Posez votre question Signaler

Supprimer trojan [Résolu]

yoyo - Dernière réponse le 9 oct. 2010 à 02:47
Bonjour a tous
j'ai un trojan impossible a supprimer : TR/Agent.564800
HEEEEEEEELP !!!!!!!!
je laisse mon rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:42:15, on 06/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.live.com/?mkt=en-us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: setup_9.0.0.722_04.10.2010_04-33.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files\PokerStars.FR\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IS Service (ISSVC) - Unknown owner - c:\Program Files\Norton Internet Security\ISSVC.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SAVScan - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
Lire la suite 
Réponse
+0
moins plus
si tu sais comment oui fais le

sinon fais combofix

CONTRIBUTEUR SECURITE

Désinfection = diagnostic + traitement + finalisation
"Restez" jusqu'au bout...merci
Ajouter un commentaire
Réponse
+0
moins plus
combofix me detecte norton internet security qui faisait parti de l'ordi quand je l'ai acheté, et que j'avais supprimé des l'achat.
moment de grace 29088Messages postés samedi 6 décembre 2008Date d'inscription Contributeur sécuritéStatut 18 juillet 2013Dernière intervention - 8 oct. 2010 à 02:51
http://www.commentcamarche.net/...
Répondre
Ajouter un commentaire
Réponse
+0
moins plus
voici le rapport combofix:

ComboFix 10-10-07.01 - HP_Propriétaire 08/10/2010 3:16.1.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.446.226 [GMT 2:00]
Lancé depuis: c:\documents and settings\HP_Propriétaire\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ps2.bat

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games


((((((((((((((((((((((((((((( Fichiers créés du 2010-09-08 au 2010-10-08 ))))))))))))))))))))))))))))))))))))
.

2010-10-07 23:17 . 2010-10-08 00:04 -------- d-----w- c:\program files\List_Kill'em
2010-10-07 21:54 . 2010-10-07 21:54 -------- d-----r- c:\documents and settings\LocalService\Favoris
2010-10-07 20:27 . 2010-10-08 01:25 840192 ----a-w- c:\windows\system32\drivers\ylerzlej.sys
2010-10-07 16:41 . 2010-10-07 16:41 4325 ----a-w- C:\UsbFix_Upload_Me_YOANN.zip
2010-10-07 16:36 . 2010-10-07 16:41 -------- d-----w- C:\UsbFix
2010-10-07 15:14 . 2010-10-07 19:19 -------- d-----w- c:\program files\ZHPDiag
2010-10-07 14:50 . 2010-10-07 15:10 -------- d-----w- c:\program files\Ad-Remover
2010-10-06 20:41 . 2010-10-06 20:41 -------- d-----w- c:\program files\Trend Micro
2010-10-06 13:41 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-06 13:41 . 2010-10-06 13:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-06 13:41 . 2010-10-06 13:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-06 13:41 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-06 12:39 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\56632172.sys
2010-10-06 12:39 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\5663217.sys
2010-10-06 12:39 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\56632171.sys
2010-09-22 03:12 . 2010-10-08 01:25 565248 ----a-w- c:\windows\system32\drivers\kqmcbixr.sys
2010-09-20 17:36 . 2010-10-02 12:53 -------- d-----w- c:\program files\PokerStars.FR

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-03 22:42 . 2007-02-06 04:33 58216 ----a-w- c:\windows\system32\perfc040.dat
2010-10-03 22:42 . 2007-02-06 04:33 433972 ----a-w- c:\windows\system32\perfh040.dat
2010-10-03 22:42 . 2004-11-23 21:26 94990 ----a-w- c:\windows\system32\perfc00C.dat
2010-10-03 22:42 . 2004-11-23 21:26 530202 ----a-w- c:\windows\system32\perfh00C.dat
2010-10-01 19:47 . 2010-01-31 19:04 -------- d-----w- c:\program files\PokerStars
2010-08-17 13:17 . 2004-08-05 18:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:48 . 2004-08-05 18:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen 3.1"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2005-09-27 1073152]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2006-01-24 7094272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-03 98304]

c:\documents and settings\HP_Propri'taire\Menu D'marrer\Programmes\D'marrage\
setup_9.0.0.722_04.10.2010_04-33.lnk - c:\documents and settings\HP_Propri'taire\Bureau\securit'\Virus Removal Tool\setup_9.0.0.722_04.10.2010_04-33\startup.exe [2010-10-6 72208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=2 (0x2)
"Fax"=3 (0x3)
"Boonty Games"=3 (0x3)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"WOOKIT"=c:\progra~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
"updateMgr"=c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PCDrProfiler"=
"ATIPTA"=c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe"
"Picasa Media Detector"=c:\program files\Picasa2\PicasaMediaDetector.exe
"PS2"=c:\windows\system32\ps2.exe
"Recguard"=c:\windows\SMINST\RECGUARD.EXE
"WOOTASKBARICON"=c:\progra~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
"AlcxMonitor"=ALCXMNTR.EXE
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"%windir%\\system32\\lsass.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13693:TCP"= 13693:TCP:NortonAV
"13116:TCP"= 13116:TCP:NortonAV
"16519:TCP"= 16519:TCP:NortonAV

R0 56632172;56632172 Boot Guard Driver;c:\windows\system32\drivers\56632172.sys [06/10/2010 14:39 37392]
R1 56632171;56632171;c:\windows\system32\drivers\56632171.sys [06/10/2010 14:39 128016]
R1 setup_9.0.0.722_04.10.2010_04-33drv;setup_9.0.0.722_04.10.2010_04-33drv;c:\windows\system32\drivers\5663217.sys [06/10/2010 14:39 315408]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [24/12/2009 04:42 108289]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [01/12/2009 16:49 34384]
S3 999ef29d900f8ef2;999ef29d900f8ef2;\??\c:\windows\TEMP\612023701183 --> c:\windows\TEMP\612023701183 [?]
S3 cc67c00fa9718e47;cc67c00fa9718e47;\??\c:\windows\TEMP\600024886dc0 --> c:\windows\TEMP\600024886dc0 [?]
S3 MODRC;DiBcom Infrared Receiver;c:\windows\system32\DRIVERS\modrc.sys --> c:\windows\system32\DRIVERS\modrc.sys [?]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - kqmcbixr
*Deregistered* - ylerzlej
.
.
------- Examen supplémentaire -------
.
IE: &Traduire à partir de l'anglais - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Pages liées - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Pages similaires - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Recherche &Google - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: Version de la page actuelle disponible dans le cache Google - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files\PokerStars.FR\PokerStarsUpdate.exe
FF - ProfilePath - c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\ota8yfne.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -

HKU-Default-Run-AVG7_Run - c:\progra~1\Grisoft\AVGFRE~1\avgw.exe
HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe



[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\999ef29d900f8ef2]
"ImagePath"="\??\c:\windows\TEMP\612023701183"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cc67c00fa9718e47]
"ImagePath"="\??\c:\windows\TEMP\600024886dc0"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kqmcbixr]
Ajouter un commentaire
Réponse
+0
moins plus
/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour cet utilisateur, il n'est pas transposable sur un autre ordinateur !

crées un sur ton bureau un nouveau fichier bloc note que tu nommeras CFScript
Copies y ce texte dedans et enregistres le

KillAll::


Driver::

kqmcbixr
ylerzlej



Rootkit::

c:\windows\system32\drivers\ylerzlej.sys
c:\windows\system32\drivers\kqmcbixr.sys



* Désactive tes logiciels de protection
* Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe (comme le lien suivant)
http://sd-2.archive-host.com/membres/images/135518691112296573/cfscriptop0.gif
* Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt
Ajouter un commentaire
Réponse
+0
moins plus
ComboFix 10-10-07.01 - HP_Propriétaire 08/10/2010 4:03.2.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.446.170 [GMT 2:00]
Lancé depuis: c:\documents and settings\HP_Propriétaire\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\HP_Propriétaire\Bureau\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_KQMCBIXR
-------\Legacy_YLERZLEJ
-------\Service_kqmcbixr
-------\Service_ylerzlej


((((((((((((((((((((((((((((( Fichiers créés du 2010-09-08 au 2010-10-08 ))))))))))))))))))))))))))))))))))))
.

