Infection du PC

loloetseb Messages postés 5684 Statut Membre -
Utilisateur anonyme - 29 avr. 2009 à 18:12

Bonjour,

Je t'ai fait un petit resumé de la situation si tu as une petite idée,voici le rapport zeb

Rapport de ZHPDiag v1.16.6 par Nicolas Coolman
Enregistré le 22/04/2009 23:52:26
Platform : Windows Vista (TM) Home Premium (6.0.6001) Service Pack 1
MSIE: Internet Explorer v7.0.6001.18000
MFIE: Mozilla Firefox (3.0.7)

---\\ Processus lancés
RtHDVCpl.exe
C:\Windows\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\WR_PopUp\WarReg_PopUp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\system32\Ati2evxx.exe
%windir%\system32\svchost.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\SearchIndexer.exe

---\\ Modification d'une valeur System.ini (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=explorer.exe

---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr

---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html

---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

---\\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\policies\Explorer: [NoDrives] Data="0"
O4 - HKLM\..\policies\Explorer: [NoLogOff] Data="0"
O4 - HKLM\..\policies\Explorer: [NoControlPanel] Data="0"

---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
O5 - control.ini: inetcpl.cpl=no

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Toolbars\INTERN~1\favicon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFBARH.ICO

---\\ Valeur de registre AppInit_DLLs et sous-clés Winlogon Notify (O20)
O20 - Winlogon Notify: SABWINLOStartup - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
---\\ Clé de Registre autorun SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030}

---\\ Services NT non Microsoft et non désactivés (O23)
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: (Ati External Event Utility) - C:\Windows\system32\Ati2evxx.exe
O23 - Service: eRecovery Service (eRecoveryService) - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - C:\Windows\system32\SLsvc.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - C:\Windows\System32\spoolsv.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - C:\Windows\system32\SearchIndexer.exe /Embedding

---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SA.DAT
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SCHEDLGU.TXT
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\WebReg PSC 1500 series.job

---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Microsoft Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
O40 - ASIC: Browser Customizations - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file)
O40 - ASIC: (no name) - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - (not file)
O40 - ASIC: Microsoft Windows Media Player 11.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\wmpdxm.dll
O40 - ASIC: Adobe Shockwave Director 11.0.3 - {233C1507-6A77-46A4-9443-F871F945D258} - C:\Windows\System32\Adobe\Director\swdir.dll
O40 - ASIC: Adobe Shockwave Director 11.0.3 - {2A202491-F00D-11cf-87CC-0020AFEECF20} - (not file)
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\system32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\system32\themeui.dll
O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Mail 7 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
O40 - ASIC: (no name) - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.7 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: Address Book 7 - {7790769C-0471-11d2-AF11-00C04FA35D02} - (not file)
O40 - ASIC: .NET Framework - {7C028AF8-F614-47B3-82DA-BA94E41B1089} - (not file)
O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: .NET Framework - {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - (not file)
O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: (no name) - {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - (not file)
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\Windows\system32\Macromed\Flash\Flash9f.ocx
O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)

