Posez votre question Signaler

Téléchargement de fichiers exe bloqués!

lewis - Dernière réponse le 1 févr. 2009 à 09:23
Bonjour,
j'arrive pas à télécharger des fichiers exe dans mon PC windows XP, pour lancer messeger par ex. Un message s'affiche" telechargement impossible à cause de la politik de sécurité" je comprends rien à cela, j'ai meme changé des trucs dans la zone de sécurité mais rien. SVP aidez moi je suis novice en ordi....merci
Windows XP
Lire la suite 
Réponse
+0
moins plus
Bonjour,

pour contourner ce blocage, il faut télécharger sur un autre ordi et recopier sur l'ordi infecté avec une clé USB (ou avec un CD réinscriptible ce qui est plus sécurisé).

Commence par ceci :

Télécharge Rooter de l'équipe IDN sur ton bureau :
http://eric.71.mespages.googlepages.com/Rooter.exe

! Déconnecte toi d'internet et ferme toutes applications en cours !


* Exécute Rooter et laisse travailler l'outil .

* Une fois terminé, poste le rapport obtenu pour analyse ...
Ryan- 16 janv. 2009 à 11:41
bjr..
j'ai essayé de télécharger le lien que u m'as donné....la meme choz..téléchargement bloqué à cause de la politique de sécurité..je sais vraiment plus koi faire.....
Répondre
Ajouter un commentaire
Réponse
+0
moins plus
Re,

pour contourner ce blocage, il faut télécharger sur un autre ordi et recopier sur l'ordi infecté avec une clé USB (ou avec un CD réinscriptible ce qui est plus sécurisé).
lewis- 19 janv. 2009 à 11:55
D'accord...merci pour tout...je vais m'y atteler de suite....
Répondre
lewis- 22 janv. 2009 à 15:09
Bjr... J'ai eu des soucis avec ma connection..pour mon pb voici le rapport après lancement de rooter

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
BIOS : Ver 1.00PARTTBL
USER : PATCHELYS ( Administrator )
BOOT : Normal boot

Antivirus : ESET NOD32 antivirus system 2.70 2.70 (Activated)
Firewall : BitDefender Internet Security v10 7.2 (Not Activated)

C:\ (Local Disk) - NTFS - Total:20 Go (Free:0 Go)
D:\ (Local Disk) - NTFS - Total:35 Go (Free:0 Go)
E:\ (CD or DVD) - UDF - Total:4 Go (Free:0 Go)
F:\ (USB) - FAT32 - Total:487 Mo (Free:0 Go)

22/01/2009|15:03

----------------------\\ Search..

C:\WINDOWS\system32\oqstv.bak1
C:\WINDOWS\system32\oqstv.bak2
C:\WINDOWS\system32\oqstv.ini
C:\WINDOWS\system32\oqstv.ini2
C:\WINDOWS\system32\oqstv.tmp
C:\WINDOWS\system32\llnmp.ini
C:\WINDOWS\system32\llnmp.ini2
[b]==> VUNDO <==/b

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.116.69 85.255.112.110
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.116.69 85.255.112.110
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.116.69 85.255.112.110
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{4573747A-2591-4754-83CD-7A76B78CD3CE}]
DhcpNameServer REG_SZ 85.255.116.69,85.255.112.110
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{E27A645F-203E-4994-A34B-F9DEB52AB4EE}]
DhcpNameServer REG_SZ 85.255.116.69,85.255.112.110
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\..\{4573747A-2591-4754-83CD-7A76B78CD3CE}]
DhcpNameServer REG_SZ 85.255.116.69,85.255.112.110
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\..\{E27A645F-203E-4994-A34B-F9DEB52AB4EE}]
DhcpNameServer REG_SZ 85.255.116.69,85.255.112.110
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{4573747A-2591-4754-83CD-7A76B78CD3CE}]
DhcpNameServer REG_SZ 85.255.116.69,85.255.112.110
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{E27A645F-203E-4994-A34B-F9DEB52AB4EE}]
DhcpNameServer REG_SZ 85.255.116.69,85.255.112.110
[b]==> WAREOUT <==/b

----------------------\\ Rogues..

C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2006
C:\DOCUME~1\PATCHE~1\APPLIC~1\WinAntiVirus Pro 2006
C:\PROGRA~1\FICHIE~1\WinAntiVirus Pro 2006
C:\PROGRA~1\WinAntiVirus Pro 2006

----------------------\\ Cracks & Keygens..

C:\DOCUME~1\PATCHE~1\Recent\crack.lnk


1 - "C:\Rooter$\Rooter_1.txt" - 22/01/2009|15:04

----------------------\\ Scan completed at 15:04
Répondre
Ajouter un commentaire
Réponse
+0
moins plus
Bonjour,

OK, je suis là.
lewis- 22 janv. 2009 à 15:12
J'ai eu des soucis avec ma connection et mon ordi aussi beuguait..voici le rapport après lancement de rooter...comment faire?

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
BIOS : Ver 1.00PARTTBL
USER : PATCHELYS ( Administrator )
BOOT : Normal boot

Antivirus : ESET NOD32 antivirus system 2.70 2.70 (Activated)
Firewall : BitDefender Internet Security v10 7.2 (Not Activated)

C:\ (Local Disk) - NTFS - Total:20 Go (Free:0 Go)
D:\ (Local Disk) - NTFS - Total:35 Go (Free:0 Go)
E:\ (CD or DVD) - UDF - Total:4 Go (Free:0 Go)
F:\ (USB) - FAT32 - Total:487 Mo (Free:0 Go)

22/01/2009|15:03

----------------------\\ Search..

C:\WINDOWS\system32\oqstv.bak1
C:\WINDOWS\system32\oqstv.bak2
C:\WINDOWS\system32\oqstv.ini
C:\WINDOWS\system32\oqstv.ini2
C:\WINDOWS\system32\oqstv.tmp
C:\WINDOWS\system32\llnmp.ini
C:\WINDOWS\system32\llnmp.ini2
[b]==> VUNDO <==/b

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.116.69 85.255.112.110
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.116.69 85.255.112.110
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.116.69 85.255.112.110
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{4573747A-2591-4754-83CD-7A76B78CD3CE}]
DhcpNameServer REG_SZ 85.255.116.69,85.255.112.110
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{E27A645F-203E-4994-A34B-F9DEB52AB4EE}]
DhcpNameServer REG_SZ 85.255.116.69,85.255.112.110
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\..\{4573747A-2591-4754-83CD-7A76B78CD3CE}]
DhcpNameServer REG_SZ 85.255.116.69,85.255.112.110
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\..\{E27A645F-203E-4994-A34B-F9DEB52AB4EE}]
DhcpNameServer REG_SZ 85.255.116.69,85.255.112.110
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{4573747A-2591-4754-83CD-7A76B78CD3CE}]
DhcpNameServer REG_SZ 85.255.116.69,85.255.112.110
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{E27A645F-203E-4994-A34B-F9DEB52AB4EE}]
DhcpNameServer REG_SZ 85.255.116.69,85.255.112.110
[b]==> WAREOUT <==/b

----------------------\\ Rogues..

C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2006
C:\DOCUME~1\PATCHE~1\APPLIC~1\WinAntiVirus Pro 2006
C:\PROGRA~1\FICHIE~1\WinAntiVirus Pro 2006
C:\PROGRA~1\WinAntiVirus Pro 2006

----------------------\\ Cracks & Keygens..

C:\DOCUME~1\PATCHE~1\Recent\crack.lnk


1 - "C:\Rooter$\Rooter_1.txt" - 22/01/2009|15:04

----------------------\\ Scan completed at 15:04
Répondre
Ajouter un commentaire
Réponse
+0
moins plus
Re,

Vundo + DNSChanger + Rogue.

Peux tu faire ça :

1) Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

2) Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton Bureau à partir de ce lien :

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

3) A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.

4) Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.

5) Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.

6) MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue. La fenêtre principale de MBAM s'affiche :

7) Dans l'onglet analyse, vérifie que "Exécuter une analyse rapide" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.

8) MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.

9) A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.

10) Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

11) MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)

12) Ferme MBAM en cliquant sur Quitter.

13) Poste le rapport dans ta réponse
lewis- 22 janv. 2009 à 15:34
ok à tt à l'heure...
Répondre
lewis- 22 janv. 2009 à 16:22
voici le rapport..j'ai cliqué sur "suppression" et redémarré l'ordi comme ça l'indiquait...

Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1678
Windows 5.1.2600 Service Pack 2

22/01/2009 16:14:17
mbam-log-2009-01-22 (16-14-17).txt

Type de recherche: Examen rapide
Eléments examinés: 66291
Temps écoulé: 18 minute(s), 22 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 61
Valeur(s) du Registre infectée(s): 10
Elément(s) de données du Registre infecté(s): 9
Dossier(s) infecté(s): 15
Fichier(s) infecté(s): 40

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{056c9107-bc82-4f2c-b79c-d05dada7c5a2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{056c9107-bc82-4f2c-b79c-d05dada7c5a2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49d63e18-33b1-46f2-82c2-39431fb94794} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebbaww (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{49d63e18-33b1-46f2-82c2-39431fb94794} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ba0bacb5-fc95-451e-94d2-4959ab0949d2} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{49d63e18-33b1-46f2-82c2-39431fb94794} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ba0bacb5-fc95-451e-94d2-4959ab0949d2} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f2bada0d-fd61-45ef-a994-64a073fd6613} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178f3fb-2560-458f-bdee-631e2fe0dfe4} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b5141620-c2b2-4d95-9f0f-134d99c87ab0} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba0bacb5-fc95-451e-94d2-4959ab0949d2} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\multimedia software (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{dabf362d-d442-4402-9208-ca9ed70dd01e} (Adware.Advantage) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ac3a9ef-c0f8-41d4-b4e2-b7cebb794151} (Adware.Advantage) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{862def42-89aa-49fa-ae1f-8a84b1b08a17} (Adware.Advantage) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f6e4845d-1d13-4bc0-942d-b9191524cc48} (Adware.Advantage) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{602d9049-b4ac-4a25-bf75-a9b54d747cba} (Adware.Advantage) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8baf1854-f49f-487f-b4cc-2bd30ea16ad6} (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6640d4aa-bc85-465d-a5fc-b45fa49183df} (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{80d8f922-cebb-4476-b2a6-0264a711e523} (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{d76d7128-4a96-11d3-bd95-d296dc2dd072} (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{82f2e220-92e8-11d3-9a1d-f2a67fd05a28} (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8e203240-537d-11d3-bd8c-000000000000} (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d76d7129-4a96-11d3-bd95-d296dc2dd072} (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d76d712b-4a96-11d3-bd95-d296dc2dd072} (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d76d712c-4a96-11d3-bd95-d296dc2dd072} (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d76d712e-4a96-11d3-bd95-d296dc2dd072} (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{a8561640-e93c-11d3-ac3b-ce6078f7b616} (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{65418922-15d8-11d4-9a1f-928ff56cbe2b} (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a8561641-e93c-11d3-ac3b-ce6078f7b616} (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a8561642-e93c-11d3-ac3b-ce6078f7b616} (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a8561647-e93c-11d3-ac3b-ce6078f7b616} (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{dcc46394-4b19-11d3-bd95-d426ef2c7949} (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{dcc463a0-4b19-11d3-bd95-d426ef2c7949} (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dcc463a1-4b19-11d3-bd95-d426ef2c7949} (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\aldd (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Online Add-on (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\VideoAXObject.Chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoPl.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fopn (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DomainService (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c4a88266 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmc79bb1fa (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{49d63e18-33b1-46f2-82c2-39431fb94794} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\some (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\user32.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootStera (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.69 85.255.112.110 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4573747a-2591-4754-83cd-7a76b78cd3ce}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.69,85.255.112.110 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e27a645f-203e-4994-a34b-f9deb52ab4ee}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.69,85.255.112.110 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.69 85.255.112.110 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4573747a-2591-4754-83cd-7a76b78cd3ce}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.69,85.255.112.110 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e27a645f-203e-4994-a34b-f9deb52ab4ee}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.69,85.255.112.110 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.69 85.255.112.110 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4573747a-2591-4754-83cd-7a76b78cd3ce}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.69,85.255.112.110 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{e27a645f-203e-4994-a34b-f9deb52ab4ee}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.69,85.255.112.110 -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Video Add-on (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Advantage (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302} (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\videosoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\videosoft\Shared Files (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\PATCHELYS\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\PATCHELYS\Application Data\WinAntiVirus Pro 2006\Logs (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\qoqhaxsb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gebbaww.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiVirus Pro 2006\msvcp71.dll (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\WinAntiVirus Pro 2006\msvcr71.dll (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006\err.log (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Video Add-on\uninst.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\AdVantage.db (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\AdVantage.htm (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\AdVUninst.exe (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\ffext.mod (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\TR.dll (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\user.db (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome.manifest (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.js (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.rdf (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\advantage.png (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\contents.rdf (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.js (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.xul (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\vssver2.scc (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\overlay.dtd (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\vssver2.scc (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\videosoft\Shared Files\ViewRep7.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\videosoft\Shared Files\Vsflex7.ocx (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\videosoft\Shared Files\VSPRINT7.ocx (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\videosoft\Shared Files\VSStr7.ocx (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\PATCHELYS\Application Data\WinAntiVirus Pro 2006\PGE.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\PATCHELYS\Application Data\WinAntiVirus Pro 2006\Logs\update.log (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\PATCHELYS\Application Data\WinAntiVirus Pro 2006\Logs\wa6Support.log (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\PATCHELYS\Application Data\WinAntiVirus Pro 2006\Logs\winav.log (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMc79bb1fa.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMc79bb1fa.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\stera.job (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\PATCHELYS\Favoris\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Program Files\ICQToolbar\toolbaru.dll (Adware.BHO) -> Quarantined and deleted successfully.
Répondre
Ajouter un commentaire
Réponse
+0
moins plus
Re,

beau cocktail.

maintenant, peux tu faire ceci :

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

.