2010-10-07 23:17 . 2010-10-08 00:04 -------- d-----w- c:\program files\List_Kill'em
2010-10-07 21:54 . 2010-10-07 21:54 -------- d-----r- c:\documents and settings\LocalService\Favoris
2010-10-07 20:27 . 2010-10-08 02:09 840192 ----a-w- c:\windows\system32\drivers\ylerzlej.sys
2010-10-07 16:41 . 2010-10-07 16:41 4325 ----a-w- C:\UsbFix_Upload_Me_YOANN.zip
2010-10-07 16:36 . 2010-10-07 16:41 -------- d-----w- C:\UsbFix
2010-10-07 15:14 . 2010-10-07 19:19 -------- d-----w- c:\program files\ZHPDiag
2010-10-07 14:50 . 2010-10-07 15:10 -------- d-----w- c:\program files\Ad-Remover
2010-10-06 20:41 . 2010-10-06 20:41 -------- d-----w- c:\program files\Trend Micro
2010-10-06 13:41 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-06 13:41 . 2010-10-06 13:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-06 13:41 . 2010-10-06 13:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-06 13:41 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-06 12:39 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\56632172.sys
2010-10-06 12:39 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\5663217.sys
2010-10-06 12:39 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\56632171.sys
2010-09-22 03:12 . 2010-10-08 02:09 565248 ----a-w- c:\windows\system32\drivers\kqmcbixr.sys
2010-09-20 17:36 . 2010-10-02 12:53 -------- d-----w- c:\program files\PokerStars.FR

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-03 22:42 . 2007-02-06 04:33 58216 ----a-w- c:\windows\system32\perfc040.dat
2010-10-03 22:42 . 2007-02-06 04:33 433972 ----a-w- c:\windows\system32\perfh040.dat
2010-10-03 22:42 . 2004-11-23 21:26 94990 ----a-w- c:\windows\system32\perfc00C.dat
2010-10-03 22:42 . 2004-11-23 21:26 530202 ----a-w- c:\windows\system32\perfh00C.dat
2010-10-01 19:47 . 2010-01-31 19:04 -------- d-----w- c:\program files\PokerStars
2010-08-17 13:17 . 2004-08-05 18:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:48 . 2004-08-05 18:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen 3.1"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2005-09-27 1073152]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2006-01-24 7094272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-03 98304]

c:\documents and settings\HP_Propri'taire\Menu D'marrer\Programmes\D'marrage\
setup_9.0.0.722_04.10.2010_04-33.lnk - c:\documents and settings\HP_Propri'taire\Bureau\securit'\Virus Removal Tool\setup_9.0.0.722_04.10.2010_04-33\startup.exe [2010-10-6 72208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=2 (0x2)
"Fax"=3 (0x3)
"Boonty Games"=3 (0x3)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"WOOKIT"=c:\progra~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
"updateMgr"=c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PCDrProfiler"=
"ATIPTA"=c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe"
"Picasa Media Detector"=c:\program files\Picasa2\PicasaMediaDetector.exe
"PS2"=c:\windows\system32\ps2.exe
"Recguard"=c:\windows\SMINST\RECGUARD.EXE
"WOOTASKBARICON"=c:\progra~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
"AlcxMonitor"=ALCXMNTR.EXE
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"%windir%\\system32\\lsass.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13693:TCP"= 13693:TCP:NortonAV
"13116:TCP"= 13116:TCP:NortonAV
"16519:TCP"= 16519:TCP:NortonAV

R0 56632172;56632172 Boot Guard Driver;c:\windows\system32\drivers\56632172.sys [06/10/2010 14:39 37392]
R1 56632171;56632171;c:\windows\system32\drivers\56632171.sys [06/10/2010 14:39 128016]
R1 setup_9.0.0.722_04.10.2010_04-33drv;setup_9.0.0.722_04.10.2010_04-33drv;c:\windows\system32\drivers\5663217.sys [06/10/2010 14:39 315408]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [24/12/2009 04:42 108289]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [01/12/2009 16:49 34384]
S3 999ef29d900f8ef2;999ef29d900f8ef2;\??\c:\windows\TEMP\612023701183 --> c:\windows\TEMP\612023701183 [?]
S3 cc67c00fa9718e47;cc67c00fa9718e47;\??\c:\windows\TEMP\600024886dc0 --> c:\windows\TEMP\600024886dc0 [?]
S3 MODRC;DiBcom Infrared Receiver;c:\windows\system32\DRIVERS\modrc.sys --> c:\windows\system32\DRIVERS\modrc.sys [?]
.
.
------- Examen supplémentaire -------
.
IE: &Traduire à partir de l'anglais - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Pages liées - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Pages similaires - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Recherche &Google - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: Version de la page actuelle disponible dans le cache Google - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files\PokerStars.FR\PokerStarsUpdate.exe
FF - ProfilePath - c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\ota8yfne.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\999ef29d900f8ef2]
"ImagePath"="\??\c:\windows\TEMP\612023701183"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cc67c00fa9718e47]
"ImagePath"="\??\c:\windows\TEMP\600024886dc0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(400)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2036)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\Ati2evxx.exe
.
**************************************************************************
.
Heure de fin: 2010-10-08 04:14:27 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-10-08 02:14
ComboFix2.txt 2010-10-08 01:28

Avant-CF: 143 332 728 832 octets libres
Après-CF: 143 320 817 664 octets libres

- - End Of File - - 0671F6100318B84A1D6ABEEF061DDEFE
Ajouter un commentaire
Réponse
+0
moins plus
Télécharge The Avenger sur ton Bureau.
http://swandog46.geekstogo.com/avenger2/avenger.zip


--> Dézippe le fichier avenger.zip (Clique droit > Extraire).
--> Ferme toutes les fenêtres et toutes les applications en cours et double-clique sur l'icône avenger (Icône avec l'épée).
--> Clique sur OK pour accepter les termes d'utilisation.


. Copie tout le texte en gras ci-dessous : mettre en surbrillance et appuyer sur les touches(Ctrl+C):

Drivers to disable:

ylerzlej
kqmcbixr

Drivers to delete:

ylerzlej
kqmcbixr

Files to delete:

c:\windows\system32\drivers\ylerzlej.sys
c:\windows\system32\drivers\kqmcbixr.sys





. Colle ce texte (Ctrl+V) dans le cadre :Input script here

. Appuie sur Execute

. Le pc va redémarrer
Si le rapport ne s'affiche pas, il se trouve dans C:\ avenger
Tuto :
http://www.oxygenepc.com/forum/the-avenger-t594.html



CONTRIBUTEUR SECURITE

Désinfection = diagnostic + traitement + finalisation
"Restez" jusqu'au bout...merci
Ajouter un commentaire
Réponse
+0
moins plus
il me dit que le nom CFScript semble etre mal ecrit
Ajouter un commentaire
Réponse
+0
moins plus
http://www.commentcamarche.net/forum/affich-19408229-supprimer-trojan?page=4#80

j'ai modifie te croyant parti
Ajouter un commentaire
Réponse
+0
moins plus
je ne partirai pas comme un voleur, je vais encore un peu abuser de ton temps si tu le peux.
Ajouter un commentaire
Réponse
+0
moins plus
au fait quand je vais lancer avenger je dois tjrs desactiver les logiciels de secu ?
Ajouter un commentaire
Réponse
+0
moins plus
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not open driver "ylerzlej"
Disablement of driver "ylerzlej" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open driver "kqmcbixr"
Disablement of driver "kqmcbixr" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\ylerzlej" not found!
Deletion of driver "ylerzlej" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\kqmcbixr" not found!
Deletion of driver "kqmcbixr" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "c:\windows\system32\drivers\ylerzlej.sys" deleted successfully.
File "c:\windows\system32\drivers\kqmcbixr.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
Ajouter un commentaire
Réponse
+0
moins plus
de retour ...apres un peu de sommeil

on en est où dans les soucis ?
Ajouter un commentaire
Réponse
+0
moins plus
ben j'ai posté le dernier rapport avenger
Ajouter un commentaire
Réponse
+0
moins plus
oui

j'ai vu

internet fonctionne t il ?
Ajouter un commentaire
Réponse
+0
moins plus
Ajouter un commentaire
Réponse
+0
moins plus
ok

plus de soucis alors ?