---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: Pilote de média asynchrone RAS (AsyncMac) - C:\WINDOWS\system32\DRIVERS\asyncmac.sys
O41 - Driver: (no object) (atikmdag) - C:\WINDOWS\system32\DRIVERS\atikmdag.sys
O41 - Driver: ATI PCI Express (3GIO) Filter (AtiPcie) - C:\WINDOWS\system32\DRIVERS\AtiPcie.sys
O41 - Driver: avgio (avgio) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
O41 - Driver: avgntflt (avgntflt) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
O41 - Driver: avipbb (avipbb) - C:\WINDOWS\system32\DRIVERS\avipbb.sys
O41 - Driver: Pilote MS IEEE-1284.4 (Dot4) - C:\WINDOWS\system32\DRIVERS\Dot4.sys
O41 - Driver: Pilote de classe Imprimante pour IEEE-1284.4 (Dot4Print) - C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
O41 - Driver: MS Dot4USB Filter Dot4USB Filter (dot4usb) - C:\WINDOWS\system32\DRIVERS\dot4usb.sys
O41 - Driver: Filtre de décodeur DRM (Noyau Microsoft) (drmkaud) - C:\WINDOWS\system32\drivers\drmkaud.sys
O41 - Driver: Intel(R) PRO/1000 NDIS 6 Adapter Driver (E1G60) - C:\WINDOWS\system32\DRIVERS\E1G60I32.sys
O41 - Driver: Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio (HdAudAddService) - C:\WINDOWS\system32\drivers\HdAudio.sys
O41 - Driver: int15 (int15) - C:\Acer\Empowering Technology\eRecovery\int15.sys
O41 - Driver: Service for Realtek HD Audio (WDM) (IntcAzAudAddService) - C:\WINDOWS\system32\drivers\RTKVHDA.sys
O41 - Driver: @%systemroot%\system32\rascfg.dll,-32013 (IpFilterDriver) - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
O41 - Driver: IP in IP Tunnel Driver (IpInIp) - C:\WINDOWS\system32\DRIVERS\ipinip.sys
O41 - Driver: Pilote d’E/S du mappage de découverte de topologie de la couche de liaison (lltdio) - C:\WINDOWS\system32\DRIVERS\lltdio.sys
O41 - Driver: Service Pilote de fonction de classe Moniteur Microsoft (monitor) - C:\WINDOWS\system32\DRIVERS\monitor.sys
O41 - Driver: Proxy de service de répartition Microsoft (MSKSSRV) - C:\WINDOWS\system32\drivers\MSKSSRV.sys
O41 - Driver: Proxy d'horloge de répartition Microsoft (MSPCLOCK) - C:\WINDOWS\system32\drivers\MSPCLOCK.sys
O41 - Driver: Proxy de gestion de qualité de répartition Microsoft (MSPQM) - C:\WINDOWS\system32\drivers\MSPQM.sys
O41 - Driver: Convertisseur en T/site-à-site de répartition Microsoft (MSTEE) - C:\WINDOWS\system32\drivers\MSTEE.sys
O41 - Driver: Filtre NativeWiFi (NativeWifiP) - C:\WINDOWS\system32\DRIVERS\nwifi.sys
O41 - Driver: @%systemroot%\system32\rascfg.dll,-32001 (NdisTapi) - C:\WINDOWS\system32\DRIVERS\ndistapi.sys
O41 - Driver: NDIS mode utilisateur E/S Protocole (Ndisuio) - C:\WINDOWS\system32\DRIVERS\ndisuio.sys
O41 - Driver: @%systemroot%\system32\rascfg.dll,-32002 (NdisWan) - C:\WINDOWS\system32\DRIVERS\ndiswan.sys
O41 - Driver: NetBIOS Interface (NetBIOS) - C:\WINDOWS\system32\DRIVERS\netbios.sys
O41 - Driver: Upper Class Filter Driver (NTIDrvr) - C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
O41 - Driver: IPX Traffic Filter Driver (NwlnkFlt) - C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
O41 - Driver: IPX Traffic Forwarder Driver (NwlnkFwd) - C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
O41 - Driver: PCTAppEvent Driver (PCTAppEvent) - C:\Windows\system32\drivers\PCTAppEvent.sys
O41 - Driver: pctgntdi (pctgntdi) - C:\Windows\System32\drivers\pctgntdi.sys
O41 - Driver: pctplfw (pctplfw) - C:\Windows\System32\drivers\pctplfw.sys
O41 - Driver: Miniport réseau étendu WAN (PPTP) (PptpMiniport) - C:\WINDOWS\system32\DRIVERS\raspptp.sys
O41 - Driver: @%SystemRoot%\System32\drivers\pacer.sys,-101 (PSched) - C:\WINDOWS\system32\DRIVERS\pacer.sys
O41 - Driver: (no object) (R300) - C:\WINDOWS\system32\DRIVERS\atikmdag.sys
O41 - Driver: Remote Access Auto Connection Driver (RasAcd) - C:\WINDOWS\System32\DRIVERS\rasacd.sys
O41 - Driver: Miniport réseau étendu WAN (L2TP) (Rasl2tp) - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
O41 - Driver: @%systemroot%\system32\rascfg.dll,-32007 (RasPppoe) - C:\WINDOWS\system32\DRIVERS\raspppoe.sys
O41 - Driver: @%systemroot%\system32\sstpsvc.dll,-202 (RasSstp) - C:\WINDOWS\system32\DRIVERS\rassstp.sys
O41 - Driver: Répondeur de découverte de topologie de la couche de liaison (rspndr) - C:\WINDOWS\system32\DRIVERS\rspndr.sys
O41 - Driver: SASDIFSV (SASDIFSV) - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
O41 - Driver: SASENUM (SASENUM) - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
O41 - Driver: SASKUTIL (SASKUTIL) - C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
O41 - Driver: PCTools Driver (SFilter) - C:\WINDOWS\system32\DRIVERS\pctfw.sys
O41 - Driver: @%SystemRoot%\system32\tcpipcfg.dll,-50005 (Smb) - C:\WINDOWS\system32\DRIVERS\smb.sys
O41 - Driver: ssmdrv (ssmdrv) - C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
O41 - Driver: Pilote de protocole IPv6 Microsoft (Tcpip6) - C:\WINDOWS\system32\DRIVERS\tcpip.sys
O41 - Driver: Pilote de carte miniport Microsoft Tun (tunmp) - C:\WINDOWS\system32\DRIVERS\tunmp.sys
O41 - Driver: Pilote de carte miniport Microsoft IPv6 Tunnel (tunnel) - C:\WINDOWS\system32\DRIVERS\tunnel.sys
O41 - Driver: Pilote de scanneur USB (usbscan) - C:\WINDOWS\system32\DRIVERS\usbscan.sys
O41 - Driver: (no object) (vga) - C:\WINDOWS\system32\DRIVERS\vgapnp.sys
O41 - Driver: Remote Access IP ARP Driver (Wanarp) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O41 - Driver: Remote Access IPv6 ARP Driver (Wanarpv6) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O41 - Driver: (no object) (WUDFRd) - C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
O41 - Driver: NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller (yukonwlh) - C:\WINDOWS\system32\DRIVERS\yk60x86.sys

