Multi-IO Controller - (.Pas de propriétaire.) [HKLM] -- NetMos Technology

O42 - Logiciel: Nokia Connectivity Cable Driver - (.Nokia.) [HKLM] -- {B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}

O42 - Logiciel: Norton Ghost - (.Symantec.) [HKLM] -- {6975E810-C92F-45F0-0BFD-187B312F10E8}

O42 - Logiciel: Notepad++ - (.Pas de propriétaire.) [HKLM] -- Notepad++

O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238}

O42 - Logiciel: PC Connectivity Solution - (.Nokia.) [HKLM] -- {7397EDED-F38A-4654-B669-BF61065803D0}

O42 - Logiciel: PROGRESS 9.1D - (.Pas de propriétaire.) [HKLM] -- PROGRESS 9.1D

O42 - Logiciel: Package de base Microsoft de service de chiffrement pour cartes à puce - (.Microsoft Corporation.) [HKLM] -- KB909520

O42 - Logiciel: Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) - (.Nokia.) [HKLM] -- 504244733D18C8F63FF584AEB290E3904E791693

O42 - Logiciel: PokerStars.fr - (.PokerStars.fr.) [HKLM] -- PokerStars.fr

O42 - Logiciel: Qt SDK 2010.02.1 - (.Nokia Corporation and/or its subsidiary(-ies).) [HKLM] -- Qt SDK 2010.02.1 - C:_Qt_2010.02.1

O42 - Logiciel: QuickPar 0.9 - (.Peter B. Clements.) [HKLM] -- QuickPar

O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM] -- {E7004147-2CCA-431C-AA05-2AB166B9785D}

O42 - Logiciel: REALTEK GbE & FE Ethernet PCI NIC Driver - (.Realtek.) [HKLM] -- {ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}

O42 - Logiciel: Realtek High Definition Audio Driver - (.Pas de propriétaire.) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}

O42 - Logiciel: Safari - (.Apple Inc..) [HKLM] -- {6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}

O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473

O42 - Logiciel: Security Update for Windows Search 4 - KB963093 - (.Microsoft Corporation.) [HKLM] -- KB963093

O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] -- {A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

O42 - Logiciel: Sentinel System Driver 5.41.1 (32-bit) - (.Rainbow Technologies.) [HKLM] -- {5081528F-5DD5-49BA-8213-9A6A13502497}

O42 - Logiciel: SuperCopier2 - (.Pas de propriétaire.) [HKLM] -- SuperCopier2

O42 - Logiciel: Symantec pcAnywhere - (.Symantec Corporation.) [HKLM] -- {D05E8183-866A-11D3-97DF-0000F8D8F2E9}

O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707

O42 - Logiciel: VLC media player 0.9.9 - (.VideoLAN Team.) [HKLM] -- VLC media player

O42 - Logiciel: Visual C++ 2008 x86 Runtime - (v9.0.30729) - (.Microsoft Corporation.) [HKLM] -- {F333A33D-125C-32A2-8DCE-5C5D14231E27}

O42 - Logiciel: Visual C++ 2008 x86 Runtime - v9.0.30729.01 - (.Microsoft Corporation.) [HKLM] -- {F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01

O42 - Logiciel: WBFS Manager 3.0 - (.AlexDP.) [HKLM] -- WBFS Manager 3.0

O42 - Logiciel: Winamp - (.Nullsoft, Inc.) [HKLM] -- Winamp

O42 - Logiciel: Windows Driver Package - Nokia Modem (02/15/2007 3.1) - (.Nokia.) [HKLM] -- 0C5EDC3653FED5B121F464339EAC12534D253B25

O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474) - (.Microsoft Corporation.) [HKLM] -- WgaNotify

O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130) - (.Microsoft Corporation.) [HKLM] -- KB892130

O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130) - (.Microsoft Corporation.) [HKLM] -- WGA

O42 - Logiciel: Windows Imaging Component - (.Microsoft Corporation.) [HKLM] -- WIC

O42 - Logiciel: Windows Internet Explorer 7 - (.Microsoft Corporation.) [HKLM] -- ie7

O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] -- ie8

O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {3B4E636E-9D65-4D67-BA61-189800823F52}

O42 - Logiciel: Windows Live FolderShare - (.Microsoft Corporation.) [HKLM] -- {2075CB0A-D26F-4DAA-B424-5079296B43BA}

O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {770F1BEC-2871-4E70-B837-FB8525FFA3B1}

O42 - Logiciel: Windows Media Format 11 runtime - (.Microsoft Corporation.) [HKLM] -- WMFDist11

O42 - Logiciel: Windows Media Format 11 runtime - (.Pas de propriétaire.) [HKLM] -- Windows Media Format Runtime

O42 - Logiciel: Windows Media Format SDK Hotfix - KB891122 - (.Microsoft Corporation.) [HKLM] -- KB891122

O42 - Logiciel: Windows Media Player 11 - (.Microsoft Corporation.) [HKLM] -- wmp11

O42 - Logiciel: Windows PowerShell 1.0 - (.Microsoft Corporation.) [HKLM] -- KB926140-v5

O42 - Logiciel: Windows Search 4.0 - (.Microsoft Corporation.) [HKLM] -- KB940157

O42 - Logiciel: Windows XP Service Pack 3 - (.Microsoft Corporation.) [HKLM] -- Windows XP Service

O42 - Logiciel: XML Paper Specification Shared Components Language Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- XPSEPSCLP

O42 - Logiciel: XTNi Series CPS - (.Pas de propriétaire.) [HKLM] -- {74D93360-3CA9-461A-AC56-0FDB7F46E8DA}

O42 - Logiciel: adsl TV - (.adsl TV / FM.) [HKLM] -- {3AFDD2C6-8663-46B5-B195-6CEB00D44768}

O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM] -- {FAE36873-1941-4076-A9A5-48812B5EA0B7}

 

---\\ HKCU & HKLM Software Keys

[HKCU\Software\7-Zip]

[HKCU\Software\ACARD]

[HKCU\Software\ALWIL Software]

[HKCU\Software\ATI Technologies Inc.]

[HKCU\Software\ATI]

[HKCU\Software\Ad-Remover]

[HKCU\Software\Adobe]

[HKCU\Software\Alex Feinman]

[HKCU\Software\AppDataLow\Software\Adobe]

[HKCU\Software\AppDataLow\Software\Macromedia]

[HKCU\Software\AppDataLow\Software]

[HKCU\Software\AppDataLow]

[HKCU\Software\Apple Computer, Inc.]

[HKCU\Software\Apple Inc.]

[HKCU\Software\Audacity-tools]

[HKCU\Software\Audacity]

[HKCU\Software\Avira]

[HKCU\Software\CDBurnerXP]

[HKCU\Software\Canon]

[HKCU\Software\Casino]

[HKCU\Software\CequenzeTech]

[HKCU\Software\Classes]

[HKCU\Software\Clients]

[HKCU\Software\ComodoGroup]

[HKCU\Software\Cygnus Solutions]

[HKCU\Software\DavsCompagny]

[HKCU\Software\DroidExplorer]

[HKCU\Software\EPSON]

[HKCU\Software\Eltima]

[HKCU\Software\Famatech]

[HKCU\Software\Google]

[HKCU\Software\HS]

[HKCU\Software\Hewlett-Packard]

[HKCU\Software\Hilgraeve Inc]

[HKCU\Software\IM Providers]

[HKCU\Software\ImgBurn]

[HKCU\Software\IncrediMail]

[HKCU\Software\Intel]

[HKCU\Software\JavaSoft]

[HKCU\Software\KetilO]

[HKCU\Software\LibreOffice]

[HKCU\Software\Local AppWizard-Generated Applications]

[HKCU\Software\LowRegistry]

[HKCU\Software\Macromedia]

[HKCU\Software\Malwarebytes' Anti-Malware]

[HKCU\Software\ManiacTools]

[HKCU\Software\Monitored]

[HKCU\Software\Motorola]

[HKCU\Software\MozillaPlugins]

[HKCU\Software\Mozilla]

[HKCU\Software\Netscape]

[HKCU\Software\Nokia By Rolis]

[HKCU\Software\NokiaTool]

[HKCU\Software\Nokia]

[HKCU\Software\ODBC]

[HKCU\Software\ORL]

[HKCU\Software\OnlineTVPlayer]

[HKCU\Software\PCSuite]

[HKCU\Software\PEiD]

[HKCU\Software\PSC]

[HKCU\Software\Patchou]

[HKCU\Software\Philips Lighting]

[HKCU\Software\Philips]

[HKCU\Software\Piriform]

[HKCU\Software\Policies]

[HKCU\Software\QuickPar]

[HKCU\Software\Realtek]

[HKCU\Software\SEIKO EPSON]

[HKCU\Software\SF Soft]

[HKCU\Software\SFX TEAM]

[HKCU\Software\Start Clean]

[HKCU\Software\Symantec]

[HKCU\Software\Sysinternals]

[HKCU\Software\Systems Internals]

[HKCU\Software\Teleca]

[HKCU\Software\Trend Micro]

[HKCU\Software\Trolltech]

[HKCU\Software\VB and VBA Program Settings]

[HKCU\Software\WinRAR SFX]

[HKCU\Software\Winamp]

[HKCU\Software\YahooPartnerToolbar]

[HKCU\Software\Yahoo]

[HKCU\Software\ej-technologies]

[HKCU\Software\kde.org]

[HKCU\Software\keyhole.com]

[HKCU\Software\settings]

[HKLM\Software\ALWIL Software]

[HKLM\Software\ATI Technologies]

[HKLM\Software\ATI]

[HKLM\Software\ActiveState]

[HKLM\Software\Adobe]

[HKLM\Software\Apple Computer, Inc.]

[HKLM\Software\Apple Inc.]

[HKLM\Software\Audacity-tools]

[HKLM\Software\Avira]

[HKLM\Software\C07ft5Y]

[HKLM\Software\CDDB]

[HKLM\Software\Canon]

[HKLM\Software\Classes]

[HKLM\Software\Clients]

[HKLM\Software\Cygnus Solutions]

[HKLM\Software\ELTIMA Software]

[HKLM\Software\EPSON]

[HKLM\Software\FullCircle]

[HKLM\Software\GEAR Software]

[HKLM\Software\Gemplus]

[HKLM\Software\Google]

[HKLM\Software\Hewlett-Packard]

[HKLM\Software\ICE]

[HKLM\Software\InstallShield]

[HKLM\Software\JavaRa]

[HKLM\Software\JavaSoft]

[HKLM\Software\JreMetrics]

[HKLM\Software\LibreOffice]

[HKLM\Software\Licenses]

[HKLM\Software\Macromedia]

[HKLM\Software\Malwarebytes' Anti-Malware]

[HKLM\Software\Matrox]

[HKLM\Software\MimarSinan]

[HKLM\Software\Motorola Inc.]