Fais un nouveau rapport ZHPdiag stp

Rend toi sur Cjoint : http://www.cijoint.fr/

Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "

Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau

Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message

Ajouter un commentaire
Réponse
+0
moins plus
voici :

Rapport de ZHPDiag v1.26.6871 par Nicolas Coolman, Update du 04/10/2010
Run by HP_Propriétaire at 08/10/2010 19:16:11
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Contact : nicolascoolman@yahoo.fr

---\\ Web Browser
MSIE: Internet Explorer v6.0.2900.5512
MFIE: Mozilla Firefox (3.6.10)

---\\ System Information
Platform : Microsoft Windows XP (5.1.2600) Service Pack 3
Processor: x86 Family 15 Model 47 Stepping 2, AuthenticAMD
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 446.5 MB (31% free)
System drive C: has 133 GB (74%) free of 180 GB

---\\ Logged in mode
Computer Name: YOANN
User Name: HP_Propriétaire
All Users Names: SUPPORT_fddfa904, SUPPORT_388945a0, HP_Propriétaire, HelpAssistant, Administrateur,
Unselected Option: O1,O45,O61,O62,O65,O82
Logged in as Administrator

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 133 Go of 180 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 2 Go of 6 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ CD-ROM drive (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)


---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableRegistryTools: OK


---\\ Processus lancés
[MD5.D33427F6C2B7814100B5BD315E23C12C] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [376832]
[MD5.9015BC03F62940527EC92D45EE89E46F] - (.Avira GmbH - Antivirus Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [108289]
[MD5.B8720A787C1223492E6F319465E996CE] - (.Avira GmbH - Antivirus On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [185089]
[MD5.39133291CB607BDD87CFC565A4A1E7A5] - (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376]
[MD5.8E90C250A86B4040BBCC68D669413145] - (.Pas de propriétaire - CameraMonitor MFC Application.) -- C:\WINDOWS\vsnpstd.exe [286720]
[MD5.29680A793F690EEF4AAA68479D2A6DF8] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [209153]
[MD5.3A0647BDED81DBE0BCBB51D70B22C9E0] - (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe [149280]
[MD5.76A3A30B58405C2C6D833895253A51A9] - (.Apple Computer, Inc. - Pas de description.) -- C:\Program Files\QuickTime\qttask.exe [98304]
[MD5.15DC45900400A739430DF6C6C0A3BF62] - (.Gadwin Systems, Inc. - PrintScreen captures the contents of the sc.) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe [1073152]
[MD5.4364B5C4F31241660D30D2C9980F877E] - (.Pas de propriétaire - ADIMON MFC Application.) -- C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [962661]
[MD5.A26898623D61508C2FA3F5672C11FA5D] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [910296]
[MD5.D61ACEBA5AC21AB4EA814BBC5BF9E5BE] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [14808]
[MD5.60C2351F03211CEC72E076E9E6931A72] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [1651712]


---\\ Programmes d'extension pour Mozilla Firefox (M2)
M2 - MFEP: prefs.js [HP_Propriétaire - ota8yfne.default\{20a82645-c095-46ed-80e3-08825760534b}] [MicrosoftCG] Microsoft .NET Framework Assistant 1.1 (.Microsoft.)
M2 - MFEP: prefs.js [HP_Propriétaire - ota8yfne.default\{2f17f610-5e97-4fed-828f-9940b7b577a4}] [] TV-Fox 1.0.9 (.tv-fox Inc..)


---\\ Plugins de navigateurs Opera/Firefox(P1/P2)
P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 10.2.) -- C:\Program Files\Mozilla Firefox\Plugins\np32dsw.dll
P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeploytk.dll
P2 - FPN:Firefox Plugin Navigator . (.DivX,Inc. - DivX® Web Player.) -- C:\Program Files\Mozilla Firefox\Plugins\npdivx32.dll
P2 - FPN:Firefox Plugin Navigator . (.mozilla.org - Default Plug-in.) -- C:\Program Files\Mozilla Firefox\Plugins\npnul32.dll
P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe Acrobat Plug-In Version 7.00 for Netscape.) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Computer, Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Computer, Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin2.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@divx.com/DivX Browser Plugin,version=1.0.0] - (.DivX,Inc. - DivX® Web Player.) -- C:\Program Files\DivX\DivX Web Player\npdivx32.dll
P2 - FPN: [HKLM] [@divx.com/DivX Content Upload Plugin,version=1.0.0] - (.DivX,Inc. - DivX® Content Upload Plugin.) -- C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll


---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"


---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/


---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


---\\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Bibliothèque d'objets et de contrôles de do.) (No version) -- %SystemRoot%\system32\shdocvw.dll


---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} . (.Adobe Systems Incorporated - Adobe Acrobat IE Helper Version 7.0 for Act.) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} . (.Microsoft Corporation - st.) -- C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Barre d'outils client IE Google.) -- c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} . (.Microsoft Corporation - MSN Toolbar extension.) -- C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java(TM) Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll


---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Barre d'outils client IE Google.) -- c:\program files\google\googletoolbar2.dll


---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [snpstd] . (.Pas de propriétaire - CameraMonitor MFC Application.) -- C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Computer, Inc. - Pas de description.) -- C:\Program Files\QuickTime\qttask.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] . (.Gadwin Systems, Inc. - PrintScreen captures the contents of the sc.) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - MSN Messenger.) -- C:\Program Files\MSN Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-4195909382-661778903-2471816573-1008\..\Run: [Gadwin PrintScreen 3.1] . (.Gadwin Systems, Inc. - PrintScreen captures the contents of the sc.) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
O4 - HKUS\S-1-5-21-4195909382-661778903-2471816573-1008\..\Run: [msnmsgr] . (.Microsoft Corporation - MSN Messenger.) -- C:\Program Files\MSN Messenger\msnmsgr.exe
O4 - Global Startup: C:\Documents And Settings\HP_Propriétaire\Menu Démarrer\Programmes\Démarrage\setup_9.0.0.722_04.10.2010_04-33.lnk . (.Pas de propriétaire.) -- C:\Documents and Settings\HP_Propriétaire\Bureau\securité\Virus Removal Tool\setup_9.0.0.722_04.10.2010_04-33\startup.exe


---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe Reader 7.0.lnk . (.Pas de propriétaire.) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A70900000002}\SC_Reader_PM.ico
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Lanceur de tâches Microsoft Works.lnk . (.Microsoft® Corporation.) -- C:\Program Files\Microsoft Works\MSWorks.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Microsoft Office PowerPoint Viewer 2003.lnk . (.Microsoft Corporation.) -- C:\Program Files\Microsoft Office\PowerPoint Viewer\PPTVIEW.EXE
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\MSN Messenger 7.5.lnk . (.Pas de propriétaire.) -- C:\WINDOWS\Installer\{BAFD3C1E-03EC-11DA-BFBD-00065BBDC0B5}\MsblIco.Exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Multi-channel Sound Manager.lnk - Clé orpheline
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\My PC Choice.lnk . (.Pas de propriétaire.) -- C:\hp\VINETLINK\VINETLINK.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Messenger.lnk . (.Microsoft Corporation.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Movie Maker.lnk . (.Microsoft Corporation.) -- C:\Program Files\Movie Maker\moviemk.exe
O4 - Global Startup: C:\Documents And Settings\HP_Propriétaire\Menu Démarrer\Programmes\Assistance à distance.lnk . (.Microsoft Corporation.) -- C:\WINDOWS\system32\rcimlby.exe
O4 - Global Startup: C:\Documents And Settings\HP_Propriétaire\Menu Démarrer\Programmes\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Documents And Settings\HP_Propriétaire\Menu Démarrer\Programmes\Multi-channel Sound Manager.lnk - Clé orpheline
O4 - Global Startup: C:\Documents And Settings\HP_Propriétaire\Menu Démarrer\Programmes\Outlook Express.lnk . (.Microsoft Corporation.) -- C:\Program Files\Outlook Express\msimn.exe
O4 - Global Startup: C:\Documents And Settings\HP_Propriétaire\Menu Démarrer\Programmes\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe


---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: &Traduire à partir de l'anglais . (.Google Inc. - Barre d'outils client IE Google.) -- c:\program files\google\GoogleToolbar2.dll
O8 - Extra context menu item: Pages liées . (.Google Inc. - Barre d'outils client IE Google.) -- c:\program files\google\GoogleToolbar2.dll
O8 - Extra context menu item: Pages similaires . (.Google Inc. - Barre d'outils client IE Google.) -- c:\program files\google\GoogleToolbar2.dll
O8 - Extra context menu item: Recherche &Google . (.Google Inc. - Barre d'outils client IE Google.) -- c:\program files\google\GoogleToolbar2.dll
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google . (.Google Inc. - Barre d'outils client IE Google.) -- c:\program files\google\GoogleToolbar2.dll