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
lewis- 22 janv. 2009 à 16:53
j'ai un petit souci...le lance bien le lien que tu m'as founi....après ça se bloque en disant " error: erro parsing function call. avec un bouton rouge taggé par une X blanc...que faire? si je clique sur ok...ca s'arrète...
Répondre
Ajouter un commentaire
Réponse
+0
moins plus
Re,

relance rooter et poste le rapport.

============

essaye ceci

Ouvre ce lien et télécharge ZHPDiag :

http://telechargement.zebulon.fr/zhpdiag.html
hxxp://telechargement.zebulon.fr/telecharger-zhpdiag.html

Une fois le téléchargement achevé, dézippe le fichier obtenu et place ZHPDiag.exe sur ton Bureau.

Double-clique sur l'icône pour lancer le programme.

Clique sur Tous pour cocher toutes les cases des options.

Clique sur la loupe pour lancer l'analyse.

A la fin de l'analyse, clique sur l'appareil photo et enregistre le rapport sur ton Bureau.

Ouvre le fichier sauvegardé (ZHPDiag.txt)avec le Bloc-Notes et copie son contenu dans ta réponse.
lewis- 22 janv. 2009 à 17:52
ok je relance rooter et je poste le rapport...
Répondre
lewis- 22 janv. 2009 à 18:06
voici le rapport après "rooter"

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
BIOS : Ver 1.00PARTTBL
USER : PATCHELYS ( Administrator )
BOOT : Normal boot

Antivirus : ESET NOD32 antivirus system 2.70 2.70 (Activated)
Firewall : BitDefender Internet Security v10 7.2 (Not Activated)

C:\ (Local Disk) - NTFS - Total:20 Go (Free:1 Go)
D:\ (Local Disk) - NTFS - Total:35 Go (Free:0 Go)
E:\ (CD or DVD) - UDF - Total:4 Go (Free:0 Go)
F:\ (USB) - FAT32 - Total:487 Mo (Free:0 Go)

22/01/2009|18:03

----------------------\\ Search..

C:\WINDOWS\system32\oqstv.bak1
C:\WINDOWS\system32\oqstv.bak2
C:\WINDOWS\system32\oqstv.ini
C:\WINDOWS\system32\oqstv.ini2
C:\WINDOWS\system32\oqstv.tmp
C:\WINDOWS\system32\llnmp.ini
C:\WINDOWS\system32\llnmp.ini2
[b]==> VUNDO <==/b

----------------------\\ Cracks & Keygens..

C:\DOCUME~1\PATCHE~1\Recent\crack.lnk


1 - "C:\Rooter$\Rooter_1.txt" - 22/01/2009|15:04
2 - "C:\Rooter$\Rooter_2.txt" - 22/01/2009|18:04

----------------------\\ Scan completed at 18:04
Répondre
lewis- 22 janv. 2009 à 18:20
voici l'autre rapport..

Rapport de ZHPDiag v1.16 par Nicolas Coolman
Enregistré le 22/01/2009 18:14:11
Platform : Microsoft Windows XP (5.1.2600) Service Pack 2
MSIE: Internet Explorer v6.0.2900.2180
MFIE: Mozilla Firefox (3.0.5)

---\\ Processus lancés
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\kavo.exe
C:\Program Files\AdVantage\AdVantage.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\services.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\spoolsv.exe

---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com

---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0E59B614-3EF5-4C86-A998-57DFBBB419C8} - C:\WINDOWS\system32\vtsqo.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {CAB675A2-D7E5-4C05-9F3F-DFFD264F8605} - C:\WINDOWS\system32\pmnll.dll

---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: 1 - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video Access ActiveX Object\iesplugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

---\\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TalkAndWrite] C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe /run
O4 - HKLM\..\Run: [StandardInstall]
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Documents and Settings\PATCHELYS\Bureau\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKLM\..\policies\Explorer\Run: [rare] C:\Program Files\Video Access ActiveX Object\pmsnrr.exe
O4 - HKLM\..\policies\Explorer: [NoCDBurning] Data="0"
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Web Browser Applet Control
O9 - Extra 'Tools' menuitem: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFBARH.ICO
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe,302
O9 - Extra 'Tools' menuitem: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Toolbars\INTERN~1\favicon.ico
O9 - Extra 'Tools' menuitem: Skype - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\PROGRA~1\Skype\Toolbars\INTERN~1\favicon.ico
O9 - Extra 'Tools' menuitem: Skype - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\PROGRA~1\Skype\Toolbars\INTERN~1\favicon.ico
O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Toolbars\INTERN~1\favicon.ico
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFBARH.ICO
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe,302

---\\ Paramètres par défaut des options Internet Explorer (O14)
O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=http://ie.redirect.hp.com/...

---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: Microsoft XML Parser for Java (Microsoft XML Parser for Java) - file://C:\WINDOWS\Java\classes\xmldso.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

---\\ Valeur de registre AppInit_DLLs et sous-clés Winlogon Notify (O20)
O20 - Winlogon Notify: WLEventStartup - C:\WINDOWS\System32\WgaLogon.dll

---\\ Clé de Registre autorun SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: apathies - {aed6f6a3-183c-488d-9f90-23db99f56e7f}

---\\ Services NT non Microsoft et non désactivés (O23)
O23 - Service: Apple Mobile Device (Apple Mobile Device) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SeaPort (SeaPort) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spouleur d'impression (Spooler) - C:\WINDOWS\system32\spoolsv.exe

---\\ Enumération des composants Active Desktop (O24)
O24 - Desktop Component 0: (no name) - file:file:///C:/DOCUME~1/PATCHE~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: IE7 Uninstall Stub - <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
O40 - ASIC: Microsoft Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE
O40 - ASIC: Personnalisation du navigateur - {60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Outlook Express - {881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
O40 - ASIC: Microsoft VM - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file)
O40 - ASIC: Rendu VML (Vector Graphics Rendering) - {10072CEC-8CC1-11D1-986E-00A0C955B42F} - (not file)
O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: Microsoft Windows Media Player 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: DirectAnimation - {283807B5-2C60-11D0-A31D-00AA00B92C03} - C:\WINDOWS\system32\danim.dll
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll
O40 - ASIC: Liaison de données Dynamic HTML pour Java - {36f8ec70-c29a-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Logiciel de navigation hors connexion - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Uniscribe - {3bf42070-b3b1-11d1-b5c5-0000f8051515} - (not file)
O40 - ASIC: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) - {411EDCF7-755D-414E-A74B-3DCD6583F589} - (not file)
O40 - ASIC: Création avancée - {4278c270-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
O40 - ASIC: DirectShow - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Aide sur Internet Explorer - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Classes Java DirectAnimation - {4f216970-c90c-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.6 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
O40 - ASIC: (no name) - {5A8D6EE0-3E18-11D0-821E-444553540000} - (not file)
O40 - ASIC: Outils d'installation Internet Explorer - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Améliorations pour la navigation - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
O40 - ASIC: Accès au site MSN - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: .NET Framework - {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - (not file)
O40 - ASIC: Dossiers Web - {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - (not file)
O40 - ASIC: Carnet d'adresses 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
O40 - ASIC: Mise à jour du Bureau Windows - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer 6 - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
O40 - ASIC: Microsoft .NET Framework 1.1 Hotfix (KB928366) - {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - (not file)
O40 - ASIC: Liaison de données Dynamic HTML - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: .NET Framework - {9A394342-4A68-4EBA-85A6-55B559F4E700} - (not file)
O40 - ASIC: (no name) - {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - (not file)
O40 - ASIC: Polices de base Internet Explorer - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: .NET Framework - {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - (not file)
O40 - ASIC: Planificateur de tâches - {CC2A9BA0-3BDD-11D0-821E-444553540000} - (not file)
O40 - ASIC: (no name) - {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - (not file)
O40 - ASIC: Adobe Flash Player 9 ActiveX - {D27CDB6E-AE6D-11cf-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
O40 - ASIC: Aide HTML - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)

