Sujet Précédent Sujet Suivant

Problème avec windowsclick

drums03 Messages postés 28 Statut Membre -  
sKe69 Messages postés 21955 Statut Contributeur sécurité -
Bonjour,
j'ai quelques soucis avec windowsclick. Il me renvoie sur des pages non désirées.
Pourriez-vous m'aider?
Merci d'avance.

Voici le log :

Logfile of HijackThis v1.99.1
Scan saved at 10:56:50, on 15/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Accessoires\Outils système\TClock\tclock.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPC32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Yahoo!\Companion\Installs\cpn\ytbb.exe
C:\Documents and Settings\Administrateur\Bureau\tutu.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.msgplus.net/setupend2.php?up=n&sp=n&lg=en&v=3145
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TClock.lnk = ?
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

44 réponses

Réponse 1 / 44
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Salut,

supprime ton Hijackthis qui est sur ton bureau ( il est obselète et mal installer ... )

Puis fais ce qui suit :

1- Télécharge et installe le logiciel HijackThis ( version 2.0.2 ):

ici http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html

-->Clique sur le setup pour lancer l'installe : laisse toi guider et ne modifie pas les paramètres d'installation .
A la fin de l'installe , le prg se lance automatiquement : ferme le en cliquant sur la croix rouge .
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .

( ne lance pas ce prg pour l'instant et fais la suite ... )

2- Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

-> http://images.malwareremoval.com/random/RSIT.exe

! Déconnecte toi et ferme toutes tes applications en cours !

Double-clique sur " RSIT.exe " pour le lancer .

-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

* Devant l'option "List files/folders created ..." , tu choisis : 2 months

* clique ensuite sur " Continue " pour lancer l'analyse ...

-> laisse faire le scan et ne touche pas au PC ...

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).

Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

Important : poste un rapport, puis l'autre dans la réponse suivante ...
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum ...
Et si "log.txt" seul, ne passe pas non plus , fais le en 2 fois ... merci ...

( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )

0
Réponse 2 / 44
drums03 Messages postés 28 Statut Membre
 
j'ai téléchargé hijackthis 2.0.2 mais quand je veux l'exécuter rien ne se passe.
Je ne sait plus que faire.
0
Réponse 3 / 44
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Re,

je vois ...

essais ceci :

Télécharge ZHPDiag de Nicolas Coolman sur ton bureau :

-> https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

!! déconnecte toi et ferme toutes tes applications en cours !!

* Clique droit sur le .zip que tu viens de télécharger et choisis " extraire tout " sur ton bureau ...

* Double-clique sur "ZHPDiag.exe" pour lancer l'outil :

> Clique sur le bouton " Tous " ( important ).

> puis clique sur le bouton de "la loupe" pour lancer le scan .

Laisses travailler l'outil ...

> Une fois terminé , le rapport s'affiche : clique sur bouton "appareil photo" pour sauvegarder le rapport obtenu ...

Enregistres bien ZHPDiag.txt de façon à le retrouver facilement ( sur le bureau par exemple ).

Puis ferme le programme ...

Enfin , fais un copier/coller du contenu du rapport sauvegardé dans ta prochaine réponse pour analyse ...

0
Réponse 4 / 44
drums03 Messages postés 28 Statut Membre
 
Voici le rapport
et merci

Rapport de ZHPDiag v1.17 par Nicolas Coolman
Enregistré le 15/04/2009 12:01:01
Platform : Microsoft Windows XP (5.1.2600) Service Pack 2
MSIE: Internet Explorer v6.0.2900.2180

---\\ Running Processes
SOUNDMAN.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brctrcen.exe
C:\WINDOWS\system32\NeroCheck.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\services.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\spoolsv.exe

---\\ Internet Explorer Start Page (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

---\\ Internet Explorer Search Page (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm

---\\ Browser Helper Objects (O2)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (not file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

---\\ Auto loading programs from Registry (O4)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data="1"
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk - D:\WINDOWS\Installer\{29F15D3F-5B37-44DB-BB89-390B3AD1404E}\NewShortcut1.exe

---\\ Extra items in the IE right-click menu (O8)
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra 'Tools' menuitem: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFBARH.ICO
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe,128
O9 - Extra 'Tools' menuitem: FlashGet - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\FlashGet\FlashGet.exe,128
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFBARH.ICO
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe,128

---\\ ActiveX Objects (Downloaded Program Files) (O16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: C:\WINDOWS\system32\NavLogon.dll

---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: DefWatch (DefWatch) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Spouleur d'impression (Spooler) - C:\WINDOWS\system32\spoolsv.exe

---\\ ActiveSetup Installed Components (040)
O40 - ASIC: Microsoft Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE
O40 - ASIC: Personnalisation du navigateur - {60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Outlook Express - {881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
O40 - ASIC: Rendu VML (Vector Graphics Rendering) - {10072CEC-8CC1-11D1-986E-00A0C955B42F} - (not file)
O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: Lecteur Windows Media Microsoft 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: DirectAnimation - {283807B5-2C60-11D0-A31D-00AA00B92C03} - C:\WINDOWS\system32\danim.dll
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll
O40 - ASIC: Liaison de données Dynamic HTML pour Java - {36f8ec70-c29a-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Logiciel de navigation hors connexion - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Uniscribe - {3bf42070-b3b1-11d1-b5c5-0000f8051515} - (not file)
O40 - ASIC: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) - {411EDCF7-755D-414E-A74B-3DCD6583F589} - (not file)
O40 - ASIC: Création avancée - {4278c270-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
O40 - ASIC: DirectShow - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Aide sur Internet Explorer - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Classes Java DirectAnimation - {4f216970-c90c-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.6 - {4F645220-306D-11D2-995D-00C04F98BBC9} - (not file)
O40 - ASIC: (no name) - {5A8D6EE0-3E18-11D0-821E-444553540000} - (not file)
O40 - ASIC: Outils d'installation Internet Explorer - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Améliorations pour la navigation - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
O40 - ASIC: Accès au site MSN - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: Web Folders - {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Carnet d'adresses 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
O40 - ASIC: Mise à jour du Bureau Windows - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer 6 - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
O40 - ASIC: Microsoft .NET Framework 1.1 Hotfix (KB928366) - {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - (not file)
O40 - ASIC: Liaison de données Dynamic HTML - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: (no name) - {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - (not file)
O40 - ASIC: Polices de base Internet Explorer - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: .NET Framework - {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - (not file)
O40 - ASIC: Planificateur de tâches - {CC2A9BA0-3BDD-11D0-821E-444553540000} - (not file)
O40 - ASIC: (no name) - {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - (not file)
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx
O40 - ASIC: Aide HTML - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)

---\\ Drivers launched at startup (O41)
O41 - Driver: Suppresseur d'écho acoustique (Noyau Microsoft) (aec) - C:\WINDOWS\system32\drivers\aec.sys
O41 - Driver: Service for Realtek AC97 Audio (WDM) (ALCXWDM) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
O41 - Driver: Pilote de média asynchrone RAS (AsyncMac) - C:\WINDOWS\system32\DRIVERS\asyncmac.sys
O41 - Driver: (no object) (ati2mtag) - C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
O41 - Driver: Protocole client ATM ARP (Atmarpc) - C:\WINDOWS\system32\DRIVERS\atmarpc.sys
O41 - Driver: Pilote audio Stub (audstub) - C:\WINDOWS\system32\DRIVERS\audstub.sys
O41 - Driver: Brother USB Still Image driver (BrScnUsb) - C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
O41 - Driver: (no object) (dmboot) - C:\WINDOWS\System32\drivers\dmboot.sys
O41 - Driver: Pilote de Gestionnaire de disque logique (dmio) - C:\WINDOWS\System32\drivers\dmio.sys
O41 - Driver: (no object) (dmload) - C:\WINDOWS\System32\drivers\dmload.sys
O41 - Driver: Synthétiseur DLS du noyau Microsoft (DMusic) - C:\WINDOWS\system32\drivers\DMusic.sys
O41 - Driver: Filtre de décodeur DRM (Noyau Microsoft) (drmkaud) - C:\WINDOWS\system32\drivers\drmkaud.sys
O41 - Driver: VIA Rhine-Family Fast Ethernet Adapter Driver Service (FETND5BV) - C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
O41 - Driver: FltMgr (FltMgr) - C:\WINDOWS\system32\DRIVERS\fltMgr.sys
O41 - Driver: GMSIPCI (GMSIPCI) - F:\INSTALL\GMSIPCI.SYS
O41 - Driver: Classificateur de paquets générique (Gpc) - C:\WINDOWS\system32\DRIVERS\msgpc.sys
O41 - Driver: Pilote pour clavier i8042 et souris sur port PS/2 (i8042prt) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
O41 - Driver: Pilote de processeur Intel (intelppm) - C:\WINDOWS\system32\DRIVERS\intelppm.sys
O41 - Driver: Pilote du pare-feu Windows IPv6 (Ip6Fw) - C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
O41 - Driver: Pilote de filtre de trafic IP (IpFilterDriver) - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
O41 - Driver: Pilote de tunnelage IP dans IP (IpInIp) - C:\WINDOWS\system32\DRIVERS\ipinip.sys
O41 - Driver: Pilote IPSEC (IPSec) - C:\WINDOWS\system32\DRIVERS\ipsec.sys
O41 - Driver: Service énumérateur IR (IRENUM) - C:\WINDOWS\system32\DRIVERS\irenum.sys
O41 - Driver: Mélangeur audio Wave de noyau Microsoft (kmixer) - C:\WINDOWS\system32\drivers\kmixer.sys
O41 - Driver: Redirecteur client WebDav (MRxDAV) - C:\WINDOWS\system32\DRIVERS\mrxdav.sys
O41 - Driver: MRXSMB (MRxSmb) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
O41 - Driver: Proxy de service de répartition Microsoft (MSKSSRV) - C:\WINDOWS\system32\drivers\MSKSSRV.sys
O41 - Driver: Proxy d'horloge de répartition Microsoft (MSPCLOCK) - C:\WINDOWS\system32\drivers\MSPCLOCK.sys
O41 - Driver: Proxy de gestion de qualité de répartition Microsoft (MSPQM) - C:\WINDOWS\system32\drivers\MSPQM.sys
O41 - Driver: Pilote BIOS de gestion de systèmes Microsoft (mssmbios) - C:\WINDOWS\system32\DRIVERS\mssmbios.sys
O41 - Driver: NAVAP (NAVAP) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys
O41 - Driver: NAVAPEL (NAVAPEL) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS
O41 - Driver: NAVENG (NAVENG) - C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20090414.020\NAVENG.sys
O41 - Driver: NAVEX15 (NAVEX15) - C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20090414.020\NAVEX15.sys
O41 - Driver: Pilote TAPI NDIS d'accès distant (NdisTapi) - C:\WINDOWS\system32\DRIVERS\ndistapi.sys
O41 - Driver: NDIS mode utilisateur E/S Protocole (Ndisuio) - C:\WINDOWS\system32\DRIVERS\ndisuio.sys
O41 - Driver: Pilote réseau étendu NDIS d'accès distant (NdisWan) - C:\WINDOWS\system32\DRIVERS\ndiswan.sys
O41 - Driver: Interface NetBIOS (NetBIOS) - C:\WINDOWS\system32\DRIVERS\netbios.sys
O41 - Driver: NetBIOS sur TCP/IP (NetBT) - C:\WINDOWS\system32\DRIVERS\netbt.sys
O41 - Driver: Pilote de filtre de trafic IPX (NwlnkFlt) - C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
O41 - Driver: Pilote de transfert de trafic IPX (NwlnkFwd) - C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
O41 - Driver: Miniport réseau étendu (PPTP) (PptpMiniport) - C:\WINDOWS\system32\DRIVERS\raspptp.sys
O41 - Driver: Profos (Profos) - C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys
O41 - Driver: Planificateur de paquets QoS (PSched) - C:\WINDOWS\system32\DRIVERS\psched.sys
O41 - Driver: Pilote de liaison parallèle directe (Ptilink) - C:\WINDOWS\system32\DRIVERS\ptilink.sys
O41 - Driver: Pilote de connexion automatique d'accès distant (RasAcd) - C:\WINDOWS\system32\DRIVERS\rasacd.sys
O41 - Driver: Miniport réseau étendu (L2TP) (Rasl2tp) - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
O41 - Driver: Pilote PPPOE d'accès à distance (RasPppoe) - C:\WINDOWS\system32\DRIVERS\raspppoe.sys
O41 - Driver: Parallèle direct (Raspti) - C:\WINDOWS\system32\DRIVERS\raspti.sys
O41 - Driver: Rdbss (Rdbss) - C:\WINDOWS\system32\DRIVERS\rdbss.sys
O41 - Driver: Pilote de redirecteur de périphérique Terminal Server (rdpdr) - C:\WINDOWS\system32\DRIVERS\rdpdr.sys
O41 - Driver: Pilote de filtre de lecture digitale de CD audio (redbook) - C:\WINDOWS\system32\DRIVERS\redbook.sys
O41 - Driver: Secdrv (Secdrv) - C:\WINDOWS\system32\DRIVERS\secdrv.sys
O41 - Driver: Pilote de filtre Serenum (serenum) - C:\WINDOWS\system32\DRIVERS\serenum.sys
O41 - Driver: Splitter audio du noyau Microsoft (splitter) - C:\WINDOWS\system32\drivers\splitter.sys
O41 - Driver: Pilote de filtre de restauration système (sr) - C:\WINDOWS\system32\DRIVERS\sr.sys
O41 - Driver: Srv (Srv) - C:\WINDOWS\system32\DRIVERS\srv.sys
O41 - Driver: Pilote de bus logiciel (swenum) - C:\WINDOWS\system32\DRIVERS\swenum.sys
O41 - Driver: Synthétiseur de table de sons GC noyau Microsoft (swmidi) - C:\WINDOWS\system32\drivers\swmidi.sys
O41 - Driver: (no object) (SymEvent) - C:\Program Files\Symantec\SYMEVENT.SYS
O41 - Driver: Périphérique audio système du noyau Microsoft (sysaudio) - C:\WINDOWS\system32\drivers\sysaudio.sys
O41 - Driver: Pilote du protocole TCP/IP (Tcpip) - C:\WINDOWS\system32\DRIVERS\tcpip.sys
O41 - Driver: Trufos (Trufos) - C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys
O41 - Driver: Pilote de mise à jour microcode (Update) - C:\WINDOWS\system32\DRIVERS\update.sys
O41 - Driver: Pilote parent générique USB Microsoft (usbccgp) - C:\WINDOWS\system32\DRIVERS\usbccgp.sys
O41 - Driver: Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0 (usbehci) - C:\WINDOWS\system32\DRIVERS\usbehci.sys
O41 - Driver: Pilote de concentrateur standard USB Microsoft (usbhub) - C:\WINDOWS\system32\DRIVERS\usbhub.sys
O41 - Driver: Classe d'imprimantes USB Microsoft (usbprint) - C:\WINDOWS\system32\DRIVERS\usbprint.sys
O41 - Driver: Pilote de stockage de masse USB (usbstor) - C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
O41 - Driver: Pilote miniport de contrôleur hôte universel USB Microsoft (usbuhci) - C:\WINDOWS\system32\DRIVERS\usbuhci.sys
O41 - Driver: VIA AGP Filter (viaagp1) - C:\WINDOWS\system32\DRIVERS\viaagp1.sys
O41 - Driver: (no object) (viamraid) - C:\WINDOWS\system32\DRIVERS\viamraid.sys
O41 - Driver: Marvell Libertas 802.11b/g Driver for Windows XP (8335) (W8335XP) - C:\WINDOWS\system32\DRIVERS\MRV8335XP.sys
O41 - Driver: Pilote ARP IP d'accès distant (Wanarp) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O41 - Driver: Pilote WINMM de compatibilité audio WDM Microsoft (wdmaud) - C:\WINDOWS\system32\drivers\wdmaud.sys
O41 - Driver: (no object) (WinDriver6) - C:\WINDOWS\system32\drivers\windrvr6.sys
O41 - Driver: BitDefender Firewall NDIS Filter Service (Bdfndisf) - C:\WINDOWS\system32\DRIVERS\bdfndisf.sys
O41 - Driver: BDSelfPr (BDSelfPr) - C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys

---\\ Software installed (O42)
O42 - Logiciel: Adobe Flash Player 10 ActiveX
O42 - Logiciel: Burn4Free CD and DVD
O42 - Logiciel: CCleaner (remove only)
O42 - Logiciel: Daniusoft Digital Media Converter(Build 2.0.24)
O42 - Logiciel: FlashGet 1.8.2.1001
O42 - Logiciel: HijackThis 2.0.2
O42 - Logiciel: LiveUpdate 1.7 (Symantec Corporation)
O42 - Logiciel: Microsoft .NET Framework 1.1 Hotfix (KB928366)
O42 - Logiciel: Malwarebytes' Anti-Malware
O42 - Logiciel: Microsoft .NET Framework 1.1
O42 - Logiciel: TaskSwitchXP
O42 - Logiciel: VideoLAN VLC media player 0.8.6a
O42 - Logiciel: VIA Rhine-Family Fast Ethernet Adapter
O42 - Logiciel: Archiveur WinRAR
O42 - Logiciel: XPize 4.2 MCE BETA
O42 - Logiciel: Symantec AntiVirus Client
O42 - Logiciel: CAS Interface Studio 8.6b
O42 - Logiciel: PaperPort Image Printer
O42 - Logiciel: Lecteur musicMe
O42 - Logiciel: MSXML 4.0 SP2 (KB954430)
O42 - Logiciel: Microsoft Office Professional Edition 2003
O42 - Logiciel: Brother MFL-Pro Suite
O42 - Logiciel: Adobe Reader 7.0 - Français
O42 - Logiciel: ScanSoft PaperPort 11
O42 - Logiciel: Nero 7 Demo
O42 - Logiciel: Realtek AC'97 Audio

---\\ Contents of the Common Files folders (O43)
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Adobe
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Ahead
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\BitDefender
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\DESIGNER
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\InstallShield
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Microsoft Shared
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\MSSoap
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\ODBC
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\ScanSoft Shared
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Services
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\SpeechEngines
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Symantec Shared
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\System

---\\ Last modified or created files under System32 (O44)
O44 - LFC:Last File Created - C:\WINDOWS\System32\$winnt$.inf -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\amcompat.tlb -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\bdod.bin -->15/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\bridf07a.dat -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\cdplayer.exe.manifest -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\CONFIG.NT -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\emptyregdb.dat -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\FNTCACHE.DAT -->15/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\h323log.txt -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\logonui.exe.manifest -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\mrt.exe -->25/02/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ncpa.cpl.manifest -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nscompat.tlb -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nwc.cpl.manifest -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfc009.dat -->15/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfc00C.dat -->15/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfh009.dat -->15/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfh00C.dat -->15/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\PerfStringBackup.INI -->15/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\S32EVNT1.DLL -->15/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\sapi.cpl.manifest -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\SYMEVNT.386 -->15/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\TZLog.log -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\uxtheme.dll -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\win32k.sys -->09/02/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\WindowsLogon.manifest -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\wpa.dbl -->13/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\wuaucpl.cpl.manifest -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\mbam.sys -->06/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->06/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\SYMEVENT.SYS -->15/04/2009

---\\ Last files created in Windows Prefetcher (O45)
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ACRORD32.EXE-1CE22EA3.pf -->14/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ACRORD32.EXE-32E4AFCD.pf -->12/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-10255AA7.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-1A61B617.pf -->14/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ALG.EXE-275708CF.pf -->04/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AUTORUN.EXE-08A9DED1.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\BDAGENT.EXE-2A4EFA13.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\BDFSFLTRPTCH.EXE-25AD1939.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\BDTB.EXE-25633580.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\BDTB.EXE.TMP-1EE867A7.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\BDTHUNDERBIRD.EXE-093225E2.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\BDWIZREG.EXE-03AB9F60.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\BITDEFENDER_INTERNETSECURITY_-1E415A73.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\BRCCMCTL.EXE-2BA63335.pf -->14/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\BRCTRCEN.EXE-2343901B.pf -->14/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\BRMFCWND.EXE-3B6F60FC.pf -->28/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\BURN4FREE.EXE-2F7413CB.pf -->05/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CAS STUDIO.EXE-140373A3.pf -->28/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CSRSS.EXE-22452D1B.pf -->04/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DEFRAG.EXE-2858C7E2.pf -->11/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DELOEMINFS.EXE-086AA05E.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DFRGNTFS.EXE-38C3807C.pf -->11/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DRIVERCTRL.EXE-0E2C6689.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DRWTSN32.EXE-01DDCF15.pf -->14/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DUMPREP.EXE-0AF2BF67.pf -->10/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DWWIN.EXE-2C373FB7.pf -->14/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\EXCEL.EXE-2055DCA9.pf -->28/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf -->14/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FLASHGET.EXE-080AD7E9.pf -->01/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\GRPCONV.EXE-375690AD.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HELPSVC.EXE-1C192440.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IDENTITY.EXE-03DBEB95.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IDRIVER.EXE-1DCF1A9D.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IEDW.EXE-0F1DF43F.pf -->14/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IESHOW.EXE-1D3D0F51.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IMAPI.EXE-201490BB.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\INSTALL.EXE-3AEF1D3F.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\Layout.ini -->14/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LIVESRV.EXE-366DC850.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LOGON.SCR-24ADF392.pf -->14/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LSASS.EXE-306A65C3.pf -->04/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LSETUP.EXE-0248AF55.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LUCOMS~1.EXE-1DF6F3E9.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LUSETUP.EXE-28C3941D.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSI1D.TMP-09E05C1B.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSI20.TMP-1635ABBB.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSI23.TMP-0E629313.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSI24.TMP-05018098.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSI25.TMP-34CA0DA8.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSI26.TMP-1A34D00A.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSI27.TMP-1F96BE36.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSI28.TMP-2F681F7C.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSI29.TMP-0A636EC4.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSI30.TMP-0A4CCE05.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSIEXEC.EXE-330626DC.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSTORDB.EXE-27453AE2.pf -->29/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MUSICMESERVICE.EXE-116EB45B.pf -->05/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NETSH.EXE-23AED181.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NMBGMONITOR.EXE-230CE960.pf -->13/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NMINDEXSTORESVR.EXE-13F11D87.pf -->13/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NOTEPAD.EXE-2F2D61E1.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\OUTLOOK.EXE-1C54BEEA.pf -->06/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PAPRPORT.EXE-0F2CFC8F.pf -->28/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PATCH_~1.EXE-10593B9D.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PCHFLTR.EXE-041814A1.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\POWERPNT.EXE-2EEF88AA.pf -->02/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PPLINKS.EXE-376E4727.pf -->28/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REGEDIT.EXE-2AE3423E.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-3C500167.pf -->29/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-3D479208.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-3DF851BD.pf -->23/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-3E44684F.pf -->31/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-433BF4FC.pf -->10/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-46419E46.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-4653691D.pf -->11/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-4666F599.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-46D7B5BB.pf -->12/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-4AA62846.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-4B4A642B.pf -->11/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-4C9A0F4D.pf -->01/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-4FF9832D.pf -->10/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-5610C3EA.pf -->12/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-584788E9.pf -->28/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-60FE337D.pf -->04/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-61C2BDB5.pf -->09/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-6455975B.pf -->31/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-650D9C14.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-691690D5.pf -->23/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-6A046DA4.pf -->23/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-6D570F0B.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-6DF739B2.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-6E8D4657.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNONCE.EXE-01CA3A2F.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SAFEXP.EXE-21853345.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SECCENTER.EXE-31DA92EB.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SERVICES.EXE-3019B50A.pf -->04/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SETLOADORDER.EXE-37B900E8.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SETUP.EXE-014C4BC5.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SETUP.EXE-2F6E67C3.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SETUP_WM.EXE-02751BCA.pf -->10/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SEVINST.EXE-31E05103.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SNETCFG.EXE-0355B4D0.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SOUNDMAN.EXE-2979F3F4.pf -->04/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SSBKGDUPDATE.EXE-2109723C.pf -->04/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SVCHOST.EXE-2D5FBD18.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SYMANT~1.EXE-3A7C42DF.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\TASKMGR.EXE-06144C13.pf -->11/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\TASKSWITCHXP.EXE-19BF09F3.pf -->04/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UISCAN.EXE-0AD9F845.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UPGREPL.EXE-07704B73.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\VERCLSID.EXE-28F52AD2.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\VIRUS.EXE-0F578F79.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\VLC.EXE-02F29DFD.pf -->14/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\VSSERV.EXE-254EFAEB.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WEB-MEDIAPLAYER_SETUP[1].EXE-3B909F9A.pf -->14/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WEBVACUUMFREE.EXE-04540FFF.pf -->14/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINLOGON.EXE-0957F9B2.pf -->04/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINRAR.EXE-0AA31BB9.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINWORD.EXE-33AEA629.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WJQS.EXE-0B8903CB.pf -->14/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMIADAP.EXE-32F99497.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMIPRVSE.EXE-0D449B4F.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMPLAYER.EXE-1ACCF804.pf -->14/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMPLAYER.EXE-1ACCF80B.pf -->11/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMPLAYER.EXE-1ACCF80C.pf -->25/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WUAUCLT.EXE-1360D60A.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\XCOMMSVR.EXE-28D5134B.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\XPIZE_LOGON.EXE-00125B7D.pf -->15/04/2009

---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll

---\\ Export authorized application key (O47)
O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export - "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
O47 - AAKE:Key Export - "C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export - "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

---\\ Local Security Authority-LSA Deny (O48)
O48 - LSA:Local Security Authority Authentication Packages - C:\WINDOWS\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages - C:\WINDOWS\System32\scecli.dll

---\\ Safe Boot Control (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vgasave.sys

---\\ Image File Execution Options (IFEO) (O50)
O50 - IEFO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d

End of the scan:
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 44
drums03 Messages postés 28 Statut Membre
 
Voici le rapport
et merci

Rapport de ZHPDiag v1.17 par Nicolas Coolman
Enregistré le 15/04/2009 12:01:01
Platform : Microsoft Windows XP (5.1.2600) Service Pack 2
MSIE: Internet Explorer v6.0.2900.2180

---\\ Running Processes
SOUNDMAN.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brctrcen.exe
C:\WINDOWS\system32\NeroCheck.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\services.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\spoolsv.exe

---\\ Internet Explorer Start Page (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

---\\ Internet Explorer Search Page (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm

---\\ Browser Helper Objects (O2)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (not file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

---\\ Auto loading programs from Registry (O4)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data="1"
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk - D:\WINDOWS\Installer\{29F15D3F-5B37-44DB-BB89-390B3AD1404E}\NewShortcut1.exe

---\\ Extra items in the IE right-click menu (O8)
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra 'Tools' menuitem: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFBARH.ICO
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe,128
O9 - Extra 'Tools' menuitem: FlashGet - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\FlashGet\FlashGet.exe,128
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFBARH.ICO
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe,128

---\\ ActiveX Objects (Downloaded Program Files) (O16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: C:\WINDOWS\system32\NavLogon.dll

---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: DefWatch (DefWatch) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Spouleur d'impression (Spooler) - C:\WINDOWS\system32\spoolsv.exe

---\\ ActiveSetup Installed Components (040)
O40 - ASIC: Microsoft Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE
O40 - ASIC: Personnalisation du navigateur - {60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Outlook Express - {881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
O40 - ASIC: Rendu VML (Vector Graphics Rendering) - {10072CEC-8CC1-11D1-986E-00A0C955B42F} - (not file)
O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: Lecteur Windows Media Microsoft 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: DirectAnimation - {283807B5-2C60-11D0-A31D-00AA00B92C03} - C:\WINDOWS\system32\danim.dll
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll
O40 - ASIC: Liaison de données Dynamic HTML pour Java - {36f8ec70-c29a-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Logiciel de navigation hors connexion - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Uniscribe - {3bf42070-b3b1-11d1-b5c5-0000f8051515} - (not file)
O40 - ASIC: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) - {411EDCF7-755D-414E-A74B-3DCD6583F589} - (not file)
O40 - ASIC: Création avancée - {4278c270-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
O40 - ASIC: DirectShow - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Aide sur Internet Explorer - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Classes Java DirectAnimation - {4f216970-c90c-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.6 - {4F645220-306D-11D2-995D-00C04F98BBC9} - (not file)
O40 - ASIC: (no name) - {5A8D6EE0-3E18-11D0-821E-444553540000} - (not file)
O40 - ASIC: Outils d'installation Internet Explorer - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Améliorations pour la navigation - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
O40 - ASIC: Accès au site MSN - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: Web Folders - {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Carnet d'adresses 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
O40 - ASIC: Mise à jour du Bureau Windows - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer 6 - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
O40 - ASIC: Microsoft .NET Framework 1.1 Hotfix (KB928366) - {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - (not file)
O40 - ASIC: Liaison de données Dynamic HTML - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: (no name) - {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - (not file)
O40 - ASIC: Polices de base Internet Explorer - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: .NET Framework - {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - (not file)
O40 - ASIC: Planificateur de tâches - {CC2A9BA0-3BDD-11D0-821E-444553540000} - (not file)
O40 - ASIC: (no name) - {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - (not file)
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx
O40 - ASIC: Aide HTML - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)