---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra 'Tools' menuitem: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} . (.not file.) - C:\Program Files\PokerStars.FR\main.ico
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\conn_support.ico
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (.not file.) - (.not file.)
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe


---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll


---\\ Piratage de l'Option 'Rétablir les paramètres Web' (O14)
O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome


---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/fhg.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A632B33D-E20C-4F7E-95A3-34D0A38935C0}: NameServer = 81.253.149.1 80.10.246.132
O17 - HKLM\System\CS1\Services\Tcpip\..\{A632B33D-E20C-4F7E-95A3-34D0A38935C0}: NameServer = 81.253.149.1 80.10.246.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer = 15.243.128.51 15.243.160.51
O17 - HKLM\System\CS1\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer = 15.243.128.51 15.243.160.51
O17 - HKLM\System\CS2\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer = 15.243.128.51 15.243.160.51
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpDomain = rgv.hp.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpDomain = rgv.hp.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpDomain = rgv.hp.com


---\\ Protocole additionnel et piratage de protocole (O18)
O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} . (.Pas de propriétaire - Pas de description.) -- "C:\PROGRA~1\MSNMES~1\msgrapp.dll"


---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\Windows\System32\Ati2evxx.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\Windows\System32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\Windows\System32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\Windows\System32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\Windows\System32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\Windows\System32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll


---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\shell32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll


---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll


---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: (Ati HotKey Poller) . (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 (Pml Driver HPZ12) . (.HP - PML Driver.) - C:\WINDOWS\system32\HPZipm12.exe


---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Pas de propriétaire - Pas de description.) - (.not file.)


---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\regutils.dll
O40 - ASIC: Adobe Shockwave Director 10.2 - {233C1507-6A77-46A4-9443-F871F945D258} . (.Adobe Systems, Inc. - Shockwave ActiveX Control.) -- C:\WINDOWS\system32\Macromed\Director\SwDir.dll
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msnetmtg.inf
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msmsgs.inf
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\wmp11.inf
O40 - ASIC: Fax - {8b15971b-5355-4c82-8c07-7e181ea07608} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\fxsocm.inf
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 10.0 r42.) -- C:\WINDOWS\system32\Macromed\Flash\Flash10d.ocx


---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: 56632171 (56632171) . (.Kaspersky Lab - Kaspersky Unified Driver.) - C:\Windows\system32\DRIVERS\56632171.sys
O41 - Driver: Pilote de processeur AMD (AmdK8) . (.Advanced Micro Devices - AMD Processor Driver.) - C:\Windows\system32\DRIVERS\AmdK8.sys
O41 - Driver: AVG7 Kernel (Avg7Core) . (.Pas de propriétaire - Pas de description.) - C:\WINDOWS\system32\Drivers\avg7core.sys
O41 - Driver: AVG7 Wrap Driver (Avg7RsW) . (.Pas de propriétaire - Pas de description.) - C:\WINDOWS\system32\Drivers\avg7rsw.sys
O41 - Driver: AVG7 Resident Driver XP (Avg7RsXP) . (.Pas de propriétaire - Pas de description.) - C:\WINDOWS\system32\Drivers\avg7rsxp.sys
O41 - Driver: avgio (avgio) . (.Avira GmbH - Avira AntiVir Support for Minifilter.) - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
O41 - Driver: avipbb (avipbb) . (.Avira GmbH - Avira Driver for RootKit Detection.) - C:\Windows\system32\DRIVERS\avipbb.sys
O41 - Driver: setup_9.0.0.722_04.10.2010_04-33drv (setup_9.0.0.722_04.10.2010_04-33drv) . (.Kaspersky Lab - Klif Mini-Filter [fre_wnet_x86].) - C:\Windows\system32\DRIVERS\5663217.sys
O41 - Driver: ssmdrv (ssmdrv) . (.Avira GmbH - AVIRA SnapShot Driver.) - C:\Windows\system32\DRIVERS\ssmdrv.sys


---\\ Logiciels installés (O42)
O42 - Logiciel: ATI Control Panel - (.Pas de propriétaire.) [HKLM] -- {0BEDBD4E-2D34-47B5-9973-57E62B29307C}
O42 - Logiciel: ATI Display Driver - (.Pas de propriétaire.) [HKLM] -- ATI Display Driver
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader 7.0.9 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A70900000002}
O42 - Logiciel: Adobe Shockwave Player - (.Adobe Systems, Inc..) [HKLM] -- Adobe Shockwave Player
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM] -- Avira AntiVir Desktop
O42 - Logiciel: Barre d'outils MSN - (.Pas de propriétaire.) [HKLM] -- MSN Toolbar
O42 - Logiciel: CC_ccProxyExt - (.Symantec.) [HKLM] -- {DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}
O42 - Logiciel: CCleaner (remove only) - (.Pas de propriétaire.) [HKLM] -- CCleaner
O42 - Logiciel: DivX Content Uploader - (.DivX, Inc..) [HKLM] -- {D050D7362D214723AD585B541FFB6C11}
O42 - Logiciel: DivX Web Player - (.DivX,Inc..) [HKLM] -- {B7050CBDB2504B34BC2A9CA0A692CC29}
O42 - Logiciel: EVEREST Home Edition v2.20 - (.Lavalys Inc.) [HKLM] -- EVEREST Home Edition_is1
O42 - Logiciel: Gadwin PrintScreen - (.Gadwin Systems, Inc..) [HKLM] -- Gadwin PrintScreen
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Pas de propriétaire.) [HKLM] -- {2318C2B1-4965-11d4-9B18-009027A5CD4F}
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5
O42 - Logiciel: Hotfix for Windows XP (KB976002-v5) - (.Microsoft Corporation.) [HKLM] -- KB976002-v5
O42 - Logiciel: InterVideo WinDVD Player - (.InterVideo Inc..) [HKLM] -- {91810AFC-A4F8-4EBA-A5AA-B198BBC81144}
O42 - Logiciel: J2SE Runtime Environment 5.0 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0150000}
O42 - Logiciel: Jardinains! - (.Pas de propriétaire.) [HKLM] -- Jardinains!
O42 - Logiciel: Jarkanoid 3 - (.ElitzaSoftware.) [HKLM] -- Jarkanoid 3_is1
O42 - Logiciel: Java(TM) 6 Update 17 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216011FF}
O42 - Logiciel: K-Lite Codec Pack 3.1.5 Full - (.KLTeam.) [HKLM] -- KLiteCodecPack_is1
O42 - Logiciel: Lecteur Windows Media 11 - (.Pas de propriétaire.) [HKLM] -- Windows Media Player
O42 - Logiciel: LimeWire 5.2.13 - (.Lime Wire, LLC.) [HKLM] -- LimeWire
O42 - Logiciel: MSN Messenger 7.5 - (.Microsoft Corporation.) [HKLM] -- {BAFD3C1E-03EC-11DA-BFBD-00065BBDC0B5}
O42 - Logiciel: MSRedist - (.Symantec Corporation.) [HKLM] -- {B7C61755-DB48-4003-948F-3D34DB8EAF69}
O42 - Logiciel: MSXML 4.0 SP2 (KB927978) - (.Microsoft Corporation.) [HKLM] -- {37477865-A3F1-4772-AD43-AAFC6BCFF99F}
O42 - Logiciel: MSXML 4.0 SP2 (KB936181) - (.Microsoft Corporation.) [HKLM] -- {C04E32E0-0416-434D-AFB9-6969D703A9EF}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Microsoft.) [HKLM] -- {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Pas de propriétaire.) [HKLM] -- Microsoft .NET Framework 1.1 (1033)
O42 - Logiciel: Microsoft .NET Framework 1.1 French Language Pack - (.Microsoft.) [HKLM] -- {9A394342-4A68-4EBA-85A6-55B559F4E700}
O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB2416447) - (.Pas de propriétaire.) [HKLM] -- M2416447
O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB979906) - (.Pas de propriétaire.) [HKLM] -- M979906
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}
O42 - Logiciel: Microsoft Works - (.Microsoft Corporation.) [HKLM] -- {A059DE09-1B49-4450-B340-7AE097EC3F04}
O42 - Logiciel: MorphVOX Junior - (.Screaming Bee.) [HKLM] -- {F1191B7E-84BF-4325-9FFD-80BD8996ED4B}
O42 - Logiciel: Mozilla Firefox (3.6.10) - (.Mozilla.) [HKLM] -- Mozilla Firefox (3.6.10)
O42 - Logiciel: PS2 - (.Pas de propriétaire.) [HKLM] -- PS2
O42 - Logiciel: PokerStars.fr - (.PokerStars.fr.) [HKLM] -- PokerStars.fr
O42 - Logiciel: Project64 1.6 - (.Project64.) [HKLM] -- {9559F7CA-5E34-4237-A2D9-D856464AD727}
O42 - Logiciel: Python 2.2 pywin32 extensions (build 203) - (.Pas de propriétaire.) [HKLM] -- pywin32-py2.2
O42 - Logiciel: Python 2.2.3 - (.PythonLabs at Zope Corporation.) [HKLM] -- Python 2.2.3
O42 - Logiciel: Quick Zip 4.60.013 - (.Joseph Leung.) [HKLM] -- Quick Zip_is1
O42 - Logiciel: QuickTime - (.Pas de propriétaire.) [HKLM] -- QuickTime
O42 - Logiciel: SAGEM F@st 800-840 - (.Pas de propriétaire.) [HKLM] -- {4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}
O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
O42 - Logiciel: VDownloader 0.74 - (.Enrique Puertas.) [HKLM] -- {CA567AD5-33A4-403D-86D1-EE2D38251951}_is1
O42 - Logiciel: VideoCAM Trek - (.Pas de propriétaire.) [HKLM] -- {F3220F3E-3B12-4B65-861D-B8EFCCA44A39}
O42 - Logiciel: VideoLAN VLC media player 0.8.4a - (.VideoLAN Team.) [HKLM] -- VLC media player
O42 - Logiciel: Wanadoo Messager - (.Pas de propriétaire.) [HKLM] -- Wanadoo Messager
O42 - Logiciel: WinRAR archiver - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver
O42 - Logiciel: WinXP Manager - (.Yanicsoft.) [HKLM] -- {0834648A-D7CB-4CE6-A376-FB5E6A5FD135}
O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474) - (.Microsoft Corporation.) [HKLM] -- WgaNotify
O42 - Logiciel: Windows Media Format 11 runtime - (.Pas de propriétaire.) [HKLM] -- Windows Media Format Runtime
O42 - Logiciel: ccCommon - (.Symantec.) [HKLM] -- {DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
O42 - Logiciel: ccPxyCore - (.Symantec.) [HKLM] -- {FC08587A-4F01-4188-819F-F55880022917}
O42 - Logiciel: muvee autoProducer 4.0 - (.muvee Technologies.) [HKLM] -- {2C3D719A-92C7-4323-89CC-C937D0267B84}