[HKLM\Software\Motorola]

[HKLM\Software\MozillaPlugins]

[HKLM\Software\Mozilla]

[HKLM\Software\Nokia Mobile Phones]

[HKLM\Software\Nokia]

[HKLM\Software\Nullsoft]

[HKLM\Software\ODBC]

[HKLM\Software\OMSI]

[HKLM\Software\OldTimer Tools]

[HKLM\Software\OnlineTVPlayer]

[HKLM\Software\PC Connectivity Solution]

[HKLM\Software\PCSuite]

[HKLM\Software\PSC]

[HKLM\Software\Paretologic]

[HKLM\Software\Patchou]

[HKLM\Software\Perl]

[HKLM\Software\Policies]

[HKLM\Software\Program Groups]

[HKLM\Software\RTLSetup]

[HKLM\Software\Rainbow Technologies]

[HKLM\Software\Realtek]

[HKLM\Software\RegisteredApplications]

[HKLM\Software\SIEDI]

[HKLM\Software\SOFTWARE]

[HKLM\Software\Safer Networking Limited]

[HKLM\Software\Schlumberger]

[HKLM\Software\Secure]

[HKLM\Software\Symantec]

[HKLM\Software\Symbian Foundation]

[HKLM\Software\Symbian]

[HKLM\Software\Trad-FR]

[HKLM\Software\TrendMicro]

[HKLM\Software\Trolltech]

[HKLM\Software\VideoLAN]

[HKLM\Software\Windows 3.1 Migration Status]

[HKLM\Software\Windows]

[HKLM\Software\X-AVCSD]

[HKLM\Software\Yahoo]

[HKLM\Software\mozilla.org]

 

 

 

---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 13/02/2008 - 11:15:10 - [2845370] ----D- C:\Program Files\7-Zip

O43 - CFD: 23/06/2011 - 06:00:54 - [83371145] ----D- C:\Program Files\Ad-Remover

O43 - CFD: 23/12/2009 - 12:38:16 - [313658612] ----D- C:\Program Files\Adobe

O43 - CFD: 20/06/2011 - 15:20:14 - [2251773] ----D- C:\Program Files\adslTV

O43 - CFD: 06/05/2011 - 02:57:36 - [846839] ----D- C:\Program Files\Advanced Port Scanner

O43 - CFD: 09/04/2008 - 09:28:06 - [0] ----D- C:\Program Files\Alwil Software

O43 - CFD: 01/04/2010 - 09:50:00 - [2306366] ----D- C:\Program Files\Apple Software Update

O43 - CFD: 10/01/2007 - 11:28:06 - [129430440] ----D- C:\Program Files\ATI Technologies

O43 - CFD: 08/03/2011 - 06:39:18 - [10711065] ----D- C:\Program Files\Audacity-tools

O43 - CFD: 10/03/2011 - 21:21:20 - [120972133] ----D- C:\Program Files\Avira

O43 - CFD: 21/05/2008 - 10:29:14 - [82221] ----D- C:\Program Files\Blender Foundation

O43 - CFD: 02/12/2010 - 14:18:46 - [599833] ----D- C:\Program Files\Bonjour

O43 - CFD: 02/04/2008 - 11:02:02 - [273408] ----D- C:\Program Files\BusinessObjects

O43 - CFD: 02/04/2008 - 14:53:12 - [11940310] ----D- C:\Program Files\Canon

O43 - CFD: 15/10/2009 - 09:01:06 - [2761904] ----D- C:\Program Files\CCleaner

O43 - CFD: 22/07/2008 - 10:11:30 - [8925761] ----D- C:\Program Files\CDBurnerXP

O43 - CFD: 02/06/2010 - 09:28:26 - [1058040] ----D- C:\Program Files\CequenzeTech

O43 - CFD: 20/11/2009 - 10:30:30 - [140461947] ----D- C:\Program Files\CodeBlocks

O43 - CFD: 22/07/2009 - 15:34:42 - [0] ----D- C:\Program Files\COMODO

O43 - CFD: 26/10/2005 - 21:56:32 - [0] ----D- C:\Program Files\ComPlus Applications

O43 - CFD: 08/10/2009 - 11:20:40 - [39996447] ----D- C:\Program Files\Debugging Tools for Windows (x86)

O43 - CFD: 08/06/2010 - 09:04:54 - [2117056] ----D- C:\Program Files\DIFX

O43 - CFD: 10/05/2011 - 09:59:22 - [29975748] ----D- C:\Program Files\Droid Explorer

O43 - CFD: 12/08/2008 - 14:56:00 - [0] ----D- C:\Program Files\Eltima Software

O43 - CFD: 03/12/2009 - 10:43:08 - [2266061] ----D- C:\Program Files\EPSON

O43 - CFD: 24/07/2010 - 11:53:12 - [541172930] ----D- C:\Program Files\Fichiers communs

O43 - CFD: 06/10/2009 - 03:03:06 - [0] ----D- C:\Program Files\FMOD SoundSystem

O43 - CFD: 08/09/2010 - 08:15:20 - [113898099] ----D- C:\Program Files\GIMP-2.0

O43 - CFD: 03/06/2011 - 08:18:12 - [92006891] ----D- C:\Program Files\Google

O43 - CFD: 21/11/2008 - 11:48:00 - [0] ----D- C:\Program Files\Hewlett-Packard

O43 - CFD: 21/11/2008 - 11:05:20 - [21841] ----D- C:\Program Files\HP

O43 - CFD: 17/11/2009 - 09:04:10 - [2268041] ----D- C:\Program Files\ImgBurn

O43 - CFD: 11/05/2010 - 09:25:08 - [205186876] ----D- C:\Program Files\Inkscape

O43 - CFD: 14/04/2010 - 08:12:56 - [7305261] ----D- C:\Program Files\InstallShield Installation Information

O43 - CFD: 16/06/2011 - 03:12:54 - [6090384] ----D- C:\Program Files\Internet Explorer

O43 - CFD: 02/12/2010 - 14:24:36 - [1856115] ----D- C:\Program Files\iPod

O43 - CFD: 02/12/2010 - 14:25:48 - [128507080] ----D- C:\Program Files\iTunes

O43 - CFD: 09/04/2010 - 09:20:00 - [181938677] ----D- C:\Program Files\Java

O43 - CFD: 07/07/2009 - 09:52:02 - [0] ----D- C:\Program Files\Lavasoft

O43 - CFD: 10/05/2011 - 10:42:44 - [452963608] ----D- C:\Program Files\LibreOffice 3

O43 - CFD: 07/06/2011 - 05:59:04 - [7601764] ----D- C:\Program Files\Malwarebytes' Anti-Malware

O43 - CFD: 13/08/2008 - 03:02:16 - [2152579] ----D- C:\Program Files\Messenger

O43 - CFD: 09/10/2008 - 07:01:24 - [16051042] ----D- C:\Program Files\Messenger Plus! Live

O43 - CFD: 14/10/2009 - 13:14:12 - [226432] ----D- C:\Program Files\Microsoft

O43 - CFD: 26/10/2005 - 21:56:38 - [0] ----D- C:\Program Files\microsoft frontpage

O43 - CFD: 16/07/2009 - 13:54:44 - [579673672] ----D- C:\Program Files\Microsoft SDKs

O43 - CFD: 16/06/2011 - 03:47:16 - [39437763] ----D- C:\Program Files\Microsoft Silverlight

O43 - CFD: 30/11/2009 - 04:03:02 - [330609518] ----D- C:\Program Files\Microsoft SQL Server

O43 - CFD: 15/04/2008 - 10:17:52 - [1829877] ----D- C:\Program Files\Microsoft SQL Server Compact Edition

O43 - CFD: 24/11/2009 - 14:54:34 - [1057214247] ----D- C:\Program Files\Microsoft Visual Studio 9.0

O43 - CFD: 24/11/2009 - 15:17:22 - [9548674] ----D- C:\Program Files\Microsoft.NET

O43 - CFD: 07/09/2010 - 11:20:36 - [0] ----D- C:\Program Files\Module de controle

O43 - CFD: 21/03/2008 - 08:10:44 - [10547685] ----D- C:\Program Files\Module de controle AVCE

O43 - CFD: 23/12/2009 - 12:52:16 - [10576050] ----D- C:\Program Files\Motorola

O43 - CFD: 28/10/2010 - 03:03:16 - [16098828] ----D- C:\Program Files\Movie Maker

O43 - CFD: 24/06/2011 - 06:11:24 - [36190737] ----D- C:\Program Files\Mozilla Firefox

O43 - CFD: 21/06/2011 - 07:13:46 - [36000316] ----D- C:\Program Files\Mozilla Thunderbird

O43 - CFD: 26/03/2009 - 07:56:54 - [25757] ----D- C:\Program Files\MSBuild

O43 - CFD: 15/04/2008 - 10:04:58 - [19278399] ----D- C:\Program Files\MSN

O43 - CFD: 26/10/2005 - 21:56:42 - [8745735] ----D- C:\Program Files\MSN Gaming Zone

O43 - CFD: 24/12/2009 - 04:00:42 - [0] ----D- C:\Program Files\MSXML 4.0

O43 - CFD: 24/11/2009 - 15:15:18 - [17340] ----D- C:\Program Files\MSXML 6.0

O43 - CFD: 01/09/2010 - 10:57:58 - [36315093] ----D- C:\Program Files\MultimediaTools

O43 - CFD: 11/09/2009 - 14:25:38 - [1996797] ----D- C:\Program Files\NASM

O43 - CFD: 20/05/2008 - 08:15:42 - [3285523] ----D- C:\Program Files\NetMeeting

O43 - CFD: 17/06/2011 - 00:32:18 - [145176467] ----D- C:\Program Files\Nokia

O43 - CFD: 02/06/2009 - 08:16:36 - [6538306] ----D- C:\Program Files\Notepad++

O43 - CFD: 08/06/2010 - 09:28:04 - [757760] ----D- C:\Program Files\ODEON

O43 - CFD: 26/10/2005 - 21:56:46 - [1804] ----D- C:\Program Files\Online Services

O43 - CFD: 24/11/2008 - 07:58:08 - [815] ----D- C:\Program Files\Online TV Player 4

O43 - CFD: 21/01/2009 - 10:06:42 - [63012] ----D- C:\Program Files\OpenOffice.org 2.4

O43 - CFD: 10/05/2011 - 10:02:52 - [33725333] ----D- C:\Program Files\OpenOffice.org 3

O43 - CFD: 17/12/2010 - 04:01:44 - [4379321] ----D- C:\Program Files\Outlook Express

O43 - CFD: 08/06/2010 - 09:04:30 - [13016215] ----D- C:\Program Files\PC Connectivity Solution

O43 - CFD: 14/09/2010 - 13:44:12 - [3215] ----D- C:\Program Files\PokerStars

O43 - CFD: 21/10/2010 - 14:34:34 - [55335639] ----D- C:\Program Files\PokerStars.FR

O43 - CFD: 21/06/2011 - 05:41:56 - [222881440] ----D- C:\Program Files\PROGRESS

O43 - CFD: 13/02/2008 - 11:15:02 - [1035316] ----D- C:\Program Files\QuickPar

O43 - CFD: 02/12/2010 - 14:15:56 - [76337719] ----D- C:\Program Files\QuickTime

O43 - CFD: 20/10/2008 - 10:49:58 - [662006] ----D- C:\Program Files\Rainbow Technologies