---\\ Drivers launched at startup (O41)
O41 - Driver: Suppresseur d'écho acoustique (Noyau Microsoft) (aec) - C:\WINDOWS\system32\drivers\aec.sys
O41 - Driver: Service for Realtek AC97 Audio (WDM) (ALCXWDM) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
O41 - Driver: Pilote de média asynchrone RAS (AsyncMac) - C:\WINDOWS\system32\DRIVERS\asyncmac.sys
O41 - Driver: (no object) (ati2mtag) - C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
O41 - Driver: Protocole client ATM ARP (Atmarpc) - C:\WINDOWS\system32\DRIVERS\atmarpc.sys
O41 - Driver: Pilote audio Stub (audstub) - C:\WINDOWS\system32\DRIVERS\audstub.sys
O41 - Driver: Brother USB Still Image driver (BrScnUsb) - C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
O41 - Driver: (no object) (dmboot) - C:\WINDOWS\System32\drivers\dmboot.sys
O41 - Driver: Pilote de Gestionnaire de disque logique (dmio) - C:\WINDOWS\System32\drivers\dmio.sys
O41 - Driver: (no object) (dmload) - C:\WINDOWS\System32\drivers\dmload.sys
O41 - Driver: Synthétiseur DLS du noyau Microsoft (DMusic) - C:\WINDOWS\system32\drivers\DMusic.sys
O41 - Driver: Filtre de décodeur DRM (Noyau Microsoft) (drmkaud) - C:\WINDOWS\system32\drivers\drmkaud.sys
O41 - Driver: VIA Rhine-Family Fast Ethernet Adapter Driver Service (FETND5BV) - C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
O41 - Driver: FltMgr (FltMgr) - C:\WINDOWS\system32\DRIVERS\fltMgr.sys
O41 - Driver: GMSIPCI (GMSIPCI) - F:\INSTALL\GMSIPCI.SYS
O41 - Driver: Classificateur de paquets générique (Gpc) - C:\WINDOWS\system32\DRIVERS\msgpc.sys
O41 - Driver: Pilote pour clavier i8042 et souris sur port PS/2 (i8042prt) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
O41 - Driver: Pilote de processeur Intel (intelppm) - C:\WINDOWS\system32\DRIVERS\intelppm.sys
O41 - Driver: Pilote du pare-feu Windows IPv6 (Ip6Fw) - C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
O41 - Driver: Pilote de filtre de trafic IP (IpFilterDriver) - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
O41 - Driver: Pilote de tunnelage IP dans IP (IpInIp) - C:\WINDOWS\system32\DRIVERS\ipinip.sys
O41 - Driver: Pilote IPSEC (IPSec) - C:\WINDOWS\system32\DRIVERS\ipsec.sys
O41 - Driver: Service énumérateur IR (IRENUM) - C:\WINDOWS\system32\DRIVERS\irenum.sys
O41 - Driver: Mélangeur audio Wave de noyau Microsoft (kmixer) - C:\WINDOWS\system32\drivers\kmixer.sys
O41 - Driver: Redirecteur client WebDav (MRxDAV) - C:\WINDOWS\system32\DRIVERS\mrxdav.sys
O41 - Driver: MRXSMB (MRxSmb) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
O41 - Driver: Proxy de service de répartition Microsoft (MSKSSRV) - C:\WINDOWS\system32\drivers\MSKSSRV.sys
O41 - Driver: Proxy d'horloge de répartition Microsoft (MSPCLOCK) - C:\WINDOWS\system32\drivers\MSPCLOCK.sys
O41 - Driver: Proxy de gestion de qualité de répartition Microsoft (MSPQM) - C:\WINDOWS\system32\drivers\MSPQM.sys
O41 - Driver: Pilote BIOS de gestion de systèmes Microsoft (mssmbios) - C:\WINDOWS\system32\DRIVERS\mssmbios.sys
O41 - Driver: NAVAP (NAVAP) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys
O41 - Driver: NAVAPEL (NAVAPEL) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS
O41 - Driver: NAVENG (NAVENG) - C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20090414.020\NAVENG.sys
O41 - Driver: NAVEX15 (NAVEX15) - C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20090414.020\NAVEX15.sys
O41 - Driver: Pilote TAPI NDIS d'accès distant (NdisTapi) - C:\WINDOWS\system32\DRIVERS\ndistapi.sys
O41 - Driver: NDIS mode utilisateur E/S Protocole (Ndisuio) - C:\WINDOWS\system32\DRIVERS\ndisuio.sys
O41 - Driver: Pilote réseau étendu NDIS d'accès distant (NdisWan) - C:\WINDOWS\system32\DRIVERS\ndiswan.sys
O41 - Driver: Interface NetBIOS (NetBIOS) - C:\WINDOWS\system32\DRIVERS\netbios.sys
O41 - Driver: NetBIOS sur TCP/IP (NetBT) - C:\WINDOWS\system32\DRIVERS\netbt.sys
O41 - Driver: Pilote de filtre de trafic IPX (NwlnkFlt) - C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
O41 - Driver: Pilote de transfert de trafic IPX (NwlnkFwd) - C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
O41 - Driver: Miniport réseau étendu (PPTP) (PptpMiniport) - C:\WINDOWS\system32\DRIVERS\raspptp.sys
O41 - Driver: Profos (Profos) - C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys
O41 - Driver: Planificateur de paquets QoS (PSched) - C:\WINDOWS\system32\DRIVERS\psched.sys
O41 - Driver: Pilote de liaison parallèle directe (Ptilink) - C:\WINDOWS\system32\DRIVERS\ptilink.sys
O41 - Driver: Pilote de connexion automatique d'accès distant (RasAcd) - C:\WINDOWS\system32\DRIVERS\rasacd.sys
O41 - Driver: Miniport réseau étendu (L2TP) (Rasl2tp) - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
O41 - Driver: Pilote PPPOE d'accès à distance (RasPppoe) - C:\WINDOWS\system32\DRIVERS\raspppoe.sys
O41 - Driver: Parallèle direct (Raspti) - C:\WINDOWS\system32\DRIVERS\raspti.sys
O41 - Driver: Rdbss (Rdbss) - C:\WINDOWS\system32\DRIVERS\rdbss.sys
O41 - Driver: Pilote de redirecteur de périphérique Terminal Server (rdpdr) - C:\WINDOWS\system32\DRIVERS\rdpdr.sys
O41 - Driver: Pilote de filtre de lecture digitale de CD audio (redbook) - C:\WINDOWS\system32\DRIVERS\redbook.sys
O41 - Driver: Secdrv (Secdrv) - C:\WINDOWS\system32\DRIVERS\secdrv.sys
O41 - Driver: Pilote de filtre Serenum (serenum) - C:\WINDOWS\system32\DRIVERS\serenum.sys
O41 - Driver: Splitter audio du noyau Microsoft (splitter) - C:\WINDOWS\system32\drivers\splitter.sys
O41 - Driver: Pilote de filtre de restauration système (sr) - C:\WINDOWS\system32\DRIVERS\sr.sys
O41 - Driver: Srv (Srv) - C:\WINDOWS\system32\DRIVERS\srv.sys
O41 - Driver: Pilote de bus logiciel (swenum) - C:\WINDOWS\system32\DRIVERS\swenum.sys
O41 - Driver: Synthétiseur de table de sons GC noyau Microsoft (swmidi) - C:\WINDOWS\system32\drivers\swmidi.sys
O41 - Driver: (no object) (SymEvent) - C:\Program Files\Symantec\SYMEVENT.SYS
O41 - Driver: Périphérique audio système du noyau Microsoft (sysaudio) - C:\WINDOWS\system32\drivers\sysaudio.sys
O41 - Driver: Pilote du protocole TCP/IP (Tcpip) - C:\WINDOWS\system32\DRIVERS\tcpip.sys
O41 - Driver: Trufos (Trufos) - C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys
O41 - Driver: Pilote de mise à jour microcode (Update) - C:\WINDOWS\system32\DRIVERS\update.sys
O41 - Driver: Pilote parent générique USB Microsoft (usbccgp) - C:\WINDOWS\system32\DRIVERS\usbccgp.sys
O41 - Driver: Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0 (usbehci) - C:\WINDOWS\system32\DRIVERS\usbehci.sys
O41 - Driver: Pilote de concentrateur standard USB Microsoft (usbhub) - C:\WINDOWS\system32\DRIVERS\usbhub.sys
O41 - Driver: Classe d'imprimantes USB Microsoft (usbprint) - C:\WINDOWS\system32\DRIVERS\usbprint.sys
O41 - Driver: Pilote de stockage de masse USB (usbstor) - C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
O41 - Driver: Pilote miniport de contrôleur hôte universel USB Microsoft (usbuhci) - C:\WINDOWS\system32\DRIVERS\usbuhci.sys
O41 - Driver: VIA AGP Filter (viaagp1) - C:\WINDOWS\system32\DRIVERS\viaagp1.sys
O41 - Driver: (no object) (viamraid) - C:\WINDOWS\system32\DRIVERS\viamraid.sys
O41 - Driver: Marvell Libertas 802.11b/g Driver for Windows XP (8335) (W8335XP) - C:\WINDOWS\system32\DRIVERS\MRV8335XP.sys
O41 - Driver: Pilote ARP IP d'accès distant (Wanarp) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O41 - Driver: Pilote WINMM de compatibilité audio WDM Microsoft (wdmaud) - C:\WINDOWS\system32\drivers\wdmaud.sys
O41 - Driver: (no object) (WinDriver6) - C:\WINDOWS\system32\drivers\windrvr6.sys
O41 - Driver: BitDefender Firewall NDIS Filter Service (Bdfndisf) - C:\WINDOWS\system32\DRIVERS\bdfndisf.sys
O41 - Driver: BDSelfPr (BDSelfPr) - C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys

---\\ Software installed (O42)
O42 - Logiciel: Adobe Flash Player 10 ActiveX
O42 - Logiciel: Burn4Free CD and DVD
O42 - Logiciel: CCleaner (remove only)
O42 - Logiciel: Daniusoft Digital Media Converter(Build 2.0.24)
O42 - Logiciel: FlashGet 1.8.2.1001
O42 - Logiciel: HijackThis 2.0.2
O42 - Logiciel: LiveUpdate 1.7 (Symantec Corporation)
O42 - Logiciel: Microsoft .NET Framework 1.1 Hotfix (KB928366)
O42 - Logiciel: Malwarebytes' Anti-Malware
O42 - Logiciel: Microsoft .NET Framework 1.1
O42 - Logiciel: TaskSwitchXP
O42 - Logiciel: VideoLAN VLC media player 0.8.6a
O42 - Logiciel: VIA Rhine-Family Fast Ethernet Adapter
O42 - Logiciel: Archiveur WinRAR
O42 - Logiciel: XPize 4.2 MCE BETA
O42 - Logiciel: Symantec AntiVirus Client
O42 - Logiciel: CAS Interface Studio 8.6b
O42 - Logiciel: PaperPort Image Printer
O42 - Logiciel: Lecteur musicMe
O42 - Logiciel: MSXML 4.0 SP2 (KB954430)
O42 - Logiciel: Microsoft Office Professional Edition 2003
O42 - Logiciel: Brother MFL-Pro Suite
O42 - Logiciel: Adobe Reader 7.0 - Français
O42 - Logiciel: ScanSoft PaperPort 11
O42 - Logiciel: Nero 7 Demo
O42 - Logiciel: Realtek AC'97 Audio

---\\ Contents of the Common Files folders (O43)
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Adobe
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Ahead
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\BitDefender
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\DESIGNER
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\InstallShield
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Microsoft Shared
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\MSSoap
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\ODBC
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\ScanSoft Shared
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Services
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\SpeechEngines
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Symantec Shared
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\System

---\\ Last modified or created files under System32 (O44)
O44 - LFC:Last File Created - C:\WINDOWS\System32\$winnt$.inf -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\amcompat.tlb -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\bdod.bin -->15/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\bridf07a.dat -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\cdplayer.exe.manifest -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\CONFIG.NT -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\emptyregdb.dat -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\FNTCACHE.DAT -->15/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\h323log.txt -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\logonui.exe.manifest -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\mrt.exe -->25/02/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ncpa.cpl.manifest -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nscompat.tlb -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nwc.cpl.manifest -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfc009.dat -->15/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfc00C.dat -->15/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfh009.dat -->15/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfh00C.dat -->15/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\PerfStringBackup.INI -->15/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\S32EVNT1.DLL -->15/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\sapi.cpl.manifest -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\SYMEVNT.386 -->15/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\TZLog.log -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\uxtheme.dll -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\win32k.sys -->09/02/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\WindowsLogon.manifest -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\wpa.dbl -->13/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\wuaucpl.cpl.manifest -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\mbam.sys -->06/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->06/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\SYMEVENT.SYS -->15/04/2009