---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: Pilote d'unité 61883 (61883) - C:\WINDOWS\system32\DRIVERS\61883.sys
O41 - Driver: (no object) (aeaudio) - C:\WINDOWS\system32\drivers\aeaudio.sys
O41 - Driver: Suppresseur d'écho acoustique (Noyau Microsoft) (aec) - C:\WINDOWS\system32\drivers\aec.sys
O41 - Driver: Agere Systems Soft Modem (AgereSoftModem) - C:\WINDOWS\system32\DRIVERS\AGRSM.sys
O41 - Driver: Pilote de processeur AMD Athlon64 (AmdK8) - C:\WINDOWS\system32\DRIVERS\AmdK8.sys
O41 - Driver: AMON (AMON) - C:\WINDOWS\system32\drivers\amon.sys
O41 - Driver: Alps Pointing-device Filter Driver (ApfiltrService) - C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
O41 - Driver: Protocole client ARP 1394 (Arp1394) - C:\WINDOWS\system32\DRIVERS\arp1394.sys
O41 - Driver: Pilote de média asynchrone RAS (AsyncMac) - C:\WINDOWS\system32\DRIVERS\asyncmac.sys
O41 - Driver: Protocole client ATM ARP (Atmarpc) - C:\WINDOWS\system32\DRIVERS\atmarpc.sys
O41 - Driver: Pilote audio Stub (audstub) - C:\WINDOWS\system32\DRIVERS\audstub.sys
O41 - Driver: Périphérique AVC (Avc) - C:\WINDOWS\system32\DRIVERS\avc.sys
O41 - Driver: AVC Streaming Filter Driver (AVCSTRM) - C:\WINDOWS\system32\DRIVERS\avcstrm.sys
O41 - Driver: Pilote pour carte réseau BCM 802.11b (BCM43XX) - C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
O41 - Driver: BitDefender Firewall NDIS Filter Service (Bdfndisf) - C:\WINDOWS\system32\DRIVERS\bdfndisf.sys
O41 - Driver: BDFSDRV (BDFSDRV) - C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys
O41 - Driver: BDRSDRV (BDRSDRV) - C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys
O41 - Driver: Décodeur sous-titre fermé (CCDECODE) - C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
O41 - Driver: Pilote pour Batterie à méthode de contrôle ACPI Microsoft (CmBatt) - C:\WINDOWS\system32\DRIVERS\CmBatt.sys
O41 - Driver: Pilote de batterie composite Microsoft (Compbatt) - C:\WINDOWS\system32\DRIVERS\compbatt.sys
O41 - Driver: TI UltraMedia CardBus Controller Filter Driver (DevUpper) - C:\WINDOWS\system32\DRIVERS\tiumflt.sys
O41 - Driver: (no object) (dmboot) - C:\WINDOWS\System32\drivers\dmboot.sys
O41 - Driver: (no object) (dmio) - C:\WINDOWS\System32\drivers\dmio.sys
O41 - Driver: (no object) (dmload) - C:\WINDOWS\System32\drivers\dmload.sys
O41 - Driver: Synthétiseur DLS du noyau Microsoft (DMusic) - C:\WINDOWS\system32\drivers\DMusic.sys
O41 - Driver: Filtre de décodeur DRM (Noyau Microsoft) (drmkaud) - C:\WINDOWS\system32\drivers\drmkaud.sys
O41 - Driver: EABFiltr (eabfiltr) - C:\WINDOWS\system32\drivers\EABFiltr.sys
O41 - Driver: eabusb (eabusb) - C:\WINDOWS\system32\drivers\eabusb.sys
O41 - Driver: FltMgr (FltMgr) - C:\WINDOWS\system32\DRIVERS\fltMgr.sys
O41 - Driver: GEAR CDRom Filter (GEARAspiWDM) - C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys
O41 - Driver: Classificateur de paquets générique (Gpc) - C:\WINDOWS\system32\DRIVERS\msgpc.sys
O41 - Driver: Pilote de classe HID Microsoft (HidUsb) - C:\WINDOWS\system32\DRIVERS\hidusb.sys
O41 - Driver: Pilote pour clavier i8042 et souris sur port PS/2 (i8042prt) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
O41 - Driver: Pilote du pare-feu Windows IPv6 (Ip6Fw) - C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
O41 - Driver: Pilote de filtre de trafic IP (IpFilterDriver) - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
O41 - Driver: Pilote de tunnelage IP dans IP (IpInIp) - C:\WINDOWS\system32\DRIVERS\ipinip.sys
O41 - Driver: Pilote IPSEC (IPSec) - C:\WINDOWS\system32\DRIVERS\ipsec.sys
O41 - Driver: Service énumérateur IR (IRENUM) - C:\WINDOWS\system32\DRIVERS\irenum.sys
O41 - Driver: Mélangeur audio Wave de noyau Microsoft (kmixer) - C:\WINDOWS\system32\drivers\kmixer.sys
O41 - Driver: Pilote HID de souris (mouhid) - C:\WINDOWS\system32\DRIVERS\mouhid.sys
O41 - Driver: MRENDIS5 NDIS Protocol Driver (MRENDIS5) - C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
O41 - Driver: Redirecteur client WebDav (MRxDAV) - C:\WINDOWS\system32\DRIVERS\mrxdav.sys
O41 - Driver: MRXSMB (MRxSmb) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
O41 - Driver: Proxy de service de répartition Microsoft (MSKSSRV) - C:\WINDOWS\system32\drivers\MSKSSRV.sys
O41 - Driver: Proxy d'horloge de répartition Microsoft (MSPCLOCK) - C:\WINDOWS\system32\drivers\MSPCLOCK.sys
O41 - Driver: Proxy de gestion de qualité de répartition Microsoft (MSPQM) - C:\WINDOWS\system32\drivers\MSPQM.sys
O41 - Driver: Pilote BIOS de gestion de systèmes Microsoft (mssmbios) - C:\WINDOWS\system32\DRIVERS\mssmbios.sys
O41 - Driver: Microsoft AV/C Tape Subunit Device (MSTAPE) - C:\WINDOWS\system32\DRIVERS\mstape.sys
O41 - Driver: Convertisseur en T/site-à-site de répartition Microsoft (MSTEE) - C:\WINDOWS\system32\drivers\MSTEE.sys
O41 - Driver: Codec NABTS/FEC VBI (NABTSFEC) - C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
O41 - Driver: Connection TV/vidéo Microsoft (NdisIP) - C:\WINDOWS\system32\DRIVERS\NdisIP.sys
O41 - Driver: Pilote TAPI NDIS d'accès distant (NdisTapi) - C:\WINDOWS\system32\DRIVERS\ndistapi.sys
O41 - Driver: NDIS mode utilisateur E/S Protocole (Ndisuio) - C:\WINDOWS\system32\DRIVERS\ndisuio.sys
O41 - Driver: Pilote réseau étendu NDIS d'accès distant (NdisWan) - C:\WINDOWS\system32\DRIVERS\ndiswan.sys
O41 - Driver: Interface NetBIOS (NetBIOS) - C:\WINDOWS\system32\DRIVERS\netbios.sys
O41 - Driver: NetBIOS sur TCP/IP (NetBT) - C:\WINDOWS\system32\DRIVERS\netbt.sys
O41 - Driver: Pilote réseau 1394 (NIC1394) - C:\WINDOWS\system32\DRIVERS\nic1394.sys
O41 - Driver: nod32drv (nod32drv) - C:\WINDOWS\system32\drivers\nod32drv.sys
O41 - Driver: (no object) (nv) - C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
O41 - Driver: NVIDIA nForce AGP Bus Filter (nv_agp) - C:\WINDOWS\system32\DRIVERS\nv_agp.sys
O41 - Driver: Pilote de filtre de trafic IPX (NwlnkFlt) - C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
O41 - Driver: Pilote de transfert de trafic IPX (NwlnkFwd) - C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
O41 - Driver: Contrôleur hôte Texas Instruments IEEE 1394 compatible OHCI (Open Host Controller Interface) (ohci1394) - C:\WINDOWS\system32\DRIVERS\ohci1394.sys
O41 - Driver: Miniport réseau étendu (PPTP) (PptpMiniport) - C:\WINDOWS\system32\DRIVERS\raspptp.sys
O41 - Driver: Pilote processeur (Processor) - C:\WINDOWS\system32\DRIVERS\processr.sys
O41 - Driver: Planificateur de paquets QoS (PSched) - C:\WINDOWS\system32\DRIVERS\psched.sys
O41 - Driver: Pilote de liaison parallèle directe (Ptilink) - C:\WINDOWS\system32\DRIVERS\ptilink.sys
O41 - Driver: PxHelp20 (PxHelp20) - C:\WINDOWS\System32\Drivers\PxHelp20.sys
O41 - Driver: Pilote de connexion automatique d'accès distant (RasAcd) - C:\WINDOWS\system32\DRIVERS\rasacd.sys
O41 - Driver: Miniport réseau étendu (L2TP) (Rasl2tp) - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
O41 - Driver: Pilote PPPOE d'accès à distance (RasPppoe) - C:\WINDOWS\system32\DRIVERS\raspppoe.sys
O41 - Driver: Parallèle direct (Raspti) - C:\WINDOWS\system32\DRIVERS\raspti.sys
O41 - Driver: Rdbss (Rdbss) - C:\WINDOWS\system32\DRIVERS\rdbss.sys
O41 - Driver: Pilote de filtre de lecture digitale de CD audio (redbook) - C:\WINDOWS\system32\DRIVERS\redbook.sys
O41 - Driver: Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver (rtl8139) - C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
O41 - Driver: Secdrv (Secdrv) - C:\WINDOWS\system32\DRIVERS\secdrv.sys
O41 - Driver: Détrameur décalage BDA (SLIP) - C:\WINDOWS\system32\DRIVERS\SLIP.sys
O41 - Driver: (no object) (smwdm) - C:\WINDOWS\system32\drivers\smwdm.sys
O41 - Driver: Pilote de filtrage Sony USB (SONYPVU1) (SONYPVU1) - C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
O41 - Driver: Splitter audio du noyau Microsoft (splitter) - C:\WINDOWS\system32\drivers\splitter.sys
O41 - Driver: Pilote de filtre de restauration système (sr) - C:\WINDOWS\system32\DRIVERS\sr.sys
O41 - Driver: Srv (Srv) - C:\WINDOWS\system32\DRIVERS\srv.sys
O41 - Driver: BDA IPSink (streamip) - C:\WINDOWS\system32\DRIVERS\StreamIP.sys
O41 - Driver: Pilote de bus logiciel (swenum) - C:\WINDOWS\system32\DRIVERS\swenum.sys
O41 - Driver: Synthétiseur de table de sons GC noyau Microsoft (swmidi) - C:\WINDOWS\system32\drivers\swmidi.sys
O41 - Driver: Périphérique audio système du noyau Microsoft (sysaudio) - C:\WINDOWS\system32\drivers\sysaudio.sys
O41 - Driver: Pilote du protocole TCP/IP (Tcpip) - C:\WINDOWS\system32\DRIVERS\tcpip.sys
O41 - Driver: (no object) (tiumfwl) - C:\WINDOWS\system32\drivers\tiumfwl.sys
O41 - Driver: Pilote de mise à jour microcode (Update) - C:\WINDOWS\system32\DRIVERS\update.sys
O41 - Driver: Pilote parent générique USB Microsoft (usbccgp) - C:\WINDOWS\system32\DRIVERS\usbccgp.sys
O41 - Driver: Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0 (usbehci) - C:\WINDOWS\system32\DRIVERS\usbehci.sys
O41 - Driver: Pilote de concentrateur standard USB Microsoft (usbhub) - C:\WINDOWS\system32\DRIVERS\usbhub.sys
O41 - Driver: Pilote miniport de contrôleur hôte ouvert USB Microsoft (usbohci) - C:\WINDOWS\system32\DRIVERS\usbohci.sys
O41 - Driver: Classe d'imprimantes USB Microsoft (usbprint) - C:\WINDOWS\system32\DRIVERS\usbprint.sys
O41 - Driver: Pilote de scanneur USB (usbscan) - C:\WINDOWS\system32\DRIVERS\usbscan.sys
O41 - Driver: Pilote de stockage de masse USB (USBSTOR) - C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
O41 - Driver: vspf (vspf) - C:\WINDOWS\system32\drivers\vspf5.sys
O41 - Driver: vspf_hk (vspf_hk) - C:\WINDOWS\system32\drivers\vspf_hk5.sys
O41 - Driver: Pilote ARP IP d'accès distant (Wanarp) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O41 - Driver: Pilote WINMM de compatibilité audio WDM Microsoft (wdmaud) - C:\WINDOWS\system32\drivers\wdmaud.sys
O41 - Driver: Interface de gestion Microsoft Windows pour ACPI (WmiAcpi) - C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
O41 - Driver: WpdUsb (WpdUsb) - C:\WINDOWS\system32\DRIVERS\wpdusb.sys
O41 - Driver: Codec Teletext standard (WSTCODEC) - C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
O41 - Driver: Windows Driver Foundation - User-mode Driver Framework Platform Driver (WudfPf) - C:\WINDOWS\system32\DRIVERS\WudfPf.sys
O41 - Driver: Windows Driver Foundation - User-mode Driver Framework Reflector (WudfRd) - C:\WINDOWS\system32\DRIVERS\wudfrd.sys

---\\ Logiciels installés (O42)
O42 - Logiciel: SAS Private JRE (J2SE(tm) Java Runtime Environment 1.4.2_09)
O42 - Logiciel: Adobe Flash Player Plugin
O42 - Logiciel: Agere Systems AC'97 Modem
O42 - Logiciel: Audacity 1.3.3
O42 - Logiciel: Broadcom 802.11 Driver
O42 - Logiciel: BS.Player FREE powered by AdVantage
O42 - Logiciel: Companion wizard
O42 - Logiciel: EpiData Analysis 2.1.0.153
O42 - Logiciel: EpiData Entry 3.1.2701.2008
O42 - Logiciel: HijackThis 2.0.2
O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs
O42 - Logiciel: PCI 1620 Cardbus Controller and Software
O42 - Logiciel: Internet Security Add-On
O42 - Logiciel: Jeliot 3.3.0
O42 - Logiciel: Windows Installer 3.1 (KB893803)
O42 - Logiciel: Hotfix for Windows XP (KB915865)
O42 - Logiciel: Hotfix for Windows XP (KB926239)
O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399)
O42 - Logiciel: K-Lite Codec Pack 2.50 Full
O42 - Logiciel: Microsoft .NET Framework 1.1 Hotfix (KB928366)
O42 - Logiciel: Malwarebytes' Anti-Malware
O42 - Logiciel: Microsoft .NET Framework 1.1
O42 - Logiciel: Microsoft .NET Framework 2.0
O42 - Logiciel: Mozilla Firefox (3.0.5)
O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP
O42 - Logiciel: Nero 6 Ultra Edition
O42 - Logiciel: Microsoft National Language Support Downlevel APIs
O42 - Logiciel: NOD32 antivirus system
O42 - Logiciel: NVIDIA Windows 2000/XP Display Drivers
O42 - Logiciel: NVIDIA nForce Drivers
O42 - Logiciel: Public Messenger ver 2.03
O42 - Logiciel: RealPlayer
O42 - Logiciel: Adobe Flash Player 9 ActiveX
O42 - Logiciel: UnZixWin Extractor
O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474)
O42 - Logiciel: Windows Imaging Component
O42 - Logiciel: Winamp (remove only)
O42 - Logiciel: Windows Media Format 11 runtime
O42 - Logiciel: Lecteur Windows Media 11
O42 - Logiciel: Installation Windows Live
O42 - Logiciel: Windows Media Player 11
O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0
O42 - Logiciel: ICQ Toolbar
O42 - Logiciel: Yahoo! Toolbar
O42 - Logiciel: Windows Live Call
O42 - Logiciel: Sonic Update Manager
O42 - Logiciel: iTunes
O42 - Logiciel: Outil de téléchargement Windows Live
O42 - Logiciel: MSVCRT
O42 - Logiciel: Google Toolbar for Internet Explorer
O42 - Logiciel: Microsoft Search Enhancement Pack
O42 - Logiciel: Google Toolbar for Firefox
O42 - Logiciel: J2SE Runtime Environment 5.0 Update 10
O42 - Logiciel: Java(TM) SE Runtime Environment 6 Update 1
O42 - Logiciel: Java(TM) 6 Update 2
O42 - Logiciel: Java(TM) 6 Update 3
O42 - Logiciel: Java(TM) 6 Update 5
O42 - Logiciel: Java 2 SDK, SE v1.4.2_12
O42 - Logiciel: Junk Mail filter update
O42 - Logiciel: Microsoft Office Live Add-in 1.3
O42 - Logiciel: Skype™ 3.8
O42 - Logiciel: Windows Live Sync
O42 - Logiciel: SAS 9.1
O42 - Logiciel: Apple Software Update
O42 - Logiciel: Java 2 Runtime Environment, SE v1.4.2_12
O42 - Logiciel: Epi Info
O42 - Logiciel: Microsoft Silverlight
O42 - Logiciel: Microsoft Sync Framework Runtime Native v1.0 (x86)
O42 - Logiciel: Choice Guard
O42 - Logiciel: Microsoft Office Professional Edition 2003
O42 - Logiciel: Microsoft Office Outlook Connector
O42 - Logiciel: Sonic RecordNow!
O42 - Logiciel: Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
O42 - Logiciel: InterVideo WinDVD
O42 - Logiciel: Microsoft .NET Framework 1.1 French Language Pack
O42 - Logiciel: ALPS Touch Pad Driver
O42 - Logiciel: Adobe Reader 7.0.9 - Français
O42 - Logiciel: Apple Mobile Device Support
O42 - Logiciel: DivX Web Player
O42 - Logiciel: PIF DESIGNER
O42 - Logiciel: Microsoft Sync Framework Services Native v1.0 (x86)
O42 - Logiciel: Athlon 64 Processor Driver
O42 - Logiciel: Quick Launch Buttons 5.00 C1
O42 - Logiciel: Assistant de connexion Windows Live
O42 - Logiciel: NOD32 FiX
O42 - Logiciel: QuickTime
O42 - Logiciel: SoundMAX
O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU]
O42 - Logiciel: Windows Live Communications Platform