---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin
O42 - Logiciel: Adobe Shockwave Player 11
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus
O42 - Logiciel: AuralogComponentsUninstall9
O42 - Logiciel: CCleaner (remove only)
O42 - Logiciel: Defraggler (remove only)
O42 - Logiciel: eMule
O42 - Logiciel: HijackThis 2.0.2
O42 - Logiciel: HP Imaging Device Functions 8.0
O42 - Logiciel: HP Solution Center 8.0
O42 - Logiciel: HP Customer Participation Program 8.0
O42 - Logiciel: HP OCR Software 8.0
O42 - Logiciel: NTI CD & DVD-Maker
O42 - Logiciel: Security Update for CAPICOM (KB931906)
O42 - Logiciel: Malwarebytes' Anti-Malware
O42 - Logiciel: Motamo 4.22
O42 - Logiciel: Mozilla Firefox (3.0.7)
O42 - Logiciel: nCleaner second 2.3.4.0
O42 - Logiciel: PC Tools Firewall Plus 5.0
O42 - Logiciel: Microsoft Office Professional Plus 2007
O42 - Logiciel: scrabbleproB 1.0.11
O42 - Logiciel: Scrabble® 2003 Edition
O42 - Logiciel: SLD Codec Pack
O42 - Logiciel: UsbFix
O42 - Logiciel: VideoLAN VLC media player 0.8.6f
O42 - Logiciel: Archiveur WinRAR
O42 - Logiciel: ZebHelpProcess 2.33.6
O42 - Logiciel: Google Earth
O42 - Logiciel: Java(TM) 6 Update 12
O42 - Logiciel: Free Games Offer, Desktop Shortcut
O42 - Logiciel: HP Product Assistant
O42 - Logiciel: OpenOffice.org Installer 1.0
O42 - Logiciel: Acer Picture Slide DVD
O42 - Logiciel: Skype™ 3.8
O42 - Logiciel: NTI Backup NOW! 4.7
O42 - Logiciel: Acer ScreenSaver
O42 - Logiciel: MSXML 4.0 SP2 (KB954430)
O42 - Logiciel: Update for Outlook 2007 Junk Email Filter (kb962871)
O42 - Logiciel: Security Update for Microsoft Office Word 2007 (KB956358)
O42 - Logiciel: Update for Microsoft Office Outlook 2007 (KB952142)
O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB951338)
O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB954326)
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB951944)
O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB956828)
O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB959997)
O42 - Logiciel: Update for Office 2007 (KB946691)
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB951550)
O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 1 (SP1)
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB960003)
O42 - Logiciel: Security Update for Microsoft Office Publisher 2007 (KB950114)
O42 - Logiciel: Microsoft Office Access MUI (French) 2007
O42 - Logiciel: Microsoft Office Excel MUI (French) 2007
O42 - Logiciel: Update for Microsoft Office Excel 2007 Help (KB957242)
O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007
O42 - Logiciel: Microsoft Office Publisher MUI (French) 2007
O42 - Logiciel: Microsoft Office Outlook MUI (French) 2007
O42 - Logiciel: Update for Microsoft Office Outlook 2007 Help (KB957246)
O42 - Logiciel: Microsoft Office Word MUI (French) 2007
O42 - Logiciel: Microsoft Office Proof (Arabic) 2007
O42 - Logiciel: Microsoft Office Proof (German) 2007
O42 - Logiciel: Microsoft Office Proof (English) 2007
O42 - Logiciel: Microsoft Office Proof (French) 2007
O42 - Logiciel: Microsoft Office Proof (Dutch) 2007
O42 - Logiciel: Microsoft Office Proof (Spanish) 2007
O42 - Logiciel: Microsoft Office Proofing (French) 2007
O42 - Logiciel: Microsoft Office InfoPath MUI (French) 2007
O42 - Logiciel: Microsoft Office Shared MUI (French) 2007
O42 - Logiciel: Microsoft Office Language Pack 2007 Service Pack 1 (SP1)
O42 - Logiciel: Acer Tour
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable
O42 - Logiciel: Galerie de photos Windows Live
O42 - Logiciel: Acer Zone SoftDMA
O42 - Logiciel: Acer Empowering Technology
O42 - Logiciel: Adobe Reader 9 - Français
O42 - Logiciel: Acer eDataSecurity Management
O42 - Logiciel: Acer Zone MakeDisk
O42 - Logiciel: MSXML 4.0 SP2 (KB936181)
O42 - Logiciel: MSXML 4.0 SP2 (KB941833)
O42 - Logiciel: HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
O42 - Logiciel: SUPERAntiSpyware Free Edition
O42 - Logiciel: Assistant de connexion Windows Live
O42 - Logiciel: Acer ePerformance Management
O42 - Logiciel: HP Photosmart Essential
O42 - Logiciel: HPSSupply
O42 - Logiciel: Acer Zone Main Page
O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU]
O42 - Logiciel: Realtek High Definition Audio Driver
O42 - Logiciel: 32 Bit HP CIO Components Installer
O42 - Logiciel: Acer Plug and Record
O42 - Logiciel: Acer Zone MagicDirector
O42 - Logiciel: Windows Live installer
O42 - Logiciel: HP Update