---\\ Last files created in Windows Prefetcher (O45)
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ACRORD32.EXE-1CE22EA3.pf -->14/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ACRORD32.EXE-32E4AFCD.pf -->12/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-10255AA7.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-1A61B617.pf -->14/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ALG.EXE-275708CF.pf -->04/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AUTORUN.EXE-08A9DED1.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\BDAGENT.EXE-2A4EFA13.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\BDFSFLTRPTCH.EXE-25AD1939.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\BDTB.EXE-25633580.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\BDTB.EXE.TMP-1EE867A7.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\BDTHUNDERBIRD.EXE-093225E2.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\BDWIZREG.EXE-03AB9F60.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\BITDEFENDER_INTERNETSECURITY_-1E415A73.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\BRCCMCTL.EXE-2BA63335.pf -->14/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\BRCTRCEN.EXE-2343901B.pf -->14/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\BRMFCWND.EXE-3B6F60FC.pf -->28/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\BURN4FREE.EXE-2F7413CB.pf -->05/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CAS STUDIO.EXE-140373A3.pf -->28/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CSRSS.EXE-22452D1B.pf -->04/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DEFRAG.EXE-2858C7E2.pf -->11/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DELOEMINFS.EXE-086AA05E.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DFRGNTFS.EXE-38C3807C.pf -->11/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DRIVERCTRL.EXE-0E2C6689.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DRWTSN32.EXE-01DDCF15.pf -->14/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DUMPREP.EXE-0AF2BF67.pf -->10/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DWWIN.EXE-2C373FB7.pf -->14/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\EXCEL.EXE-2055DCA9.pf -->28/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf -->14/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FLASHGET.EXE-080AD7E9.pf -->01/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\GRPCONV.EXE-375690AD.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HELPSVC.EXE-1C192440.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IDENTITY.EXE-03DBEB95.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IDRIVER.EXE-1DCF1A9D.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IEDW.EXE-0F1DF43F.pf -->14/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IESHOW.EXE-1D3D0F51.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IMAPI.EXE-201490BB.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\INSTALL.EXE-3AEF1D3F.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\Layout.ini -->14/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LIVESRV.EXE-366DC850.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LOGON.SCR-24ADF392.pf -->14/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LSASS.EXE-306A65C3.pf -->04/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LSETUP.EXE-0248AF55.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LUCOMS~1.EXE-1DF6F3E9.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LUSETUP.EXE-28C3941D.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSI1D.TMP-09E05C1B.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSI20.TMP-1635ABBB.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSI23.TMP-0E629313.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSI24.TMP-05018098.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSI25.TMP-34CA0DA8.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSI26.TMP-1A34D00A.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSI27.TMP-1F96BE36.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSI28.TMP-2F681F7C.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSI29.TMP-0A636EC4.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSI30.TMP-0A4CCE05.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSIEXEC.EXE-330626DC.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSTORDB.EXE-27453AE2.pf -->29/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MUSICMESERVICE.EXE-116EB45B.pf -->05/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NETSH.EXE-23AED181.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NMBGMONITOR.EXE-230CE960.pf -->13/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NMINDEXSTORESVR.EXE-13F11D87.pf -->13/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NOTEPAD.EXE-2F2D61E1.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\OUTLOOK.EXE-1C54BEEA.pf -->06/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PAPRPORT.EXE-0F2CFC8F.pf -->28/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PATCH_~1.EXE-10593B9D.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PCHFLTR.EXE-041814A1.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\POWERPNT.EXE-2EEF88AA.pf -->02/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PPLINKS.EXE-376E4727.pf -->28/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REGEDIT.EXE-2AE3423E.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-3C500167.pf -->29/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-3D479208.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-3DF851BD.pf -->23/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-3E44684F.pf -->31/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-433BF4FC.pf -->10/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-46419E46.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-4653691D.pf -->11/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-4666F599.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-46D7B5BB.pf -->12/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-4AA62846.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-4B4A642B.pf -->11/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-4C9A0F4D.pf -->01/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-4FF9832D.pf -->10/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-5610C3EA.pf -->12/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-584788E9.pf -->28/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-60FE337D.pf -->04/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-61C2BDB5.pf -->09/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-6455975B.pf -->31/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-650D9C14.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-691690D5.pf -->23/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-6A046DA4.pf -->23/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-6D570F0B.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-6DF739B2.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-6E8D4657.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNONCE.EXE-01CA3A2F.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SAFEXP.EXE-21853345.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SECCENTER.EXE-31DA92EB.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SERVICES.EXE-3019B50A.pf -->04/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SETLOADORDER.EXE-37B900E8.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SETUP.EXE-014C4BC5.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SETUP.EXE-2F6E67C3.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SETUP_WM.EXE-02751BCA.pf -->10/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SEVINST.EXE-31E05103.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SNETCFG.EXE-0355B4D0.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SOUNDMAN.EXE-2979F3F4.pf -->04/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SSBKGDUPDATE.EXE-2109723C.pf -->04/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SVCHOST.EXE-2D5FBD18.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SYMANT~1.EXE-3A7C42DF.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\TASKMGR.EXE-06144C13.pf -->11/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\TASKSWITCHXP.EXE-19BF09F3.pf -->04/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UISCAN.EXE-0AD9F845.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UPGREPL.EXE-07704B73.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\VERCLSID.EXE-28F52AD2.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\VIRUS.EXE-0F578F79.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\VLC.EXE-02F29DFD.pf -->14/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\VSSERV.EXE-254EFAEB.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WEB-MEDIAPLAYER_SETUP[1].EXE-3B909F9A.pf -->14/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WEBVACUUMFREE.EXE-04540FFF.pf -->14/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINLOGON.EXE-0957F9B2.pf -->04/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINRAR.EXE-0AA31BB9.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINWORD.EXE-33AEA629.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WJQS.EXE-0B8903CB.pf -->14/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMIADAP.EXE-32F99497.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMIPRVSE.EXE-0D449B4F.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMPLAYER.EXE-1ACCF804.pf -->14/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMPLAYER.EXE-1ACCF80B.pf -->11/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMPLAYER.EXE-1ACCF80C.pf -->25/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WUAUCLT.EXE-1360D60A.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\XCOMMSVR.EXE-28D5134B.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\XPIZE_LOGON.EXE-00125B7D.pf -->15/04/2009

---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll

---\\ Export authorized application key (O47)
O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export - "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
O47 - AAKE:Key Export - "C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export - "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

---\\ Local Security Authority-LSA Deny (O48)
O48 - LSA:Local Security Authority Authentication Packages - C:\WINDOWS\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages - C:\WINDOWS\System32\scecli.dll

---\\ Safe Boot Control (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vgasave.sys

---\\ Image File Execution Options (IFEO) (O50)
O50 - IEFO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d

End of the scan:
0
Réponse 6 / 44
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
bien ...

commence par ceci :

Télécharge ToolBar S&D ( de Eric_71/Team IDN ) sur ton bureau :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

( Tuto : https://sites.google.com/site/toolbarsd/aideenimages )

!! Déconnecte toi et ferme toutes tes applications en cours le temps de la manipe !!

* Double-clique sur ToolBar SD.exe pour lancer l'outil et laisse toi guider ...
--> Tapes directement sur 2 ( option " suppression " ) puis tape sur [Entrée].

Le nettoyage commence .

! ne touche à rien lors de la suppression !

Un rapport sera généré à la fin du processus : poste son contenu dans ta prochaine réponse
pour analyse ...

( le rapport est en outre sauvegardé ici -> C:\TB.txt )

refais également un nouveau scan ZHPDiag et poste le nouveau rapport obtenu ....

0
Réponse 7 / 44
drums03 Messages postés 28 Statut Membre
 
la suite ...

-----------\\ ToolBar S&D 1.2.8 XP/Vista

"C:\WINDOWS" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 15/04/2009|14:41 )

-----------\\ ...

Commande ECHO d‚sactiv‚e.

--------------------\\

Commande ECHO d‚sactiv‚e.

1 - "C:\WINDOWS\TB_1.txt" - 15/04/2009|14:39 - Option : [2]
2 - "C:\WINDOWS\TB_2.txt" - 15/04/2009|14:40 - Option : [1]
3 - "C:\WINDOWS\TB_3.txt" - 15/04/2009|14:41 - Option : [2]

-----------\\ 14:41:08,87
0
Réponse 8 / 44
drums03 Messages postés 28 Statut Membre
 
Je suis obligé de couper le rapport en deux :

Rapport de ZHPDiag v1.17 par Nicolas Coolman
Enregistré le 15/04/2009 14:42:29
Platform : Microsoft Windows XP (5.1.2600) Service Pack 2
MSIE: Internet Explorer v6.0.2900.2180

---\\ Processus lancés
SOUNDMAN.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brctrcen.exe
C:\WINDOWS\system32\NeroCheck.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\services.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\spoolsv.exe

---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm

---\\ Browser Helper Objects de navigateur(O2)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (not file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

---\\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data="1"
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk - D:\WINDOWS\Installer\{29F15D3F-5B37-44DB-BB89-390B3AD1404E}\NewShortcut1.exe

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra 'Tools' menuitem: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFBARH.ICO
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe,128
O9 - Extra 'Tools' menuitem: FlashGet - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\FlashGet\FlashGet.exe,128
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFBARH.ICO
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe,128

---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: C:\WINDOWS\system32\NavLogon.dll

---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: DefWatch (DefWatch) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Spouleur d'impression (Spooler) - C:\WINDOWS\system32\spoolsv.exe

---\\ Composants installés (ActiveSetup Installed Components) (040)
O40 - ASIC: Microsoft Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE
O40 - ASIC: Personnalisation du navigateur - {60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Outlook Express - {881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
O40 - ASIC: Rendu VML (Vector Graphics Rendering) - {10072CEC-8CC1-11D1-986E-00A0C955B42F} - (not file)
O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: Lecteur Windows Media Microsoft 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: DirectAnimation - {283807B5-2C60-11D0-A31D-00AA00B92C03} - C:\WINDOWS\system32\danim.dll
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll
O40 - ASIC: Liaison de données Dynamic HTML pour Java - {36f8ec70-c29a-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Logiciel de navigation hors connexion - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Uniscribe - {3bf42070-b3b1-11d1-b5c5-0000f8051515} - (not file)
O40 - ASIC: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) - {411EDCF7-755D-414E-A74B-3DCD6583F589} - (not file)
O40 - ASIC: Création avancée - {4278c270-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
O40 - ASIC: DirectShow - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Aide sur Internet Explorer - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Classes Java DirectAnimation - {4f216970-c90c-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.6 - {4F645220-306D-11D2-995D-00C04F98BBC9} - (not file)
O40 - ASIC: (no name) - {5A8D6EE0-3E18-11D0-821E-444553540000} - (not file)
O40 - ASIC: Outils d'installation Internet Explorer - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Améliorations pour la navigation - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
O40 - ASIC: Accès au site MSN - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: Web Folders - {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Carnet d'adresses 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
O40 - ASIC: Mise à jour du Bureau Windows - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer 6 - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
O40 - ASIC: Microsoft .NET Framework 1.1 Hotfix (KB928366) - {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - (not file)
O40 - ASIC: Liaison de données Dynamic HTML - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: (no name) - {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - (not file)
O40 - ASIC: Polices de base Internet Explorer - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: .NET Framework - {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - (not file)
O40 - ASIC: Planificateur de tâches - {CC2A9BA0-3BDD-11D0-821E-444553540000} - (not file)
O40 - ASIC: (no name) - {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - (not file)
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx
O40 - ASIC: Aide HTML - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)