---\\ Contenu des dossiers Fichiers Communs (O43)
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Adobe
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Ahead
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Apple
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\DESIGNER
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\ESRI
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\InstallShield
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Java
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Microsoft Shared
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Motive
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\MSSoap
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\ODBC
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Real
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Services
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Skype
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Softwin
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Sonic
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\SpeechEngines
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\SureThing Shared
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\System
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Windows Live
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\WindowsLiveInstaller
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Wise Installation Wizard
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\xing shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Companion Wizard
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Motive

---\\ Derniers fichiers modifiés ou crées sous System32 (O44)
O44 - LFC:Last File Created - C:\WINDOWS\System32\FNTCACHE.DAT -->06/11/2008
O44 - LFC:Last File Created - C:\WINDOWS\System32\libdivx.dll -->21/11/2008
O44 - LFC:Last File Created - C:\WINDOWS\System32\MRT.exe -->10/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\mshtml.dll -->12/12/2008
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfc009.dat -->22/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfc00C.dat -->22/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfh009.dat -->22/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfh00C.dat -->22/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\PerfStringBackup.INI -->22/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ssldivx.dll -->21/11/2008
O44 - LFC:Last File Created - C:\WINDOWS\System32\TZLog.log -->16/12/2008
O44 - LFC:Last File Created - C:\WINDOWS\System32\wpa.dbl -->22/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\mbam.sys -->14/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->14/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\mrxsmb.sys -->24/10/2008
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\srv.sys -->11/12/2008

---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ACRORD32.EXE-13285B88.pf -->20/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-013EA364.pf -->20/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ASPNET_REGIIS.EXE-009D6E80.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\B33C11F5-3A11-4F1E-85E4-C3CAB-14DADE12.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\BSPLAYER.EXE-14B7F352.pf -->21/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CONTROL.EXE-013DBFB5.pf -->15/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CSRSS.EXE-12B63473.pf -->19/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf -->19/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DLLHOST.EXE-205D880D.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DOTNETFX.EXE-27A9823D.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf -->16/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf -->16/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DXDLLREG.EXE-0E936F4F.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DXSETUP.EXE-049CB821.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\EABSERVR.EXE-2CF8D629.pf -->21/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -->21/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FIND.EXE-0EC32F1E.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FINDSTR.EXE-0CA6274B.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FIREFOX.EXE-28641590.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FLASHGOT.EXE-0014242D.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FREECELL.EXE-0CC25C3B.pf -->19/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf -->14/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf -->21/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\INSTALL.EXE-044763D7.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\INSTALL.EXE-19F166CA.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\INSTALLATION_WLMESSENGER2009.-3096029A.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\INV.EXE-271C3BF9.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IPODSERVICE.EXE-3192DE38.pf -->19/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ITUNESHELPER.EXE-15823303.pf -->20/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\JAVA.EXE-04FA6B41.pf -->13/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\JAVACPL.EXE-1E646977.pf -->13/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\JAVAW.EXE-03C5992A.pf -->13/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\JRE-6U11-WINDOWS-I586-P-IFTW_-2FBEB17C.pf -->13/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\JUCHECK.EXE-19C452BF.pf -->13/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\JUSCHED.EXE-0882265F.pf -->21/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\Layout.ini -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LODCTR.EXE-1009C3B4.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf -->21/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MBAM-DOR.EXE-203884D2.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MBAM-SETUP.EXE-0985EB16.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MBAM-SETUP.TMP-056189D6.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MBAM.EXE-0BEE0439.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MBAMGUI.EXE-1286D63B.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MODE.COM-31685BAE.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MOFCOMP.EXE-01718E95.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MRT.EXE-1B4A8D49.pf -->16/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MRTSTUB.EXE-042D0A8C.pf -->16/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSCORSVW.EXE-1BF30400.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSOHTMED.EXE-1BD4AAD2.pf -->16/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NERO.EXE-3017C357.pf -->17/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NEROSTARTSMART.EXE-3289D1AD.pf -->19/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NETSH.EXE-085CFFDE.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NGEN.EXE-38021CCC.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NOD32.EXE-103C273A.pf -->19/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NOD32KUI.EXE-18BC85CE.pf -->21/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\OSE.EXE-0125EB9C.pf -->16/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\OSV.EXE-1E31D092.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\OUTLOOK.EXE-21C6162B.pf -->13/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PATCHELYS.EXE-04A29CFB.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\POWERPNT.EXE-2F940E7E.pf -->13/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\QTTASK.EXE-342507FB.pf -->19/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RASAUTOU.EXE-18B88A68.pf -->23/12/2008
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\READER_SL.EXE-3614FA6E.pf -->16/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REALONEMESSAGECENTER.EXE-1B5B11B5.pf -->05/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REALPLAY.EXE-1BF219BD.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REALSCHED.EXE-04BEC5CC.pf -->21/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REG.EXE-0D2A95F7.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REGSVCS.EXE-11A17120.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REGTLIBV12.EXE-0E2FA54B.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ROOTER.EXE-0076C68E.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RSIT.EXE-23F4E4DD.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-13DA0E71.pf -->15/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-1831A4F3.pf -->13/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-188DF14E.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-1BC55A4F.pf -->21/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-1BC69D2D.pf -->20/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-21D394C8.pf -->15/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-256CA526.pf -->21/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2723AA08.pf -->17/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2905E326.pf -->15/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2FB30DE0.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-306479B7.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-33E441E6.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-3BA0187D.pf -->15/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-3F8D63FD.pf -->13/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SEAPORT.EXE-2D9D4167.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SETPATH.EXE-1680EF15.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SHMGRATE.EXE-1BA69E68.pf -->15/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SILVERLIGHT.2.0.EXE-0210FB3E.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SKYPEPM.EXE-2BC7DD5C.pf -->21/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SNDVOL32.EXE-383480B7.pf -->17/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SOFTWAREUPDATE.EXE-1415D1B8.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SYSOCMGR.EXE-31169C54.pf -->21/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\TALKANDWRITE.EXE-3AC250FD.pf -->19/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\TINTSETP.EXE-39BF0732.pf -->21/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UACLAUNCHER.EXE-13544944.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UPDATE.EXE-12CAD96B.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UPDATE.EXE-1D655BFC.pf -->16/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UPDATE.EXE-1F3E4DA4.pf -->16/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf -->21/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WGATRAY.EXE-0ED38BED.pf -->21/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINAMP.EXE-0D0189CA.pf -->09/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINAMPA.EXE-0536E33F.pf -->21/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINDOWS-KB890830-V2.6-DELTA.E-07F34BC7.pf -->16/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINDOWSLIVESYNC.EXE-38FF0D7E.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINDOWSXP-KB954708-X86-ENU.EX-1F61069B.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINDVD.EXE-2A29BC9F.pf -->21/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINLOGON.EXE-32C57D49.pf -->19/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINWORD.EXE-37F6AE09.pf -->21/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WLLOGINPROXY.EXE-2D4B6027.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMIADAP.EXE-2DF425B2.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf -->13/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WSCRIPT.EXE-32960AB9.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WUPDMGR.EXE-2F30BEAB.pf -->13/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ZCLIENTM.EXE-25C31104.pf -->15/01/2009

---\\ ShellExecuteHooks, Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll

---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export - "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
O47 - AAKE:Key Export - "C:\j2sdk1.4.2_12\jre\bin\java.exe"="C:\j2sdk1.4.2_12\jre\bin\java.exe:*:Enabled:java"
O47 - AAKE:Key Export - "C:\Program Files\WinAntiVirus Pro 2006\Updater.exe"="C:\Program Files\WinAntiVirus Pro 2006\Updater.exe:*:Enabled:updater.exe"
O47 - AAKE:Key Export - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
O47 - AAKE:Key Export - "C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
O47 - AAKE:Key Export - "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
O47 - AAKE:Key Export - "C:\WINDOWS\system32\yvqsolvy.exe"="C:\WINDOWS\system32\yvq"
O47 - AAKE:Key Export - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
O47 - AAKE:Key Export - "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
O47 - AAKE:Key Export - "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. The whole world can talk for free."
O47 - AAKE:Key Export - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
O47 - AAKE:Key Export - "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
O47 - AAKE:Key Export - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
O47 - AAKE:Key Export - "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
O47 - AAKE:Key Export - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
O47 - AAKE:Key Export - "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

---\\ Déni du service Local Security Authority (LSA) (O48)
O48 - LSA:Local Security Authority Authentication Packages - C:\WINDOWS\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages - C:\WINDOWS\System32\scecli.dll

---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\vgasave.sys


End of the scan:
Répondre
Ajouter un commentaire
Réponse
+0
moins plus
Re,

j'ai le sentiment que tout est revenu.

Ouvre ce lien (merci a S!RI pour ce programme). http://siri.urz.free.fr/Fix/SmitfraudFix.php
et télécharge SmitfraudFix.exe.

Regarde le tuto
Exécute le en choisissant l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.
lewis- 23 janv. 2009 à 11:09
Bjr Lyonnais92
peut-etre c'est à cause de la clé USB que j'utilise pour téléchager dans l'autre ordinateur et transférer dans le mien qui est inféctée elle aussi?
je lance le lien "siri..." et poste le rapport...dsl d'etre parti hier car je n'ai la connexion qu'en stage et suis parti à cause du boulot du soir...merci pour tout...
Répondre
lewis- 23 janv. 2009 à 11:33
voici le rapport...

SmitFraudFix v2.391

Rapport fait à 11:30:18,65, 23/01/2009
Executé à partir de C:\Documents and Settings\PATCHELYS\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\PATCHELYS\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\

C:\autorun.inf PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\PATCHELYS


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PATCHE~1\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\PATCHELYS\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PATCHE~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Helper\ PRESENT !
C:\Program Files\Google\googletoolbar1.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:/DOCUME~1/PATCHE~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg"
"SubscribedURL"="file:///C:/DOCUME~1/PATCHE~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{aed6f6a3-183c-488d-9f90-23db99f56e7f}"="apathies"

[HKEY_CLASSES_ROOT\CLSID\{aed6f6a3-183c-488d-9f90-23db99f56e7f}\InProcServer32]
@="C:\WINDOWS\system32\geplxss.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{aed6f6a3-183c-488d-9f90-23db99f56e7f}\InProcServer32]
@="C:\WINDOWS\system32\geplxss.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"="lsass.exe"


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 802.11b/g WLAN - Miniport d'ordonnancement de paquets
DNS Server Search Order: 164.81.1.4
DNS Server Search Order: 164.81.1.5



»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
Répondre
Ajouter un commentaire
Réponse
+0
moins plus
salut lewis, Lyonnais92,

Je ne connaissais pas rooter bien utile.

