Sujet Précédent Sujet Suivant

Vundo.gen

Fermé
brn446 Messages postés 64 Date d'inscription mercredi 8 octobre 2008 Statut Membre Dernière intervention 13 juillet 2012 - 25 janv. 2009 à 18:20
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 - 25 janv. 2009 à 21:23
Bonjour,

j'ai antivir qui m'annonce un vundo.gen
j'ai téléchargé vundofix qui ne trouve même pas ce qu'antivir m'annonce.
bref, impossible de me débarrasser de ce problème.
merci pour votre aide..

2 réponses

Réponse 1 / 2
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
25 janv. 2009 à 18:22
salut ;

Peux tu poster le rapport d'antivir ainsi que celui ci :

Ouvre ce lien et télécharge ZHPDiag :

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html


Une fois le téléchargement achevé, dézippe le fichier obtenu et place ZHPDiag.exe sur ton Bureau.

Double-clique sur l'icône pour lancer le programme.

Clique sur Tous pour cocher toutes les cases des options.

Clique sur la loupe pour lancer l'analyse.

A la fin de l'analyse, clique sur l'appareil photo et enregistre le rapport sur ton Bureau.

Ouvre le fichier sauvegardé (ZHPDiag.txt)avec le Bloc-Notes et copie son contenu dans ta réponse.

Postes le en deux fois s'il le faut (le log est assez long).


0
brn446 Messages postés 64 Date d'inscription mercredi 8 octobre 2008 Statut Membre Dernière intervention 13 juillet 2012
25 janv. 2009 à 18:27
voivi le rapport d'antivir
et je lance de suite le zhpdiag



Avira AntiVir Personal
Report file date: dimanche 25 janvier 2009 17:53

Scanning for 1274398 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: Administrateur
Computer name: PHIL-QYLC3E4HAV

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 26/11/2008 07:07:40
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 21:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 13/06/2008 02:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 21:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 07:54:30
ANTIVIR1.VDF : 7.1.1.113 2817536 Bytes 14/01/2009 09:29:56
ANTIVIR2.VDF : 7.1.1.172 958464 Bytes 23/01/2009 09:26:53
ANTIVIR3.VDF : 7.1.1.175 29696 Bytes 24/01/2009 09:26:29
Engineversion : 8.2.0.60
AEVDF.DLL : 8.1.0.6 102772 Bytes 16/10/2008 08:36:24
AESCRIPT.DLL : 8.1.1.32 340347 Bytes 23/01/2009 09:27:02
AESCN.DLL : 8.1.1.5 123251 Bytes 08/11/2008 09:08:10
AERDL.DLL : 8.1.1.3 438645 Bytes 07/11/2008 09:08:43
AEPACK.DLL : 8.1.3.5 393588 Bytes 10/01/2009 09:26:10
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 12/12/2008 08:57:16
AEHEUR.DLL : 8.1.0.86 1552759 Bytes 23/01/2009 09:27:00
AEHELP.DLL : 8.1.2.0 119159 Bytes 18/11/2008 20:07:30
AEGEN.DLL : 8.1.1.10 323957 Bytes 17/01/2009 09:26:19
AEEMU.DLL : 8.1.0.9 393588 Bytes 16/10/2008 08:36:17
AECORE.DLL : 8.1.5.2 172405 Bytes 29/11/2008 07:07:15
AEBB.DLL : 8.1.0.3 53618 Bytes 16/10/2008 08:36:15
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 22:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 23:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 12/10/2008 08:36:23
AVREG.DLL : 8.0.0.1 33537 Bytes 10/05/2008 01:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 22:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 13/06/2008 02:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/01/2008 07:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 13/06/2008 02:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 26/01/2008 02:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 13/06/2008 03:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 28/06/2008 03:34:37

Configuration settings for the scan:
Jobname..........................: Windows System Directory
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysdir.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 25 janvier 2009 17:53

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'WlanCU.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'CPMonitor.exe' - '1' Module(s) have been scanned
Scan process 'stsystra.exe' - '1' Module(s) have been scanned
Scan process 'sttray.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
34 processes with 34 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD5
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '64' files ).