---\\ Contenu des dossiers Fichiers Communs (O43)
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Adobe
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Borland Shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\DESIGNER
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Hewlett-Packard
O43 - CFD:Common File Directory - C:\Program Files\Common Files\HP
O43 - CFD:Common File Directory - C:\Program Files\Common Files\InstallShield
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Java
O43 - CFD:Common File Directory - C:\Program Files\Common Files\LightScribe
O43 - CFD:Common File Directory - C:\Program Files\Common Files\microsoft shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\MicroWorld
O43 - CFD:Common File Directory - C:\Program Files\Common Files\NewTech Infosystems
O43 - CFD:Common File Directory - C:\Program Files\Common Files\PC Tools
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Services
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Skype
O43 - CFD:Common File Directory - C:\Program Files\Common Files\SpeechEngines
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Steam
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Symantec Shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\System
O43 - CFD:Common File Directory - C:\Program Files\Common Files\WindowsLiveInstaller
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Wise Installation Wizard

---\\ Derniers fichiers modifiés ou crées sous System32 (O44)
O44 - LFC:Last File Created - C:\Windows\System32\amxread.dll -->17/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\apilogen.dll -->17/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\Argument.html -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\axaltocm.dll -->17/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\ControlSet.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\Debug.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\deploytk.dll -->07/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\eEmpty.exe -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\ezsidmv.dat -->20/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\FNTCACHE.DAT -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\GenProc[].html -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\GenProc[].txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\html.iec -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iasads.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iasdatastore.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iashost.exe -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iasrecst.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ieaksie.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iedkcs32.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ieencode.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ieframe.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iertutil.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ieUnatt.exe -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ifxcardm.dll -->17/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\Interfaces.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\java.exe -->07/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\javaw.exe -->07/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\javaws.exe -->07/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\jsproxy.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\kernel32.dll -->13/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\lsasrv.dll -->13/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\mrt.exe -->06/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\msfeeds.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\mshtml.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\mshtml.tlb -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\mstime.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\msvcp80.dll -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\msvcr80.dll -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\ntkrnlpa.exe -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ntoskrnl.exe -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\occache.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\PathFF.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\perfc009.dat -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\perfc00C.dat -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\perfh009.dat -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\perfh00C.dat -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\PerfStringBackup.INI -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\printfilterpipelineprxy.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\printfilterpipelinesvc.exe -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\Profils_FF.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\rpcss.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\sdohlp.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\secur32.dll -->13/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\Uninstall.html -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\Uninstall.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\urlmon.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\w32apiw.dll -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\win32k.sys -->09/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\wininet.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\mbam.sys -->06/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\mbamswissarmy.sys -->06/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf -->17/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\PCTCore.sys -->13/03/2009