Si je puis me permettre bien entendu ;-)

Un détail important je penses, vu la quantité de cochonnerie un examen complet avec MB'AM aurait été nécessaire:
Type de recherche: Examen rapide
Eléments examinés: 66291
Temps écoulé: 18 minute(s), 22 second(s)


Bye bye

Denis
Lyonnais92 25173Messages postés vendredi 23 juin 2006Date d'inscription Contributeur sécuritéStatut 3 avril 2015 Dernière intervention - 22 janv. 2009 à 21:17
Bonsoir,

un examen complet avec MB'AM aurait été nécessaire:


non : le rapport ZHPdiag ne montre pas de fichiers infectieux dans des zones non examinés par l'examen rapide de MBAM.

Un examen complet mènerait au même résultat.

Il y a un mécanisme, non décelable par MBAM qui relance l'infection et qu'il faut trouver.

Une possibilité est un faux pilote.
Répondre
DeNisCoOl 2804Messages postés vendredi 19 août 2005Date d'inscription 28 février 2011 Dernière intervention - 22 janv. 2009 à 21:26
C'était une simple remarque au cas ou.
Répondre
Ajouter un commentaire
Réponse
+0
moins plus
Bonjour,

si tu as un doute pour ta clé, fais ceci :

Télécharge Flash_Disinfector de sUBs ici :

http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe

Enregistre le sur ton Bureau.

Double clique sur Flash_Disinfector.exe pour le lancer
.
Quand le message : "Plug in yours flash drive & clic Ok to begin disinfection" apparaitra , connecte les clés USB et périphériques USB externes susceptibles d'avoir été infectés.

Puis clique sur Ok

Les icônes sur le Bureau vont disparaitre jusqu'à l'apparition du message: "Done!!"

Appuye sur "Ok", pour faire réapparaitre le Bureau


Réponds à la suite des posts, sinon le topic va devenir illisible (n'utilise pas répondre à, descend en bas de la page pour ajouter une réponse)
Ajouter un commentaire
Réponse
+0
moins plus
Re,

Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter.
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
Relance le programme Smitfraud,
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum

Refais tourner DiagHelp et poste le rapport.
Ajouter un commentaire
Réponse
+0
moins plus
j'ai éssayer de télécharger " flash desinfector" dans la clé de l'autre ordi et meme sur sur le bureau de ce meme ordi... mais ca bloque tjrs... c'est vraiment décourageant... je pense abdiquer deja...
Ajouter un commentaire
Réponse
+0
moins plus
Re,

on verra plus tard pour la clé.

Smitfraudfix option 2 et nouveau ZHPDiag.
Ajouter un commentaire
Réponse
+0
moins plus
voici le rapport

SmitFraudFix v2.391

Rapport fait à 11:58:59,79, 23/01/2009
Executé à partir de C:\Documents and Settings\TEMP\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{aed6f6a3-183c-488d-9f90-23db99f56e7f}"="apathies"

[HKEY_CLASSES_ROOT\CLSID\{aed6f6a3-183c-488d-9f90-23db99f56e7f}\InProcServer32]
@="C:\WINDOWS\system32\geplxss.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{aed6f6a3-183c-488d-9f90-23db99f56e7f}\InProcServer32]
@="C:\WINDOWS\system32\geplxss.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\autorun.inf supprimé
C:\Program Files\Helper\ supprimé
C:\Program Files\Google\googletoolbar1.dll supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 802.11b/g WLAN - Miniport d'ordonnancement de paquets
DNS Server Search Order: 164.81.1.4
DNS Server Search Order: 164.81.1.5



»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="lsass.exe"


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
Ajouter un commentaire
Réponse
+0
moins plus
Re,

OK, ZHPDiag.
Ajouter un commentaire
Réponse
+0
moins plus
voici le rapport....

Rapport de ZHPDiag v1.16 par Nicolas Coolman
Enregistré le 23/01/2009 12:45:34
Platform : Microsoft Windows XP (5.1.2600) Service Pack 2
MSIE: Internet Explorer v6.0.2900.2180
MFIE: Mozilla Firefox (3.0.5)

---\\ Processus lancés
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\kavo.exe
C:\Program Files\AdVantage\AdVantage.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\services.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\spoolsv.exe

---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0E59B614-3EF5-4C86-A998-57DFBBB419C8} - C:\WINDOWS\system32\vtsqo.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {CAB675A2-D7E5-4C05-9F3F-DFFD264F8605} - C:\WINDOWS\system32\pmnll.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: 1 - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

---\\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TalkAndWrite] C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe /run
O4 - HKLM\..\Run: [StandardInstall]
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Documents and Settings\PATCHELYS\Bureau\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKLM\..\policies\Explorer: [NoCDBurning] Data="0"
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Web Browser Applet Control
O9 - Extra 'Tools' menuitem: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFBARH.ICO
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe,302
O9 - Extra 'Tools' menuitem: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Toolbars\INTERN~1\favicon.ico
O9 - Extra 'Tools' menuitem: Skype - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\PROGRA~1\Skype\Toolbars\INTERN~1\favicon.ico
O9 - Extra 'Tools' menuitem: Skype - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\PROGRA~1\Skype\Toolbars\INTERN~1\favicon.ico
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll,201
O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll,201
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Toolbars\INTERN~1\favicon.ico
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFBARH.ICO
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe,302

---\\ Paramètres par défaut des options Internet Explorer (O14)
O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=http://ie.redirect.hp.com/...

---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: Microsoft XML Parser for Java (Microsoft XML Parser for Java) - file://C:\WINDOWS\Java\classes\xmldso.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

---\\ Protocole additionnel et piratage de protocole (O18)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

---\\ Valeur de registre AppInit_DLLs et sous-clés Winlogon Notify (O20)
O20 - Winlogon Notify: WLEventStartup - C:\WINDOWS\System32\WgaLogon.dll

---\\ Services NT non Microsoft et non désactivés (O23)
O23 - Service: Apple Mobile Device (Apple Mobile Device) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SeaPort (SeaPort) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spouleur d'impression (Spooler) - C:\WINDOWS\system32\spoolsv.exe

---\\ Enumération des composants Active Desktop (O24)
O24 - Desktop Component 0: (no name) - file:file:///C:/DOCUME~1/PATCHE~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: IE7 Uninstall Stub - <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
O40 - ASIC: Microsoft Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE
O40 - ASIC: Personnalisation du navigateur - {60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Outlook Express - {881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
O40 - ASIC: Microsoft VM - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file)
O40 - ASIC: Rendu VML (Vector Graphics Rendering) - {10072CEC-8CC1-11D1-986E-00A0C955B42F} - (not file)
O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: Microsoft Windows Media Player 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: DirectAnimation - {283807B5-2C60-11D0-A31D-00AA00B92C03} - C:\WINDOWS\system32\danim.dll
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll
O40 - ASIC: Liaison de données Dynamic HTML pour Java - {36f8ec70-c29a-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Logiciel de navigation hors connexion - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Uniscribe - {3bf42070-b3b1-11d1-b5c5-0000f8051515} - (not file)
O40 - ASIC: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) - {411EDCF7-755D-414E-A74B-3DCD6583F589} - (not file)
O40 - ASIC: Création avancée - {4278c270-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
O40 - ASIC: DirectShow - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Aide sur Internet Explorer - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Classes Java DirectAnimation - {4f216970-c90c-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.6 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
O40 - ASIC: (no name) - {5A8D6EE0-3E18-11D0-821E-444553540000} - (not file)
O40 - ASIC: Outils d'installation Internet Explorer - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Améliorations pour la navigation - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
O40 - ASIC: Accès au site MSN - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: .NET Framework - {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - (not file)
O40 - ASIC: Dossiers Web - {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - (not file)
O40 - ASIC: Carnet d'adresses 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
O40 - ASIC: Mise à jour du Bureau Windows - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer 6 - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
O40 - ASIC: Microsoft .NET Framework 1.1 Hotfix (KB928366) - {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - (not file)
O40 - ASIC: Liaison de données Dynamic HTML - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: .NET Framework - {9A394342-4A68-4EBA-85A6-55B559F4E700} - (not file)
O40 - ASIC: (no name) - {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - (not file)
O40 - ASIC: Polices de base Internet Explorer - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: .NET Framework - {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - (not file)
O40 - ASIC: Planificateur de tâches - {CC2A9BA0-3BDD-11D0-821E-444553540000} - (not file)
O40 - ASIC: (no name) - {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - (not file)
O40 - ASIC: Adobe Flash Player 9 ActiveX - {D27CDB6E-AE6D-11cf-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
O40 - ASIC: Aide HTML - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)