---\\ HKCU & HKLM Software Keys
[HKCU\Software\AC3filter]
[HKCU\Software\ALWIL Software]
[HKCU\Software\ASProtect]
[HKCU\Software\Ad-Remover]
[HKCU\Software\Adobe]
[HKCU\Software\America Online]
[HKCU\Software\Avira]
[HKCU\Software\BeauSoft]
[HKCU\Software\Bugsplat]
[HKCU\Software\CD-MP3-Ripper]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Cool MP3 Converter]
[HKCU\Software\CoreVorbis]
[HKCU\Software\Create-Ringtone]
[HKCU\Software\CyberLink]
[HKCU\Software\DivXNetworks]
[HKCU\Software\FRANCE TELECOM]
[HKCU\Software\GNU]
[HKCU\Software\GSpot Appliance Corp]
[HKCU\Software\Gabest]
[HKCU\Software\Gadwin Systems]
[HKCU\Software\Game Maker]
[HKCU\Software\Google]
[HKCU\Software\Grisoft]
[HKCU\Software\HP]
[HKCU\Software\Haali]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\IADirectShow]
[HKCU\Software\IM Providers]
[HKCU\Software\Intel]
[HKCU\Software\InterVideo]
[HKCU\Software\JEDI-VCL]
[HKCU\Software\JIII]
[HKCU\Software\JaboSoft]
[HKCU\Software\JavaSoft]
[HKCU\Software\Lake]
[HKCU\Software\Lavalys]
[HKCU\Software\Lavasoft]
[HKCU\Software\Licenses]
[HKCU\Software\Ligos]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\Macromedia]
[HKCU\Software\MagicBall]
[HKCU\Software\Magnet]
[HKCU\Software\MainConcept]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\N64 Emulation]
[HKCU\Software\Netscape]
[HKCU\Software\PepiMK Software]
[HKCU\Software\Policies]
[HKCU\Software\RamBoost XP]
[HKCU\Software\SampleView]
[HKCU\Software\Screaming Bee]
[HKCU\Software\Softthinks]
[HKCU\Software\Softwin]
[HKCU\Software\Sony Corporation]
[HKCU\Software\Symantec]
[HKCU\Software\Sysinternals]
[HKCU\Software\Unlimited Possibilities]
[HKCU\Software\Usbfix]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\Veoh]
[HKCU\Software\Wget]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\Yanicsoft]
[HKCU\Software\YourWare Solutions]
[HKLM\Software\ACE Compression Software]
[HKLM\Software\ALWIL Software]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Adobe]
[HKLM\Software\America Online]
[HKLM\Software\Analog Devices]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple]
[HKLM\Software\Avance]
[HKLM\Software\Avira]
[HKLM\Software\Boonty]
[HKLM\Software\BrowserChoice]
[HKLM\Software\C07ft5Y]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Codec tweak Tool]
[HKLM\Software\Cyberlink]
[HKLM\Software\Debug]
[HKLM\Software\Dekovir]
[HKLM\Software\Digital Still Camera Drivers]
[HKLM\Software\DivXNetworks]
[HKLM\Software\FRANCE TELECOM]
[HKLM\Software\GNU]
[HKLM\Software\Gabest]
[HKLM\Software\Gemplus]
[HKLM\Software\Google]
[HKLM\Software\Grisoft]
[HKLM\Software\HPQ]
[HKLM\Software\HP]
[HKLM\Software\HaaliMkx]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\InstallShield]
[HKLM\Software\Intel]
[HKLM\Software\InterVideo]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\KLCodecPack]
[HKLM\Software\KYE]
[HKLM\Software\Lake]
[HKLM\Software\Licenses]
[HKLM\Software\Macromedia]
[HKLM\Software\Magnet]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\ODBC]
[HKLM\Software\PC-Doctor]
[HKLM\Software\PCTools]
[HKLM\Software\PepiMK Software]
[HKLM\Software\Policies]
[HKLM\Software\Program Groups]
[HKLM\Software\Python]
[HKLM\Software\Realtek]
[HKLM\Software\Reflexive Entertainment]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\S3R521]
[HKLM\Software\Safer Networking Limited]
[HKLM\Software\Schlumberger]
[HKLM\Software\Screaming Bee]
[HKLM\Software\Secure]
[HKLM\Software\Softwin]
[HKLM\Software\Sonic]
[HKLM\Software\Swearware]
[HKLM\Software\Symantec]
[HKLM\Software\TrendMicro]
[HKLM\Software\VideoLAN]
[HKLM\Software\Wilson WindowWare]
[HKLM\Software\Windows 3.1 Migration Status]
[HKLM\Software\Wise Solutions]
[HKLM\Software\X-AVCSD]
[HKLM\Software\genvcam]
[HKLM\Software\mozilla.org]
[HKLM\Software\muvee Technologies]
[HKLM\Software\sagem]