Starting the file scan:

Begin scan in 'C:\WINDOWS\system32'
C:\WINDOWS\system32\aaynkygw.VIR
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49f59977.qua'!
C:\WINDOWS\system32\khfddBQK.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] An ARK instance is already running.
[NOTE] The file is scheduled for deleting after reboot.
C:\WINDOWS\system32\mrbxdhft.VIR
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file is scheduled for deleting after reboot.
C:\WINDOWS\system32\vbzqvo.VIR
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file is scheduled for deleting after reboot.
C:\WINDOWS\system32\xkrlrmkt.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file is scheduled for deleting after reboot.
C:\WINDOWS\system32\config\45255910.Evt
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Tofsee.J.1 back-door program
[NOTE] The file is scheduled for deleting after reboot.
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!


End of the scan: dimanche 25 janvier 2009 18:01
Used time: 08:08 Minute(s)

The scan has been done completely.

187 Scanning directories
5566 Files were scanned
6 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
5559 Files not concerned
12 Archives were scanned
6 Warnings
6 Notes
0
brn446 Messages postés 64 Date d'inscription mercredi 8 octobre 2008 Statut Membre Dernière intervention 13 juillet 2012
25 janv. 2009 à 18:34
première partie du rapport zhpdiag
Rapport de ZHPDiag v1.16 par Nicolas Coolman
Enregistré le 25/01/2009 18:31:36
Platform : Microsoft Windows XP (5.1.2600) Service Pack 3
MSIE: Internet Explorer v7.0.5730.13
MFIE: Mozilla Firefox (3.0.5)

---\\ Processus lancés
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
sttray.exe
stsystra.exe
C:\Program Files\Fichiers communs\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe
C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe
nwiz.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\winlogon.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\WINDOWS\system32\msupdte.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlogin.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\services.exe
rundll32.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe
C:\Program Files\Fichiers communs\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe
C:\Program Files\Fichiers communs\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wdfmgr.exe

---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html

---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm

---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: (no name) - {27874253-5A62-4048-8ABD-267F02152A41} - C:\WINDOWS\system32\vtUlKAPh.dll
O2 - BHO: {341b2a67-337d-0dc8-a764-78eee39643c2} - {2c34693e-ee87-467a-8cd0-d73376a2b143} - C:\WINDOWS\system32\vbzqvo.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {8E747740-6702-43D6-BFB7-1F3CD6ABDA5F} - C:\WINDOWS\system32\khfddBQK.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {99972D1B-964E-49EC-92F4-1EB39F4810A5} - C:\WINDOWS\system32\nnnoOHYp.dll
O2 - BHO: (no name) - {E76AD3AE-B22E-447D-8F6C-6BF13079E5FB} - C:\WINDOWS\system32\ssqRIbaX.dll
O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll

---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll

---\\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [IDTSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: []
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe"
O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [winlogon] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe
O4 - HKLM\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlogin.exe
O4 - HKLM\..\Run: [NvSvc] C:\WINDOWS\system32\nvsvc32.exe
O4 - HKLM\..\Run: [90ae69d8] rundll32.exe "C:\WINDOWS\system32\aaynkygw.dll",b
O4 - HKLM\..\RunServices: [Applications Driver] spc0.1.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlogin.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\csrssc.exe
O4 - Global Startup: Wireless Configuration Utility.lnk - C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll,103
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFBARH.ICO
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe,302

---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/stg_drm.ocx
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} () - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

---\\ Protocole additionnel et piratage de protocole (O18)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

---\\ Valeur de registre AppInit_DLLs et sous-clés Winlogon Notify (O20)
O20 - Winlogon Notify: WlDimsStartup - C:\WINDOWS\System32\%SystemRoot%\System32\dimsntfy.dll
O20 - Winlogon Notify: S - C:\WINDOWS\System32\msxmlr32.dll
O20 - Winlogon Notify: C:\WINDOWS\System32\nnnoOHYp.dll

O20 - AppInit_DLLs:vbzqvo.dll

---\\ Services NT non Microsoft et non désactivés (O23)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: XML Resources for Win32 (msxmlr32) - rundll32.exe C:\WINDOWS\system32\msxmlr32.dll,owan
O23 - Service: Roxio Upnp Server 11 (Roxio Upnp Server 11) - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe
O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - C:\Program Files\Fichiers communs\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe
O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - C:\Program Files\Fichiers communs\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe
O23 - Service: Spouleur d'impression (Spooler) - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - C:\WINDOWS\system32\wdfmgr.exe