---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: Pilote d'unité 61883 (61883) - C:\WINDOWS\system32\DRIVERS\61883.sys
O41 - Driver: (no object) (aeaudio) - C:\WINDOWS\system32\drivers\aeaudio.sys
O41 - Driver: Suppresseur d'écho acoustique (Noyau Microsoft) (aec) - C:\WINDOWS\system32\drivers\aec.sys
O41 - Driver: Agere Systems Soft Modem (AgereSoftModem) - C:\WINDOWS\system32\DRIVERS\AGRSM.sys
O41 - Driver: Pilote de processeur AMD Athlon64 (AmdK8) - C:\WINDOWS\system32\DRIVERS\AmdK8.sys
O41 - Driver: AMON (AMON) - C:\WINDOWS\system32\drivers\amon.sys
O41 - Driver: Alps Pointing-device Filter Driver (ApfiltrService) - C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
O41 - Driver: Protocole client ARP 1394 (Arp1394) - C:\WINDOWS\system32\DRIVERS\arp1394.sys
O41 - Driver: Pilote de média asynchrone RAS (AsyncMac) - C:\WINDOWS\system32\DRIVERS\asyncmac.sys
O41 - Driver: Protocole client ATM ARP (Atmarpc) - C:\WINDOWS\system32\DRIVERS\atmarpc.sys
O41 - Driver: Pilote audio Stub (audstub) - C:\WINDOWS\system32\DRIVERS\audstub.sys
O41 - Driver: Périphérique AVC (Avc) - C:\WINDOWS\system32\DRIVERS\avc.sys
O41 - Driver: AVC Streaming Filter Driver (AVCSTRM) - C:\WINDOWS\system32\DRIVERS\avcstrm.sys
O41 - Driver: Pilote pour carte réseau BCM 802.11b (BCM43XX) - C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
O41 - Driver: BitDefender Firewall NDIS Filter Service (Bdfndisf) - C:\WINDOWS\system32\DRIVERS\bdfndisf.sys
O41 - Driver: BDFSDRV (BDFSDRV) - C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys
O41 - Driver: BDRSDRV (BDRSDRV) - C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys
O41 - Driver: Décodeur sous-titre fermé (CCDECODE) - C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
O41 - Driver: Pilote pour Batterie à méthode de contrôle ACPI Microsoft (CmBatt) - C:\WINDOWS\system32\DRIVERS\CmBatt.sys
O41 - Driver: Pilote de batterie composite Microsoft (Compbatt) - C:\WINDOWS\system32\DRIVERS\compbatt.sys
O41 - Driver: TI UltraMedia CardBus Controller Filter Driver (DevUpper) - C:\WINDOWS\system32\DRIVERS\tiumflt.sys
O41 - Driver: (no object) (dmboot) - C:\WINDOWS\System32\drivers\dmboot.sys
O41 - Driver: (no object) (dmio) - C:\WINDOWS\System32\drivers\dmio.sys
O41 - Driver: (no object) (dmload) - C:\WINDOWS\System32\drivers\dmload.sys
O41 - Driver: Synthétiseur DLS du noyau Microsoft (DMusic) - C:\WINDOWS\system32\drivers\DMusic.sys
O41 - Driver: Filtre de décodeur DRM (Noyau Microsoft) (drmkaud) - C:\WINDOWS\system32\drivers\drmkaud.sys
O41 - Driver: EABFiltr (eabfiltr) - C:\WINDOWS\system32\drivers\EABFiltr.sys
O41 - Driver: eabusb (eabusb) - C:\WINDOWS\system32\drivers\eabusb.sys
O41 - Driver: FltMgr (FltMgr) - C:\WINDOWS\system32\DRIVERS\fltMgr.sys
O41 - Driver: FssFltr (fssfltr) - C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
O41 - Driver: GEAR CDRom Filter (GEARAspiWDM) - C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys
O41 - Driver: Classificateur de paquets générique (Gpc) - C:\WINDOWS\system32\DRIVERS\msgpc.sys
O41 - Driver: Pilote de classe HID Microsoft (HidUsb) - C:\WINDOWS\system32\DRIVERS\hidusb.sys
O41 - Driver: Pilote pour clavier i8042 et souris sur port PS/2 (i8042prt) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
O41 - Driver: Pilote du pare-feu Windows IPv6 (Ip6Fw) - C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
O41 - Driver: Pilote de filtre de trafic IP (IpFilterDriver) - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
O41 - Driver: Pilote de tunnelage IP dans IP (IpInIp) - C:\WINDOWS\system32\DRIVERS\ipinip.sys
O41 - Driver: Pilote IPSEC (IPSec) - C:\WINDOWS\system32\DRIVERS\ipsec.sys
O41 - Driver: Service énumérateur IR (IRENUM) - C:\WINDOWS\system32\DRIVERS\irenum.sys
O41 - Driver: Mélangeur audio Wave de noyau Microsoft (kmixer) - C:\WINDOWS\system32\drivers\kmixer.sys
O41 - Driver: Pilote HID de souris (mouhid) - C:\WINDOWS\system32\DRIVERS\mouhid.sys
O41 - Driver: MRENDIS5 NDIS Protocol Driver (MRENDIS5) - C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
O41 - Driver: Redirecteur client WebDav (MRxDAV) - C:\WINDOWS\system32\DRIVERS\mrxdav.sys
O41 - Driver: MRXSMB (MRxSmb) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
O41 - Driver: Proxy de service de répartition Microsoft (MSKSSRV) - C:\WINDOWS\system32\drivers\MSKSSRV.sys
O41 - Driver: Proxy d'horloge de répartition Microsoft (MSPCLOCK) - C:\WINDOWS\system32\drivers\MSPCLOCK.sys
O41 - Driver: Proxy de gestion de qualité de répartition Microsoft (MSPQM) - C:\WINDOWS\system32\drivers\MSPQM.sys
O41 - Driver: Pilote BIOS de gestion de systèmes Microsoft (mssmbios) - C:\WINDOWS\system32\DRIVERS\mssmbios.sys
O41 - Driver: Microsoft AV/C Tape Subunit Device (MSTAPE) - C:\WINDOWS\system32\DRIVERS\mstape.sys
O41 - Driver: Convertisseur en T/site-à-site de répartition Microsoft (MSTEE) - C:\WINDOWS\system32\drivers\MSTEE.sys
O41 - Driver: Codec NABTS/FEC VBI (NABTSFEC) - C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
O41 - Driver: Connection TV/vidéo Microsoft (NdisIP) - C:\WINDOWS\system32\DRIVERS\NdisIP.sys
O41 - Driver: Pilote TAPI NDIS d'accès distant (NdisTapi) - C:\WINDOWS\system32\DRIVERS\ndistapi.sys
O41 - Driver: NDIS mode utilisateur E/S Protocole (Ndisuio) - C:\WINDOWS\system32\DRIVERS\ndisuio.sys
O41 - Driver: Pilote réseau étendu NDIS d'accès distant (NdisWan) - C:\WINDOWS\system32\DRIVERS\ndiswan.sys
O41 - Driver: Interface NetBIOS (NetBIOS) - C:\WINDOWS\system32\DRIVERS\netbios.sys
O41 - Driver: NetBIOS sur TCP/IP (NetBT) - C:\WINDOWS\system32\DRIVERS\netbt.sys
O41 - Driver: Pilote réseau 1394 (NIC1394) - C:\WINDOWS\system32\DRIVERS\nic1394.sys
O41 - Driver: nod32drv (nod32drv) - C:\WINDOWS\system32\drivers\nod32drv.sys
O41 - Driver: (no object) (nv) - C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
O41 - Driver: NVIDIA nForce AGP Bus Filter (nv_agp) - C:\WINDOWS\system32\DRIVERS\nv_agp.sys
O41 - Driver: Pilote de filtre de trafic IPX (NwlnkFlt) - C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
O41 - Driver: Pilote de transfert de trafic IPX (NwlnkFwd) - C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
O41 - Driver: Contrôleur hôte Texas Instruments IEEE 1394 compatible OHCI (Open Host Controller Interface) (ohci1394) - C:\WINDOWS\system32\DRIVERS\ohci1394.sys
O41 - Driver: Miniport réseau étendu (PPTP) (PptpMiniport) - C:\WINDOWS\system32\DRIVERS\raspptp.sys
O41 - Driver: Pilote processeur (Processor) - C:\WINDOWS\system32\DRIVERS\processr.sys
O41 - Driver: Planificateur de paquets QoS (PSched) - C:\WINDOWS\system32\DRIVERS\psched.sys
O41 - Driver: Pilote de liaison parallèle directe (Ptilink) - C:\WINDOWS\system32\DRIVERS\ptilink.sys
O41 - Driver: PxHelp20 (PxHelp20) - C:\WINDOWS\System32\Drivers\PxHelp20.sys
O41 - Driver: Pilote de connexion automatique d'accès distant (RasAcd) - C:\WINDOWS\system32\DRIVERS\rasacd.sys
O41 - Driver: Miniport réseau étendu (L2TP) (Rasl2tp) - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
O41 - Driver: Pilote PPPOE d'accès à distance (RasPppoe) - C:\WINDOWS\system32\DRIVERS\raspppoe.sys
O41 - Driver: Parallèle direct (Raspti) - C:\WINDOWS\system32\DRIVERS\raspti.sys
O41 - Driver: Rdbss (Rdbss) - C:\WINDOWS\system32\DRIVERS\rdbss.sys
O41 - Driver: Pilote de filtre de lecture digitale de CD audio (redbook) - C:\WINDOWS\system32\DRIVERS\redbook.sys
O41 - Driver: Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver (rtl8139) - C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
O41 - Driver: Secdrv (Secdrv) - C:\WINDOWS\system32\DRIVERS\secdrv.sys
O41 - Driver: Détrameur décalage BDA (SLIP) - C:\WINDOWS\system32\DRIVERS\SLIP.sys
O41 - Driver: (no object) (smwdm) - C:\WINDOWS\system32\drivers\smwdm.sys
O41 - Driver: Pilote de filtrage Sony USB (SONYPVU1) (SONYPVU1) - C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
O41 - Driver: Splitter audio du noyau Microsoft (splitter) - C:\WINDOWS\system32\drivers\splitter.sys
O41 - Driver: Pilote de filtre de restauration système (sr) - C:\WINDOWS\system32\DRIVERS\sr.sys
O41 - Driver: Srv (Srv) - C:\WINDOWS\system32\DRIVERS\srv.sys
O41 - Driver: BDA IPSink (streamip) - C:\WINDOWS\system32\DRIVERS\StreamIP.sys
O41 - Driver: Pilote de bus logiciel (swenum) - C:\WINDOWS\system32\DRIVERS\swenum.sys
O41 - Driver: Synthétiseur de table de sons GC noyau Microsoft (swmidi) - C:\WINDOWS\system32\drivers\swmidi.sys
O41 - Driver: Périphérique audio système du noyau Microsoft (sysaudio) - C:\WINDOWS\system32\drivers\sysaudio.sys
O41 - Driver: Pilote du protocole TCP/IP (Tcpip) - C:\WINDOWS\system32\DRIVERS\tcpip.sys
O41 - Driver: (no object) (tiumfwl) - C:\WINDOWS\system32\drivers\tiumfwl.sys
O41 - Driver: Pilote de mise à jour microcode (Update) - C:\WINDOWS\system32\DRIVERS\update.sys
O41 - Driver: Pilote parent générique USB Microsoft (usbccgp) - C:\WINDOWS\system32\DRIVERS\usbccgp.sys
O41 - Driver: Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0 (usbehci) - C:\WINDOWS\system32\DRIVERS\usbehci.sys
O41 - Driver: Pilote de concentrateur standard USB Microsoft (usbhub) - C:\WINDOWS\system32\DRIVERS\usbhub.sys
O41 - Driver: Pilote miniport de contrôleur hôte ouvert USB Microsoft (usbohci) - C:\WINDOWS\system32\DRIVERS\usbohci.sys
O41 - Driver: Classe d'imprimantes USB Microsoft (usbprint) - C:\WINDOWS\system32\DRIVERS\usbprint.sys
O41 - Driver: Pilote de scanneur USB (usbscan) - C:\WINDOWS\system32\DRIVERS\usbscan.sys
O41 - Driver: Pilote de stockage de masse USB (USBSTOR) - C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
O41 - Driver: vspf (vspf) - C:\WINDOWS\system32\drivers\vspf5.sys
O41 - Driver: vspf_hk (vspf_hk) - C:\WINDOWS\system32\drivers\vspf_hk5.sys
O41 - Driver: Pilote ARP IP d'accès distant (Wanarp) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O41 - Driver: Pilote WINMM de compatibilité audio WDM Microsoft (wdmaud) - C:\WINDOWS\system32\drivers\wdmaud.sys
O41 - Driver: Interface de gestion Microsoft Windows pour ACPI (WmiAcpi) - C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
O41 - Driver: WpdUsb (WpdUsb) - C:\WINDOWS\system32\DRIVERS\wpdusb.sys
O41 - Driver: Codec Teletext standard (WSTCODEC) - C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
O41 - Driver: Windows Driver Foundation - User-mode Driver Framework Platform Driver (WudfPf) - C:\WINDOWS\system32\DRIVERS\WudfPf.sys
O41 - Driver: Windows Driver Foundation - User-mode Driver Framework Reflector (WudfRd) - C:\WINDOWS\system32\DRIVERS\wudfrd.sys

---\\ Logiciels installés (O42)
O42 - Logiciel: SAS Private JRE (J2SE(tm) Java Runtime Environment 1.4.2_09)
O42 - Logiciel: Adobe Flash Player Plugin
O42 - Logiciel: Agere Systems AC'97 Modem
O42 - Logiciel: Audacity 1.3.3
O42 - Logiciel: Broadcom 802.11 Driver
O42 - Logiciel: BS.Player FREE powered by AdVantage
O42 - Logiciel: Companion wizard
O42 - Logiciel: EpiData Analysis 2.1.0.153
O42 - Logiciel: EpiData Entry 3.1.2701.2008
O42 - Logiciel: HijackThis 2.0.2
O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs
O42 - Logiciel: PCI 1620 Cardbus Controller and Software
O42 - Logiciel: Jeliot 3.3.0
O42 - Logiciel: Windows Installer 3.1 (KB893803)
O42 - Logiciel: Hotfix for Windows XP (KB915865)
O42 - Logiciel: Hotfix for Windows XP (KB926239)
O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399)
O42 - Logiciel: K-Lite Codec Pack 2.50 Full
O42 - Logiciel: Microsoft .NET Framework 1.1 Hotfix (KB928366)
O42 - Logiciel: Malwarebytes' Anti-Malware
O42 - Logiciel: Microsoft .NET Framework 1.1
O42 - Logiciel: Microsoft .NET Framework 2.0
O42 - Logiciel: Mozilla Firefox (3.0.5)
O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP
O42 - Logiciel: Nero 6 Ultra Edition
O42 - Logiciel: Microsoft National Language Support Downlevel APIs
O42 - Logiciel: NOD32 antivirus system
O42 - Logiciel: NVIDIA Windows 2000/XP Display Drivers
O42 - Logiciel: NVIDIA nForce Drivers
O42 - Logiciel: RealPlayer
O42 - Logiciel: Adobe Flash Player 9 ActiveX
O42 - Logiciel: UnZixWin Extractor
O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474)
O42 - Logiciel: Windows Imaging Component
O42 - Logiciel: Winamp (remove only)
O42 - Logiciel: Windows Media Format 11 runtime
O42 - Logiciel: Lecteur Windows Media 11
O42 - Logiciel: Installation Windows Live
O42 - Logiciel: Windows Media Player 11
O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0
O42 - Logiciel: ICQ Toolbar
O42 - Logiciel: Yahoo! Toolbar
O42 - Logiciel: Windows Live Call
O42 - Logiciel: Windows Live Messenger
O42 - Logiciel: Sonic Update Manager
O42 - Logiciel: iTunes
O42 - Logiciel: Outil de téléchargement Windows Live
O42 - Logiciel: Windows Live Writer
O42 - Logiciel: MSVCRT
O42 - Logiciel: Google Toolbar for Internet Explorer
O42 - Logiciel: Microsoft Search Enhancement Pack
O42 - Logiciel: Google Toolbar for Firefox
O42 - Logiciel: J2SE Runtime Environment 5.0 Update 10
O42 - Logiciel: Java(TM) SE Runtime Environment 6 Update 1
O42 - Logiciel: Java(TM) 6 Update 2
O42 - Logiciel: Java(TM) 6 Update 3
O42 - Logiciel: Java(TM) 6 Update 5
O42 - Logiciel: Java 2 SDK, SE v1.4.2_12
O42 - Logiciel: Galerie de photos Windows Live
O42 - Logiciel: Junk Mail filter update
O42 - Logiciel: Microsoft Office Live Add-in 1.3
O42 - Logiciel: Skype™ 3.8
O42 - Logiciel: Windows Live Mail
O42 - Logiciel: Windows Live Sync
O42 - Logiciel: SAS 9.1
O42 - Logiciel: Apple Software Update
O42 - Logiciel: Java 2 Runtime Environment, SE v1.4.2_12
O42 - Logiciel: Epi Info
O42 - Logiciel: Microsoft Silverlight
O42 - Logiciel: Microsoft Sync Framework Runtime Native v1.0 (x86)
O42 - Logiciel: Choice Guard
O42 - Logiciel: Microsoft Office Professional Edition 2003
O42 - Logiciel: Windows Live Toolbar
O42 - Logiciel: Microsoft Office Outlook Connector
O42 - Logiciel: Sonic RecordNow!
O42 - Logiciel: Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
O42 - Logiciel: InterVideo WinDVD
O42 - Logiciel: Microsoft .NET Framework 1.1 French Language Pack
O42 - Logiciel: ALPS Touch Pad Driver
O42 - Logiciel: Segoe UI
O42 - Logiciel: Adobe Reader 7.0.9 - Français
O42 - Logiciel: Apple Mobile Device Support
O42 - Logiciel: DivX Web Player
O42 - Logiciel: PIF DESIGNER
O42 - Logiciel: Microsoft Sync Framework Services Native v1.0 (x86)
O42 - Logiciel: Athlon 64 Processor Driver
O42 - Logiciel: Quick Launch Buttons 5.00 C1
O42 - Logiciel: Assistant de connexion Windows Live
O42 - Logiciel: NOD32 FiX
O42 - Logiciel: QuickTime
O42 - Logiciel: Windows Live Contrôle parental
O42 - Logiciel: SoundMAX
O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU]
O42 - Logiciel: Windows Live Communications Platform