---\\ Contenu des dossiers ProgramFiles/ProgramData (O43)
O43 - CFD:Common File Directory ----D- C:\Program Files\Ad-Remover
O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\ATI Technologies
O43 - CFD:Common File Directory ----D- C:\Program Files\ATnotes
O43 - CFD:Common File Directory ----D- C:\Program Files\Avira
O43 - CFD:Common File Directory ----D- C:\Program Files\Beausoft
O43 - CFD:Common File Directory ----D- C:\Program Files\CCleaner
O43 - CFD:Common File Directory ----D- C:\Program Files\Dekovir.com
O43 - CFD:Common File Directory ----D- C:\Program Files\diretx9
O43 - CFD:Common File Directory ----D- C:\Program Files\DivX
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers communs
O43 - CFD:Common File Directory ----D- C:\Program Files\Gadwin Systems
O43 - CFD:Common File Directory ----D- C:\Program Files\Google
O43 - CFD:Common File Directory ----D- C:\Program Files\HP
O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer
O43 - CFD:Common File Directory ----D- C:\Program Files\InterVideo
O43 - CFD:Common File Directory ----D- C:\Program Files\Jardinains!
O43 - CFD:Common File Directory ----D- C:\Program Files\Jarkanoid 3
O43 - CFD:Common File Directory ----D- C:\Program Files\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\K-Lite Codec Pack
O43 - CFD:Common File Directory ----D- C:\Program Files\Lavalys
O43 - CFD:Common File Directory ----D- C:\Program Files\Lavasoft
O43 - CFD:Common File Directory ----D- C:\Program Files\LimeWire
O43 - CFD:Common File Directory ----D- C:\Program Files\List_Kill'em
O43 - CFD:Common File Directory ----D- C:\Program Files\LucasArts
O43 - CFD:Common File Directory ----D- C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger
O43 - CFD:Common File Directory ----D- C:\Program Files\microsoft frontpage
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Works
O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker
O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Firefox
O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild
O43 - CFD:Common File Directory ----D- C:\Program Files\MSN
O43 - CFD:Common File Directory ----D- C:\Program Files\MSN Apps
O43 - CFD:Common File Directory ----D- C:\Program Files\MSN Gaming Zone
O43 - CFD:Common File Directory ----D- C:\Program Files\MSN Messenger
O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 4.0
O43 - CFD:Common File Directory ----D- C:\Program Files\muvee Technologies
O43 - CFD:Common File Directory ----D- C:\Program Files\NetMeeting
O43 - CFD:Common File Directory ----D- C:\Program Files\Online Services
O43 - CFD:Common File Directory ----D- C:\Program Files\Outlook Express
O43 - CFD:Common File Directory ----D- C:\Program Files\PokerStars
O43 - CFD:Common File Directory ----D- C:\Program Files\PokerStars.FR
O43 - CFD:Common File Directory ----D- C:\Program Files\PokerStars.NET
O43 - CFD:Common File Directory ----D- C:\Program Files\Project64 1.6
O43 - CFD:Common File Directory ----D- C:\Program Files\QuickTime
O43 - CFD:Common File Directory ----D- C:\Program Files\QuickZip4
O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies
O43 - CFD:Common File Directory ----D- C:\Program Files\SAGEM
O43 - CFD:Common File Directory ----D- C:\Program Files\Screaming Bee
O43 - CFD:Common File Directory ----D- C:\Program Files\Services en ligne
O43 - CFD:Common File Directory ----D- C:\Program Files\Spybot - Search & Destroy
O43 - CFD:Common File Directory ----D- C:\Program Files\Trend Micro
O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information
O43 - CFD:Common File Directory ----D- C:\Program Files\VDOWNLOADER
O43 - CFD:Common File Directory ----D- C:\Program Files\VideoCAM Trek
O43 - CFD:Common File Directory ----D- C:\Program Files\VideoLAN
O43 - CFD:Common File Directory ----D- C:\Program Files\Wanadoo
O43 - CFD:Common File Directory ----D- C:\Program Files\Wanadoo Messager
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Connect 2
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT
O43 - CFD:Common File Directory ----D- C:\Program Files\WinRAR
O43 - CFD:Common File Directory ----D- C:\Program Files\xerox
O43 - CFD:Common File Directory ----D- C:\Program Files\Yamicsoft
O43 - CFD:Common File Directory ----D- C:\Program Files\Yanicsoft
O43 - CFD:Common File Directory ----D- C:\Program Files\ZHPDiag
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Hewlett-Packard
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\InstallShield
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Microsoft Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\MSSoap
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\muvee Technologies
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Nullsoft
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Real
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Services
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Softwin
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\SpeechEngines
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\System
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\VCAMTrek


---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.00000000000000000000000000000000] - 08/10/2010 - 18:08:52 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\WindowsUpdate.log [113888]
O44 - LFC:[MD5.E67B6BB057127DE6CDF4F5630292416B] - 08/10/2010 - 17:53:31 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\wpa.dbl [1158]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 08/10/2010 - 17:52:45 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\0.log [0]
O44 - LFC:[MD5.00000000000000000000000000000000] - 08/10/2010 - 17:51:53 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.00000000000000000000000000000000] - 08/10/2010 - 17:51:52 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 08/10/2010 - 17:51:44 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\bootstat.dat [2048]
O44 - LFC:[MD5.00000000000000000000000000000000] - 08/10/2010 - 04:40:10 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\SchedLgU.Txt [5718]
O44 - LFC:[MD5.183EA3D0E461555D63A2A53FD7C32FB2] - 08/10/2010 - 04:11:33 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\avenger.txt [2750]
O44 - LFC:[MD5.852BC81859781F47522453438ECD0412] - 08/10/2010 - 04:09:53 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\backup.tmp [34668623]
O44 - LFC:[MD5.D01FEA1088DC277F94DD6F63904314DC] - 08/10/2010 - 04:09:38 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\avexport.bat [526]
O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 08/10/2010 - 03:10:51 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system.ini [227]
O44 - LFC:[MD5.AE72E8619CB31D84DA25E2435E55003C] - 08/10/2010 - 02:14:18 ---A- . (.NirSoft - NirCmd.) -- C:\WINDOWS\NIRCMD.exe [31232]
O44 - LFC:[MD5.C5EC72A20B4C98DB5314E6C46765B148] - 08/10/2010 - 02:14:18 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\MBR.exe [77312]
O44 - LFC:[MD5.F1FBA6185A6A2BC6456970914875078E] - 08/10/2010 - 02:14:18 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\PEV.exe [256512]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 08/10/2010 - 02:14:18 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\grep.exe [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 08/10/2010 - 02:14:18 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\sed.exe [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 08/10/2010 - 02:14:18 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\zip.exe [68096]
O44 - LFC:[MD5.01D95A1F8CF13D07CC564AABB36BCC0B] - 08/10/2010 - 02:14:18 ---A- . (.SteelWerX - Freeware implementation of REG.EXE.) -- C:\WINDOWS\SWREG.exe [161792]
O44 - LFC:[MD5.B7517DB073B28F5696A1E5528ABEB5D0] - 08/10/2010 - 02:14:18 ---A- . (.SteelWerX - Freeware implementation of SC.EXE.) -- C:\WINDOWS\SWSC.exe [136704]
O44 - LFC:[MD5.B1A9CF0B6F80611D31987C247EC630B4] - 08/10/2010 - 02:14:18 ---A- . (.SteelWerX - Freeware implementation of XCACLS.) -- C:\WINDOWS\SWXCACLS.exe [212480]
O44 - LFC:[MD5.2D5BF8A6C65DCB3C36A4EC7DCD06DEB9] - 07/10/2010 - 21:11:27 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\setupapi.log [4105]
O44 - LFC:[MD5.BC99F886069916138A8EA795B3DB3FDC] - 07/10/2010 - 17:41:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\UsbFix.txt [5651]
O44 - LFC:[MD5.BA3FEA758C9A83898F80D1DEB6F6D0FB] - 07/10/2010 - 17:41:37 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\UsbFix_Upload_Me_YOANN.zip [4325]
O44 - LFC:[MD5.EF85F60035C60BEC86C576BE9CBABFD1] - 07/10/2010 - 16:10:30 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Ad-Report-CLEAN[2].txt [2387]
O44 - LFC:[MD5.6B9BA2E630D877E934534407F3D248DB] - 07/10/2010 - 15:53:13 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Ad-Report-CLEAN[1].txt [3440]
O44 - LFC:[MD5.C7DD7D9739785BD3A6B8499EEC1DEE7E] - 06/10/2010 - 14:41:33 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [38224]
O44 - LFC:[MD5.67B48A903430C6D4FB58CBACA1866601] - 06/10/2010 - 14:41:29 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbam.sys [20952]
O44 - LFC:[MD5.A305FAD3719C5DB0C13D1C2BFD08A04D] - 06/10/2010 - 13:39:17 ---A- . (.Kaspersky Lab - Kaspersky Lab Boot Guard Driver.) -- C:\WINDOWS\System32\drivers\56632172.sys [37392]
O44 - LFC:[MD5.7DD41B7AC1FBB1DBF20BB1F4E4FBE58C] - 06/10/2010 - 13:39:17 ---A- . (.Kaspersky Lab - Kaspersky Unified Driver.) -- C:\WINDOWS\System32\drivers\56632171.sys [128016]
O44 - LFC:[MD5.66EF49622BAA18E4D4F1FE4BAE1D51B8] - 06/10/2010 - 13:39:17 ---A- . (.Kaspersky Lab - Klif Mini-Filter [fre_wnet_x86].) -- C:\WINDOWS\System32\drivers\5663217.sys [315408]
O44 - LFC:[MD5.00000000000000000000000000000000] - 04/10/2010 - 20:32:11 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\Sti_Trace.log [0]
O44 - LFC:[MD5.CD50144B6A25A6046A5826B1FC10DA40] - 03/10/2010 - 23:42:50 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\PerfStringBackup.INI [1149114]
O44 - LFC:[MD5.DFA8D4816F8EB19DCE1C918FFE40EA20] - 03/10/2010 - 23:42:50 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfc009.dat [70326]
O44 - LFC:[MD5.F0E223910D5D1582B263A6E2B98D7EB7] - 03/10/2010 - 23:42:50 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfc00C.dat [94990]
O44 - LFC:[MD5.3449A3DE2496E0E45006D549C544C7B8] - 03/10/2010 - 23:42:50 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfc040.dat [58216]
O44 - LFC:[MD5.6A6B53ED256334411EF58ED6B29C8BE0] - 03/10/2010 - 23:42:50 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfh009.dat [439348]
O44 - LFC:[MD5.710E2448822ADA27DF249F0E8F8DD1B0] - 03/10/2010 - 23:42:50 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfh00C.dat [530202]
O44 - LFC:[MD5.2DC7AEF98B49894DFD13D379B540B254] - 03/10/2010 - 23:42:50 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfh040.dat [433972]
O44 - LFC:[MD5.799FE537779434BF83A3A4843F2299F1] - 29/09/2010 - 22:11:13 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\TZLog.log [850056]