O43 - CFD: 02/04/2008 - 10:10:40 - [0] ----D- C:\Program Files\Realtek

O43 - CFD: 26/03/2009 - 07:56:44 - [60177686] ----D- C:\Program Files\Reference Assemblies

O43 - CFD: 02/12/2010 - 14:16:52 - [42295319] ----D- C:\Program Files\Safari

O43 - CFD: 26/10/2005 - 21:56:46 - [1025] ----D- C:\Program Files\Services en ligne

O43 - CFD: 03/09/2009 - 07:00:16 - [3808600] ----D- C:\Program Files\Spybot - Search & Destroy

O43 - CFD: 09/10/2009 - 10:09:56 - [1226139] ----D- C:\Program Files\SuperCopier2

O43 - CFD: 03/04/2008 - 13:01:46 - [29514681] ----D- C:\Program Files\Symantec

O43 - CFD: 21/06/2011 - 11:40:36 - [1184773] ----D- C:\Program Files\trend micro

O43 - CFD: 20/07/2010 - 11:51:02 - [388096] ----D- C:\Program Files\TrendMicro

O43 - CFD: 02/04/2008 - 11:00:06 - [24] ----D- C:\Program Files\Uninstall Information

O43 - CFD: 17/01/2008 - 15:48:00 - [65307105] ----D- C:\Program Files\VideoLAN

O43 - CFD: 02/12/2009 - 10:44:14 - [3303027] ----D- C:\Program Files\WBFS

O43 - CFD: 16/09/2010 - 06:42:48 - [40911850] ----D- C:\Program Files\Winamp

O43 - CFD: 11/01/2010 - 10:24:44 - [5418300] ----D- C:\Program Files\Windows Desktop Search

O43 - CFD: 14/10/2009 - 13:19:48 - [81422460] ----D- C:\Program Files\Windows Live

O43 - CFD: 11/03/2009 - 07:46:10 - [245112] ----D- C:\Program Files\Windows Live SkyDrive

O43 - CFD: 10/01/2007 - 12:13:18 - [3581070] ----D- C:\Program Files\Windows Media Connect 2

O43 - CFD: 20/05/2008 - 08:15:38 - [8321242] ----D- C:\Program Files\Windows Media Player

O43 - CFD: 20/05/2008 - 08:15:38 - [3942655] ----D- C:\Program Files\Windows NT

O43 - CFD: 26/10/2005 - 21:56:48 - [0] ----D- C:\Program Files\WindowsUpdate

O43 - CFD: 19/12/2008 - 04:07:16 - [0] ----D- C:\Program Files\WinRAR

O43 - CFD: 20/12/2009 - 01:00:00 - [303358862] ---AD- C:\Program Files\xampp

O43 - CFD: 26/10/2005 - 21:56:48 - [0] ----D- C:\Program Files\xerox

O43 - CFD: 10/03/2011 - 20:55:28 - [0] ----D- C:\Program Files\Yahoo!

O43 - CFD: 24/06/2011 - 13:12:54 - [4047954] ----D- C:\Program Files\ZHPDiag

O43 - CFD: 11/10/2010 - 15:18:40 - [6247934] ----D- C:\Program Files\Fichiers Communs\Adobe

O43 - CFD: 02/12/2010 - 14:24:34 - [94762864] ----D- C:\Program Files\Fichiers Communs\Apple

O43 - CFD: 03/12/2009 - 10:42:52 - [2614626] ----D- C:\Program Files\Fichiers Communs\EPSON

O43 - CFD: 21/11/2008 - 11:03:14 - [155648] ----D- C:\Program Files\Fichiers Communs\Hewlett-Packard

O43 - CFD: 02/04/2008 - 10:10:30 - [8204164] ----D- C:\Program Files\Fichiers Communs\InstallShield

O43 - CFD: 24/07/2010 - 10:13:40 - [80603999] ----D- C:\Program Files\Fichiers Communs\Java

O43 - CFD: 24/11/2009 - 14:28:26 - [1565696] ----D- C:\Program Files\Fichiers Communs\Merge Modules

O43 - CFD: 11/01/2010 - 09:06:14 - [63906476] ----D- C:\Program Files\Fichiers Communs\Microsoft Shared

O43 - CFD: 26/10/2005 - 21:56:34 - [284160] ----D- C:\Program Files\Fichiers Communs\MSSoap

O43 - CFD: 17/06/2011 - 00:31:38 - [42858571] ----D- C:\Program Files\Fichiers Communs\Nokia

O43 - CFD: 26/10/2005 - 21:56:34 - [0] ----D- C:\Program Files\Fichiers Communs\ODBC

O43 - CFD: 02/04/2008 - 10:59:12 - [217088] ----D- C:\Program Files\Fichiers Communs\Progress Software

O43 - CFD: 26/10/2005 - 21:56:34 - [8106] ----D- C:\Program Files\Fichiers Communs\Services

O43 - CFD: 26/10/2005 - 21:56:34 - [3787229] ----D- C:\Program Files\Fichiers Communs\SpeechEngines

O43 - CFD: 03/04/2008 - 13:01:56 - [4311415] ----D- C:\Program Files\Fichiers Communs\Symantec Shared

O43 - CFD: 07/04/2010 - 18:18:04 - [8021689] ----D- C:\Program Files\Fichiers Communs\Symbian

O43 - CFD: 20/05/2008 - 08:15:34 - [6811317] ----D- C:\Program Files\Fichiers Communs\System

O43 - CFD: 17/06/2011 - 00:27:46 - [603136] ----D- C:\Program Files\Fichiers Communs\Teleca Shared

O43 - CFD: 11/03/2009 - 07:40:54 - [176717231] ----D- C:\Program Files\Fichiers Communs\Windows Live

O43 - CFD: 15/04/2008 - 10:16:24 - [20666877] -S--D- C:\Program Files\Fichiers Communs\WindowsLiveInstaller

O43 - CFD: 07/07/2009 - 08:09:08 - [18824704] ----D- C:\Program Files\Fichiers Communs\Wise Installation Wizard

O43 - CFD: 15/06/2009 - 11:50:04 - [8451949] ----D- C:\Documents and Settings\Administrateur\Application Data\Adobe

O43 - CFD: 07/08/2007 - 10:40:00 - [0] ----D- C:\Documents and Settings\Administrateur\Application Data\AdobeUM

O43 - CFD: 03/12/2010 - 10:57:04 - [196353794] ----D- C:\Documents and Settings\Administrateur\Application Data\Apple Computer

O43 - CFD: 10/01/2007 - 11:32:56 - [0] ----D- C:\Documents and Settings\Administrateur\Application Data\ATI

O43 - CFD: 25/03/2011 - 00:00:36 - [0] ----D- C:\Documents and Settings\Administrateur\Application Data\Avira

O43 - CFD: 21/05/2008 - 10:29:18 - [5646620] ----D- C:\Documents and Settings\Administrateur\Application Data\Blender Foundation

O43 - CFD: 22/07/2008 - 10:12:18 - [7020] ----D- C:\Documents and Settings\Administrateur\Application Data\Canneverbe_Limited

O43 - CFD: 20/06/2011 - 06:18:44 - [37842] ----D- C:\Documents and Settings\Administrateur\Application Data\codeblocks

O43 - CFD: 28/10/2010 - 10:51:04 - [107255] ----D- C:\Documents and Settings\Administrateur\Application Data\DroidExplorer

O43 - CFD: 25/11/2009 - 16:03:28 - [199] ----D- C:\Documents and Settings\Administrateur\Application Data\dvdcss

O43 - CFD: 28/03/2009 - 16:31:18 - [2135] ----D- C:\Documents and Settings\Administrateur\Application Data\Ethereal

O43 - CFD: 14/10/2008 - 11:42:48 - [13689] ----D- C:\Documents and Settings\Administrateur\Application Data\FileZilla

O43 - CFD: 19/03/2009 - 09:03:54 - [33375] ----D- C:\Documents and Settings\Administrateur\Application Data\Google

O43 - CFD: 01/04/2010 - 13:34:16 - [2237386] ----D- C:\Documents and Settings\Administrateur\Application Data\GrabIt

O43 - CFD: 07/08/2007 - 10:32:18 - [0] ----D- C:\Documents and Settings\Administrateur\Application Data\Help

O43 - CFD: 21/11/2008 - 11:27:44 - [41230] ----D- C:\Documents and Settings\Administrateur\Application Data\HP

O43 - CFD: 26/10/2005 - 21:56:12 - [0] ----D- C:\Documents and Settings\Administrateur\Application Data\Identities

O43 - CFD: 17/11/2009 - 09:04:30 - [1212] ----D- C:\Documents and Settings\Administrateur\Application Data\ImgBurn

O43 - CFD: 11/05/2010 - 09:26:40 - [26006] ----D- C:\Documents and Settings\Administrateur\Application Data\inkscape

O43 - CFD: 10/05/2011 - 10:47:00 - [4755992] ----D- C:\Documents and Settings\Administrateur\Application Data\LibreOffice

O43 - CFD: 26/05/2008 - 14:58:40 - [5191924] ----D- C:\Documents and Settings\Administrateur\Application Data\Macromedia

O43 - CFD: 15/10/2009 - 09:00:18 - [57851] ----D- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes

O43 - CFD: 20/07/2010 - 11:51:06 - [3106842] -S--D- C:\Documents and Settings\Administrateur\Application Data\Microsoft

O43 - CFD: 24/06/2008 - 11:11:10 - [21122905] ----D- C:\Documents and Settings\Administrateur\Application Data\Mozilla

O43 - CFD: 15/04/2008 - 10:04:56 - [327] ----D- C:\Documents and Settings\Administrateur\Application Data\MSNInstaller

O43 - CFD: 08/06/2010 - 09:22:54 - [12805770] ----D- C:\Documents and Settings\Administrateur\Application Data\Nokia

O43 - CFD: 01/07/2008 - 08:21:00 - [99954] ----D- C:\Documents and Settings\Administrateur\Application Data\Notepad++

O43 - CFD: 21/01/2009 - 10:20:46 - [5535506] ----D- C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org

O43 - CFD: 15/01/2009 - 07:26:26 - [4127692] ----D- C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org2

O43 - CFD: 08/06/2010 - 09:27:24 - [20934187] ----D- C:\Documents and Settings\Administrateur\Application Data\PC Suite

O43 - CFD: 07/04/2008 - 09:02:44 - [112372429] ----D- C:\Documents and Settings\Administrateur\Application Data\Sun

O43 - CFD: 02/04/2008 - 15:11:42 - [27948] ----D- C:\Documents and Settings\Administrateur\Application Data\Symantec

O43 - CFD: 07/04/2008 - 07:52:18 - [11380] ----D- C:\Documents and Settings\Administrateur\Application Data\Talkback

O43 - CFD: 17/06/2011 - 00:27:52 - [19352652] ----D- C:\Documents and Settings\Administrateur\Application Data\Teleca

O43 - CFD: 21/06/2011 - 09:03:56 - [477582] ----D- C:\Documents and Settings\Administrateur\Application Data\Thunderbird

O43 - CFD: 14/10/2010 - 22:49:24 - [1072565] ----D- C:\Documents and Settings\Administrateur\Application Data\vlc

O43 - CFD: 16/09/2010 - 08:59:42 - [245520] ----D- C:\Documents and Settings\Administrateur\Application Data\Winamp

O43 - CFD: 11/01/2010 - 09:29:38 - [196] ----D- C:\Documents and Settings\Administrateur\Application Data\Windows Desktop Search

O43 - CFD: 12/01/2010 - 11:02:18 - [0] ----D- C:\Documents and Settings\Administrateur\Application Data\Windows Search

O43 - CFD: 04/06/2008 - 09:06:16 - [0] ----D- C:\Documents and Settings\Administrateur\Application Data\WinRAR

O43 - CFD: 14/10/2010 - 21:41:32 - [0] ----D- C:\Documents and Settings\Administrateur\Application Data\Yahoo!