---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: Suppresseur d'écho acoustique (Noyau Microsoft) (aec) - C:\WINDOWS\system32\drivers\aec.sys
O41 - Driver: Service for Realtek AC97 Audio (WDM) (ALCXWDM) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
O41 - Driver: Pilote de média asynchrone RAS (AsyncMac) - C:\WINDOWS\system32\DRIVERS\asyncmac.sys
O41 - Driver: (no object) (ati2mtag) - C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
O41 - Driver: Protocole client ATM ARP (Atmarpc) - C:\WINDOWS\system32\DRIVERS\atmarpc.sys
O41 - Driver: Pilote audio Stub (audstub) - C:\WINDOWS\system32\DRIVERS\audstub.sys
O41 - Driver: Brother USB Still Image driver (BrScnUsb) - C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
O41 - Driver: (no object) (dmboot) - C:\WINDOWS\System32\drivers\dmboot.sys
O41 - Driver: Pilote de Gestionnaire de disque logique (dmio) - C:\WINDOWS\System32\drivers\dmio.sys
O41 - Driver: (no object) (dmload) - C:\WINDOWS\System32\drivers\dmload.sys
O41 - Driver: Synthétiseur DLS du noyau Microsoft (DMusic) - C:\WINDOWS\system32\drivers\DMusic.sys
O41 - Driver: Filtre de décodeur DRM (Noyau Microsoft) (drmkaud) - C:\WINDOWS\system32\drivers\drmkaud.sys
O41 - Driver: VIA Rhine-Family Fast Ethernet Adapter Driver Service (FETND5BV) - C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
O41 - Driver: FltMgr (FltMgr) - C:\WINDOWS\system32\DRIVERS\fltMgr.sys
O41 - Driver: GMSIPCI (GMSIPCI) - F:\INSTALL\GMSIPCI.SYS
O41 - Driver: Classificateur de paquets générique (Gpc) - C:\WINDOWS\system32\DRIVERS\msgpc.sys
O41 - Driver: Pilote pour clavier i8042 et souris sur port PS/2 (i8042prt) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
O41 - Driver: Pilote de processeur Intel (intelppm) - C:\WINDOWS\system32\DRIVERS\intelppm.sys
O41 - Driver: Pilote du pare-feu Windows IPv6 (Ip6Fw) - C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
O41 - Driver: Pilote de filtre de trafic IP (IpFilterDriver) - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
O41 - Driver: Pilote de tunnelage IP dans IP (IpInIp) - C:\WINDOWS\system32\DRIVERS\ipinip.sys
O41 - Driver: Pilote IPSEC (IPSec) - C:\WINDOWS\system32\DRIVERS\ipsec.sys
O41 - Driver: Service énumérateur IR (IRENUM) - C:\WINDOWS\system32\DRIVERS\irenum.sys
O41 - Driver: Mélangeur audio Wave de noyau Microsoft (kmixer) - C:\WINDOWS\system32\drivers\kmixer.sys
O41 - Driver: Redirecteur client WebDav (MRxDAV) - C:\WINDOWS\system32\DRIVERS\mrxdav.sys
O41 - Driver: MRXSMB (MRxSmb) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
O41 - Driver: Proxy de service de répartition Microsoft (MSKSSRV) - C:\WINDOWS\system32\drivers\MSKSSRV.sys
O41 - Driver: Proxy d'horloge de répartition Microsoft (MSPCLOCK) - C:\WINDOWS\system32\drivers\MSPCLOCK.sys
O41 - Driver: Proxy de gestion de qualité de répartition Microsoft (MSPQM) - C:\WINDOWS\system32\drivers\MSPQM.sys
O41 - Driver: Pilote BIOS de gestion de systèmes Microsoft (mssmbios) - C:\WINDOWS\system32\DRIVERS\mssmbios.sys
O41 - Driver: NAVAP (NAVAP) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys
O41 - Driver: NAVAPEL (NAVAPEL) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS
O41 - Driver: NAVENG (NAVENG) - C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20090414.020\NAVENG.sys
O41 - Driver: NAVEX15 (NAVEX15) - C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20090414.020\NAVEX15.sys
O41 - Driver: Pilote TAPI NDIS d'accès distant (NdisTapi) - C:\WINDOWS\system32\DRIVERS\ndistapi.sys
O41 - Driver: NDIS mode utilisateur E/S Protocole (Ndisuio) - C:\WINDOWS\system32\DRIVERS\ndisuio.sys
O41 - Driver: Pilote réseau étendu NDIS d'accès distant (NdisWan) - C:\WINDOWS\system32\DRIVERS\ndiswan.sys
O41 - Driver: Interface NetBIOS (NetBIOS) - C:\WINDOWS\system32\DRIVERS\netbios.sys
O41 - Driver: NetBIOS sur TCP/IP (NetBT) - C:\WINDOWS\system32\DRIVERS\netbt.sys
O41 - Driver: Pilote de filtre de trafic IPX (NwlnkFlt) - C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
O41 - Driver: Pilote de transfert de trafic IPX (NwlnkFwd) - C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
O41 - Driver: Miniport réseau étendu (PPTP) (PptpMiniport) - C:\WINDOWS\system32\DRIVERS\raspptp.sys
O41 - Driver: Profos (Profos) - C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys
O41 - Driver: Planificateur de paquets QoS (PSched) - C:\WINDOWS\system32\DRIVERS\psched.sys
O41 - Driver: Pilote de liaison parallèle directe (Ptilink) - C:\WINDOWS\system32\DRIVERS\ptilink.sys
O41 - Driver: Pilote de connexion automatique d'accès distant (RasAcd) - C:\WINDOWS\system32\DRIVERS\rasacd.sys
O41 - Driver: Miniport réseau étendu (L2TP) (Rasl2tp) - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
O41 - Driver: Pilote PPPOE d'accès à distance (RasPppoe) - C:\WINDOWS\system32\DRIVERS\raspppoe.sys
O41 - Driver: Parallèle direct (Raspti) - C:\WINDOWS\system32\DRIVERS\raspti.sys
O41 - Driver: Rdbss (Rdbss) - C:\WINDOWS\system32\DRIVERS\rdbss.sys
O41 - Driver: Pilote de redirecteur de périphérique Terminal Server (rdpdr) - C:\WINDOWS\system32\DRIVERS\rdpdr.sys
O41 - Driver: Pilote de filtre de lecture digitale de CD audio (redbook) - C:\WINDOWS\system32\DRIVERS\redbook.sys
O41 - Driver: Secdrv (Secdrv) - C:\WINDOWS\system32\DRIVERS\secdrv.sys
O41 - Driver: Pilote de filtre Serenum (serenum) - C:\WINDOWS\system32\DRIVERS\serenum.sys
O41 - Driver: Splitter audio du noyau Microsoft (splitter) - C:\WINDOWS\system32\drivers\splitter.sys
O41 - Driver: Pilote de filtre de restauration système (sr) - C:\WINDOWS\system32\DRIVERS\sr.sys
O41 - Driver: Srv (Srv) - C:\WINDOWS\system32\DRIVERS\srv.sys
O41 - Driver: Pilote de bus logiciel (swenum) - C:\WINDOWS\system32\DRIVERS\swenum.sys
O41 - Driver: Synthétiseur de table de sons GC noyau Microsoft (swmidi) - C:\WINDOWS\system32\drivers\swmidi.sys
O41 - Driver: (no object) (SymEvent) - C:\Program Files\Symantec\SYMEVENT.SYS
O41 - Driver: Périphérique audio système du noyau Microsoft (sysaudio) - C:\WINDOWS\system32\drivers\sysaudio.sys
O41 - Driver: Pilote du protocole TCP/IP (Tcpip) - C:\WINDOWS\system32\DRIVERS\tcpip.sys
O41 - Driver: Trufos (Trufos) - C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys
O41 - Driver: Pilote de mise à jour microcode (Update) - C:\WINDOWS\system32\DRIVERS\update.sys
O41 - Driver: Pilote parent générique USB Microsoft (usbccgp) - C:\WINDOWS\system32\DRIVERS\usbccgp.sys
O41 - Driver: Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0 (usbehci) - C:\WINDOWS\system32\DRIVERS\usbehci.sys
O41 - Driver: Pilote de concentrateur standard USB Microsoft (usbhub) - C:\WINDOWS\system32\DRIVERS\usbhub.sys
O41 - Driver: Classe d'imprimantes USB Microsoft (usbprint) - C:\WINDOWS\system32\DRIVERS\usbprint.sys
O41 - Driver: Pilote de stockage de masse USB (usbstor) - C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
O41 - Driver: Pilote miniport de contrôleur hôte universel USB Microsoft (usbuhci) - C:\WINDOWS\system32\DRIVERS\usbuhci.sys
O41 - Driver: VIA AGP Filter (viaagp1) - C:\WINDOWS\system32\DRIVERS\viaagp1.sys
O41 - Driver: (no object) (viamraid) - C:\WINDOWS\system32\DRIVERS\viamraid.sys
O41 - Driver: Marvell Libertas 802.11b/g Driver for Windows XP (8335) (W8335XP) - C:\WINDOWS\system32\DRIVERS\MRV8335XP.sys
O41 - Driver: Pilote ARP IP d'accès distant (Wanarp) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O41 - Driver: Pilote WINMM de compatibilité audio WDM Microsoft (wdmaud) - C:\WINDOWS\system32\drivers\wdmaud.sys
O41 - Driver: (no object) (WinDriver6) - C:\WINDOWS\system32\drivers\windrvr6.sys
O41 - Driver: BitDefender Firewall NDIS Filter Service (Bdfndisf) - C:\WINDOWS\system32\DRIVERS\bdfndisf.sys
O41 - Driver: BDSelfPr (BDSelfPr) - C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys

---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player 10 ActiveX
O42 - Logiciel: Burn4Free CD and DVD
O42 - Logiciel: CCleaner (remove only)
O42 - Logiciel: Daniusoft Digital Media Converter(Build 2.0.24)
O42 - Logiciel: FlashGet 1.8.2.1001
O42 - Logiciel: HijackThis 2.0.2
O42 - Logiciel: LiveUpdate 1.7 (Symantec Corporation)
O42 - Logiciel: Microsoft .NET Framework 1.1 Hotfix (KB928366)
O42 - Logiciel: Malwarebytes' Anti-Malware
O42 - Logiciel: Microsoft .NET Framework 1.1
O42 - Logiciel: TaskSwitchXP
O42 - Logiciel: VideoLAN VLC media player 0.8.6a
O42 - Logiciel: VIA Rhine-Family Fast Ethernet Adapter
O42 - Logiciel: Archiveur WinRAR
O42 - Logiciel: XPize 4.2 MCE BETA
O42 - Logiciel: Symantec AntiVirus Client
O42 - Logiciel: CAS Interface Studio 8.6b
O42 - Logiciel: PaperPort Image Printer
O42 - Logiciel: Lecteur musicMe
O42 - Logiciel: MSXML 4.0 SP2 (KB954430)
O42 - Logiciel: Microsoft Office Professional Edition 2003
O42 - Logiciel: Brother MFL-Pro Suite
O42 - Logiciel: Adobe Reader 7.0 - Français
O42 - Logiciel: ScanSoft PaperPort 11
O42 - Logiciel: Nero 7 Demo
O42 - Logiciel: Realtek AC'97 Audio

---\\ Contenu des dossiers Fichiers Communs (O43)
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Adobe
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Ahead
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\BitDefender
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\DESIGNER
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\InstallShield
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Microsoft Shared
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\MSSoap
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\ODBC
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\ScanSoft Shared
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Services
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\SpeechEngines
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Symantec Shared
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\System

---\\ Derniers fichiers modifiés ou crées sous System32 (O44)
O44 - LFC:Last File Created - C:\WINDOWS\System32\$winnt$.inf -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\amcompat.tlb -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\bdod.bin -->15/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\bridf07a.dat -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\cdplayer.exe.manifest -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\CONFIG.NT -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\emptyregdb.dat -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\FNTCACHE.DAT -->15/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\h323log.txt -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\logonui.exe.manifest -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\mrt.exe -->25/02/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ncpa.cpl.manifest -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nscompat.tlb -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nwc.cpl.manifest -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfc009.dat -->15/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfc00C.dat -->15/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfh009.dat -->15/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfh00C.dat -->15/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\PerfStringBackup.INI -->15/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\S32EVNT1.DLL -->15/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\sapi.cpl.manifest -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\SYMEVNT.386 -->15/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\TZLog.log -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\uxtheme.dll -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\win32k.sys -->09/02/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\WindowsLogon.manifest -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\wpa.dbl -->13/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\wuaucpl.cpl.manifest -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\mbam.sys -->06/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->06/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\SYMEVENT.SYS -->15/04/2009

---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ACRORD32.EXE-1CE22EA3.pf -->14/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-10255AA7.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\BDAGENT.EXE-2A4EFA13.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\BDWIZREG.EXE-03AB9F60.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CHCP.COM-17EDBDC9.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CMD.EXE-034B0549.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DEFRAG.EXE-2858C7E2.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DFRGNTFS.EXE-38C3807C.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FIND.EXE-0EEAD1A7.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HELPSVC.EXE-1C192440.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IMAPI.EXE-201490BB.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\Layout.ini -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LIVESRV.EXE-366DC850.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LOGON.SCR-24ADF392.pf -->14/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LUCOMS~1.EXE-1DF6F3E9.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MODE.COM-318FFE37.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSIEXEC.EXE-330626DC.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NOTEPAD.EXE-2F2D61E1.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-6E8D4657.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNONCE.EXE-01CA3A2F.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SECCENTER.EXE-31DA92EB.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SNETCFG.EXE-0355B4D0.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SVCHOST.EXE-2D5FBD18.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\TOOLBARSD.EXE-29B5574E.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UISCAN.EXE-0AD9F845.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UPGREPL.EXE-07704B73.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\VERCLSID.EXE-28F52AD2.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\VLC.EXE-02F29DFD.pf -->14/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\VSSERV.EXE-254EFAEB.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WEBVACUUMFREE.EXE-04540FFF.pf -->14/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINRAR.EXE-0AA31BB9.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINWORD.EXE-33AEA629.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMIADAP.EXE-32F99497.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMIPRVSE.EXE-0D449B4F.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WUAUCLT.EXE-1360D60A.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\XCOMMSVR.EXE-28D5134B.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\XPIZE_LOGON.EXE-00125B7D.pf -->15/04/2009

---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll

---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export - "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
O47 - AAKE:Key Export - "C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export - "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

---\\ Déni du service LSA (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Authentication Packages - C:\WINDOWS\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages - C:\WINDOWS\System32\scecli.dll

---\\ Contrôle du Safe Boot (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vgasave.sys

---\\ Image File Execution Options (IFEO) (O50)
O50 - IEFO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d

End of the scan:
Rapport de ZHPDiag v1.17 par Nicolas Coolman
Enregistré le 15/04/2009 14:42:29
Platform : Microsoft Windows XP (5.1.2600) Service Pack 2
MSIE: Internet Explorer v6.0.2900.2180

---\\ Processus lancés
SOUNDMAN.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brctrcen.exe
C:\WINDOWS\system32\NeroCheck.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\services.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\spoolsv.exe

---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm

---\\ Browser Helper Objects de navigateur(O2)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (not file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

---\\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data="1"
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk - D:\WINDOWS\Installer\{29F15D3F-5B37-44DB-BB89-390B3AD1404E}\NewShortcut1.exe

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra 'Tools' menuitem: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFBARH.ICO
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe,128
O9 - Extra 'Tools' menuitem: FlashGet - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\FlashGet\FlashGet.exe,128
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFBARH.ICO
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe,128

---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: C:\WINDOWS\system32\NavLogon.dll

---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: DefWatch (DefWatch) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Spouleur d'impression (Spooler) - C:\WINDOWS\system32\spoolsv.exe
0
Réponse 9 / 44
drums03 Messages postés 28 Statut Membre
 
Voici la dernière partie,
merci encore

---\\ Composants installés (ActiveSetup Installed Components) (040)
O40 - ASIC: Microsoft Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE
O40 - ASIC: Personnalisation du navigateur - {60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Outlook Express - {881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
O40 - ASIC: Rendu VML (Vector Graphics Rendering) - {10072CEC-8CC1-11D1-986E-00A0C955B42F} - (not file)
O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: Lecteur Windows Media Microsoft 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: DirectAnimation - {283807B5-2C60-11D0-A31D-00AA00B92C03} - C:\WINDOWS\system32\danim.dll
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll
O40 - ASIC: Liaison de données Dynamic HTML pour Java - {36f8ec70-c29a-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Logiciel de navigation hors connexion - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Uniscribe - {3bf42070-b3b1-11d1-b5c5-0000f8051515} - (not file)
O40 - ASIC: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) - {411EDCF7-755D-414E-A74B-3DCD6583F589} - (not file)
O40 - ASIC: Création avancée - {4278c270-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
O40 - ASIC: DirectShow - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Aide sur Internet Explorer - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Classes Java DirectAnimation - {4f216970-c90c-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.6 - {4F645220-306D-11D2-995D-00C04F98BBC9} - (not file)
O40 - ASIC: (no name) - {5A8D6EE0-3E18-11D0-821E-444553540000} - (not file)
O40 - ASIC: Outils d'installation Internet Explorer - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Améliorations pour la navigation - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
O40 - ASIC: Accès au site MSN - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: Web Folders - {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Carnet d'adresses 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
O40 - ASIC: Mise à jour du Bureau Windows - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer 6 - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
O40 - ASIC: Microsoft .NET Framework 1.1 Hotfix (KB928366) - {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - (not file)
O40 - ASIC: Liaison de données Dynamic HTML - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: (no name) - {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - (not file)
O40 - ASIC: Polices de base Internet Explorer - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: .NET Framework - {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - (not file)
O40 - ASIC: Planificateur de tâches - {CC2A9BA0-3BDD-11D0-821E-444553540000} - (not file)
O40 - ASIC: (no name) - {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - (not file)
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx
O40 - ASIC: Aide HTML - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)