---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ACRORD32INFO.EXE-1C0557AA.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgAppLaunch.db -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlFaultHistory.db -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlFgAppHistory.db -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlGlobalHistory.db -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgRobust.db -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ATTRIB.CFEXE-54625609.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ATTRIB.EXE-A990CB86.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AVCENTER.EXE-AF580B74.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AVGARKT-SETUP-1.1.0.42.EXE-9A2EA6CC.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AVGARKT.EXE-C9045B69.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AVWSC.EXE-18A3FCA0.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CATCHME.CFEXE-828101DC.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CATCHME.EXE-FE243694.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CATCHME.TMP-DAEB2D62.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CF22972.EXE-DB75C2AB.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CHCP.COM-61043047.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CHKNTFS.EXE-4D884E7D.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CMD.EXE-4A81B364.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CMD.EXECF-C5C11419.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\COMBOFIX-DOWNLOAD.CFEXE-8DB4FB4F.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\COMBOFIX.EXE-2BF42296.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CONIME.EXE-9781FD5F.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CONSENT.EXE-531BD9EA.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CONTROL.EXE-817F8F1D.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CSCRIPT.EXE-D1EF4768.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CUREIT.EXE-1DFD69FF.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DLLHOST.EXE-766398D2.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DLLHOST.EXE-B2EB1806.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DUMPHIVE.CFEXE-8CBB994D.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ERUNT.CFEXE-6260BB41.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\FIND.EXE-E2237F6D.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\FINDSTR.CFEXE-2C31CDB5.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\FINDSTR.EXE-2E9C6FE2.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\FIREFOX.EXE-A606B53C.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GAVILA.EXE-B2359925.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GETPATHS.EXE-E690506B.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GMER.EXE-E170290A.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GNC.EXE-27B06C3D.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GNC.EXE-8FD53E34.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GNC.EXE-90940013.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GNC.EXE-A09CA6F0.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GREP.CFEXE-AF5B8A31.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GREP.CFEXE-F2435294.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GRPCONV.EXE-B823222B.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GSAR.CFEXE-2E30A7CC.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GSAR.CFEXE-7118702F.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HANDLE.CFEXE-29220A7A.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HANDLE.CFEXE-A31F9D47.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HELPER.EXE-8AEDE3E3.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HIDEC.EXE-0F1FADFA.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HIDEC.EXE-FFBDB5DF.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HIJACKTHIS.EXE-9FD56571.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HJTINSTALL.EXE-88261B04.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\IPCONFIG.EXE-912F3D5B.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\LBPKSXW41E.EXE-447FA942.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\LOPSD.EXE-5FB3A725.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM-SETUP.EXE-A9F8D519.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM-SETUP.TMP-3CA56111.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM.EXE-305FF92C.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAMGUI.EXE-4FE652ED.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MMLOADDRV.EXE-5475B7CC.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MODE.COM-DB34C082.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MOVEEX.CFEXE-24ADA02F.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MTEE.CFEXE-7F5BD862.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\N.COM-F61C6F88.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NIRCMD.CFEXE-5DB93D84.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NIRCMD.CFEXE-E3BBAAB7.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NIRCMD.COM-EEFEA6B0.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NIRCMD.EXE-3196DFA3.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NIRCMDC.CFEXE-0814754B.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NOTEPAD.EXE-D8414F97.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\OSV.EXE-44EC46BD.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\OSV.EXE-4FE3C523.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PEV.CFEXE-CE4851CA.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PEV.CFEXE-DDAA49E5.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PfSvPerfStats.bin -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PING.EXE-7E94E73E.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PSEXEC.CFEXE-B434A123.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PSEXESVC.EXE-7F956DAF.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PV.CFEXE-1E6D6CAC.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PV.CFEXE-CDA21619.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PV.EXE-9B0EB19F.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\REG.EXE-E7E8BD26.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\REGCLEANER.EXE-9EE303F3.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\REGEDIT.EXE-90FEEA06.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\REGSVR32.EXE-8461DBEE.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\REGT.CFEXE-D695AEFD.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ROUTE.EXE-5E3D06CB.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RSIT(3).EXE-DB20A599.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-9959F0A7.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-D8870C88.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNONCE.EXE-D0649312.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SED.CFEXE-428C1ABF.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SED.CFEXE-51EE12DA.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SED.EXE-3A5D7D2E.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SETPATH.EXE-4749BC02.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SETUP.EXE-D31D1F84.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SF.EXE-3FF21543.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SORT.EXE-99A4F778.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SSUPDATE.EXE-FC6B201A.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWREG.CFEXE-57B79243.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWREG.EXE-3B27F432.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWREG.EXE-599818A6.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWREG.EXE-68FA10C1.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWSC.CFEXE-6CC4FA4B.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWSC.EXE-BE627F88.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWXCACLS.CFEXE-8A6F12E6.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWXCACLS.CFEXE-FFBBFDE3.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TAIL.CFEXE-024B57D5.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TASKENG.EXE-48D4E289.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TASKLIST.EXE-C6CEE193.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\UNZIP.CFEXE-CAB59F0C.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\VERCLSID.EXE-7C52E31C.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\VFIND.EXE-4E7A985D.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\VSSVC.EXE-B8AFC319.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WERCON.EXE-E36BD04E.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WERFAULT.EXE-E69F695A.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WINRAR.EXE-94E7D80C.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WSCRIPT.EXE-52CF1F0C.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WSQMCONS.EXE-118B52B7.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\XTX847J.EXE-2F20DFC6.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ZHP2.EXE-B4567A37.pf -->22/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\_START.EXE-FF3D2E40.pf -->22/04/2009