---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: IE7 Uninstall Stub - <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
O40 - ASIC: Lecteur Windows Media - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE
O40 - ASIC: Browser Customizations - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Personnalisation du navigateur - {60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Outlook Express - {881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file)
O40 - ASIC: Rendu VML (Vector Graphics Rendering) - {10072CEC-8CC1-11D1-986E-00A0C955B42F} - (not file)
O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: Lecteur Windows Media Microsoft 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: DirectAnimation - {283807B5-2C60-11D0-A31D-00AA00B92C03} - (not file)
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll
O40 - ASIC: Liaison de données Dynamic HTML pour Java - {36f8ec70-c29a-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Uniscribe - {3bf42070-b3b1-11d1-b5c5-0000f8051515} - (not file)
O40 - ASIC: .NET Framework - {3F7924B9-D148-3141-87B1-68F36043A940} - (not file)
O40 - ASIC: Création avancée - {4278c270-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
O40 - ASIC: DirectShow - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Classes Java DirectAnimation - {4f216970-c90c-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.6 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
O40 - ASIC: (no name) - {5A8D6EE0-3E18-11D0-821E-444553540000} - (not file)
O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Systray component - {66186F05-BBBB-4a39-864F-72D84615C679} - rundll32 sockins32.dll,InitModule
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: .NET Framework - {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - (not file)
O40 - ASIC: Web Folders - {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - (not file)
O40 - ASIC: Carnet d'adresses 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
O40 - ASIC: Mise à jour du Bureau Windows - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: .NET Framework - {B508B3F1-A24A-32C0-B310-85786919EF28} - (not file)
O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: Planificateur de tâches - {CC2A9BA0-3BDD-11D0-821E-444553540000} - (not file)
O40 - ASIC: (no name) - {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - (not file)
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx
O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)