O43 - CFD: 11/10/2010 - 15:18:14 - [559329] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Adobe

O43 - CFD: 01/04/2010 - 09:50:14 - [0] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Apple

O43 - CFD: 03/12/2010 - 10:57:04 - [60538101] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Apple Computer

O43 - CFD: 28/10/2008 - 15:08:06 - [13778] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\ApplicationHistory

O43 - CFD: 10/01/2007 - 11:32:56 - [9704] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\ATI

O43 - CFD: 08/03/2011 - 06:39:14 - [5036644] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Audacity-tools

O43 - CFD: 13/07/2010 - 08:07:16 - [307577355] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google

O43 - CFD: 07/08/2007 - 10:32:18 - [0] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Help

O43 - CFD: 14/04/2008 - 09:02:38 - [283868] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Identities

O43 - CFD: 07/10/2008 - 08:49:16 - [6183236] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM

O43 - CFD: 27/01/2011 - 21:36:32 - [239296876] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft

O43 - CFD: 16/07/2009 - 13:56:02 - [0] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft Help

O43 - CFD: 07/04/2008 - 07:52:00 - [75001414] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla

O43 - CFD: 08/06/2010 - 09:27:32 - [1211694] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Nokia

O43 - CFD: 14/06/2010 - 09:51:14 - [277] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\NokiaAccount

O43 - CFD: 16/10/2009 - 06:21:04 - [0] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\PCHealth

O43 - CFD: 01/04/2010 - 11:52:38 - [144725] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\QuickPar

O43 - CFD: 12/05/2010 - 11:26:34 - [477] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\qwatch

O43 - CFD: 30/04/2011 - 04:05:14 - [0] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Temp

O43 - CFD: 21/06/2011 - 09:03:56 - [4919140] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Thunderbird

O43 - CFD: 07/08/2008 - 09:57:18 - [5651493] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Trolltech

O43 - CFD: 04/04/2008 - 10:49:58 - [1564729] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\V-Safe 100

O43 - CFD: 02/12/2009 - 11:33:58 - [2896] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\WBFSManager

O43 - CFD: 26/10/2010 - 15:22:42 - [0] ----D- C:\Documents and Settings\Administrateur\Local Settings\Application Data\WMTools Downloaded Files

 

 

 

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)

O44 - LFC:[MD5.D8EE1300FEFFFFFF57494E444F577E31] - 24/06/2011 - 10:59:41 ---A- . (...) -- C:\WINDOWS\WindowsUpdate.log [1379067]

O44 - LFC:[MD5.D1FBC79E41F718B7274AD888BAD967D3] - 24/06/2011 - 09:15:36 ---A- . (...) -- C:\WINDOWS\setupact.log [4507]

O44 - LFC:[MD5.220B1E198AB18FBF7CB8C8274D8EB423] - 24/06/2011 - 09:15:36 ---A- . (...) -- C:\WINDOWS\setupapi.log [388781]

O44 - LFC:[MD5.533ECC191332867BC9CA7B921672241D] - 24/06/2011 - 09:14:46 ---A- . (...) -- C:\WINDOWS\System32\wpa.dbl [1158]

O44 - LFC:[MD5.D8EE1300FEFFFFFF000000000CF21300] - 24/06/2011 - 09:13:59 ---A- . (...) -- C:\WINDOWS\wiadebug.log [157]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 24/06/2011 - 09:13:57 ---A- . (...) -- C:\WINDOWS\0.log [0]

O44 - LFC:[MD5.D8EE1300FEFFFFFF000000000CF21300] - 24/06/2011 - 09:13:57 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]

O44 - LFC:[MD5.D8EE1300FEFFFFFF000000000CF21300] - 24/06/2011 - 09:12:24 ---A- . (...) -- C:\WINDOWS\SchedLgU.Txt [32464]

O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 24/06/2011 - 09:12:08 -S-A- . (...) -- C:\WINDOWS\bootstat.dat [2048]

O44 - LFC:[MD5.9D53636B6B0C6490D8E351537E9DDE9D] - 24/06/2011 - 08:20:49 ---A- . (...) -- C:\WINDOWS\System32\protrace.1608 [206]

O44 - LFC:[MD5.F09F3C4BD7CC5C9FFF1F11595EE717A8] - 23/06/2011 - 05:04:39 ---A- . (...) -- C:\Ad-Report-CLEAN[1].txt [5655]

O44 - LFC:[MD5.4F5452B2AE13886775B6AC026A60822F] - 23/06/2011 - 05:01:55 ---A- . (...) -- C:\Ad-Report-SCAN[1].txt [5525]

O44 - LFC:[MD5.1A75BE5D1D55FFBE27A638B31002FFFE] - 23/06/2011 - 04:57:09 ---A- . (...) -- C:\TDSSKiller.2.5.5.0_23.06.2011_05.54.27_log.txt [54508]

O44 - LFC:[MD5.F5F5A89E7FE78A0E1222620BB2D4E16D] - 23/06/2011 - 04:48:00 ---A- . (...) -- C:\TDSSKiller.2.5.5.0_23.06.2011_05.46.37_log.txt [55258]

O44 - LFC:[MD5.1B8E32C958CB90DF159CDAE8B6C1FABC] - 23/06/2011 - 04:46:38 ---A- . (...) -- C:\WINDOWS\ntbtlog.txt [1591204]

O44 - LFC:[MD5.0935219A3CBD4D4B39B7474A1496F220] - 22/06/2011 - 10:49:27 ---A- . (...) -- C:\PhysicalDisk0_MBR.bin [512]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 22/06/2011 - 10:14:12 ---A- . (...) -- C:\WINDOWS\System32\protrace.2132 [0]

O44 - LFC:[MD5.914C809619A3D901FF3D80E692D1DBDA] - 21/06/2011 - 10:04:18 ---A- . (...) -- C:\WINDOWS\System32\protrace.2172 [56]

O44 - LFC:[MD5.B553EE031A11375365AF199E9415402B] - 21/06/2011 - 05:27:37 ---A- . (...) -- C:\WINDOWS\ProgressUninstall9.1D [16132]

O44 - LFC:[MD5.9895B9EDC851E11A48378590E90DACB5] - 20/06/2011 - 13:13:15 ---A- . (...) -- C:\WINDOWS\system.ini [274]

O44 - LFC:[MD5.D89586495918ED1062DED8D2490CAC47] - 20/06/2011 - 13:13:15 ---A- . (...) -- C:\WINDOWS\win.ini [608]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 20/06/2011 - 10:18:44 ---A- . (...) -- C:\WINDOWS\System32\protrace.2524 [0]

O44 - LFC:[MD5.D10CD201F6E90FFFD9EB6F9D33C91E70] - 20/06/2011 - 06:46:10 ---A- . (...) -- C:\WINDOWS\srun.log [12]

O44 - LFC:[MD5.B6B54B87A76013FA4BCEFB3C657DB472] - 16/06/2011 - 23:28:53 ---A- . (...) -- C:\WINDOWS\DPINST.LOG [51118]

O44 - LFC:[MD5.0BB8EF138F5411C5AD04C81220398340] - 16/06/2011 - 23:16:24 ---A- . (...) -- C:\WINDOWS\System32\protrace.2936 [206]

O44 - LFC:[MD5.1BA9AC94710CFE525A733DA806694F43] - 16/06/2011 - 02:16:09 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [711641]

O44 - LFC:[MD5.3EBC5634B9351062E06CE0518CF4A319] - 16/06/2011 - 02:16:09 ---A- . (...) -- C:\WINDOWS\KB2476490.log [37579]

O44 - LFC:[MD5.0C92373452815A558809F1345A6BDAA3] - 16/06/2011 - 02:16:09 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [49169]

O44 - LFC:[MD5.ADD40BE7767399E9D7F4F4356023621C] - 16/06/2011 - 02:16:09 ---A- . (...) -- C:\WINDOWS\comsetup.log [235711]

O44 - LFC:[MD5.772B0079049A3493D6D7202F2B586025] - 16/06/2011 - 02:16:09 ---A- . (...) -- C:\WINDOWS\iis6.log [760066]

O44 - LFC:[MD5.CA739196023E113C1C75F00A0525DA87] - 16/06/2011 - 02:16:09 ---A- . (...) -- C:\WINDOWS\imsins.log [1374]

O44 - LFC:[MD5.258FC51A2990DC7DC22AF494426E7311] - 16/06/2011 - 02:16:09 ---A- . (...) -- C:\WINDOWS\msgsocm.log [35614]

O44 - LFC:[MD5.548A2C6CFDB1C242039771D7A3598A20] - 16/06/2011 - 02:16:09 ---A- . (...) -- C:\WINDOWS\netfxocm.log [125054]

O44 - LFC:[MD5.6CD0230BFF7D3D0F611B2D989C937E8E] - 16/06/2011 - 02:16:09 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [142864]

O44 - LFC:[MD5.0337B1306F98E2CA32A8CA109DAD3E66] - 16/06/2011 - 02:16:09 ---A- . (...) -- C:\WINDOWS\ocgen.log [342756]

O44 - LFC:[MD5.EE34E7F6C207872201EB6E2ECEEA9D1D] - 16/06/2011 - 02:16:09 ---A- . (...) -- C:\WINDOWS\ocmsn.log [39749]

O44 - LFC:[MD5.19322097654178008860349F9DA30152] - 16/06/2011 - 02:16:09 ---A- . (...) -- C:\WINDOWS\tabletoc.log [35765]

O44 - LFC:[MD5.A682BB798D9D27CA14BF3CC8D2626A49] - 16/06/2011 - 02:16:09 ---A- . (...) -- C:\WINDOWS\tsoc.log [326191]

O44 - LFC:[MD5.0A566779C78A1D87727AD3150B673707] - 16/06/2011 - 02:16:08 ---A- . (...) -- C:\WINDOWS\msmqinst.log [216572]

O44 - LFC:[MD5.A79D4151DD1F60C0C665E426F91F34A5] - 16/06/2011 - 02:15:54 ---A- . (...) -- C:\WINDOWS\KB2503665.log [23570]

O44 - LFC:[MD5.F3618FE815E4D3821DA3484FBBC2C2C6] - 16/06/2011 - 02:15:54 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1374]

O44 - LFC:[MD5.F1C365A31A8C0693DC258D09006E4E18] - 16/06/2011 - 02:14:40 ---A- . (...) -- C:\WINDOWS\KB2535512.log [23589]