---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll


---\\ Export de clé d'application autorisée (ECAA) (O47)
O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export SP - "C:\Program Files\LimeWire\LimeWire.exe" [Enabled] .(.Lime Wire, LLC - LimeWire.) -- C:\Program Files\LimeWire\LimeWire.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Mozilla Firefox\firefox.exe" [Enabled] .(.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Messenger\msmsgs.exe" [Disabled] .(.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O47 - AAKE:Key Export SP - "C:\Program Files\MSN Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - MSN Messenger.) -- C:\Program Files\MSN Messenger\msnmsgr.exe
O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O47 - AAKE:Key Export SP - "C:\Program Files\VideoLAN\VLC\vlc.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) -- C:\Program Files\VideoLAN\VLC\vlc.exe
O47 - AAKE:Key Export SP - "%windir%\system32\lsass.exe" [Enabled] .(.Microsoft Corporation - LSA Shell (Export Version).) -- C:\WINDOWS\system32\lsass.exe
O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export DP - "%ProgramFiles%\iTunes\iTunes.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\iTunes\iTunes.exe
O47 - AAKE:Key Export DP - "C:\Program Files\AOL 9.0\waol.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\AOL 9.0\waol.exe
O47 - AAKE:Key Export DP - "C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
O47 - AAKE:Key Export DP - "C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O47 - AAKE:Key Export DP - "C:\Program Files\AOL 9.0a\waol.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\AOL 9.0a\waol.exe
O47 - AAKE:Key Export DP - "C:\Program Files\MSN Messenger\livecall.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Program Files\MSN Messenger\livecall.exe
O47 - AAKE:Key Export DP - "C:\Program Files\MSN Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - MSN Messenger.) (.not file.) -- C:\Program Files\MSN Messenger\msnmsgr.exe
O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) (.not file.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


---\\ Déni du service (Local Security Authority) (LSA) (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l'Éditeur de configuration de sécurité Windows.) -- C:\WINDOWS\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\System32\msv1_0.dll


---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d


---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm
O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Ligos Corporation - Indeo® Audio Software.) -- C:\WINDOWS\system32\iac25_32.ax
O52 - TDSD: \Drivers32\"VIDC.DIVX"="divx.dll" . (.DivX, Inc. - DivX.) -- C:\WINDOWS\System32\divx.dll
O52 - TDSD: \Drivers32\"VIDC.XVID"="xvidvfw.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\xvidvfw.dll
O52 - TDSD: \Drivers32\"vidc.yv12"="yv12vfw.dll" . (.www.helixcommunity.org - Helix YV12 YUV Codec.) -- C:\WINDOWS\System32\yv12vfw.dll
O52 - TDSD: \Drivers32\"msacm.ac3acm"="ac3acm.acm" . (.fccHandler - AC-3 ACM Codec.) -- C:\WINDOWS\System32\ac3acm.acm
O52 - TDSD: \Drivers32\"VIDC.FFDS"="ff_vfw.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ff_vfw.dll
O52 - TDSD: \Drivers32\"msacm.l3codecp"="" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm
O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® Audio Software" . (.Ligos Corporation - Indeo® Audio Software.) -- C:\WINDOWS\system32\iac25_32.ax
O52 - TDSD: \drivers.desc\"divx.dll"="DivX Pro 6.6.1.4" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O52 - TDSD: \drivers.desc\"xvidvfw.dll"="Xvid MPEG-4 Video Codec v1.1.2" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O52 - TDSD: \drivers.desc\"ac3acm.acm"="AC3 ACM Decompressor" . (.fccHandler - AC-3 ACM Codec.) -- C:\WINDOWS\System32\ac3acm.acm
O52 - TDSD: \drivers.desc\"ff_vfw.dll"="ffdshow video encoder" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ff_vfw.dll
O52 - TDSD: \drivers.desc\"l3codecp.acm"="" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Audio Layer-3 Codec for MSACM.) -- C:\WINDOWS\System32\l3codecp.acm


---\\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll


---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "DisableRegistryTools"=0
O55 - MWPS:[HKCU\...\Policies\System] - "DisableRegistryTools"=0


---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=323
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=67108863
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDrives"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=67108863
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=323
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDrives"=0