---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: Suppresseur d'écho acoustique (Noyau Microsoft) (aec) - C:\WINDOWS\system32\drivers\aec.sys
O41 - Driver: AEGIS Protocol (IEEE 802.1x) v3.4.5.0 (AegisP) - C:\WINDOWS\system32\DRIVERS\AegisP.sys
O41 - Driver: Pilote de média asynchrone RAS (AsyncMac) - C:\WINDOWS\system32\DRIVERS\asyncmac.sys
O41 - Driver: atksgt (atksgt) - C:\WINDOWS\system32\DRIVERS\atksgt.sys
O41 - Driver: Protocole client ATM ARP (Atmarpc) - C:\WINDOWS\system32\DRIVERS\atmarpc.sys
O41 - Driver: Pilote audio Stub (audstub) - C:\WINDOWS\system32\DRIVERS\audstub.sys
O41 - Driver: avgio (avgio) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
O41 - Driver: avgntflt (avgntflt) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
O41 - Driver: avipbb (avipbb) - C:\WINDOWS\system32\DRIVERS\avipbb.sys
O41 - Driver: Broadcom 440x 10/100 Integrated Controller XP Driver (bcm4sbxp) - C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
O41 - Driver: (no object) (dmboot) - C:\WINDOWS\System32\drivers\dmboot.sys
O41 - Driver: Pilote de Gestionnaire de disque logique (dmio) - C:\WINDOWS\System32\drivers\dmio.sys
O41 - Driver: (no object) (dmload) - C:\WINDOWS\System32\drivers\dmload.sys
O41 - Driver: Synthétiseur DLS du noyau Microsoft (DMusic) - C:\WINDOWS\system32\drivers\DMusic.sys
O41 - Driver: Filtre de décodeur DRM (Noyau Microsoft) (drmkaud) - C:\WINDOWS\system32\drivers\drmkaud.sys
O41 - Driver: FltMgr (FltMgr) - C:\WINDOWS\system32\drivers\fltmgr.sys
O41 - Driver: Classificateur de paquets générique (Gpc) - C:\WINDOWS\system32\DRIVERS\msgpc.sys
O41 - Driver: Pilote de bus Microsoft UAA pour High Definition Audio (HDAudBus) - C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
O41 - Driver: Pilote de classe HID Microsoft (hidusb) - C:\WINDOWS\system32\DRIVERS\hidusb.sys
O41 - Driver: Pilote du pare-feu Windows IPv6 (Ip6Fw) - C:\WINDOWS\system32\drivers\ip6fw.sys
O41 - Driver: Pilote de filtre de trafic IP (IpFilterDriver) - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
O41 - Driver: Pilote de tunnelage IP dans IP (IpInIp) - C:\WINDOWS\system32\DRIVERS\ipinip.sys
O41 - Driver: Pilote IPSEC (IPSec) - C:\WINDOWS\system32\DRIVERS\ipsec.sys
O41 - Driver: Service énumérateur IR (IRENUM) - C:\WINDOWS\system32\DRIVERS\irenum.sys
O41 - Driver: Pilote HID de clavier (kbdhid) - C:\WINDOWS\system32\DRIVERS\kbdhid.sys
O41 - Driver: Mélangeur audio Wave de noyau Microsoft (kmixer) - C:\WINDOWS\system32\drivers\kmixer.sys
O41 - Driver: lirsgt (lirsgt) - C:\WINDOWS\system32\DRIVERS\lirsgt.sys
O41 - Driver: Pilote HID de souris (mouhid) - C:\WINDOWS\system32\DRIVERS\mouhid.sys
O41 - Driver: Redirecteur client WebDav (MRxDAV) - C:\WINDOWS\system32\DRIVERS\mrxdav.sys
O41 - Driver: MRXSMB (MRxSmb) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
O41 - Driver: Proxy de service de répartition Microsoft (MSKSSRV) - C:\WINDOWS\system32\drivers\MSKSSRV.sys
O41 - Driver: Proxy d'horloge de répartition Microsoft (MSPCLOCK) - C:\WINDOWS\system32\drivers\MSPCLOCK.sys
O41 - Driver: Proxy de gestion de qualité de répartition Microsoft (MSPQM) - C:\WINDOWS\system32\drivers\MSPQM.sys
O41 - Driver: Pilote BIOS de gestion de systèmes Microsoft (mssmbios) - C:\WINDOWS\system32\DRIVERS\mssmbios.sys
O41 - Driver: Pilote TAPI NDIS d'accès distant (NdisTapi) - C:\WINDOWS\system32\DRIVERS\ndistapi.sys
O41 - Driver: NDIS mode utilisateur E/S Protocole (Ndisuio) - C:\WINDOWS\system32\DRIVERS\ndisuio.sys
O41 - Driver: Pilote réseau étendu NDIS d'accès distant (NdisWan) - C:\WINDOWS\system32\DRIVERS\ndiswan.sys
O41 - Driver: Interface NetBIOS (NetBIOS) - C:\WINDOWS\system32\DRIVERS\netbios.sys
O41 - Driver: NetBIOS sur TCP/IP (NetBT) - C:\WINDOWS\system32\DRIVERS\netbt.sys