O44 - LFC:[MD5.3ADD81A1DC68030C6448498D1217712B] - 16/06/2011 - 02:13:21 ---A- . (...) -- C:\WINDOWS\KB2536276.log [23668]

O44 - LFC:[MD5.4D2428CE53CAE6653E85350DEEA5CCBE] - 16/06/2011 - 02:13:06 ---A- . (...) -- C:\WINDOWS\KB2530548-IE8.log [27623]

O44 - LFC:[MD5.0B97D60178CE297FF3B293FD88013100] - 16/06/2011 - 02:12:50 ---A- . (...) -- C:\WINDOWS\updspapi.log [51815]

O44 - LFC:[MD5.997154D3CD5C6139CBB86C61C26BF4E3] - 16/06/2011 - 02:09:44 ---A- . (...) -- C:\WINDOWS\KB2544893.log [20162]

O44 - LFC:[MD5.3F587D721843DCED203FB34D7941A2EE] - 16/06/2011 - 02:02:02 ---A- . (...) -- C:\WINDOWS\KB2544521-IE8.log [17517]

O44 - LFC:[MD5.B309912717C29FC67E1BA4730A82B6DD] - 29/05/2011 - 08:11:30 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [39984]

O44 - LFC:[MD5.3D2C13377763EEAC0CA6FB46F57217ED] - 29/05/2011 - 08:11:20 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbam.sys [22712]

 

 

 

---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)

O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll

O46 - SEH:ShellExecuteHooks - URL Exec Hook - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll

 

 

 

---\\ Export de clé d'application autorisée (O47)

O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe

O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\CNAB3RPK.EXE" [Enabled] .(.CANON INC. - Canon Advanced Printing Technology RPC Server Process.) -- C:\WINDOWS\system32\CNAB3RPK.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Messenger\msmsgs.exe" [Enabled] .(.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe

O47 - AAKE:Key Export SP - "C:\Casino\bwin Casino\casino.exe" [Enabled] .(...) -- C:\Casino\bwin Casino\casino.exe (.not file.)

O47 - AAKE:Key Export SP - "C:\Program Files\adslTV\adsltv.exe" [Enabled] .(...) -- C:\Program Files\adslTV\adsltv.exe (.not file.)

O47 - AAKE:Key Export SP - "C:\Program Files\adslTV\vlc.exe" [Enabled] .(...) -- C:\Program Files\adslTV\vlc.exe (.not file.)

O47 - AAKE:Key Export SP - "C:\Program Files\Mozilla Firefox\firefox.exe" [Enabled] .(.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\mmc.exe" [Enabled] .(.Microsoft Corporation - Microsoft Management Console.) -- C:\WINDOWS\system32\mmc.exe

O47 - AAKE:Key Export SP - "D:\setup\HPZNET01.EXE" [Enabled] .(...) -- D:\setup\HPZNET01.exe (.not file.)

O47 - AAKE:Key Export SP - "D:\setup\HPONICIFS01.EXE" [Enabled] .(...) -- D:\setup\HPONICIFS01.exe (.not file.)

O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" [Enabled] .(...) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (.not file.)

O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" [Enabled] .(...) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (.not file.)

O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" [Enabled] .(...) -- C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe (.not file.)

O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" [Enabled] .(...) -- C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe (.not file.)

O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" [Enabled] .(...) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe (.not file.)

O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" [Enabled] .(...) -- C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe (.not file.)

O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" [Enabled] .(...) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe (.not file.)

O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" [Enabled] .(...) -- C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe (.not file.)

O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" [Enabled] .(...) -- C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe (.not file.)

O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" [Enabled] .(...) -- C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe (.not file.)

O47 - AAKE:Key Export SP - "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" [Enabled] .(...) -- C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe (.not file.)

O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe

O47 - AAKE:Key Export SP - "C:\Documents and Settings\Administrateur\Mes documents\prog\sdl\ddd\socket\bin\Debug\socket.exe" [Enabled] .(...) -- C:\Documents and Settings\Administrateur\Mes documents\prog\sdl\ddd\socket\bin\Debug\socket.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" [Enabled] .(.Microsoft Corporation - Windows Live Sync.) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe

O47 - AAKE:Key Export SP - "C:\WINDOWS\explorer.exe" [Enabled] .(.Microsoft Corporation - Explorateur Windows.) -- C:\WINDOWS\explorer.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Symantec\pcAnywhere\winaw32.exe" [Enabled] .(.Symantec Corporation - pcAnywhere Main Program.) -- C:\Program Files\Symantec\pcAnywhere\winaw32.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Symantec\pcAnywhere\awhost32.exe" [Enabled] .(.Symantec Corporation - pcAnywhere Host.) -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe

O47 - AAKE:Key Export SP - "C:\eclipse\eclipse\eclipse.exe" [Enabled] .(...) -- C:\eclipse\eclipse\eclipse.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Bonjour\mDNSResponder.exe" [Enabled] .(.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe

O47 - AAKE:Key Export SP - "C:\Program Files\iTunes\iTunes.exe" [Enabled] .(.Apple Inc. - iTunes.) -- C:\Program Files\iTunes\iTunes.exe

O47 - AAKE:Key Export SP - "C:\Program Files\xampp\mysql\bin\mysqld.exe" [Enabled] .(.MySQL AB - The MySQL Server.) -- C:\Program Files\xampp\mysql\bin\mysqld.exe

O47 - AAKE:Key Export SP - "C:\Program Files\xampp\apache\bin\httpd.exe" [Enabled] .(.Apache Software Foundation - Apache HTTP Server.) -- C:\Program Files\xampp\apache\bin\httpd.exe

O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\spoolsv.exe" [Disabled] .(.Microsoft Corporation - Spooler SubSystem App.) -- C:\WINDOWS\system32\spoolsv.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Google\Google Earth\client\googleearth.exe" [Enabled] .(.Google - Google Earth.) -- C:\Program Files\Google\Google Earth\client\googleearth.exe

O47 - AAKE:Key Export SP - "C:\Documents and Settings\Administrateur\Mes documents\Téléchargements\tinyumbrella-4.21.11.exe" [Enabled] .(...) -- C:\Documents and Settings\Administrateur\Mes documents\Téléchargements\tinyumbrella-4.21.11.exe (.not file.)

O47 - AAKE:Key Export SP - "C:\Program Files\adslTV\VLC\vlc.exe" [Enabled] .(...) -- C:\Program Files\adslTV\VLC\vlc.exe (.not file.)

O47 - AAKE:Key Export SP - "C:\Documents and Settings\Administrateur\Mes documents\prog\sdl\ddd\socket2\bin\Debug\socket2.exe" [Enabled] .(...) -- C:\Documents and Settings\Administrateur\Mes documents\prog\sdl\ddd\socket2\bin\Debug\socket2.exe

O47 - AAKE:Key Export SP - "C:\Documents and Settings\Administrateur\Mes documents\prog\sdl\ddd\socket2\bin\Release\socket2.exe" [Enabled] .(...) -- C:\Documents and Settings\Administrateur\Mes documents\prog\sdl\ddd\socket2\bin\Release\socket2.exe

O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe

O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe

O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" [Enabled] .(.Microsoft Corporation - Windows Live Sync.) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe

 

 

 

---\\ Contrôle du Safe Boot (CSB) (O49)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys . (.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disque NT.) -- C:\WINDOWS\System32\Drivers\dmboot.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys . (.Microsoft Corp., Veritas Software - Pilote E/S du Gestionnaire de disques NT.) -- C:\WINDOWS\System32\Drivers\dmio.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\System32\Drivers\dmload.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\WINDOWS\System32\Drivers\sermouse.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys . (.Microsoft Corporation - Pilote de filtre de système de fichiers pour la restauration du système.) -- C:\WINDOWS\System32\Drivers\sr.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\System32\Drivers\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\WINDOWS\System32\Drivers\vgasave.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\Wdf01000.sys . (.Microsoft Corporation - WDF Dynamic.) -- C:\WINDOWS\System32\Drivers\Wdf01000.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys . (.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disque NT.) -- C:\WINDOWS\System32\Drivers\dmboot.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys . (.Microsoft Corp., Veritas Software - Pilote E/S du Gestionnaire de disques NT.) -- C:\WINDOWS\System32\Drivers\dmio.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\System32\Drivers\dmload.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys . (.Microsoft Corporation - IPv6 Windows Firewall Driver.) -- C:\WINDOWS\System32\Drivers\ip6fw.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\WINDOWS\System32\Drivers\ipnat.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nm.sys . (...) -- C:\WINDOWS\System32\Drivers\nm.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys . (.Microsoft Corporation - RDP Miniport.) -- C:\WINDOWS\System32\Drivers\rdpcdd.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys . (...) -- C:\WINDOWS\System32\Drivers\rdpdd.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys . (.Microsoft Corporation - RDP Terminal Stack Driver (US/Canada Only, Not for Export).) -- C:\WINDOWS\System32\Drivers\rdpwd.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\WINDOWS\System32\Drivers\sermouse.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys . (.Microsoft Corporation - Pilote de filtre de système de fichiers pour la restauration du système.) -- C:\WINDOWS\System32\Drivers\sr.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys . (.Microsoft Corporation - Named Pipe Transport Driver.) -- C:\WINDOWS\System32\Drivers\tdpipe.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys . (.Microsoft Corporation - TCP Transport Driver.) -- C:\WINDOWS\System32\Drivers\tdtcp.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\System32\Drivers\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\WINDOWS\System32\Drivers\vgasave.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\Wdf01000.sys . (.Microsoft Corporation - WDF Dynamic.) -- C:\WINDOWS\System32\Drivers\Wdf01000.sys

 

 

 

---\\ Image File Execution Options (IFEO) (O50)

O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d

 

 

 

---\\ Trojan Driver Search Data (HKLM) (O52)

O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm

O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll

O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (...) -- C:\WINDOWS\System32\ir32_32.dll

O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (...) -- C:\WINDOWS\System32\ir32_32.dll

O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\System32\ir41_32.ax

O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm

O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax

O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\System32\ir50_32.dll

O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm

O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm

O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax

O52 - TDSD: \drivers.desc\"ir50_32.dll"="Indeo® video 5.10" . (...) -- (.not file.)