---\\ Déni du service Local Security Authority (LSA) (O48)
O48 - LSA:Local Security Authority Authentication Packages - C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages - C:\Windows\System32\scecli.dll

---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\volmgrx.sys

---\\ Recherche d'infection de Base de Registres (O71)
O71 - BDRI:[hklm\software\microsoft\internet explorer\main]:start page - https://www.msn.com/fr-fr

Afficher la suite

A voir également:

Infection du PC
Reinitialiser pc - Guide
Pc lent - Guide
Downloader for pc - Télécharger - Téléchargement & Transfert
Test performance pc - Guide
Double ecran pc - Guide

80 réponses

Réponse 61 / 80

loloetseb Messages postés 5684 Statut Membre 174

Je sais,j'ai vu,y'a tout de bizarre sur ce pc.Je serais curieux de savoir ce qui se cache dessous ,c'est assez puissant,j'ai jamais vu ca.

Bon je relance le 2 d'usbfix,mais il va pas le faire sauter

Réponse 62 / 80

loloetseb Messages postés 5684 Statut Membre 174

Tiens les tmp reg et txt sont revenus et ont ete de nouveau supprimé par usb

############################## [ UsbFix V3.010 ]

# User : Gavila (Administrateurs) # PC-DE-GAVILA
# Update on 19/04/09 by C_XX & Chiquitine29
# Start at: 04:15:40 | 23/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : Avira AntiVir PersonalEdition Classic 8.0.1.30 [ Enabled | Updated ]
# FW : PC Tools Firewall Plus[ Enabled ]4.0.0

# C:\ # Disque fixe local # 71,28 Go (42,99 Go free) [ACER] # NTFS
# D:\ # Disque fixe local # 70,94 Go (70,57 Go free) [DATA] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque amovible
# I:\ # Disque amovible
# J:\ # Disque amovible # 124,01 Mo (57,63 Mo free) # FAT32

############################## [ Processus actifs ]

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\DllHost.exe

################## [ Fichiers # Dossiers infectieux ]

Deleted ! C:\Windows\system32\tmp.reg
Deleted ! C:\Windows\system32\tmp.txt

################## [ Registre # Clés Run infectieuses ]

# -> Not Found !

################## [ Registre # Startup ]

HKCU_Main: "SEARCH PAGE"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
HKCU_Main: "Window Title"=""
HKLM_logon: "Userinit"="C:\\Windows\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"=""
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: RtHDVCpl=RtHDVCpl.exe
HKLM_Run: Acer Empowering Technology Monitor=C:\Windows\system32\SysMonitor.exe
HKLM_Run: eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
HKLM_Run: WarReg_PopUp=C:\Acer\WR_PopUp\WarReg_PopUp.exe
HKLM_Run: StartCCC="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
HKLM_Run: avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
HKLM_Run: 00PCTFW="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKCU_Run: SUPERAntiSpyware=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