---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: Suppresseur d'écho acoustique (Noyau Microsoft) (aec) - C:\WINDOWS\system32\drivers\aec.sys
O41 - Driver: Service for Realtek AC97 Audio (WDM) (ALCXWDM) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
O41 - Driver: Pilote de média asynchrone RAS (AsyncMac) - C:\WINDOWS\system32\DRIVERS\asyncmac.sys
O41 - Driver: (no object) (ati2mtag) - C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
O41 - Driver: Protocole client ATM ARP (Atmarpc) - C:\WINDOWS\system32\DRIVERS\atmarpc.sys
O41 - Driver: Pilote audio Stub (audstub) - C:\WINDOWS\system32\DRIVERS\audstub.sys
O41 - Driver: Brother USB Still Image driver (BrScnUsb) - C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
O41 - Driver: (no object) (dmboot) - C:\WINDOWS\System32\drivers\dmboot.sys
O41 - Driver: Pilote de Gestionnaire de disque logique (dmio) - C:\WINDOWS\System32\drivers\dmio.sys
O41 - Driver: (no object) (dmload) - C:\WINDOWS\System32\drivers\dmload.sys
O41 - Driver: Synthétiseur DLS du noyau Microsoft (DMusic) - C:\WINDOWS\system32\drivers\DMusic.sys
O41 - Driver: Filtre de décodeur DRM (Noyau Microsoft) (drmkaud) - C:\WINDOWS\system32\drivers\drmkaud.sys
O41 - Driver: VIA Rhine-Family Fast Ethernet Adapter Driver Service (FETND5BV) - C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
O41 - Driver: FltMgr (FltMgr) - C:\WINDOWS\system32\DRIVERS\fltMgr.sys
O41 - Driver: GMSIPCI (GMSIPCI) - F:\INSTALL\GMSIPCI.SYS
O41 - Driver: Classificateur de paquets générique (Gpc) - C:\WINDOWS\system32\DRIVERS\msgpc.sys
O41 - Driver: Pilote pour clavier i8042 et souris sur port PS/2 (i8042prt) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
O41 - Driver: Pilote de processeur Intel (intelppm) - C:\WINDOWS\system32\DRIVERS\intelppm.sys
O41 - Driver: Pilote du pare-feu Windows IPv6 (Ip6Fw) - C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
O41 - Driver: Pilote de filtre de trafic IP (IpFilterDriver) - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
O41 - Driver: Pilote de tunnelage IP dans IP (IpInIp) - C:\WINDOWS\system32\DRIVERS\ipinip.sys
O41 - Driver: Pilote IPSEC (IPSec) - C:\WINDOWS\system32\DRIVERS\ipsec.sys
O41 - Driver: Service énumérateur IR (IRENUM) - C:\WINDOWS\system32\DRIVERS\irenum.sys
O41 - Driver: Mélangeur audio Wave de noyau Microsoft (kmixer) - C:\WINDOWS\system32\drivers\kmixer.sys
O41 - Driver: Redirecteur client WebDav (MRxDAV) - C:\WINDOWS\system32\DRIVERS\mrxdav.sys
O41 - Driver: MRXSMB (MRxSmb) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
O41 - Driver: Proxy de service de répartition Microsoft (MSKSSRV) - C:\WINDOWS\system32\drivers\MSKSSRV.sys
O41 - Driver: Proxy d'horloge de répartition Microsoft (MSPCLOCK) - C:\WINDOWS\system32\drivers\MSPCLOCK.sys
O41 - Driver: Proxy de gestion de qualité de répartition Microsoft (MSPQM) - C:\WINDOWS\system32\drivers\MSPQM.sys
O41 - Driver: Pilote BIOS de gestion de systèmes Microsoft (mssmbios) - C:\WINDOWS\system32\DRIVERS\mssmbios.sys
O41 - Driver: NAVAP (NAVAP) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys
O41 - Driver: NAVAPEL (NAVAPEL) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS
O41 - Driver: NAVENG (NAVENG) - C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20090414.020\NAVENG.sys
O41 - Driver: NAVEX15 (NAVEX15) - C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20090414.020\NAVEX15.sys
O41 - Driver: Pilote TAPI NDIS d'accès distant (NdisTapi) - C:\WINDOWS\system32\DRIVERS\ndistapi.sys
O41 - Driver: NDIS mode utilisateur E/S Protocole (Ndisuio) - C:\WINDOWS\system32\DRIVERS\ndisuio.sys
O41 - Driver: Pilote réseau étendu NDIS d'accès distant (NdisWan) - C:\WINDOWS\system32\DRIVERS\ndiswan.sys
O41 - Driver: Interface NetBIOS (NetBIOS) - C:\WINDOWS\system32\DRIVERS\netbios.sys
O41 - Driver: NetBIOS sur TCP/IP (NetBT) - C:\WINDOWS\system32\DRIVERS\netbt.sys
O41 - Driver: Pilote de filtre de trafic IPX (NwlnkFlt) - C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
O41 - Driver: Pilote de transfert de trafic IPX (NwlnkFwd) - C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
O41 - Driver: Miniport réseau étendu (PPTP) (PptpMiniport) - C:\WINDOWS\system32\DRIVERS\raspptp.sys
O41 - Driver: Profos (Profos) - C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys
O41 - Driver: Planificateur de paquets QoS (PSched) - C:\WINDOWS\system32\DRIVERS\psched.sys
O41 - Driver: Pilote de liaison parallèle directe (Ptilink) - C:\WINDOWS\system32\DRIVERS\ptilink.sys
O41 - Driver: Pilote de connexion automatique d'accès distant (RasAcd) - C:\WINDOWS\system32\DRIVERS\rasacd.sys
O41 - Driver: Miniport réseau étendu (L2TP) (Rasl2tp) - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
O41 - Driver: Pilote PPPOE d'accès à distance (RasPppoe) - C:\WINDOWS\system32\DRIVERS\raspppoe.sys
O41 - Driver: Parallèle direct (Raspti) - C:\WINDOWS\system32\DRIVERS\raspti.sys
O41 - Driver: Rdbss (Rdbss) - C:\WINDOWS\system32\DRIVERS\rdbss.sys
O41 - Driver: Pilote de redirecteur de périphérique Terminal Server (rdpdr) - C:\WINDOWS\system32\DRIVERS\rdpdr.sys
O41 - Driver: Pilote de filtre de lecture digitale de CD audio (redbook) - C:\WINDOWS\system32\DRIVERS\redbook.sys
O41 - Driver: Secdrv (Secdrv) - C:\WINDOWS\system32\DRIVERS\secdrv.sys
O41 - Driver: Pilote de filtre Serenum (serenum) - C:\WINDOWS\system32\DRIVERS\serenum.sys
O41 - Driver: Splitter audio du noyau Microsoft (splitter) - C:\WINDOWS\system32\drivers\splitter.sys
O41 - Driver: Pilote de filtre de restauration système (sr) - C:\WINDOWS\system32\DRIVERS\sr.sys
O41 - Driver: Srv (Srv) - C:\WINDOWS\system32\DRIVERS\srv.sys
O41 - Driver: Pilote de bus logiciel (swenum) - C:\WINDOWS\system32\DRIVERS\swenum.sys
O41 - Driver: Synthétiseur de table de sons GC noyau Microsoft (swmidi) - C:\WINDOWS\system32\drivers\swmidi.sys
O41 - Driver: (no object) (SymEvent) - C:\Program Files\Symantec\SYMEVENT.SYS
O41 - Driver: Périphérique audio système du noyau Microsoft (sysaudio) - C:\WINDOWS\system32\drivers\sysaudio.sys
O41 - Driver: Pilote du protocole TCP/IP (Tcpip) - C:\WINDOWS\system32\DRIVERS\tcpip.sys
O41 - Driver: Trufos (Trufos) - C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys
O41 - Driver: Pilote de mise à jour microcode (Update) - C:\WINDOWS\system32\DRIVERS\update.sys
O41 - Driver: Pilote parent générique USB Microsoft (usbccgp) - C:\WINDOWS\system32\DRIVERS\usbccgp.sys
O41 - Driver: Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0 (usbehci) - C:\WINDOWS\system32\DRIVERS\usbehci.sys
O41 - Driver: Pilote de concentrateur standard USB Microsoft (usbhub) - C:\WINDOWS\system32\DRIVERS\usbhub.sys
O41 - Driver: Classe d'imprimantes USB Microsoft (usbprint) - C:\WINDOWS\system32\DRIVERS\usbprint.sys
O41 - Driver: Pilote de stockage de masse USB (usbstor) - C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
O41 - Driver: Pilote miniport de contrôleur hôte universel USB Microsoft (usbuhci) - C:\WINDOWS\system32\DRIVERS\usbuhci.sys
O41 - Driver: VIA AGP Filter (viaagp1) - C:\WINDOWS\system32\DRIVERS\viaagp1.sys
O41 - Driver: (no object) (viamraid) - C:\WINDOWS\system32\DRIVERS\viamraid.sys
O41 - Driver: Marvell Libertas 802.11b/g Driver for Windows XP (8335) (W8335XP) - C:\WINDOWS\system32\DRIVERS\MRV8335XP.sys
O41 - Driver: Pilote ARP IP d'accès distant (Wanarp) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O41 - Driver: Pilote WINMM de compatibilité audio WDM Microsoft (wdmaud) - C:\WINDOWS\system32\drivers\wdmaud.sys
O41 - Driver: (no object) (WinDriver6) - C:\WINDOWS\system32\drivers\windrvr6.sys
O41 - Driver: BitDefender Firewall NDIS Filter Service (Bdfndisf) - C:\WINDOWS\system32\DRIVERS\bdfndisf.sys
O41 - Driver: BDSelfPr (BDSelfPr) - C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys

---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player 10 ActiveX
O42 - Logiciel: Burn4Free CD and DVD
O42 - Logiciel: CCleaner (remove only)
O42 - Logiciel: Daniusoft Digital Media Converter(Build 2.0.24)
O42 - Logiciel: FlashGet 1.8.2.1001
O42 - Logiciel: HijackThis 2.0.2
O42 - Logiciel: LiveUpdate 1.7 (Symantec Corporation)
O42 - Logiciel: Microsoft .NET Framework 1.1 Hotfix (KB928366)
O42 - Logiciel: Malwarebytes' Anti-Malware
O42 - Logiciel: Microsoft .NET Framework 1.1
O42 - Logiciel: TaskSwitchXP
O42 - Logiciel: VideoLAN VLC media player 0.8.6a
O42 - Logiciel: VIA Rhine-Family Fast Ethernet Adapter
O42 - Logiciel: Archiveur WinRAR
O42 - Logiciel: XPize 4.2 MCE BETA
O42 - Logiciel: Symantec AntiVirus Client
O42 - Logiciel: CAS Interface Studio 8.6b
O42 - Logiciel: PaperPort Image Printer
O42 - Logiciel: Lecteur musicMe
O42 - Logiciel: MSXML 4.0 SP2 (KB954430)
O42 - Logiciel: Microsoft Office Professional Edition 2003
O42 - Logiciel: Brother MFL-Pro Suite
O42 - Logiciel: Adobe Reader 7.0 - Français
O42 - Logiciel: ScanSoft PaperPort 11
O42 - Logiciel: Nero 7 Demo
O42 - Logiciel: Realtek AC'97 Audio

---\\ Contenu des dossiers Fichiers Communs (O43)
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Adobe
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Ahead
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\BitDefender
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\DESIGNER
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\InstallShield
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Microsoft Shared
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\MSSoap
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\ODBC
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\ScanSoft Shared
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Services
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\SpeechEngines
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Symantec Shared
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\System

---\\ Derniers fichiers modifiés ou crées sous System32 (O44)
O44 - LFC:Last File Created - C:\WINDOWS\System32\$winnt$.inf -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\amcompat.tlb -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\bdod.bin -->15/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\bridf07a.dat -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\cdplayer.exe.manifest -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\CONFIG.NT -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\emptyregdb.dat -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\FNTCACHE.DAT -->15/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\h323log.txt -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\logonui.exe.manifest -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\mrt.exe -->25/02/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ncpa.cpl.manifest -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nscompat.tlb -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nwc.cpl.manifest -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfc009.dat -->15/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfc00C.dat -->15/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfh009.dat -->15/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfh00C.dat -->15/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\PerfStringBackup.INI -->15/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\S32EVNT1.DLL -->15/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\sapi.cpl.manifest -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\SYMEVNT.386 -->15/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\TZLog.log -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\uxtheme.dll -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\win32k.sys -->09/02/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\WindowsLogon.manifest -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\wpa.dbl -->13/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\wuaucpl.cpl.manifest -->24/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\mbam.sys -->06/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->06/04/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\SYMEVENT.SYS -->15/04/2009

---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ACRORD32.EXE-1CE22EA3.pf -->14/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-10255AA7.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\BDAGENT.EXE-2A4EFA13.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\BDWIZREG.EXE-03AB9F60.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CHCP.COM-17EDBDC9.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CMD.EXE-034B0549.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DEFRAG.EXE-2858C7E2.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DFRGNTFS.EXE-38C3807C.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FIND.EXE-0EEAD1A7.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HELPSVC.EXE-1C192440.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IMAPI.EXE-201490BB.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\Layout.ini -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LIVESRV.EXE-366DC850.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LOGON.SCR-24ADF392.pf -->14/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LUCOMS~1.EXE-1DF6F3E9.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MODE.COM-318FFE37.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSIEXEC.EXE-330626DC.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NOTEPAD.EXE-2F2D61E1.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-6E8D4657.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNONCE.EXE-01CA3A2F.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SECCENTER.EXE-31DA92EB.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SNETCFG.EXE-0355B4D0.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SVCHOST.EXE-2D5FBD18.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\TOOLBARSD.EXE-29B5574E.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UISCAN.EXE-0AD9F845.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UPGREPL.EXE-07704B73.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\VERCLSID.EXE-28F52AD2.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\VLC.EXE-02F29DFD.pf -->14/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\VSSERV.EXE-254EFAEB.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WEBVACUUMFREE.EXE-04540FFF.pf -->14/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINRAR.EXE-0AA31BB9.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINWORD.EXE-33AEA629.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMIADAP.EXE-32F99497.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMIPRVSE.EXE-0D449B4F.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WUAUCLT.EXE-1360D60A.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\XCOMMSVR.EXE-28D5134B.pf -->15/04/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\XPIZE_LOGON.EXE-00125B7D.pf -->15/04/2009

---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll

---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export - "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
O47 - AAKE:Key Export - "C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export - "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

---\\ Déni du service LSA (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Authentication Packages - C:\WINDOWS\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages - C:\WINDOWS\System32\scecli.dll

---\\ Contrôle du Safe Boot (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vgasave.sys

---\\ Image File Execution Options (IFEO) (O50)
O50 - IEFO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d

End of the scan:
0
Réponse 10 / 44
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
re,

le rapport Toolbar S&D n'est pas posté en entier , peux tu me le reposter stp ? ....