O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm

 

 

 

---\\ ShareTools MSconfig StartupReg (O53)

O53 - SMSR:HKLM\...\startupreg\Google Update [Key] . (.Google Inc. - Programme d'installation de Google.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

 

 

 

---\\ Microsoft Control Security Providers (O54)

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll

 

 

 

---\\ Microsoft Windows Policies System (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=

O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1

O55 - MWPS:[HKCU\...\Policies\System] - "DisableTaskMgr"=0

O55 - MWPS:[HKCU\...\Policies\System] - "DisableRegistryTools"=0

 

 

 

---\\ Microsoft Windows Policies Explorer (O56)

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=255

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=

O56 - MWPE:[HKCU\...\policies\Explorer] - "HonorAutoRunSetting"=1

O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=1

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=255

 

 

 

---\\ Liste des Drivers Système (O58)

O58 - SDL:[MD5.E4E13CE4C85C7E45A643BA54B8C8B16B] - 17/02/2004 - 15:38:30 ---A- . (.Adaptec, Inc. - Adaptec Win2K/XP/Server2003 Ultra320 SCSI Driver.) -- C:\WINDOWS\system32\drivers\adpu320.sys [132608]

O58 - SDL:[MD5.83D5419D0C68252244F9F48FB4394B38] - 08/07/2005 - 10:46:36 R--A- . (.ACARD Technology Corp. - Miniport driver for AEC6280.) -- C:\WINDOWS\system32\drivers\aec6280.sys [18816]

O58 - SDL:[MD5.1140AB9938809700B46BB88E46D72A96] - 17/08/2001 - 20:51:56 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\WINDOWS\system32\drivers\aliide.sys [5248]

O58 - SDL:[MD5.95B4FB835E28AA1336CEEB07FD5B9398] - 13/04/2008 - 19:36:39 ---A- . (.Advanced Micro Devices, Inc. - AMD Win2000 AGP Filter.) -- C:\WINDOWS\system32\drivers\amdagp.sys [43008]

O58 - SDL:[MD5.62D318E9A0C8FC9B780008E724283707] - 17/08/2001 - 20:52:00 ---A- . (.Advanced System Products, Inc. - AdvanSys SCSI Controller Driver.) -- C:\WINDOWS\system32\drivers\asc.sys [26496]

O58 - SDL:[MD5.5D8DE112AA0254B907861E9E9C31D597] - 17/08/2001 - 20:51:58 ---A- . (.Advanced System Products, Inc. - AdvanSys Ultra-Wide PCI SCSI Driver.) -- C:\WINDOWS\system32\drivers\asc3550.sys [14848]

O58 - SDL:[MD5.ED8CEE58C1E4C5893F5B2FD686A272BF] - 14/08/2002 - 14:03:36 ---A- . (.Adaptec - ASPI for WIN32 Kernel Driver.) -- C:\WINDOWS\system32\drivers\ASPI32.SYS [17005]

O58 - SDL:[MD5.CEA17AA4858BC39D4E60A7D8FF460FC0] - 05/08/2006 - 21:36:06 ---A- . (.ATI Technologies Inc. - ATI Radeon WindowsNT Miniport Driver.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys [1622016]

O58 - SDL:[MD5.1842B56B3D3F195C36F62708D266B95E] - 07/09/2006 - 12:37:22 ---A- . (.ATI Technologies Inc. - ATI SATA(IDE Mode) Controller Driver.) -- C:\WINDOWS\system32\drivers\atiide.sys [3456]

O58 - SDL:[MD5.5B44C214F9CD9F590BE9125347610380] - 17/06/2010 - 14:28:03 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver.) -- C:\WINDOWS\system32\drivers\avgntdd.sys [45416]

O58 - SDL:[MD5.47B879406246FFDCED59E18D331A0E7D] - 04/02/2011 - 12:09:08 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\WINDOWS\system32\drivers\avgntflt.sys [61960]

O58 - SDL:[MD5.87451AA7CC6B6A590EBCEA05E755075A] - 17/06/2010 - 14:28:03 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver Manager.) -- C:\WINDOWS\system32\drivers\avgntmgr.sys [22360]

O58 - SDL:[MD5.5FEDEF54757B34FB611B9EC8FB399364] - 01/04/2011 - 08:15:06 ---A- . (.Avira GmbH - Avira Driver for Security Enhancement.) -- C:\WINDOWS\system32\drivers\avipbb.sys [137656]

O58 - SDL:[MD5.F7E75C620A04963C9A53C3B47DA80405] - 11/09/2000 - 09:51:00 ---A- . (.Symantec Corporation - pcAnywhere Legacy Driver.) -- C:\WINDOWS\system32\drivers\AWLEGACY.sys [10816]

O58 - SDL:[MD5.7AB1047FCC742BD4ABF1016C031969CE] - 11/02/2002 - 09:51:00 ---A- . (.Symantec Corporation - pcAnywhere Host Driver for Windows 2000.) -- C:\WINDOWS\system32\drivers\AW_HOST5.sys [33496]

O58 - SDL:[MD5.28E36E677849174C910FAAEAD3E60E9E] - 21/01/2010 - 13:53:16 ---A- . (.Nokia - Nokia USB Phone Bus Driver.) -- C:\WINDOWS\system32\drivers\ccdcmb.sys [18048]

O58 - SDL:[MD5.3823DEB17F9F6775DE0187A98FA0536D] - 30/12/2009 - 10:30:48 ---A- . (.Nokia - Nokia USB Phone Bus Driver.) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys [22016]

O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 05/08/2004 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\drivers\cinemst2.sys [262528]

O58 - SDL:[MD5.E3726AD522D0BDAE090671048C991AB3] - 23/08/2001 - 16:04:44 ---A- . (.CMD Technology, Inc. - Pilote de bus PCI IDE CMD.) -- C:\WINDOWS\system32\drivers\cmdide.sys [6656]

O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 05/08/2004 - 13:00:00 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys [11776]

O58 - SDL:[MD5.E550E7418984B65A78299D248F0A7F36] - 17/08/2001 - 20:52:16 ---A- . (.Mylex Corporation - Mylex Disk Array Controller Driver.) -- C:\WINDOWS\system32\drivers\dac2w2k.sys [179584]

O58 - SDL:[MD5.1961F8B618E3C20DF54C146B294EFD2A] - 23/08/2001 - 18:12:50 ---A- . (.Intel Corporation - Pilote NDIS 5.) -- C:\WINDOWS\system32\drivers\e100b325.sys [117760]

O58 - SDL:[MD5.8182FF89C65E4D38B2DE4BB0FB18564E] - 18/05/2009 - 12:17:00 ---A- . (.GEAR Software Inc. - CD DVD Filter.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys [26600]

O58 - SDL:[MD5.BA294768509FA03FCFE766962DEE3CAD] - 09/10/2001 - 09:51:00 ---A- . (.Symantec Corporation - pcAnywhere AWUNREG Driver.) -- C:\WINDOWS\system32\drivers\GERNUWA.sys [14944]

O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 13/04/2008 - 17:36:05 ---A- . (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\drivers\hdaudbus.sys [144384]

O58 - SDL:[MD5.2A013E7530BEAB6E569FAA83F517E836] - 07/01/2005 - 16:07:16 ---A- . (.Windows ® Server 2003 DDK provider - High Definition Audio Function Driver v1.0a.) -- C:\WINDOWS\system32\drivers\Hdaudio.sys [145920]

O58 - SDL:[MD5.294110966CEDD127629C5BE48367C8CF] - 11/05/2006 - 10:30:52 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver.) -- C:\WINDOWS\system32\drivers\iaStor.sys [247808]

O58 - SDL:[MD5.3D2C13377763EEAC0CA6FB46F57217ED] - 29/05/2011 - 08:11:20 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbam.sys [22712]

O58 - SDL:[MD5.B309912717C29FC67E1BA4730A82B6DD] - 29/05/2011 - 08:11:30 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys [39984]

O58 - SDL:[MD5.3F4BB95E5A44F3BE34824E8E7CAF0737] - 17/08/2001 - 20:52:12 ---A- . (.American Megatrends Inc. - MegaRAID RAID Controller Driver for Windows Whistler 32.) -- C:\WINDOWS\system32\drivers\mraid35x.sys [17280]

O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 05/08/2004 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\nikedrv.sys [12032]

O58 - SDL:[MD5.496F34FB30DD541350B29558842CD42A] - 30/12/2009 - 10:25:12 ---A- . (.Nokia - Nokia USB Phone Bus Driver.) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys [137344]

O58 - SDL:[MD5.99FBB538789888E6A48B902417F68DD4] - 30/12/2009 - 10:25:12 ---A- . (.Nokia - Nokia USB Phone Generic Client.) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [8320]

O58 - SDL:[MD5.DAB162A9890D6E127357BAFDDA60B2E0] - 27/07/2004 - 02:12:40 ---A- . (.OEM - OXPCI Parallel Port Driver.) -- C:\WINDOWS\system32\drivers\oxpar.sys [24832]

O58 - SDL:[MD5.FB29BA96A0893516035E9100CDBEEFD8] - 16/05/2001 - 17:47:00 ---A- . (.OEM - OX16PCI954 Device Driver.) -- C:\WINDOWS\system32\drivers\parxport.sys [13608]

O58 - SDL:[MD5.FD2041E9BA03DB7764B2248F02475079] - 26/08/2008 - 08:26:12 ---A- . (.Nokia - PCCS Mode Change Filter Driver.) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys [18816]

O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 05/08/2004 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys [17792]

O58 - SDL:[MD5.0A63FB54039EB5662433CABA3B26DBA7] - 17/08/2001 - 20:52:20 ---A- . (.QLogic Corporation - Miniport Driver for QLogic ISP PCI Adapters.) -- C:\WINDOWS\system32\drivers\ql1080.sys [40320]

O58 - SDL:[MD5.156ED0EF20C15114CA097A34A30D8A01] - 17/08/2001 - 20:52:20 ---A- . (.QLogic Corporation - Miniport Driver for QLogic ISP PCI Adapters.) -- C:\WINDOWS\system32\drivers\ql12160.sys [45312]

O58 - SDL:[MD5.907F0AEEA6BC451011611E732BD31FCF] - 17/08/2001 - 20:52:18 ---A- . (.QLogic Corporation - Miniport Driver for QLogic ISP PCI Adapters.) -- C:\WINDOWS\system32\drivers\ql1280.sys [49024]

O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 05/08/2004 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers\rio8drv.sys [12032]

O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 05/08/2004 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\riodrv.sys [12032]

O58 - SDL:[MD5.909D03B3B7FB7C830B74F74F4D0EA7CE] - 28/06/2006 - 15:25:24 ---A- . (.Realtek Semiconductor Corp. - Realtek® High Definition Audio Function Driver.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys [4304384]

O58 - SDL:[MD5.C8B370B2B520AC1B8BC66203FCEC73DB] - 31/08/2006 - 10:54:44 ---A- . (.Realtek Semiconductor Corporation - Realtek 10/100/1000 NDIS 5.1 Driver.) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys [81280]

O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/11/2007 - 11:25:54 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\secdrv.sys [20480]

O58 - SDL:[MD5.AEBBA7428A6C40CCE3C5ABDE45190B24] - 17/12/2002 - 04:41:10 ---A- . (.Rainbow Technologies, Inc. - Sentinel System Driver (NT Parallel driver).) -- C:\WINDOWS\system32\drivers\sentinel.sys [76288]

O58 - SDL:[MD5.6B33D0EBD30DB32E27D1D78FE946A754] - 13/04/2008 - 19:36:39 ---A- . (.Silicon Integrated Systems Corporation - SiS NT AGP Filter.) -- C:\WINDOWS\system32\drivers\sisagp.sys [40960]

O58 - SDL:[MD5.A1FF7D99B199CEA1F3DF371BA70D2780] - 17/12/2002 - 04:41:10 ---A- . (.Rainbow Technologies Inc. - Rainbow Technologies Sentinel Device Driver.) -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS [26120]