################## [ Registre # Mountpoints2 ]

# -> Not Found !

################## [ Listing des fichiers présent ]

C:\autoexec.bat
C:\autorun.inf
D:\autorun.inf
J:\7z465.exe
J:\cureit.exe
J:\revosetup.exe
J:\ZHPL 2.33.7.exe
J:\RegCleaner.exe
J:\mbam-setup.exe
J:\RSIT(2).exe
J:\autorun.inf

################## [ Vaccination ]

# D:\autorun.inf -> Folder created by UsbFix.
# J:\autorun.inf -> Folder created by UsbFix.

################## [ ! Fin du rapport # UsbFix V3.010 ! ]

Réponse 63 / 80

Utilisateur anonyme

que dit MBAM ?

Réponse 64 / 80

loloetseb Messages postés 5684 Statut Membre 174

Ben il s'est arretté dans le redemarrage,mais y'avait rien de detecté jusqu'au redemmarage.Bon ,je vais aller faire dodo,je suis pas chez moi,faut que je rentre en voiture la,gag

A demain

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 65 / 80

loloetseb Messages postés 5684 Statut Membre 174

Bon je l'ai relancé avant de partir,on verra bien mais je suis assez pessimiste sur les detections de mbam la

Bonne fin de soirée

Réponse 66 / 80

Utilisateur anonyme

ok tu retenteras DrWeb demain moi aussi je vais y aller c'est l'heure des critiqueurs

Réponse 67 / 80

Cruch

La bone réponce es déjà donné et plussoyé une vingtène de foix.

Tête de delco

:) lol

Réponse 68 / 80

loloetseb Messages postés 5684 Statut Membre 174

C'est crunch le chocolat qui croustille,mdr

Réponse 69 / 80

loloetseb Messages postés 5684 Statut Membre 174

;)

Réponse 70 / 80

loloetseb Messages postés 5684 Statut Membre 174

1 -
Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2031
Windows 6.0.6001 Service Pack 1

23/04/2009 18:06:02
mbam-log-2009-04-23 (18-06-02).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 152864
Temps écoulé: 40 minute(s), 9 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\rundll16.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\Windows\System32\vcmgcd32.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\systems.txt (Trojan.Vundo) -> Delete on reboot.
C:\Windows\logo1_.exe (Worm.Viking) -> Delete on reboot.

2 -

23/04/2009 18:06:02
mbam-log-2009-04-23 (18-06-02).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 152864
Temps écoulé: 40 minute(s), 9 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\rundll16.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\Windows\System32\vcmgcd32.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\systems.txt (Trojan.Vundo) -> Delete on reboot.
C:\Windows\logo1_.exe (Worm.Viking) -> Delete on reboot.

Réponse 71 / 80

loloetseb Messages postés 5684 Statut Membre 174

:processes
explorer.exe

:files
C:\Windows\rundll16.exe
C:\Windows\System32\vcmgcd32.dll
C:\Windows\System32\systems.txt
C:\Windows\logo1_.exe

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

Réponse 72 / 80

loloetseb Messages postés 5684 Statut Membre 174

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
Folder move failed. C:\Windows\rundll16.exe scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\vcmgcd32.dll scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\systems.txt scheduled to be moved on reboot.
Folder move failed. C:\Windows\logo1_.exe scheduled to be moved on reboot.
========== COMMANDS ==========
File delete failed. C:\Users\Gavila\AppData\Local\Temp\etilqs_DNDuhvjV994ZzJyigCcQ scheduled to be deleted on reboot.
File delete failed. C:\Users\Gavila\AppData\Local\Temp\etilqs_xFCiALD91SJUagc4DCx4 scheduled to be deleted on reboot.
File delete failed. C:\Users\Gavila\AppData\Local\Temp\etilqs_xFCiALD91SJUagc4DCx4-journal scheduled to be deleted on reboot.
File delete failed. C:\Users\Gavila\AppData\Local\Temp\~DF816A.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Gavila\AppData\Local\Temp\~DF8EE.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04232009_184346

Files moved on Reboot...
File C:\Windows\rundll16.exe not found!
File C:\Windows\System32\vcmgcd32.dll not found!
File C:\Windows\System32\systems.txt not found!
File C:\Windows\logo1_.exe not found!
File C:\Users\Gavila\AppData\Local\Temp\etilqs_DNDuhvjV994ZzJyigCcQ not found!
File C:\Users\Gavila\AppData\Local\Temp\etilqs_xFCiALD91SJUagc4DCx4 not found!
File C:\Users\Gavila\AppData\Local\Temp\etilqs_xFCiALD91SJUagc4DCx4-journal not found!
C:\Users\Gavila\AppData\Local\Temp\~DF816A.tmp moved successfully.
C:\Users\Gavila\AppData\Local\Temp\~DF8EE.tmp moved successfully.