O41 - Driver: Netgroup Packet Filter (NPF) - C:\WINDOWS\system32\drivers\npf.sys
O41 - Driver: (no object) (nv) - C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
O41 - Driver: Pilote de filtre de trafic IPX (NwlnkFlt) - C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
O41 - Driver: Pilote de transfert de trafic IPX (NwlnkFwd) - C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
O41 - Driver: Miniport réseau étendu (PPTP) (PptpMiniport) - C:\WINDOWS\system32\DRIVERS\raspptp.sys
O41 - Driver: Pilote processeur (Processor) - C:\WINDOWS\system32\DRIVERS\processr.sys
O41 - Driver: Planificateur de paquets QoS (PSched) - C:\WINDOWS\system32\DRIVERS\psched.sys
O41 - Driver: Pilote de liaison parallèle directe (Ptilink) - C:\WINDOWS\system32\DRIVERS\ptilink.sys
O41 - Driver: PxHelp20 (PxHelp20) - C:\WINDOWS\System32\Drivers\PxHelp20.sys
O41 - Driver: Pilote de connexion automatique d'accès distant (RasAcd) - C:\WINDOWS\system32\DRIVERS\rasacd.sys
O41 - Driver: Miniport réseau étendu (L2TP) (Rasl2tp) - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
O41 - Driver: Pilote PPPOE d'accès à distance (RasPppoe) - C:\WINDOWS\system32\DRIVERS\raspppoe.sys
O41 - Driver: Parallèle direct (Raspti) - C:\WINDOWS\system32\DRIVERS\raspti.sys
O41 - Driver: Rdbss (Rdbss) - C:\WINDOWS\system32\DRIVERS\rdbss.sys
O41 - Driver: Pilote de redirecteur de périphérique Terminal Server (rdpdr) - C:\WINDOWS\system32\DRIVERS\rdpdr.sys
O41 - Driver: Pilote de filtre de lecture digitale de CD audio (redbook) - C:\WINDOWS\system32\DRIVERS\redbook.sys
O41 - Driver: TRENDnet TEW-424UB 54M USB Dongle (RTL8187B) - C:\WINDOWS\system32\DRIVERS\RTL8187B.sys
O41 - Driver: SANDRA (SANDRA) - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\WNt500x86\Sandra.sys
O41 - Driver: Secdrv (Secdrv) - C:\WINDOWS\system32\DRIVERS\secdrv.sys
O41 - Driver: Sonic Focus Plugin for Sigmatel HDA (sfng32) - C:\WINDOWS\system32\drivers\sfng32.sys
O41 - Driver: SjyPkt (SjyPkt) - C:\WINDOWS\System32\Drivers\SjyPkt.sys
O41 - Driver: Splitter audio du noyau Microsoft (splitter) - C:\WINDOWS\system32\drivers\splitter.sys
O41 - Driver: (no object) (sptd) - C:\WINDOWS\System32\Drivers\sptd.sys
O41 - Driver: Pilote de filtre de restauration système (sr) - C:\WINDOWS\system32\DRIVERS\sr.sys
O41 - Driver: Srv (Srv) - C:\WINDOWS\system32\DRIVERS\srv.sys
O41 - Driver: ssmdrv (ssmdrv) - C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
O41 - Driver: SigmaTel High Definition Audio CODEC (STHDA) - C:\WINDOWS\system32\drivers\sthda.sys
O41 - Driver: Pilote de bus logiciel (swenum) - C:\WINDOWS\system32\DRIVERS\swenum.sys
O41 - Driver: Synthétiseur de table de sons GC noyau Microsoft (swmidi) - C:\WINDOWS\system32\drivers\swmidi.sys
O41 - Driver: Périphérique audio système du noyau Microsoft (sysaudio) - C:\WINDOWS\system32\drivers\sysaudio.sys
O41 - Driver: Pilote du protocole TCP/IP (Tcpip) - C:\WINDOWS\system32\DRIVERS\tcpip.sys
O41 - Driver: Pilote de mise à jour microcode (Update) - C:\WINDOWS\system32\DRIVERS\update.sys
O41 - Driver: Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0 (usbehci) - C:\WINDOWS\system32\DRIVERS\usbehci.sys
O41 - Driver: Concentrateur USB2 (usbhub) - C:\WINDOWS\system32\DRIVERS\usbhub.sys
O41 - Driver: Pilote miniport de contrôleur hôte ouvert USB Microsoft (usbohci) - C:\WINDOWS\system32\DRIVERS\usbohci.sys
O41 - Driver: Pilote de stockage de masse USB (usbstor) - C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
O41 - Driver: Pilote ARP IP d'accès distant (Wanarp) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O41 - Driver: Pilote WINMM de compatibilité audio WDM Microsoft (wdmaud) - C:\WINDOWS\system32\drivers\wdmaud.sys