O58 - SDL:[MD5.53C9845BA14BC6DD01F65DA4CA9CC898] - 02/04/2003 - 15:06:58 ---A- . (.Sunix - PCI Multi I/O Card Driver.) -- C:\WINDOWS\system32\drivers\snxpcard.sys [20864]

O58 - SDL:[MD5.94E241365F6FC4B35D2740C4B90DE591] - 07/04/2003 - 09:37:58 ---A- . (.Sunix - PCI Multi I/O Parallel Port Driver.) -- C:\WINDOWS\system32\drivers\snxppalx.sys [75264]

O58 - SDL:[MD5.83C0F71F86D3BDAF915685F3D568B20E] - 17/08/2001 - 21:07:44 ---A- . (.Adaptec, Inc. - Adaptec AIC-6x60 series SCSI miniport.) -- C:\WINDOWS\system32\drivers\sparrow.sys [19072]

O58 - SDL:[MD5.A36EE93698802CD899F98BFD553D8185] - 17/06/2010 - 14:28:02 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\system32\drivers\ssmdrv.sys [28520]

O58 - SDL:[MD5.1FF3217614018630D0A6758630FC698C] - 17/08/2001 - 21:07:34 ---A- . (.Symbios Logic Inc. - Symbios Logic Inc. SCSI Miniport Driver.) -- C:\WINDOWS\system32\drivers\symc810.sys [16256]

O58 - SDL:[MD5.070E001D95CF725186EF8B20335F933C] - 17/08/2001 - 21:07:36 ---A- . (.LSI Logic - Symbios 8XX SCSI Miniport Driver.) -- C:\WINDOWS\system32\drivers\symc8xx.sys [32640]

O58 - SDL:[MD5.AFDCF8008D0FFE23F42071C1540F35E7] - 18/09/2001 - 19:25:48 ---A- . (.Symantec Corporation - Symantec Event Library.) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS [57968]

O58 - SDL:[MD5.80AC1C4ABBE2DF3B738BF15517A51F2C] - 17/08/2001 - 21:07:40 ---A- . (.LSI Logic - Symbios Hi-Perf SCSI Miniport Driver.) -- C:\WINDOWS\system32\drivers\sym_hi.sys [28384]

O58 - SDL:[MD5.BF4FAB949A382A8E105F46EBB4937058] - 17/08/2001 - 21:07:42 ---A- . (.LSI Logic - Symbios Ultra3 SCSI Miniport Driver.) -- C:\WINDOWS\system32\drivers\sym_u3.sys [30688]

O58 - SDL:[MD5.D74A8EC75305F1D3CFDE7C7FC1BD62A9] - 05/08/2004 - 13:00:00 ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\drivers\tsbvcap.sys [21376]

O58 - SDL:[MD5.1B698A51CD528D8DA4FFAED66DFC51B9] - 17/08/2001 - 20:52:22 ---A- . (.Promise Technology, Inc. - Gestionnaire de miniport ULTRA66 de Promise.) -- C:\WINDOWS\system32\drivers\ultra.sys [36736]

O58 - SDL:[MD5.5C2BDC152BBAB34F36473DEAF7713F22] - 28/09/2010 - 15:44:52 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\WINDOWS\system32\drivers\usbaapl.sys [41984]

O58 - SDL:[MD5.B1B8BEE26227DAD9835019201552CB05] - 30/12/2009 - 10:30:48 ---A- . (.Nokia - Filter Driver for Nokia USB Phone Bus Driver.) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys [7936]

O58 - SDL:[MD5.98E1FF1D732C6C7200B6C59D4FF8C1C3] - 30/12/2009 - 10:30:56 ---A- . (.Nokia - Filter Driver for Nokia USB Phone Bus Driver.) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys [7936]

O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 05/08/2004 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys [58112]

O58 - SDL:[MD5.1C8A783E90C34D205596F1AB4A97E261] - 24/07/2008 - 23:29:16 ---A- . (...) -- C:\WINDOWS\system32\drivers\vsb.sys [15264]

O58 - SDL:[MD5.3377DAA1CB8CAC46A538C236F5F3D58F] - 24/07/2008 - 23:29:16 ---A- . (...) -- C:\WINDOWS\system32\drivers\vserial.sys [47744]

O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]

O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]

O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]

O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]

O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]

O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]

O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]

O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]

O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]

O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]

O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]

O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]

O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]

O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]

O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]

 

 

 

---\\ Liste des outils de nettoyage (O63)

O63 - Logiciel: Ad-Remover par C_XX - (.C_XX.) [HKLM] -- Ad-Remover

O63 - Logiciel: ZHPDiag 1.27 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1

O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}

O63 - Logiciel: RSIT - (.random/random.)

O63 - Logiciel: ToolsCleaner - (.A.Rothstein & dj QUIOU.)

 

 

 

---\\ Liste des services Legacy (O64)

O64 - Services: CurCS - 07/05/2002 - C:\Program Files\PROGRESS\bin\AdmSrvc.exe - AdminService for PROGRESS 9.1D (AdminService9.1D) .(...) - LEGACY_ADMINSERVICE9.1D

O64 - Services: CurCS - 08/07/2005 - C:\WINDOWS\System32\DRIVERS\aec6280.sys - aec6280(aec6280) .(.ACARD Technology Corp. - Miniport driver for AEC6280.) - LEGACY_AEC6280

O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\aliide.sys - No object(No service) .(.Acer Laboratories Inc. - ALi mini IDE Driver.) - LEGACY_ALIIDE

O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\System32\DRIVERS\amdagp.sys - Pilote de filtre du bus AMD AGP(amdagp) .(.Advanced Micro Devices, Inc. - AMD Win2000 AGP Filter.) - LEGACY_AMDAGP

O64 - Services: CurCS - ??/??/???? - C:\WINDOWS\TEMP\wppkgx\setup.exe (.not file.) - AMService (AMService) .(...) - LEGACY_AMSERVICE

O64 - Services: CurCS - 28/04/2011 - C:\Program Files\Avira\AntiVir Desktop\sched.exe - Avira AntiVir Planificateur(AntiVirSchedulerService) .(.Avira GmbH - Antivirus Scheduler.) - LEGACY_ANTIVIRSCHEDULERSERVICE

O64 - Services: CurCS - 01/04/2011 - C:\Program Files\Avira\AntiVir Desktop\avguard.exe - Avira AntiVir Guard(AntiVirService) .(.Avira GmbH - Antivirus On-Access Service.) - LEGACY_ANTIVIRSERVICE

O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\asc.sys - No object(No service) .(.Advanced System Products, Inc. - AdvanSys SCSI Controller Driver.) - LEGACY_ASC

O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\asc3550.sys - No object(No service) .(.Advanced System Products, Inc. - AdvanSys Ultra-Wide PCI SCSI Driver.) - LEGACY_ASC3550

O64 - Services: CurCS - 17/06/2010 - C:\Program Files\Avira\AntiVir Desktop\avgio.sys - avgio(avgio) .(.Avira GmbH - Avira AntiVir Support for Minifilter.) - LEGACY_AVGIO

O64 - Services: CurCS - 04/02/2011 - C:\WINDOWS\System32\DRIVERS\avgntflt.sys - avgntflt(avgntflt) .(.Avira GmbH - Avira Minifilter Driver.) - LEGACY_AVGNTFLT

O64 - Services: CurCS - 01/04/2011 - C:\WINDOWS\System32\DRIVERS\avipbb.sys - avipbb(avipbb) .(.Avira GmbH - Avira Driver for Security Enhancement.) - LEGACY_AVIPBB

O64 - Services: CurCS - 11/09/2000 - C:\WINDOWS\system32\Drivers\awlegacy.sys - awlegacy(awlegacy) .(.Symantec Corporation - pcAnywhere Legacy Driver.) - LEGACY_AWLEGACY

O64 - Services: CurCS - 23/08/2001 - C:\WINDOWS\system32\DRIVERS\cmdide.sys - No object(No service) .(.CMD Technology, Inc. - Pilote de bus PCI IDE CMD.) - LEGACY_CMDIDE

O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\dac2w2k.sys - No object(No service) .(.Mylex Corporation - Mylex Disk Array Controller Driver.) - LEGACY_DAC2W2K

O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\System32\dmadmin.exe - Service d'administration du Gestionnaire de disque logique(dmadmin) .(.Microsoft Corp., Veritas Software - Processus du service Gestionnaire de disque.) - LEGACY_DMADMIN

O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\System32\drivers\dmboot.sys - dmboot(dmboot) .(.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disq.) - LEGACY_DMBOOT

O64 - Services: CurCS - 05/08/2004 - C:\WINDOWS\System32\drivers\dmload.sys - dmload(dmload) .(.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) - LEGACY_DMLOAD

O64 - Services: CurCS - 17/11/2004 - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe - EpsonBidirectionalService(EpsonBidirectionalService) .(.SEIKO EPSON CORPORATION - eEBAPI Core Process module.) - LEGACY_EPSONBIDIRECTIONALSERVICE

O64 - Services: CurCS - 14/08/2002 - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe - GhostStartService(GhostStartService) .(.Symantec Corporation - Norton Ghost Start.) - LEGACY_GHOSTSTARTSERVICE

O64 - Services: CurCS - 14/08/2002 - C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys - GhostPciScanner(GhPciScan) .(.Symantec Corporation - Symantec Ghost PCI Scanner Kernal Mode Driv.) - LEGACY_GHPCISCAN

O64 - Services: CurCS - 19/03/2009 - C:\Program Files\Google\Update\GoogleUpdate.exe - Service Google Update (gupdate1c9a8607c225e66)(gupdate1c9a8607c225e66) .(.Google Inc. - Programme d'installation de Google.) - LEGACY_GUPDATE1C9A8607C225E66

O64 - Services: CurCS - 11/05/2006 - C:\WINDOWS\system32\DRIVERS\iaStor.sys - No object(No service) .(.Intel Corporation - Intel Matrix Storage Manager driver.) - LEGACY_IASTOR

O64 - Services: CurCS - 24/07/2010 - C:\Program Files\Java\jre6\bin\jqs.exe - Java Quick Starter(JavaQuickStarterService) .(.Oracle - Java Quick Starter Service.) - LEGACY_JAVAQUICKSTARTERSERVICE

O64 - Services: CurCS - 29/05/2011 - C:\WINDOWS\system32\drivers\mbam.sys - MBAMProtector(MBAMProtector) .(.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) - LEGACY_MBAMPROTECTOR

O64 - Services: CurCS - 29/05/2011 - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe - MBAMService(MBAMService) .(.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) - LEGACY_MBAMSERVICE

O64 - Services: CurCS - 29/05/2011 - C:\WINDOWS\system32\drivers\mbamswissarmy.sys - MBAMSwissArmy(MBAMSwissArmy) .(.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) - LEGACY_MBAMSWISSARMY

O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\mraid35x.sys - No object(No service) .(.American Megatrends Inc. - MegaRAID RAID Controller Driver for Windows.) - LEGACY_MRAID35X

O64 - Services: CurCS - 15/06/2008 - C:\Program Files\CDBurnerXP\NMSAccessU.exe - NMSAccessU (NMSAccessU) .(...) - LEGACY_NMSACCESSU