---\\ Contenu des dossiers Fichiers Communs (O43)
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Adobe
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Ahead
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Apple
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\DESIGNER
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\ESRI
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\InstallShield
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Java
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Microsoft Shared
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Motive
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\MSSoap
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\ODBC
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Real
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Services
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Skype
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Softwin
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Sonic
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\SpeechEngines
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\SureThing Shared
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\System
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Windows Live
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\WindowsLiveInstaller
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Wise Installation Wizard
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\xing shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Companion Wizard
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Motive

---\\ Derniers fichiers modifiés ou crées sous System32 (O44)
O44 - LFC:Last File Created - C:\WINDOWS\System32\Agent.OMZ.Fix.exe -->12/12/2008
O44 - LFC:Last File Created - C:\WINDOWS\System32\FNTCACHE.DAT -->22/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\IEDFix.C.exe -->29/11/2008
O44 - LFC:Last File Created - C:\WINDOWS\System32\libdivx.dll -->21/11/2008
O44 - LFC:Last File Created - C:\WINDOWS\System32\MRT.exe -->10/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\mshtml.dll -->12/12/2008
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfc009.dat -->22/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfc00C.dat -->22/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfh009.dat -->22/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfh00C.dat -->22/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\PerfStringBackup.INI -->22/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\sirenacm.dll -->02/12/2008
O44 - LFC:Last File Created - C:\WINDOWS\System32\ssldivx.dll -->21/11/2008
O44 - LFC:Last File Created - C:\WINDOWS\System32\tmp.reg -->23/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\tmp.txt -->23/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\TZLog.log -->16/12/2008
O44 - LFC:Last File Created - C:\WINDOWS\System32\wpa.dbl -->23/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\fssfltr_tdi.sys -->08/12/2008
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\mbam.sys -->14/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->14/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\srv.sys -->11/12/2008

---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ACRORD32.EXE-13285B88.pf -->20/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-013EA364.pf -->20/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ASPNET_REGIIS.EXE-009D6E80.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\B33C11F5-3A11-4F1E-85E4-C3CAB-14DADE12.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\BSPLAYER.EXE-14B7F352.pf -->21/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf -->23/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CONTROL.EXE-013DBFB5.pf -->15/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CSRSS.EXE-12B63473.pf -->19/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf -->19/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DLLHOST.EXE-205D880D.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DOTNETFX.EXE-27A9823D.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf -->16/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf -->16/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DXDLLREG.EXE-0E936F4F.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DXSETUP.EXE-049CB821.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\EABSERVR.EXE-2CF8D629.pf -->23/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -->23/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FIND.EXE-0EC32F1E.pf -->23/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FINDSTR.EXE-0CA6274B.pf -->23/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FIREFOX.EXE-28641590.pf -->23/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FLASHGOT.EXE-0014242D.pf -->23/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FREECELL.EXE-0CC25C3B.pf -->19/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf -->23/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\INSTALL.EXE-044763D7.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\INSTALL.EXE-19F166CA.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\INSTALLATION_WLMESSENGER2009.-3096029A.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\INV.EXE-271C3BF9.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IPODSERVICE.EXE-3192DE38.pf -->23/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ITUNESHELPER.EXE-15823303.pf -->23/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\JAVA.EXE-04FA6B41.pf -->13/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\JAVACPL.EXE-1E646977.pf -->13/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\JAVAW.EXE-03C5992A.pf -->13/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\JRE-6U11-WINDOWS-I586-P-IFTW_-2FBEB17C.pf -->13/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\JUCHECK.EXE-19C452BF.pf -->13/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\JUSCHED.EXE-0882265F.pf -->23/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\Layout.ini -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LODCTR.EXE-1009C3B4.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf -->21/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf -->23/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MBAM-DOR.EXE-203884D2.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MBAM-SETUP.EXE-0985EB16.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MBAM-SETUP.TMP-056189D6.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MBAM.EXE-0BEE0439.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MBAMGUI.EXE-1286D63B.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MODE.COM-31685BAE.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MOFCOMP.EXE-01718E95.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MRT.EXE-1B4A8D49.pf -->16/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MRTSTUB.EXE-042D0A8C.pf -->16/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSCORSVW.EXE-1BF30400.pf -->23/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf -->23/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSOHTMED.EXE-1BD4AAD2.pf -->16/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NERO.EXE-3017C357.pf -->17/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NEROSTARTSMART.EXE-3289D1AD.pf -->19/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NETSH.EXE-085CFFDE.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NGEN.EXE-38021CCC.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NOD32.EXE-103C273A.pf -->19/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NOD32KUI.EXE-18BC85CE.pf -->21/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf -->23/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf -->23/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\OSE.EXE-0125EB9C.pf -->23/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\OSV.EXE-1E31D092.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\OUTLOOK.EXE-21C6162B.pf -->13/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PATCHELYS.EXE-04A29CFB.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\POWERPNT.EXE-2F940E7E.pf -->13/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\QTTASK.EXE-342507FB.pf -->23/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RASAUTOU.EXE-18B88A68.pf -->23/12/2008
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\READER_SL.EXE-3614FA6E.pf -->16/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REALONEMESSAGECENTER.EXE-1B5B11B5.pf -->05/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REALPLAY.EXE-1BF219BD.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REALSCHED.EXE-04BEC5CC.pf -->23/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REG.EXE-0D2A95F7.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf -->23/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REGSVCS.EXE-11A17120.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf -->23/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REGTLIBV12.EXE-0E2FA54B.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ROOTER.EXE-0076C68E.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RSIT.EXE-23F4E4DD.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-13DA0E71.pf -->15/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-1831A4F3.pf -->13/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-188DF14E.pf -->23/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-1BC55A4F.pf -->21/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-1BC69D2D.pf -->20/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-21D394C8.pf -->15/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-256CA526.pf -->21/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2723AA08.pf -->17/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2905E326.pf -->15/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2FB30DE0.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-306479B7.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-33E441E6.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-3BA0187D.pf -->15/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-3F8D63FD.pf -->13/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf -->23/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SEAPORT.EXE-2D9D4167.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SETPATH.EXE-1680EF15.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SHMGRATE.EXE-1BA69E68.pf -->23/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SILVERLIGHT.2.0.EXE-0210FB3E.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SKYPEPM.EXE-2BC7DD5C.pf -->23/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SNDVOL32.EXE-383480B7.pf -->17/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SOFTWAREUPDATE.EXE-1415D1B8.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SYSOCMGR.EXE-31169C54.pf -->21/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\TALKANDWRITE.EXE-3AC250FD.pf -->23/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\TINTSETP.EXE-39BF0732.pf -->23/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UACLAUNCHER.EXE-13544944.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UPDATE.EXE-12CAD96B.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UPDATE.EXE-1D655BFC.pf -->16/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UPDATE.EXE-1F3E4DA4.pf -->16/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf -->23/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf -->23/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WGATRAY.EXE-0ED38BED.pf -->23/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINAMP.EXE-0D0189CA.pf -->09/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINAMPA.EXE-0536E33F.pf -->23/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINDOWS-KB890830-V2.6-DELTA.E-07F34BC7.pf -->16/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINDOWSLIVESYNC.EXE-38FF0D7E.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINDOWSXP-KB954708-X86-ENU.EX-1F61069B.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINDVD.EXE-2A29BC9F.pf -->21/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINLOGON.EXE-32C57D49.pf -->23/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINWORD.EXE-37F6AE09.pf -->21/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WLLOGINPROXY.EXE-2D4B6027.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMIADAP.EXE-2DF425B2.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf -->23/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf -->13/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WSCRIPT.EXE-32960AB9.pf -->22/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf -->23/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WUPDMGR.EXE-2F30BEAB.pf -->13/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ZCLIENTM.EXE-25C31104.pf -->15/01/2009

---\\ ShellExecuteHooks, Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll

---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export - "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
O47 - AAKE:Key Export - "C:\j2sdk1.4.2_12\jre\bin\java.exe"="C:\j2sdk1.4.2_12\jre\bin\java.exe:*:Enabled:java"
O47 - AAKE:Key Export - "C:\Program Files\WinAntiVirus Pro 2006\Updater.exe"="C:\Program Files\WinAntiVirus Pro 2006\Updater.exe:*:Enabled:updater.exe"
O47 - AAKE:Key Export - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
O47 - AAKE:Key Export - "C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
O47 - AAKE:Key Export - "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
O47 - AAKE:Key Export - "C:\WINDOWS\system32\yvqsolvy.exe"="C:\WINDOWS\system32\yvq"
O47 - AAKE:Key Export - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
O47 - AAKE:Key Export - "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
O47 - AAKE:Key Export - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
O47 - AAKE:Key Export - "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. The whole world can talk for free."
O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
O47 - AAKE:Key Export - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
O47 - AAKE:Key Export - "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
O47 - AAKE:Key Export - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

---\\ Déni du service Local Security Authority (LSA) (O48)
O48 - LSA:Local Security Authority Authentication Packages - C:\WINDOWS\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages - C:\WINDOWS\System32\scecli.dll

---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\vgasave.sys


End of the scan:
Ajouter un commentaire
Réponse
+0
moins plus
Re,

1) désinstalle Companion Wizard (si il le veut bien) :

démarrer, Panneau de configuration, Ajout/suppression de programmes.

2) installe un parefeu :

http://www.malekal.com/menu_tutorials_logiciels.php

A mon avis le meilleur choix est entre ZoneAlarm et On line Armor (le second un peu plus complexe que le premier).

3) Télécharge Toolbar-S&D (Team IDN) sur ton Bureau :

http://eric.71.mespages.googlepages.com/ToolBarSD.exe

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.

4) On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:

http://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix


* Vérifie que tu as fermé/désactivé tous les programmes anti-virus, anti-malware ou anti-spyware afin qu'ils n'interfèrent pas avec le travail de ComboFix.

Envoie le contenu de C:\ComboFix.txt dans ta prochaine réponse afin que je l'examine.

N'oublie pas de réactiver tes protections avant de te reconnecter.
Ajouter un commentaire
Réponse
+0
moins plus
voici le rapport généré...


-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
BIOS : Ver 1.00PARTTBL
USER : PATCHELYS ( Administrator )
BOOT : Normal boot
Antivirus : ESET NOD32 antivirus system 2.70 2.70 (Activated)
Firewall : ZoneAlarm Firewall 7.0.483.000 (Activated)
C:\ (Local Disk) - NTFS - Total:20 Go (Free:0 Go)
D:\ (Local Disk) - NTFS - Total:35 Go (Free:0 Go)
E:\ (CD or DVD) - UDF - Total:4 Go (Free:0 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 27/01/2009|11:34 )

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(PATCHELYS) - {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} => flashgot
(PATCHELYS) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(PATCHELYS) - {800b5000-a755-47e1-992b-48a1c1357f07} => icqtoolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.google.fr/"
"Search Page"="http://search.live.com"
"Search Bar"="http://search.live.com/sphome.aspx"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://www.msn.com/"


--------------------\\ Recherche d'autres infections

C:\WINDOWS\system32\oqstv.bak1
C:\WINDOWS\system32\oqstv.bak2
C:\WINDOWS\system32\oqstv.ini
C:\WINDOWS\system32\oqstv.ini2
C:\WINDOWS\system32\oqstv.tmp
C:\WINDOWS\system32\llnmp.ini
C:\WINDOWS\system32\llnmp.ini2
[b]==> VUNDO <==/b

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\PATCHE~1\Recent\crack.lnk



1 - "C:\ToolBar SD\TB_1.txt" - 27/01/2009|11:36 - Option : [2]

-----------\\ Fin du rapport a 11:36:46,84
Ajouter un commentaire
Réponse
+0
moins plus
Bonjour,

le rapport combofix maintenant.
Ajouter un commentaire
Réponse
+0
moins plus
voici le rapport...