0
Réponse 11 / 44
drums03 Messages postés 28 Statut Membre
 
je n'ai obtenu que cela;

-----------\\ ToolBar S&D 1.2.8 XP/Vista

"C:\WINDOWS" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 15/04/2009|15:55 )

-----------\\ ...

Commande ECHO d‚sactiv‚e.

--------------------\\

Commande ECHO d‚sactiv‚e.

1 - "C:\WINDOWS\TB_1.txt" - 15/04/2009|14:39 - Option : [2]
2 - "C:\WINDOWS\TB_2.txt" - 15/04/2009|14:40 - Option : [1]
3 - "C:\WINDOWS\TB_3.txt" - 15/04/2009|14:41 - Option : [2]
4 - "C:\WINDOWS\TB_4.txt" - 15/04/2009|15:54 - Option : [1]
5 - "C:\WINDOWS\TB_5.txt" - 15/04/2009|15:55 - Option : [2]

-----------\\ 15:55:23,67
0
Réponse 12 / 44
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
bon ... pas marché ...

on va changer le fusil d'épaule ...

dans l'ordre :

1- Télécharge SkeRoot ( = Rooter de l'équipe IDN que j'ai préalablement renommé ) sur ton bureau :

> https://www.cjoint.com/?erfVQCWgMM

! Déconnecte toi d'internet et ferme toutes applications en cours !

* Exécute SkeRoot et laisse travailler l'outil .

* Une fois terminé, poste le rapport obtenu pour analyse ...

======================

2- Télécharge SkeG ( = gmer préalablement renommé ) sur le bureau :

> https://www.cjoint.com/?erfWrH8svu

* Double-clique sur SkeG.exe sur le bureau. Si ton antivirus réagit, ne t'inquiète pas et ignore l'alerte.
* Clique sur l'onglet "rootkit", puis clique sur scan.
* A la fin du scan, clique sur le bouton copy.
* Dans démarrer>programmes>accessoires : ouvre le bloc-note et clique sur CTRL+V afin de copier le rapport dans ce même bloc-note.
* poste le rapport stp ...

0
Réponse 13 / 44
drums03 Messages postés 28 Statut Membre
 
en espérant que c'est ce que vous voulez...

15/04/2009|16:38

----------------------\\ Processes..

----------------------\\ Search..

----------------------\\ ROOTKIT !!

----------------------\\ Cracks & Keygens..

C:\DOCUME~1\ADMINI~1\Mes documents\r‚mi\remi\info\STOMP RECORDNOW MAX CRACK 4.50.exe
C:\DOCUME~1\ADMINI~1\Mes documents\r‚mi\remi\info\ACDSee.v9.0.Photo.Manager.Incl.Keygen-SSG\++Wichtig - Lesen - readme - www.goldesel.6x.to++.txt
C:\DOCUME~1\ADMINI~1\Mes documents\r‚mi\remi\info\ACDSee.v9.0.Photo.Manager.Incl.Keygen-SSG\keygen.rar
C:\DOCUME~1\ADMINI~1\Mes documents\r‚mi\remi\info\ACDSee.v9.0.Photo.Manager.Incl.Keygen-SSG\setup.exe
C:\DOCUME~1\ADMINI~1\Mes documents\r‚mi\remi\info\MAGIX_Photos_Sur_CD_Et_DVD_v4.04_E-Version_Keygen_Only_FRENCH-BS\magix_photos\MAGIX_Photos_sur_CD_et_DVD_4.04.exe
C:\DOCUME~1\ADMINI~1\Mes documents\r‚mi\remi\info\Microsoft Photo Story 3\Magix Photo Story 2004 Build 2.0 E-Version Crack Keygen Serial.exe
C:\DOCUME~1\ADMINI~1\Mes documents\r‚mi\remi\info\Microsoft Photo Story 3\Memory on TV + Keygen(1).RAR
C:\DOCUME~1\ADMINI~1\Mes documents\r‚mi\remi\info\Soft_Alcohol_120%_v.1.9.5_3823_Multilenguaje+Crack_Garantizado_Por_Luismi\Alcohol120_retail_1.9.5.3823.exe
C:\DOCUME~1\ADMINI~1\Mes documents\r‚mi\remi\info\Soft_Alcohol_120%_v.1.9.5_3823_Multilenguaje+Crack_Garantizado_Por_Luismi\Crack_Garantizado_Por_Luismi\Activaci¢n_Garantizado_Por_Luism.txt

1 - "C:\WINDOWS\TB_1.txt" - 15/04/2009|14:39 - Option : [2]
2 - "C:\WINDOWS\TB_2.txt" - 15/04/2009|14:40 - Option : [1]
3 - "C:\WINDOWS\TB_3.txt" - 15/04/2009|14:41 - Option : [2]
4 - "C:\WINDOWS\TB_4.txt" - 15/04/2009|15:54 - Option : [1]
5 - "C:\WINDOWS\TB_5.txt" - 15/04/2009|15:55 - Option : [2]
6 - "C:\WINDOWS\Rooter_6.txt" - 15/04/2009|16:39

----------------------\\ Scan completed at 16:39
0
Réponse 14 / 44
drums03 Messages postés 28 Statut Membre
 
voici la suite ...

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-15 16:44:32
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.15 ----

Code 82D6C480 ZwEnumerateKey
Code 82D6B8F8 ZwFlushInstructionCache
Code 82D7AFD6 IofCallDriver
Code 82D7C796 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 82D7AFDB
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 82D7C79B
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D4E 5 Bytes JMP 82D6C484
PAGE ntoskrnl.exe!ZwFlushInstructionCache 8057918C 5 Bytes JMP 82D6B8FC

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\spoolsv.exe[220] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 0097000A
.text C:\WINDOWS\system32\spoolsv.exe[220] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 0098000A
.text C:\WINDOWS\System32\alg.exe[324] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 006F000A
.text C:\WINDOWS\System32\alg.exe[324] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 0070000A
.text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[372] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00A7000A
.text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[372] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 00A8000A
.text C:\WINDOWS\SOUNDMAN.EXE[732] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 009F000A
.text C:\WINDOWS\SOUNDMAN.EXE[732] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 00A0000A
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[744] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00B1000A
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[744] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 00B2000A
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[780] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00A8000A
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[780] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 00A9000A
.text C:\WINDOWS\system32\winlogon.exe[808] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 007A000A
.text C:\WINDOWS\system32\winlogon.exe[808] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 007B000A
.text C:\WINDOWS\system32\services.exe[852] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 006F000A
.text C:\WINDOWS\system32\services.exe[852] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 0071000A
.text C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 006F000A
.text C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 0072000A
.text C:\Program Files\FlashGet\FlashGet.exe[868] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00CC000A
.text C:\Program Files\FlashGet\FlashGet.exe[868] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 00CD000A
.text C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe[992] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 0097000A
.text C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe[992] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 0098000A
.text C:\WINDOWS\system32\ctfmon.exe[996] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 0098000A
.text C:\WINDOWS\system32\ctfmon.exe[996] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 0099000A
.text C:\Program Files\Accessoires\Outils système\TClock\tclock.exe[1048] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00A0000A
.text C:\Program Files\Accessoires\Outils système\TClock\tclock.exe[1048] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 00A1000A
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[1128] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00A5000A
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[1128] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 00A6000A
.text C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe[1188] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 0092000A
.text C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe[1188] ntdll.dll!LdrUnloadDll 7C92718B 3 Bytes JMP 0093000A
.text C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe[1188] ntdll.dll!LdrUnloadDll + 4 7C92718F 1 Byte [84]
.text C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe[1292] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00DA000A
.text C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe[1292] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 00DB000A
.text C:\WINDOWS\Explorer.EXE[1676] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00AB000A
.text C:\WINDOWS\Explorer.EXE[1676] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 00AC000A
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1760] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 0094000A
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1760] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 0095000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2200] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00B3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2200] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 00B4000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2200] WININET.dll!HttpAddRequestHeadersA 77AB40E2 5 Bytes JMP 00BF000C
.text C:\Program Files\Internet Explorer\iexplore.exe[2200] WININET.dll!HttpAddRequestHeadersW 77ABEF14 5 Bytes JMP 00C7000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2200] WS2_32.dll!getaddrinfo 719F2A6F 5 Bytes JMP 00D4F9F0 \\?\globalroot\systemroot\system32\UACputwnheg.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2200] WS2_32.dll!connect 719F406A 5 Bytes JMP 00D508A0 \\?\globalroot\systemroot\system32\UACputwnheg.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2200] WS2_32.dll!send 719F428A 5 Bytes JMP 00D50780 \\?\globalroot\systemroot\system32\UACputwnheg.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2200] WS2_32.dll!gethostbyname 719F4FD4 5 Bytes JMP 00D4FDA0 \\?\globalroot\systemroot\system32\UACputwnheg.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2200] WS2_32.dll!closesocket 719F9639 5 Bytes JMP 00D50A60 \\?\globalroot\systemroot\system32\UACputwnheg.dll
.text C:\Documents and Settings\Administrateur\Bureau\erfWrH8svu_SkeG.exe[2264] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 009E000A
.text C:\Documents and Settings\Administrateur\Bureau\erfWrH8svu_SkeG.exe[2264] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 009F000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[2828] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00B3000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[2828] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 00B4000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[2828] WININET.dll!HttpAddRequestHeadersA 77AB40E2 5 Bytes JMP 00BF000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[2828] WININET.dll!HttpAddRequestHeadersW 77ABEF14 5 Bytes JMP 00C7000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[2828] WS2_32.dll!getaddrinfo 719F2A6F 5 Bytes JMP 00D4F9F0 \\?\globalroot\systemroot\system32\UACputwnheg.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[2828] WS2_32.dll!connect 719F406A 5 Bytes JMP 00D508A0 \\?\globalroot\systemroot\system32\UACputwnheg.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[2828] WS2_32.dll!send 719F428A 5 Bytes JMP 00D50780 \\?\globalroot\systemroot\system32\UACputwnheg.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[2828] WS2_32.dll!gethostbyname 719F4FD4 5 Bytes JMP 00D4FDA0 \\?\globalroot\systemroot\system32\UACputwnheg.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[2828] WS2_32.dll!closesocket 719F9639 5 Bytes JMP 00D50A60 \\?\globalroot\systemroot\system32\UACputwnheg.dll
.text C:\WINDOWS\system32\NOTEPAD.EXE[3160] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 0097000A
.text C:\WINDOWS\system32\NOTEPAD.EXE[3160] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 0098000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\UACbeggdbls.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1024] 0x008A0000
Library \\?\globalroot\systemroot\system32\UACputwnheg.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1024] 0x00970000
Library \\?\globalroot\systemroot\system32\UACbeggdbls.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1088] 0x008A0000
Library \\?\globalroot\systemroot\system32\UACputwnheg.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1088] 0x00970000
Library \\?\globalroot\systemroot\system32\UACbeggdbls.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1228] 0x008A0000
Library \\?\globalroot\systemroot\system32\UACputwnheg.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1228] 0x00970000
Library \\?\globalroot\systemroot\system32\UACbeggdbls.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1276] 0x008A0000
Library \\?\globalroot\systemroot\system32\UACputwnheg.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1276] 0x00970000
Library \\?\globalroot\systemroot\system32\UACbeggdbls.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1452] 0x008A0000
Library \\?\globalroot\systemroot\system32\UACputwnheg.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1452] 0x00970000
Library \\?\globalroot\systemroot\system32\UACbeggdbls.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1472] 0x008A0000
Library \\?\globalroot\systemroot\system32\UACputwnheg.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1472] 0x00970000
Library \\?\globalroot\systemroot\system32\UACbeggdbls.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1676] 0x00BB0000
Library \\?\globalroot\systemroot\system32\UACputwnheg.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [2200] 0x00D40000
Library \\?\globalroot\systemroot\system32\UACputwnheg.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [2828] 0x00D40000

---- EOF - GMER 1.0.15 ----
0
Réponse 15 / 44
drums03 Messages postés 28 Statut Membre
 
voici la suite ...