---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player Plugin
O42 - Logiciel: Alex Gordon
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus
O42 - Logiciel: Babylon
O42 - Logiciel: eMule
O42 - Logiciel: Microsoft Office Enterprise 2007
O42 - Logiciel: Forgotten Riddles - The Moonlight Sonatas
O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs
O42 - Logiciel: Windows Internet Explorer 7
O42 - Logiciel: SmartSound Quicktracks Plugin
O42 - Logiciel: TRENDnet TEW-424UB Wireless USB 2.0 Adapter Driver and Utility
O42 - Logiciel: Jooleem 0.1.4
O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130)
O42 - Logiciel: MediaInfo 0.7.7.7
O42 - Logiciel: Microsoft .NET Framework 3.5
O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 - fra
O42 - Logiciel: Miriel The Magical Merchant
O42 - Logiciel: Mozilla Firefox (3.0.5)
O42 - Logiciel: Microsoft National Language Support Downlevel APIs
O42 - Logiciel: NVIDIA Drivers
O42 - Logiciel: Objectif Tarot
O42 - Logiciel: Quick Zip 4.60.019
O42 - Logiciel: Scrapbook Paige
O42 - Logiciel: SLD Codec Pack
O42 - Logiciel: Virtual Villagers - The Secret City
O42 - Logiciel: VLC media player 0.9.4
O42 - Logiciel: Windows Imaging Component
O42 - Logiciel: Windows Media Format Runtime
O42 - Logiciel: Windows XP Service Pack 3
O42 - Logiciel: XML Paper Specification Shared Components Pack 1.0
O42 - Logiciel: XML Paper Specification Shared Components Language Pack 1.0
O42 - Logiciel: Yahtzee
O42 - Logiciel: Yard Sale Hidden Treasures - Sunnyville
O42 - Logiciel: Zylom Games Player Plugin
O42 - Logiciel: Roxio Activation Module
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 1
O42 - Logiciel: Java(TM) 6 Update 7
O42 - Logiciel: Roxio Creator 2009
O42 - Logiciel: Windows Live Writer
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA
O42 - Logiciel: neroxml
O42 - Logiciel: Roxio BackOnTrack
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack - fra
O42 - Logiciel: Roxio File Backup
O42 - Logiciel: Broadcom 440x 10/100 Integrated Controller
O42 - Logiciel: DivX Codec
O42 - Logiciel: DivX Player
O42 - Logiciel: Microsoft Office Access MUI (French) 2007
O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 1 (SP1)
O42 - Logiciel: Microsoft Office Excel MUI (French) 2007
O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007
O42 - Logiciel: Microsoft Office Publisher MUI (French) 2007
O42 - Logiciel: Microsoft Office Outlook MUI (French) 2007
O42 - Logiciel: Microsoft Office Word MUI (French) 2007
O42 - Logiciel: Microsoft Office Proof (Arabic) 2007
O42 - Logiciel: Microsoft Office Proof (German) 2007
O42 - Logiciel: Microsoft Office Proof (English) 2007
O42 - Logiciel: Microsoft Office Proof (French) 2007
O42 - Logiciel: Microsoft Office Proof (Dutch) 2007
O42 - Logiciel: Microsoft Office Proof (Spanish) 2007
O42 - Logiciel: Microsoft Office Proofing (French) 2007
O42 - Logiciel: Microsoft Office InfoPath MUI (French) 2007
O42 - Logiciel: Microsoft Office Shared MUI (French) 2007
O42 - Logiciel: Microsoft Office OneNote MUI (French) 2007
O42 - Logiciel: Microsoft Office Groove MUI (French) 2007
O42 - Logiciel: SigmaTel Audio
O42 - Logiciel: Galerie de photos Windows Live
O42 - Logiciel: Roxio CinePlayer
O42 - Logiciel: SIW version 2008-12-16
O42 - Logiciel: DirectX 9 Runtime
O42 - Logiciel: Assistant de connexion Windows Live
O42 - Logiciel: KaraWin Free
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 1
O42 - Logiciel: DivX Web Player
O42 - Logiciel: Windows Live Messenger
O42 - Logiciel: Roxio CinePlayer Decoder Pack
O42 - Logiciel: Windows Live Mail
O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU]
O42 - Logiciel: Windows Live installer