ComboFix 09-01-21.04 - PATCHELYS 2009-01-27 15:00:35.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.511.216 [GMT 1:00]
Lancé depuis: c:\documents and settings\PATCHELYS\Bureau\ComboFix.exe
AV: BitDefender Internet Security v10 *On-access scanning disabled* (Updated)
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated)
FW: BitDefender Internet Security v10 *disabled*
FW: ZoneAlarm Firewall *disabled*
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\PATCHELYS\err.log
c:\documents and settings\PATCHELYS\Local Settings\Application Data\zfsgshse.dat
c:\documents and settings\PATCHELYS\Local Settings\Application Data\zfsgshse.exe
c:\documents and settings\PATCHELYS\Local Settings\Application Data\zfsgshse_nav.dat
c:\documents and settings\PATCHELYS\Local Settings\Application Data\zfsgshse_navps.dat
c:\documents and settings\PATCHELYS\ravmonlog
C:\WA6P
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\bdbggcsj.ini
c:\windows\system32\bijvcibx.ini
c:\windows\system32\bncaloon.ini
c:\windows\system32\bunigmty.ini
c:\windows\system32\clvxsepc.ini
c:\windows\system32\dumphive.exe
c:\windows\system32\fauqxwwt.ini
c:\windows\system32\fgdlyqby.ini
c:\windows\system32\gdyjhbjt.ini
c:\windows\system32\hbubtrsb.ini
c:\windows\system32\huvjkadf.ini
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\ioshjidx.ini
c:\windows\system32\iulkknce.ini
c:\windows\system32\iwwhtlir.ini
c:\windows\system32\kykmapyj.ini
c:\windows\system32\lgvstxap.ini
c:\windows\system32\llnmp.ini
c:\windows\system32\llnmp.ini2
c:\windows\system32\mehdfgrm.ini
c:\windows\system32\mhceprkg.ini
c:\windows\system32\mndwnrai.ini
c:\windows\system32\muttmiqu.ini
c:\windows\system32\nmdbhvhh.ini
c:\windows\system32\npxigruc.ini
c:\windows\system32\o4Patch.exe
c:\windows\system32\oqstv.bak1
c:\windows\system32\oqstv.bak2
c:\windows\system32\oqstv.ini
c:\windows\system32\oqstv.ini2
c:\windows\system32\oqstv.tmp
c:\windows\system32\Process.exe
c:\windows\system32\qrodeoey.ini
c:\windows\system32\ruxoxhgp.ini
c:\windows\system32\rviupiqo.ini
c:\windows\system32\rwjwcoav.ini
c:\windows\system32\rxdswwjp.ini
c:\windows\system32\sakamcrt.ini
c:\windows\system32\sjpbtbir.ini
c:\windows\system32\spstypgf.ini
c:\windows\system32\sqlxoukb.ini
c:\windows\system32\SrchSTS.exe
c:\windows\system32\stera.log
c:\windows\system32\tceohspc.ini
c:\windows\system32\thjplbco.ini
c:\windows\system32\tmp.reg
c:\windows\system32\trptbkpx.ini
c:\windows\system32\tsiabqel.ini
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\vgjaoche.ini
c:\windows\system32\vpwolmyx.ini
c:\windows\system32\wiyjoeku.ini
c:\windows\system32\WS2Fix.exe
c:\windows\system32\wwjsxixy.ini
c:\windows\system32\yrvaiqgh.ini

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DOMAINSERVICE
-------\Legacy_FOPN
-------\Legacy_VSPF
-------\Legacy_VSPF_HK
-------\Service_vspf
-------\Service_vspf_hk


((((((((((((((((((((((((((((( Fichiers créés du 2008-12-27 au 2009-01-27 ))))))))))))))))))))))))))))))))))))
.

2009-01-27 11:32 . 2009-01-27 11:36 <REP> d-------- C:\ToolBar SD
2009-01-23 15:19 . 2009-01-27 15:09 1,185,824 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-01-23 15:19 . 2009-01-27 15:04 15,944 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-01-23 15:13 . 2009-01-23 15:13 <REP> d-------- c:\documents and settings\All Users\Application Data\MailFrontier
2009-01-23 15:13 . 2009-01-23 15:16 4,212 ---h----- c:\windows\system32\zllictbl.dat
2009-01-23 15:12 . 2008-07-09 09:05 75,248 --a------ c:\windows\zllsputility.exe
2009-01-23 15:12 . 2008-07-09 09:05 54,672 --a------ c:\windows\system32\vsutil_loc040c.dll
2009-01-23 15:12 . 2008-07-09 09:05 42,384 --a------ c:\windows\zllsputility_loc040c.dll
2009-01-23 15:12 . 2008-07-09 09:05 21,904 --a------ c:\windows\system32\imsinstall_loc040c.dll
2009-01-23 15:12 . 2008-07-09 09:05 17,808 --a------ c:\windows\system32\imslsp_install_loc040c.dll
2009-01-23 15:11 . 2009-01-23 15:12 <REP> d-------- c:\windows\system32\ZoneLabs
2009-01-23 15:11 . 2009-01-23 15:11 <REP> d-------- c:\program files\Zone Labs
2009-01-23 15:11 . 2008-07-09 09:05 1,086,952 --a------ c:\windows\system32\zpeng24.dll
2009-01-23 15:11 . 2009-01-27 15:08 358,382 --a------ c:\windows\system32\vsconfig.xml
2009-01-23 15:10 . 2009-01-27 15:09 <REP> d-------- c:\windows\Internet Logs
2009-01-22 18:42 . 2009-01-27 15:06 <REP> d-------- c:\documents and settings\PATCHELYS\Tracing
2009-01-22 18:41 . 2008-12-08 17:01 55,136 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
2009-01-22 18:00 . 2009-01-22 18:00 <REP> d-------- c:\program files\Microsoft Silverlight
2009-01-22 17:59 . 2009-01-22 17:59 <REP> d-------- c:\program files\Microsoft Office Outlook Connector
2009-01-22 17:50 . 2009-01-22 17:50 <REP> d-------- c:\program files\Microsoft Sync Framework
2009-01-22 17:49 . 2009-01-22 18:00 <REP> d-------- c:\program files\Microsoft
2009-01-22 17:48 . 2009-01-22 17:48 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-01-22 17:48 . 2009-01-22 18:41 <REP> d-------- c:\program files\Windows Live
2009-01-22 17:42 . 2009-01-22 17:42 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2009-01-22 17:38 . 2009-01-22 17:38 <REP> d-------- c:\program files\Apple Software Update
2009-01-22 16:50 . 2009-01-22 16:50 <REP> d-------- C:\rsit
2009-01-22 16:50 . 2009-01-22 17:25 <REP> d-------- c:\program files\trend micro
2009-01-22 15:50 . 2009-01-22 16:13 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-22 15:50 . 2009-01-22 15:50 <REP> d-------- c:\documents and settings\PATCHELYS\Application Data\Malwarebytes
2009-01-22 15:50 . 2009-01-22 15:50 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-22 15:50 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-22 15:50 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-22 15:03 . 2009-01-22 18:04 <REP> d-------- C:\Rooter$

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-27 14:03 --------- d-----w c:\documents and settings\PATCHELYS\Application Data\Skype
2009-01-27 13:19 --------- d-----w c:\program files\ESET
2009-01-27 09:15 --------- d-----w c:\documents and settings\PATCHELYS\Application Data\skypePM
2009-01-23 10:59 --------- d-----w c:\program files\Google
2008-12-27 23:31 --------- d-----w c:\program files\DivX
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-06 22:00 --------- d-----w c:\documents and settings\PATCHELYS\Application Data\U3
2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-06 10:58 13,136 ----a-w c:\documents and settings\TP SAS\variables.dat
2007-11-30 00:03 39,851 ----a-w c:\documents and settings\PATCHELYS\Application Data\mdb.bin
2007-11-26 20:06 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-02-11 21:03 14 -c--a-w c:\documents and settings\PATCHELYS\getfile.dat
2001-05-24 11:59 162,304 ----a-w c:\program files\UNWISE.EXE
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-29 21755688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-08-19 290816]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-10-15 185784]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"TalkAndWrite"="c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe" [2007-07-23 2664448]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-02-14 949376]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/ustera

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\j2sdk1.4.2_12\\jre\\bin\\java.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12665:TCP"= 12665:TCP:NortonAV
"12265:TCP"= 12265:TCP:NortonAV
"14952:TCP"= 14952:TCP:NortonAV
"12441:TCP"= 12441:TCP:NortonAV
"15084:TCP"= 15084:TCP:NortonAV
"14024:TCP"= 14024:TCP:NortonAV
"16216:TCP"= 16216:TCP:NortonAV
"18848:TCP"= 18848:TCP:NortonAV
"14061:TCP"= 14061:TCP:NortonAV
"12396:TCP"= 12396:TCP:NortonAV
"13453:TCP"= 13453:TCP:NortonAV
"16142:TCP"= 16142:TCP:NortonAV
"18423:TCP"= 18423:TCP:NortonAV
"17527:TCP"= 17527:TCP:NortonAV
"7521:TCP"= 7521:TCP:BitComet 7521 TCP
"7521:UDP"= 7521:UDP:BitComet 7521 UDP

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-01-27 15424]
R4 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-01-22 55136]
R4 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2006-09-05 71808]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41a37585-d9e5-11db-b92e-00904badf35c}]
\Shell\Auto\command - F:\bittorrent.exe e
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{797aa693-9d1b-11dc-ad4f-000fb04ced96}]
\Shell\AutoRun\command - F:\8u.com
\Shell\explore\Command - F:\8u.com
\Shell\open\Command - F:\8u.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{854803e0-d02c-11dc-add6-000fb04ced96}]
\Shell\AutoRun\command - fooool.exe
\Shell\explore\Command - fooool.exe
\Shell\open\Command - fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cb6c180-ab12-11dd-af06-000fb04ced96}]
\Shell\AutoRun\command - wscript.exe antinul.vbe
\Shell\open\Command - wscript.exe antinul.vbe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2debeaf-15b6-11dc-b9c6-00904badf35c}]
\Shell\Auto\command - F:\bittorrent.exe e
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
.
Contenu du dossier 'Tâches planifiées'

2009-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{0E59B614-3EF5-4C86-A998-57DFBBB419C8} - c:\windows\system32\vtsqo.dll
BHO-{CAB675A2-D7E5-4C05-9F3F-DFFD264F8605} - c:\windows\system32\pmnll.dll
HKCU-Run-AdVantage - c:\program files\AdVantage\AdVantage.exe
HKCU-Run-zfsgshse - c:\documents and settings\patchelys\local settings\application data\zfsgshse.exe
HKLM-Run-EPSON Stylus DX3800 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
HKLM-Run-StandardInstall - (no file)


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mWindow Title =
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\PATCHELYS\Application Data\Mozilla\Firefox\Profiles\9nd4g3xt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-27 15:06:45
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ؕ€|ÿÿÿÿ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'lsass.exe'(764)
c:\windows\system32\imon.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\ESET\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Heure de fin: 2009-01-27 15:12:48 - La machine a redémarré [PATCHELYS]
ComboFix-quarantined-files.txt 2009-01-27 14:12:42

Avant-CF: 293,736,448 octets libres
Après-CF: 4,429,471,744 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

298 --- E O F --- 2009-01-16 08:46:25
Ajouter un commentaire
Réponse
+0
moins plus
J'ai des petits soucis...
J'arrive plus à me connecter sur le net avec zoneAlarm meme en autorisant les programmes sur l'onglet "controle programme". En plus en redémarrant l'ordi après l'analyse combo...j'ai plus de connexion du tout et l'ordi (au demarrage) fait ressortir "windows console...", j'avais pas ça avant. je pense que j'ai dù installer pendant combo...comment enlevant ce paramètre de console car je pense que ça fait ramer l'ordi...
Ajouter un commentaire
Ce document intitulé «  téléchargement de fichiers exe bloqués!  » issu de CommentCaMarche (www.commentcamarche.net) est mis à disposition sous les termes de la licence Creative Commons. Vous pouvez copier, modifier des copies de cette page, dans les conditions fixées par la licence, tant que cette note apparaît clairement.

Vous n'êtes pas encore membre ?

inscrivez-vous, c'est gratuit et ça prend moins d'une minute !

Les membres obtiennent plus de réponses que les utilisateurs anonymes.

Le fait d'être membre vous permet d'avoir un suivi détaillé de vos demandes.

Le fait d'être membre vous permet d'avoir des options supplémentaires.