O64 - Services: CurCS - 21/06/2011 - C:\Documents and Settings\NetworkService\Local Settings\Application Data\NVIDIA Corporation\Update\daemonupd.exe - NVIDIA Update Service (nvUpdService) .(...) - LEGACY_NVUPDSERVICE

O64 - Services: CurCS - 16/05/2001 - C:\WINDOWS\System32\DRIVERS\parxport.sys - PCI Parallel Driver(PARXPORT) .(.OEM - OX16PCI954 Device Driver.) - LEGACY_PARXPORT

O64 - Services: CurCS - ??/??/???? - C:\portmon\PORTMsys.sys (.not file.) - PORTMON (PORTMON) .(...) - LEGACY_PORTMON

O64 - Services: CurCS - 07/05/2002 - C:\Program Files\PROGRESS\bin\ProSrvc.exe - ProService for 9.1D(ProService9.1D) .(.Progress Software - ProSrvc.) - LEGACY_PROSERVICE9.1D

O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\ql1080.sys - No object(No service) .(.QLogic Corporation - Miniport Driver for QLogic ISP PCI Adapters.) - LEGACY_QL1080

O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\ql12160.sys - No object(No service) .(.QLogic Corporation - Miniport Driver for QLogic ISP PCI Adapters.) - LEGACY_QL12160

O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\ql1280.sys - No object(No service) .(.QLogic Corporation - Miniport Driver for QLogic ISP PCI Adapters.) - LEGACY_QL1280

O64 - Services: CurCS - 17/12/2002 - C:\WINDOWS\system32\Drivers\SENTINEL.sys - Sentinel(Sentinel) .(.Rainbow Technologies, Inc. - Sentinel System Driver (NT Parallel driver).) - LEGACY_SENTINEL

O64 - Services: CurCS - 26/01/2010 - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe - ServiceLayer(ServiceLayer) .(.Nokia - ServiceLayer Module.) - LEGACY_SERVICELAYER

O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\System32\DRIVERS\sisagp.sys - Filtre de bus AGP SIS(sisagp) .(.Silicon Integrated Systems Corporation - SiS NT AGP Filter.) - LEGACY_SISAGP

O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\sparrow.sys - No object(No service) .(.Adaptec, Inc. - Adaptec AIC-6x60 series SCSI miniport.) - LEGACY_SPARROW

O64 - Services: CurCS - 17/06/2010 - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys - ssmdrv(ssmdrv) .(.Avira GmbH - AVIRA SnapShot Driver.) - LEGACY_SSMDRV

O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\symc810.sys - No object(No service) .(.Symbios Logic Inc. - Symbios Logic Inc. SCSI Miniport Driver.) - LEGACY_SYMC810

O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\symc8xx.sys - No object(No service) .(.LSI Logic - Symbios 8XX SCSI Miniport Driver.) - LEGACY_SYMC8XX

O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\sym_hi.sys - No object(No service) .(.LSI Logic - Symbios Hi-Perf SCSI Miniport Driver.) - LEGACY_SYM_HI

O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\sym_u3.sys - No object(No service) .(.LSI Logic - Symbios Ultra3 SCSI Miniport Driver.) - LEGACY_SYM_U3

O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\ultra.sys - No object(No service) .(.Promise Technology, Inc. - Gestionnaire de miniport ULTRA66 de Promise.) - LEGACY_ULTRA

 

 

 

---\\ File Associations Shell Spawning (O67)

O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll

O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe

O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe

O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll

O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe

 

 

 

---\\ Start Menu Internet (O68)

O68 - StartMenuInternet: <chrome.exe> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O68 - StartMenuInternet: <Safari.exe> <Safari>[HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files\Safari\Safari.exe

 

 

 

---\\ Search Browser Infection (O69)

O69 - SBI: SearchScopes [HKCU] ${searchCLSID} [DefaultScope] - (@ieframe.dll,-12512) - Bing

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - Bing

O69 - SBI: SearchScopes [HKCU] {5DFDB09F-B822-4173-B2B8-4A1DD0142722} - (Google) - Google

O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - Google

O69 - SBI: SearchScopes [HKCU] {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} - (MyStart Rechercher) - http://mystart.incredimail.com

 

 

 

---\\ Internet Feature Controls (O81)

O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe

O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe

 

 

 

---\\ Scan Additionnel (O88)

Database Version : 8434 - (22/06/2011)

Clés trouvées (Keys found) : 4

Valeurs trouvées (Values found) : 0

Dossiers trouvés (Folders found) : 0

Fichiers trouvés (Files found) : 0

 

[HKLM\Software\Classes\CLSID\{0101014E-D958-4d10-82A1-9195E2220B66}] =>Trojan.Rimecud

[HKLM\Software\Classes\Interface\{33733BAF-6BFE-4F83-9A89-69B2C49CF843}] =>Trojan.Rimecud

[HKLM\SYSTEM\CurrentControlSet\Services\AMService] =>Spyware.Passwords

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Toolbar] =>Toolbar.Conduit

 

 

 

---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)

SR - | Auto 07/05/2002 20480 | AdminService for PROGRESS 9.1D (AdminService9.1D) . (...) - C:\Program Files\PROGRESS\bin\AdmSrvc.exe

SS - | Auto 07/05/2002 0 | (AMService) . (...) - C:\WINDOWS\TEMP\wppkgx\setup.exe

SR - | Auto 28/04/2011 136360 | (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe

SR - | Auto 01/04/2011 269480 | (AntiVirService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

SR - | Auto 16/10/2010 37664 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe

SR - | Auto 05/08/2006 401408 | (Ati HotKey Poller) . (.ATI Technologies Inc..) - C:\WINDOWS\system32\Ati2evxx.exe

SS - | Demand 15/02/2002 114749 | (awhost32) . (.Symantec Corporation.) - C:\Program Files\Symantec\pcAnywhere\awhost32.exe

SR - | Auto 07/10/2010 345376 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe

SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\System32\dmadmin.exe

SR - | Auto 17/11/2004 90112 | (EpsonBidirectionalService) . (.SEIKO EPSON CORPORATION.) - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe

SR - | Auto 14/08/2002 200704 | (GhostStartService) . (.Symantec Corporation.) - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

SS - | Auto 19/03/2009 133104 | (gupdate1c9a8607c225e66) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe

SS - | Demand 19/03/2009 133104 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe

SR - | Demand 17/11/2010 820008 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe

SR - | Auto 24/07/2010 153376 | (JavaQuickStarterService) . (.Oracle.) - C:\Program Files\Java\jre6\bin\jqs.exe

SR - | Auto 29/05/2011 366640 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

SR - | Auto 15/06/2008 71096 | (NMSAccessU) . (...) - C:\Program Files\CDBurnerXP\NMSAccessU.exe

SR - | Auto 21/06/2011 19456 | (nvUpdService) . (...) - C:\Documents and Settings\NetworkService\Local Settings\Application Data\NVIDIA Corporation\Update\daemonupd.exe

SS - | Demand 07/05/2002 126976 | ProService for 9.1D (ProService9.1D) . (.Progress Software.) - C:\Program Files\PROGRESS\bin\ProSrvc.exe

SS - | Demand 26/01/2010 652800 | (ServiceLayer) . (.Nokia.) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

 

 

 

---\\ Recherche Master Boot Record Infection (MBR)(O80)

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover

Run by Administrateur at 24/06/2011 13:15:51

 

device: opened successfully

user: MBR read successfully

 

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys atiide.sys

C:\WINDOWS\system32\drivers\atiide.sys ATI Technologies Inc. ATI SATA(IDE Mode) Controller Driver

1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x85583AB8]

3 CLASSPNP[0xF7522FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000070[0x85593F18]

5 ACPI[0xF73A8620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Ide\IdeDeviceP2T0L0-3[0x8558CD98]

kernel: MBR read successfully

user & kernel MBR OK

 

 

 

---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)

Written by ad13, http://ad13.geekstog

Run by Administrateur at 24/06/2011 13:15:53

 

********* Dump file Name *********cc

C:\PhysicalDisk0_MBR.bin

 

 

 

End of the scan (1353 lines in 03mn 51s)(0)

 

 

La machine se comporte nikel.

Ya pas mal de lecture sympa sur ton site en tout cas j’étais un peu septique quand à l'utilisation du gestionnaire de mot de passe du fait que si quelqu'un y accède il a accès à tout (attaque par dictionnaire,brute Force ou autre) qu'en pense tu?

En tous cas je te remercie de ton aide.

Petite question que l'on a du déjà te posé comment fais ton pour rejoindre une équipe d'helper sachant que je suis en train de finir la formation sur "Helper Formation"? donc je connais les bases par contre la pratique me manque.

[Apollo]

Re,

 

Un bon gestionnaire de mp doit s'arrêter seul au bout d'un temps déterminé par le proprio du pc; il faut évidement le mot de passe principal pour réactiver les logiciel sinon il est inaccessible.

Je te défie d'entrer dans mon Kaspersky password Manager quand celui-ci est désactivé (au bout de 10 minutes)

 

Un tuto pour le gratuit: PC Astuces - Mettre ses mots de passe en lieu sûr

 

Si tu as des bases de connaissances pour aider à désinfecter, la meilleure chose est l'observation des procédures conseillées sur les bons forums.

 

Un mauvais forum est celui où tout le monde vient donner son avis dans les sujets aussi délicats que la désinfection; car il y a des phénomènes hein!

 

ZHPFix :

 

• Ferme toutes les applications ouvertes
   
  
• Double-clique sur ZHPFix, raccourci installé par ZHPDiag sur le Bureau
  Important:
  Sous Vista et Windows 7 : il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur.
   
  
• Clique sur H .
   
  
• Copie-colle les lignes ci-dessous dans la fenêtre

 

O4 - HKUS\S-1-5-18\..\Run: [AMService] C:\WINDOWS\TEMP\wppkgx\setup.exe (.not file.)    
O23 - Service: AMService (AMService) . (...) - C:\WINDOWS\TEMP\wppkgx\setup.exe (.not file.)  
O64 - Services: CurCS - ??/??/???? - C:\WINDOWS\TEMP\wppkgx\setup.exe (.not file.) - AMService (AMService) .(...) - LEGACY_AMSERVICE   
O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe    
O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe    
[HKLM\SYSTEM\CurrentControlSet\Services\AMService]     
SS - | Auto 07/05/2002 0 | (AMService) . (...) - C:\WINDOWS\TEMP\wppkgx\setup.exe   
emptytemp
emptyflash   

 

• Clique sur l'icone représentant la lettre H (« coller les lignes Helper »). Le script doit automatiquement apparaitre dans ZHPFix, sinon, colle-le.
   
  Clique sur le bouton GO pour lancer le nettoyage

 

• Valide par Oui la désinstallation des programmes si demandé
   
  
• Laisse l'outil travailler. Si un redémarrage est demandé, accepte et redémarre le PC
   
  
• Le rapport ZHPFixReport.txt s'affiche. Copie-colle le contenu de ce rapport dans ta réponse.
  Le rapport ZHPFixReport.txt est enregistré sous C:\Program files\ZHPFix\ZHPFixReport.txt

 

 

@++