---\\ Contenu des dossiers Fichiers Communs (O43)
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\DESIGNER
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\InstallShield
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Java
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Microsoft Shared
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\MSSoap
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\ODBC
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Roxio Shared
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Services
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Sonic Shared
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\SpeechEngines
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\System
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\WindowsLiveInstaller

---\\ Derniers fichiers modifiés ou crées sous System32 (O44)
O44 - LFC:Last File Created - C:\WINDOWS\System32\9b8dada6-.txt -->25/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\BASSMOD.dll -->15/11/2008
O44 - LFC:Last File Created - C:\WINDOWS\System32\CmdLineExt.dll -->29/10/2008
O44 - LFC:Last File Created - C:\WINDOWS\System32\d3d8caps.dat -->29/10/2008
O44 - LFC:Last File Created - C:\WINDOWS\System32\d3d9caps.dat -->28/10/2008
O44 - LFC:Last File Created - C:\WINDOWS\System32\FNTCACHE.DAT -->03/11/2008
O44 - LFC:Last File Created - C:\WINDOWS\System32\hPAKlUtv.ini -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\hPAKlUtv.ini2 -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\khfddBQK.dll -->25/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\KQBddfhk.ini -->25/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\KQBddfhk.ini2 -->25/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\mcrh.tmp -->25/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\msupdte.exe -->15/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\mvtneljh.ini -->21/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nnnoOHYp.dll -->19/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nvapps.xml -->25/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\packet.dll -->09/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfc009.dat -->19/11/2008
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfc00C.dat -->19/11/2008
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfh009.dat -->19/11/2008
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfh00C.dat -->19/11/2008
O44 - LFC:Last File Created - C:\WINDOWS\System32\PerfStringBackup.INI -->19/11/2008
O44 - LFC:Last File Created - C:\WINDOWS\System32\pkumwfqi.ini -->20/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\sft.res -->05/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\tfhdxbrm.ini -->23/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\wgyknyaa.ini -->25/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\wpa.dbl -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\wpcap.dll -->09/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\XabIRqss.ini -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\XabIRqss.ini2 -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\atksgt.sys -->29/10/2008
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\avipbb.sys -->26/11/2008
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\lirsgt.sys -->29/10/2008
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\npf.sys -->09/01/2009
0
brn446 Messages postés 64 Date d'inscription mercredi 8 octobre 2008 Statut Membre Dernière intervention 13 juillet 2012
25 janv. 2009 à 18:35
seconde partie :
--\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AGENT.EXE-1742861E.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AU_.EXE-1CF65874.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVCENTER.EXE-05A559D6.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVCONFIG.EXE-017201C9.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVNOTIFY.EXE-1A4F099E.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVWSC.EXE-10A518A3.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\A~NSISU_.EXE-18D0366A.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CARIBBEANHIDEAWAY.EXE-0D4568E6.pf -->24/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CARIBBEANHIDEAWAYSETUP.EXE-31EBA224.pf -->24/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CMD.EXE-137A0D53.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CSC.EXE-01AD03FB.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CVTRES.EXE-04DFB175.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DEFRAG.EXE-10D9C910.pf -->23/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\EMULE.EXE-1356DEC4.pf -->23/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\EXPLORER.EXE-05416907.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FIREFOX.EXE-3495265E.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\GLB1A2B.EXE-20C8EF44.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\GUARDGUI.EXE-212941BF.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HELPSVC.EXE-281F45D0.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IEXPLORE.EXE-06887102.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IMAPI.EXE-10859813.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IRSETUP.EXE-2A773102.pf -->24/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IRSETUP.EXE-3A17E561.pf -->24/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\JAVA.EXE-28F60863.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\JAVACPL.EXE-337361C7.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\JAVAW.EXE-14BF0D36.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\JUCHECK.EXE-1E6C7C12.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\Layout.ini -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LOGON.SCR-075DDDCD.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LOGONUI.EXE-3164D1CB.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MAGIC VINES.EXE-1FCDB793.pf -->24/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSCARIOCA.EXE-1E3B6B4F.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSIEXEC.EXE-0CCC6E74.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSOXMLED.EXE-2B7E9CF0.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NET.EXE-1A501125.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NET1.EXE-02EAE2C6.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NOTEPAD.EXE-08F3A979.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NTVDM.EXE-368D7CDA.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PRESENTATIONFONTCACHE.EXE-277EC265.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PREUPD.EXE-390A52DB.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\QUICKZIP.EXE-048F5B21.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RAW_003.WDT-080D48F4.pf -->24/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ROXIOCENTRALFX.EXE-0D6792AE.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ROXMEDIADB11.EXE-0CCD8023.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-29E40E53.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2AF9FBB9.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2B1A4B98.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2B750389.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2F371191.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-33C5878A.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-37908C31.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-3A6C7CA8.