---\\ Liste des Drivers Système (SDL) (O58)
O58 - SDL:[MD5.66EF49622BAA18E4D4F1FE4BAE1D51B8] - 09/10/2009 - 22:31:10 ---A- . (.Kaspersky Lab - Klif Mini-Filter [fre_wnet_x86].) -- C:\WINDOWS\system32\drivers\5663217.sys
O58 - SDL:[MD5.7DD41B7AC1FBB1DBF20BB1F4E4FBE58C] - 25/09/2009 - 16:59:42 ---A- . (.Kaspersky Lab - Kaspersky Unified Driver.) -- C:\WINDOWS\system32\drivers\56632171.sys
O58 - SDL:[MD5.A305FAD3719C5DB0C13D1C2BFD08A04D] - 22/10/2009 - 12:54:18 ---A- . (.Kaspersky Lab - Kaspersky Lab Boot Guard Driver.) -- C:\WINDOWS\system32\drivers\56632172.sys
O58 - SDL:[MD5.2B3B8C0A2C979DD77BA6DC9376074854] - 02/03/2004 - 09:26:58 ---A- . (.Analog Deivces - USB Firmware loader.) -- C:\WINDOWS\system32\drivers\adildr.sys
O58 - SDL:[MD5.D478C566318803A7063B120F026DC0B7] - 02/03/2004 - 09:24:16 ---A- . (.Analog Devices Inc. - ADSL USB Driver.) -- C:\WINDOWS\system32\drivers\adiusbaw.sys
O58 - SDL:[MD5.781C5EC517C53F5214B61253B20C13C4] - 20/04/2005 - 19:00:56 ---A- . (.Realtek Semiconductor Corp. - Realtek AC'97 Audio Driver (WDM).) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS
O58 - SDL:[MD5.62271FF14BAA810323AC816C5D355BA9] - 09/03/2005 - 22:53:00 ---A- . (.Advanced Micro Devices - AMD Processor Driver.) -- C:\WINDOWS\system32\drivers\AmdK8.sys
O58 - SDL:[MD5.B33A281DCDF455B069816790275050A7] - 08/06/2005 - 06:44:36 ---A- . (.ATI Technologies Inc. - ATI Radeon WindowsNT Miniport Driver.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys
O58 - SDL:[MD5.5B44C214F9CD9F590BE9125347610380] - 13/02/2009 - 11:17:49 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver.) -- C:\WINDOWS\system32\drivers\avgntdd.sys
O58 - SDL:[MD5.14FE36D8F2C6A2435275338D061A0B66] - 25/12/2009 - 03:44:19 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\WINDOWS\system32\drivers\avgntflt.sys
O58 - SDL:[MD5.5ACEA1331BD4D9DAD232A23CFD7616BF] - 13/02/2009 - 11:29:11 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver Manager.) -- C:\WINDOWS\system32\drivers\avgntmgr.sys
O58 - SDL:[MD5.452E382340BB0C5E694ED9D3625356D0] - 30/03/2009 - 09:33:07 ---A- . (.Avira GmbH - Avira Driver for RootKit Detection.) -- C:\WINDOWS\system32\drivers\avipbb.sys
O58 - SDL:[MD5.08F60F40D1A2A95A1F12EDDBD9F25C1C] - 16/01/2007 - 08:12:22 ---A- . (.Macrovision Europe Ltd - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 05/08/2004 - 19:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\drivers\cinemst2.sys
O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 05/08/2004 - 19:00:00 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys
O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 13/04/2008 - 17:36:05 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\drivers\hdaudbus.sys
O58 - SDL:[MD5.2A013E7530BEAB6E569FAA83F517E836] - 08/01/2005 - 00:07:16 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Function Driver v1.0a.) -- C:\WINDOWS\system32\drivers\Hdaudio.sys
O58 - SDL:[MD5.919DE7D76D2C0C0139E08B3E7592D62E] - 04/08/2004 - 07:46:46 ---A- . (.LT - LT Windows Modem.) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys.bak
O58 - SDL:[MD5.67B48A903430C6D4FB58CBACA1866601] - 29/04/2010 - 14:39:26 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbam.sys
O58 - SDL:[MD5.C7DD7D9739785BD3A6B8499EEC1DEE7E] - 29/04/2010 - 14:39:38 ---A- . (.Malwarebytes
Ajouter un commentaire
Réponse
+0
moins plus
le rapport est bien

fais un scan avec antivir et colle le rapport stp
Ajouter un commentaire
Réponse
+0
moins plus
voici le rapport antivir qui ne me detecte plus le trojan, ( je commencais a avoir des crampes car je n'ai pas decroisé les doigts depuis hier soir ) ;)



Avira AntiVir Personal
Report file date: vendredi 8 octobre 2010 20:16

Scanning for 2914079 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : YOANN

Version information:
BUILD.DAT : 9.0.0.422 21701 Bytes 09/03/2010 10:29:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 13/10/2009 10:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 09:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 06:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 02:44:35
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 09:34:22
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 09:03:52
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 09:04:59
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 15:30:56
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02/06/2010 15:21:30
VBASE007.VDF : 7.10.9.165 4840960 Bytes 23/07/2010 14:42:25
VBASE008.VDF : 7.10.11.133 3454464 Bytes 13/09/2010 14:21:41
VBASE009.VDF : 7.10.11.134 2048 Bytes 13/09/2010 14:21:41
VBASE010.VDF : 7.10.11.135 2048 Bytes 13/09/2010 14:21:41
VBASE011.VDF : 7.10.11.136 2048 Bytes 13/09/2010 14:21:42
VBASE012.VDF : 7.10.11.137 2048 Bytes 13/09/2010 14:21:42
VBASE013.VDF : 7.10.11.165 172032 Bytes 15/09/2010 14:21:43
VBASE014.VDF : 7.10.11.202 144384 Bytes 18/09/2010 10:39:56
VBASE015.VDF : 7.10.11.231 129024 Bytes 21/09/2010 10:39:57
VBASE016.VDF : 7.10.12.4 126464 Bytes 23/09/2010 15:03:42
VBASE017.VDF : 7.10.12.38 146944 Bytes 27/09/2010 15:03:43
VBASE018.VDF : 7.10.12.64 133120 Bytes 29/09/2010 11:43:18
VBASE019.VDF : 7.10.12.99 134144 Bytes 01/10/2010 10:06:21
VBASE020.VDF : 7.10.12.122 131584 Bytes 05/10/2010 14:50:42
VBASE021.VDF : 7.10.12.148 119296 Bytes 07/10/2010 17:13:59
VBASE022.VDF : 7.10.12.149 2048 Bytes 07/10/2010 17:13:59
VBASE023.VDF : 7.10.12.150 2048 Bytes 07/10/2010 17:13:59
VBASE024.VDF : 7.10.12.151 2048 Bytes 07/10/2010 17:14:00
VBASE025.VDF : 7.10.12.152 2048 Bytes 07/10/2010 17:14:00
VBASE026.VDF : 7.10.12.153 2048 Bytes 07/10/2010 17:14:00
VBASE027.VDF : 7.10.12.154 2048 Bytes 07/10/2010 17:14:00
VBASE028.VDF : 7.10.12.155 2048 Bytes 07/10/2010 17:14:00
VBASE029.VDF : 7.10.12.156 2048 Bytes 07/10/2010 17:14:00
VBASE030.VDF : 7.10.12.157 2048 Bytes 07/10/2010 17:14:00
VBASE031.VDF : 7.10.12.166 66048 Bytes 08/10/2010 17:14:01
Engineversion : 8.2.4.72
AEVDF.DLL : 8.1.2.1 106868 Bytes 03/08/2010 14:42:48
AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 21/09/2010 10:40:13
AESCN.DLL : 8.1.6.1 127347 Bytes 17/05/2010 15:49:06
AESBX.DLL : 8.1.3.1 254324 Bytes 23/04/2010 18:24:13
AERDL.DLL : 8.1.9.2 635252 Bytes 22/09/2010 10:40:04
AEPACK.DLL : 8.2.3.7 471413 Bytes 21/09/2010 10:40:09
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 03/08/2010 14:42:42
AEHEUR.DLL : 8.1.2.30 2941303 Bytes 02/10/2010 10:06:35
AEHELP.DLL : 8.1.13.4 242038 Bytes 27/09/2010 15:03:50
AEGEN.DLL : 8.1.3.23 401779 Bytes 02/10/2010 10:06:25
AEEMU.DLL : 8.1.2.0 393588 Bytes 23/04/2010 18:24:09
AECORE.DLL : 8.1.17.0 196982 Bytes 27/09/2010 15:03:49
AEBB.DLL : 8.1.1.0 53618 Bytes 23/04/2010 18:24:09
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 26/08/2009 14:14:02
AVREP.DLL : 8.0.0.7 159784 Bytes 18/02/2010 09:03:48
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 09:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 09:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/05/2009 14:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 13/10/2009 11:25:47

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: vendredi 8 octobre 2010 20:16

Starting search for hidden objects.
'53994' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'dslmon.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'PrintScreen.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'vsnpstd.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
32 processes with 32 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '52' files ).


Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
Begin scan in 'D:\' <HP_RECOVERY>


End of the scan: vendredi 8 octobre 2010 20:55
Used time: 39:08 Minute(s)

The scan has been done completely.

5366 Scanned directories
270094 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
270092 Files not concerned
12861 Archives were scanned
2 Warnings
2 Notes
53994 Objects were scanned with rootkit scan
0 Hidden objects were found
Ajouter un commentaire
Ce document intitulé «  supprimer trojan  » issu de CommentCaMarche (www.commentcamarche.net) est mis à disposition sous les termes de la licence Creative Commons. Vous pouvez copier, modifier des copies de cette page, dans les conditions fixées par la licence, tant que cette note apparaît clairement.

Vous n'êtes pas encore membre ?

inscrivez-vous, c'est gratuit et ça prend moins d'une minute !

Les membres obtiennent plus de réponses que les utilisateurs anonymes.

Le fait d'être membre vous permet d'avoir un suivi détaillé de vos demandes.

Le fait d'être membre vous permet d'avoir des options supplémentaires.