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-15 16:44:32
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.15 ----

Code 82D6C480 ZwEnumerateKey
Code 82D6B8F8 ZwFlushInstructionCache
Code 82D7AFD6 IofCallDriver
Code 82D7C796 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 82D7AFDB
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 82D7C79B
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D4E 5 Bytes JMP 82D6C484
PAGE ntoskrnl.exe!ZwFlushInstructionCache 8057918C 5 Bytes JMP 82D6B8FC

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\spoolsv.exe[220] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 0097000A
.text C:\WINDOWS\system32\spoolsv.exe[220] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 0098000A
.text C:\WINDOWS\System32\alg.exe[324] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 006F000A
.text C:\WINDOWS\System32\alg.exe[324] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 0070000A
.text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[372] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00A7000A
.text C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe[372] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 00A8000A
.text C:\WINDOWS\SOUNDMAN.EXE[732] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 009F000A
.text C:\WINDOWS\SOUNDMAN.EXE[732] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 00A0000A
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[744] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00B1000A
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[744] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 00B2000A
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[780] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00A8000A
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[780] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 00A9000A
.text C:\WINDOWS\system32\winlogon.exe[808] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 007A000A
.text C:\WINDOWS\system32\winlogon.exe[808] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 007B000A
.text C:\WINDOWS\system32\services.exe[852] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 006F000A
.text C:\WINDOWS\system32\services.exe[852] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 0071000A
.text C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 006F000A
.text C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 0072000A
.text C:\Program Files\FlashGet\FlashGet.exe[868] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00CC000A
.text C:\Program Files\FlashGet\FlashGet.exe[868] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 00CD000A
.text C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe[992] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 0097000A
.text C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe[992] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 0098000A
.text C:\WINDOWS\system32\ctfmon.exe[996] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 0098000A
.text C:\WINDOWS\system32\ctfmon.exe[996] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 0099000A
.text C:\Program Files\Accessoires\Outils système\TClock\tclock.exe[1048] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00A0000A
.text C:\Program Files\Accessoires\Outils système\TClock\tclock.exe[1048] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 00A1000A
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[1128] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00A5000A
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[1128] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 00A6000A
.text C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe[1188] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 0092000A
.text C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe[1188] ntdll.dll!LdrUnloadDll 7C92718B 3 Bytes JMP 0093000A
.text C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe[1188] ntdll.dll!LdrUnloadDll + 4 7C92718F 1 Byte [84]
.text C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe[1292] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00DA000A
.text C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe[1292] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 00DB000A
.text C:\WINDOWS\Explorer.EXE[1676] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00AB000A
.text C:\WINDOWS\Explorer.EXE[1676] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 00AC000A
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1760] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 0094000A
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[1760] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 0095000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2200] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00B3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2200] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 00B4000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2200] WININET.dll!HttpAddRequestHeadersA 77AB40E2 5 Bytes JMP 00BF000C
.text C:\Program Files\Internet Explorer\iexplore.exe[2200] WININET.dll!HttpAddRequestHeadersW 77ABEF14 5 Bytes JMP 00C7000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2200] WS2_32.dll!getaddrinfo 719F2A6F 5 Bytes JMP 00D4F9F0 \\?\globalroot\systemroot\system32\UACputwnheg.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2200] WS2_32.dll!connect 719F406A 5 Bytes JMP 00D508A0 \\?\globalroot\systemroot\system32\UACputwnheg.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2200] WS2_32.dll!send 719F428A 5 Bytes JMP 00D50780 \\?\globalroot\systemroot\system32\UACputwnheg.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2200] WS2_32.dll!gethostbyname 719F4FD4 5 Bytes JMP 00D4FDA0 \\?\globalroot\systemroot\system32\UACputwnheg.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2200] WS2_32.dll!closesocket 719F9639 5 Bytes JMP 00D50A60 \\?\globalroot\systemroot\system32\UACputwnheg.dll
.text C:\Documents and Settings\Administrateur\Bureau\erfWrH8svu_SkeG.exe[2264] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 009E000A
.text C:\Documents and Settings\Administrateur\Bureau\erfWrH8svu_SkeG.exe[2264] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 009F000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[2828] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00B3000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[2828] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 00B4000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[2828] WININET.dll!HttpAddRequestHeadersA 77AB40E2 5 Bytes JMP 00BF000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[2828] WININET.dll!HttpAddRequestHeadersW 77ABEF14 5 Bytes JMP 00C7000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[2828] WS2_32.dll!getaddrinfo 719F2A6F 5 Bytes JMP 00D4F9F0 \\?\globalroot\systemroot\system32\UACputwnheg.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[2828] WS2_32.dll!connect 719F406A 5 Bytes JMP 00D508A0 \\?\globalroot\systemroot\system32\UACputwnheg.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[2828] WS2_32.dll!send 719F428A 5 Bytes JMP 00D50780 \\?\globalroot\systemroot\system32\UACputwnheg.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[2828] WS2_32.dll!gethostbyname 719F4FD4 5 Bytes JMP 00D4FDA0 \\?\globalroot\systemroot\system32\UACputwnheg.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[2828] WS2_32.dll!closesocket 719F9639 5 Bytes JMP 00D50A60 \\?\globalroot\systemroot\system32\UACputwnheg.dll
.text C:\WINDOWS\system32\NOTEPAD.EXE[3160] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 0097000A
.text C:\WINDOWS\system32\NOTEPAD.EXE[3160] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 0098000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\UACbeggdbls.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1024] 0x008A0000
Library \\?\globalroot\systemroot\system32\UACputwnheg.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1024] 0x00970000
Library \\?\globalroot\systemroot\system32\UACbeggdbls.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1088] 0x008A0000
Library \\?\globalroot\systemroot\system32\UACputwnheg.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1088] 0x00970000
Library \\?\globalroot\systemroot\system32\UACbeggdbls.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1228] 0x008A0000
Library \\?\globalroot\systemroot\system32\UACputwnheg.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1228] 0x00970000
Library \\?\globalroot\systemroot\system32\UACbeggdbls.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1276] 0x008A0000
Library \\?\globalroot\systemroot\system32\UACputwnheg.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1276] 0x00970000
Library \\?\globalroot\systemroot\system32\UACbeggdbls.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1452] 0x008A0000
Library \\?\globalroot\systemroot\system32\UACputwnheg.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1452] 0x00970000
Library \\?\globalroot\systemroot\system32\UACbeggdbls.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1472] 0x008A0000
Library \\?\globalroot\systemroot\system32\UACputwnheg.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1472] 0x00970000
Library \\?\globalroot\systemroot\system32\UACbeggdbls.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1676] 0x00BB0000
Library \\?\globalroot\systemroot\system32\UACputwnheg.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [2200] 0x00D40000
Library \\?\globalroot\systemroot\system32\UACputwnheg.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [2828] 0x00D40000

---- EOF - GMER 1.0.15 ----
0
Réponse 16 / 44
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
très bien ! ...

on y est > variante infection Tibs ... ;)

pour commencer , je vais te faire parvenir une manipe en "Message Privé" ( la petite enveloppe en haut à droite de la page va clignotter ... )

0
Réponse 17 / 44
drums03 Messages postés 28 Statut Membre
 
je suis désolé mais aucun périphérique ne commence par uac.
Je crois que le tunnel s'allonge.
Merci pour votre patience.
0
Réponse 18 / 44
drums03 Messages postés 28 Statut Membre
 
je peux vous faire parvenir les captures d'écran du gestionnaire de périphériques, si vous le souhaitez?
0
Réponse 19 / 44
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
pas grave ... on va faire autrement ... ;)

Télécharge cette archive zip > http://www.cijoint.fr/cjlink.php?file=cj200904/cijAFLg3aZ.zip

Ensuite extrait "ske.exe" sur ton bureau .

C'est en faite l'outil Combofix préalablement renommé ...

Puis fais exactement ce qui suit :

--------------------------------- [ ! ATTENTION ! ] ------------------------------------------
!! Déconnecte toi,ferme tes applications en cours ( ainsi que ton navigateur ) et DESACTIVE TOUTES TES DEFENSES (anti-virus, guarde anti spy-ware, pare-feu) le temps de la manipe :
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Note : pour XP, bien installer la Console de Récupération de Windows comme il est indiqué dans le tuto ci-dessus ...
--------------------------------------------------------------------------------------------

Ensuite :
double-clique sur l'icône "ske.exe" ( = Combofix ) pour lancer l'outil .

Appuie sur la touche Y (Yes) pour démarrer le scan .

Notes importantes :
-> n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi .
-> Il se peut que le PC redémarre de lui même ( pour finaliser le nettoyage ) , laisse le faire .
-> Si l'outil t'anonce ceci : "combofix a détecté la présence de rootkit et a besoin de faire redémarer votre machine", tu acceptes ...
-> si un message d'erreur windows apparait à un momment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... )

Le rapport sera crée ici : C:\Combofix.txt

Réactive bien tes défenses .

Poste le rapport Combofix pour analyse et attends la suite ...

0
Réponse 20 / 44
drums03 Messages postés 28 Statut Membre
 
La suite est enfin là :

ComboFix 09-04-15.08 - Administrateur 15/04/2009 18:27.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.510.326 [GMT 2:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ke.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\UACmpfmqrms.sys
c:\windows\system32\UACbeggdbls.dll
c:\windows\system32\UACbnrsmnvx.dll
c:\windows\system32\UACcxyuixrx.dll
c:\windows\system32\UACidwfjwxd.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACkbyuxqee.dll
c:\windows\system32\UACohnvyqvw.db
c:\windows\system32\UAColqxfvrf.log
c:\windows\system32\UACputwnheg.dll
c:\windows\system32\UACpxxwlykm.log
c:\windows\system32\UACubhxqrft.dat
c:\windows\system32\UACxkrcdpsq.log

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys

((((((((((((((((((((((((((((( Fichiers créés du 2009-03-15 au 2009-04-15 ))))))))))))))))))))))))))))))))))))
.

2009-04-15 16:16 . 2009-04-15 16:17 -------- d-----w C:\32788R22FWJFW.0.tmp
2009-04-15 15:54 . 2009-04-15 15:56 -------- d-----w C:\ske
2009-04-15 14:38 . 2009-04-15 14:38 1898 ----a-w c:\windows\Orph.egd
2009-04-15 14:38 . 2009-04-15 14:38 12 ----a-w c:\windows\kill.reg
2009-04-15 14:38 . 2009-04-15 14:38 -------- d-----w C:\Rooter$
2009-04-15 12:39 . 2009-04-15 14:38 0 ----a-w c:\windows\paths.bat
2009-04-15 12:38 . 2009-04-15 12:38 -------- d-----w C:\ToolBar SD
2009-04-15 09:20 . 2009-04-15 09:20 0 ----a-w c:\windows\VPC32.INI
2009-04-15 09:18 . 2009-04-15 09:18 -------- d--h--w c:\windows\system32\GroupPolicy
2009-04-15 09:07 . 2009-04-15 09:08 -------- d-----w C:\rsit
2009-04-15 08:49 . 2009-04-15 08:49 -------- d-----w c:\documents and settings\Administrateur\Application Data\Yahoo!
2009-04-15 08:08 . 2009-04-15 08:08 -------- d-----w c:\documents and settings\Administrateur\Local Settings\Application Data\Symantec
2009-04-15 08:05 . 2009-04-15 08:03 83672 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-04-15 08:05 . 2009-04-15 08:03 73224 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-15 08:05 . 2009-04-15 08:03 123619 ----a-w c:\windows\system32\SYMEVNT.386
2009-04-15 08:03 . 2009-04-15 08:04 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Symantec
2009-04-15 06:08 . 2009-04-15 16:12 1896749 ----a-w c:\windows\system32\uactmp.db
2009-03-16 16:52 . 2009-03-16 16:52 -------- d-----w c:\documents and settings\Administrateur\Application Data\AdobeUM

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 16:22 . 2009-01-18 09:42 -------- d-----w c:\program files\FlashGet
2009-04-15 16:16 . 2005-12-15 12:00 64058 ----a-w c:\windows\system32\perfc00C.dat
2009-04-15 16:16 . 2005-12-15 12:00 446150 ----a-w c:\windows\system32\perfh00C.dat
2009-04-15 14:39 . 2009-04-15 14:39 1750 ----a-w C:\Rooter.txt
2009-04-15 13:55 . 2009-04-15 12:39 613 ----a-w C:\TB.txt
2009-04-15 09:27 . 2009-04-15 08:49 -------- d-----w c:\program files\Yahoo!
2009-04-15 09:08 . 2009-04-15 09:07 -------- d-----w c:\program files\trend micro
2009-04-15 08:49 . 2009-04-15 08:49 -------- d-----w c:\program files\CCleaner
2009-04-15 08:08 . 2009-04-15 08:03 23847 ---ha-w C:\_NavCClt.Log
2009-04-15 08:05 . 2009-04-15 08:03 -------- d-----w c:\program files\Symantec
2009-04-15 08:05 . 2009-04-15 08:03 -------- d-----w c:\program files\Fichiers communs\Symantec Shared
2009-04-15 08:03 . 2009-04-15 08:03 -------- d-----w c:\program files\Symantec_Client_Security
2009-04-15 08:03 . 2009-01-18 15:37 17590 ----a-w C:\PkgClnup.log
2009-04-15 07:56 . 2009-01-24 18:38 81984 ----a-w c:\windows\system32\bdod.bin
2009-04-15 06:33 . 2009-01-17 12:23 -------- d-----w c:\program files\Fichiers communs\BitDefender
2009-03-27 07:10 . 2009-04-15 08:42 1193414 ----a-w c:\windows\AppPatch\SET262.tmp
2009-03-14 11:02 . 2009-01-25 09:57 -------- d-----w c:\program files\Fichiers communs\Adobe
2009-02-28 11:09 . 2009-02-28 11:09 -------- d-----w c:\program files\Burn4Free
2009-02-28 10:38 . 2009-02-28 10:38 -------- d-----w c:\program files\Daniusoft
2009-02-27 19:08 . 2009-02-27 18:10 -------- d-----w c:\program files\Audio MP3 Converter
2009-02-27 18:48 . 2009-02-27 18:48 229052 ----a-w c:\windows\Burn4Free_Toolbar_Uninstaller_7906.exe
2009-02-09 13:54 . 2005-12-15 12:00 1847552 ----a-w c:\windows\system32\win32k.sys
2009-01-28 15:20 . 2009-01-24 16:19 39544 ----a-w c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-01-28 15:05 . 2009-01-28 15:05 137 ----a-w c:\documents and settings\Administrateur\Local Settings\Application Data\fusioncache.dat
2009-01-25 17:17 . 2009-01-24 15:51 86331 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-01-24 15:58 . 2005-12-15 12:00 218624 ----a-w c:\windows\system32\uxtheme.dll
2009-01-24 15:47 . 2009-01-24 15:47 21892 ----a-w c:\windows\system32\emptyregdb.dat
.

------- Sigcheck -------

[-] 2008-04-14 02:33 15360 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ctfmon.exe
[-] 2005-12-15 12:00 30208 978E23BBAB5AF4D474DA11814D542392 c:\windows\system32\ctfmon.exe
[-] 2005-12-15 12:00 30208 978E23BBAB5AF4D474DA11814D542392 c:\windows\system32\dllcache\ctfmon.exe
[7] 2005-12-15 12:00 15360 5584247B568C2E53934873F4B655FE6A c:\windows\XPize\Backup\ctfmon.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2005-12-15 30208]
"TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2005-08-24 61952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-03-20 1708032]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-09-02 77824]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-11-11 90112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2005-12-15 30208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"nlhr"="c:\windows\System32\AdvPack.Dll" [2005-12-15 101888]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2005-12-15 44544]

c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
TClock.lnk - c:\program files\Accessoires\Outils systŠme\TClock\tclock.exe [2009-1-24 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.orange.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.msgplus.net/setupend2.php?up=n&sp=n&lg=en&v=3145
IE: &Tout télécharger avec FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 18:28
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\windows\system32\SETUPAPI.dll

- - - - - - - > 'lsass.exe'(700)
c:\windows\system32\SETUPAPI.dll
.
Heure de fin: 2009-04-15 18:30
ComboFix-quarantined-files.txt 2009-04-15 16:30

Avant-CF: 59 040 485 376 octets libres
Après-CF: 59 051 855 872 octets libres

149 --- E O F --- 2009-03-16 16:26
0