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-3FC2A059.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-40ED123E.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-41D4F8AC.pf -->21/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-43D6EE67.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-459B2EFE.pf -->21/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-58409AAD.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-5963E9C0.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-5A98F1F9.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-5AA5BF86.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-5BC9F342.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-5C5FFFE7.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-61DFFC00.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-63052ADA.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SCRAPBOOK PAIGE.EXE-0EA167E5.pf -->24/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SCRAPBOOK PAIGE.EXE-1C868D49.pf -->24/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SITEVACUUMCLIENT.EXE-1B9A4F79.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SPIDER.EXE-08640CAD.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SVCHOST.EXE-072604B0.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\TASKMGR.EXE-20E19D70.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\TEMP.EXE-1921AD67.pf -->24/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\THE MAGICIANS HANDBOOK CURSED-0EEE3BD1.pf -->24/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINS000.EXE-01F79C6C.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINS000.EXE-0FEA5CB2.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINS000.EXE-17AD57B5.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINS000.EXE-2C9B36BC.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINS000.EXE-2DEF01AE.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINS000.EXE-32D3BB8F.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINS000.EXE-352D0646.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINST.EXE-341D52BB.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINSTAL.EXE-026A19C8.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINSTAL.EXE-035B256E.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINSTAL.EXE-04E6BC4E.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINSTAL.EXE-06A3C205.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINSTAL.EXE-06E98660.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINSTAL.EXE-147CEA9D.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINSTAL.EXE-16F7EC40.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINSTAL.EXE-2124544E.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINSTAL.EXE-242F891D.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINSTAL.EXE-2A270206.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINSTAL.EXE-2DBA46DE.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINSTAL.EXE-317EAF5E.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINSTALL.EXE-002A68AE.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINSTALL.EXE-0206B85A.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINSTALL.EXE-0B52EE60.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINSTALL.EXE-0BD045D2.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINSTALL.EXE-158A7FD6.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINSTALL.EXE-16FFFF7A.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINSTALL.EXE-176B1DC0.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINSTALL.EXE-1B839199.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINSTALL.EXE-1D37EE19.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINSTALL.EXE-21046E99.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINSTALL.EXE-2ADDF7B3.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINSTALL.EXE-2B627589.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINSTALL.EXE-2FDEEDB8.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINSTALL.EXE-340EEE8A.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINSTALL.EXE-342EAFD4.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINSTALL.EXE-34B329BA.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINSTALL.EXE-34FFC91C.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINSTALL.EXE-35B63455.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINSTBB.EXE-36C92F13.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNWISE.EXE-0A50CD95.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNWISE.EXE-1C45D266.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UPDATE.EXE-2E0AF4CC.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UPDATEHELPER.EXE-25059381.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\USNSVC.EXE-13CC5607.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\VERCLSID.EXE-3B227142.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\VUNDOFIX.EXE-1BA58EC8.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\VUNDOFIX[1].EXE-12AD4065.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WLLOGINPROXY.EXE-03B18000.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WLMAIL.EXE-056BC45E.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMIPRVSE.EXE-0E69CB0B.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WSCNTFY.EXE-314E7AE5.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WUAUCLT.EXE-12D8E25E.pf -->09/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\XPNETDIAG.EXE-2539EE29.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\_IU14D2N.TMP-216FC7E2.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\_MSRSTRT.EXE-07824CF7.pf -->25/01/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\~354235.TMP-0ACFE558.pf -->24/01/2009

---\\ ShellExecuteHooks, Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
O47 - AAKE:Key Export - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
O47 - AAKE:Key Export - "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
O47 - AAKE:Key Export - "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\WNt500x86\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
O47 - AAKE:Key Export - "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
O47 - AAKE:Key Export - "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
O47 - AAKE:Key Export - "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
O47 - AAKE:Key Export - "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
O47 - AAKE:Key Export - "J:\eMule\emule.exe"="J:\eMule\emule.exe:*:Enabled:eMule"
O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
O47 - AAKE:Key Export - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
O47 - AAKE:Key Export - "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

---\\ Déni du service Local Security Authority (LSA) (O48)
O48 - LSA:Local Security Authority Authentication Packages - C:\WINDOWS\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages - C:\WINDOWS\System32\scecli.dll

---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vgasave.sys


End of the scan:
0
Réponse 2 / 2
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
25 janv. 2009 à 21:23
re;ton pc est tres tres infecté ,on a du boulot sur la planche !

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le scrïpt.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
0

Discussions similaires

Trojan win32 vundo.gen!BC
shaiko -
jlpjlp -

34 réponses