Réponse 73 / 80

loloetseb Messages postés 5684 Statut Membre 174

;)

Réponse 74 / 80

loloetseb Messages postés 5684 Statut Membre 174

Rapport de ZHPDiag v1.16.6 par Nicolas Coolman
Enregistré le 23/04/2009 22:00:46
Platform : Windows Vista (TM) Home Premium (6.0.6001) Service Pack 1
MSIE: Internet Explorer v7.0.6001.18000
MFIE: Mozilla Firefox (3.0.9)

---\\ Processus lancés
RtHDVCpl.exe
C:\Windows\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\WR_PopUp\WarReg_PopUp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\system32\Ati2evxx.exe
%windir%\system32\svchost.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\SearchIndexer.exe

---\\ Modification d'une valeur System.ini (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=explorer.exe

---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr

---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html

---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

---\\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\policies\Explorer: [NoDrives] Data="0"
O4 - HKLM\..\policies\Explorer: [NoLogOff] Data="0"
O4 - HKLM\..\policies\Explorer: [NoControlPanel] Data="0"

---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
O5 - control.ini: inetcpl.cpl=no

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Toolbars\INTERN~1\favicon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFBARH.ICO

---\\ Valeur de registre AppInit_DLLs et sous-clés Winlogon Notify (O20)
O20 - Winlogon Notify: SABWINLOStartup - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
---\\ Clé de Registre autorun SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030}

---\\ Services NT non Microsoft et non désactivés (O23)
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: (Ati External Event Utility) - C:\Windows\system32\Ati2evxx.exe
O23 - Service: eRecovery Service (eRecoveryService) - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - C:\Windows\system32\SLsvc.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - C:\Windows\System32\spoolsv.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - C:\Windows\system32\SearchIndexer.exe /Embedding

Réponse 75 / 80

Utilisateur anonyme

bonsoir le rapport est incomplet il faut le deposer sur ce site et renvoyer le lien obtenu

http://www.cijoint.fr/

Réponse 76 / 80

loloetseb Messages postés 5684 Statut Membre 174

--\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SA.DAT
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SCHEDLGU.TXT
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\WebReg PSC 1500 series.job

---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Microsoft Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
O40 - ASIC: Browser Customizations - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file)
O40 - ASIC: (no name) - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - (not file)
O40 - ASIC: Microsoft Windows Media Player 11.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\wmpdxm.dll
O40 - ASIC: Adobe Shockwave Director 11.0.3 - {233C1507-6A77-46A4-9443-F871F945D258} - C:\Windows\System32\Adobe\Director\swdir.dll
O40 - ASIC: Adobe Shockwave Director 11.0.3 - {2A202491-F00D-11cf-87CC-0020AFEECF20} - (not file)
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\system32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\system32\themeui.dll
O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Mail 7 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
O40 - ASIC: (no name) - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.7 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: Address Book 7 - {7790769C-0471-11d2-AF11-00C04FA35D02} - (not file)
O40 - ASIC: .NET Framework - {7C028AF8-F614-47B3-82DA-BA94E41B1089} - (not file)
O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: .NET Framework - {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - (not file)
O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: (no name) - {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - (not file)
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\Windows\system32\Macromed\Flash\Flash9f.ocx
O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)

---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: Pilote de média asynchrone RAS (AsyncMac) - C:\WINDOWS\system32\DRIVERS\asyncmac.sys
O41 - Driver: (no object) (atikmdag) - C:\WINDOWS\system32\DRIVERS\atikmdag.sys
O41 - Driver: ATI PCI Express (3GIO) Filter (AtiPcie) - C:\WINDOWS\system32\DRIVERS\AtiPcie.sys
O41 - Driver: avgio (avgio) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
O41 - Driver: avgntflt (avgntflt) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
O41 - Driver: avipbb (avipbb) - C:\WINDOWS\system32\DRIVERS\avipbb.sys
O41 - Driver: Pilote MS IEEE-1284.4 (Dot4) - C:\WINDOWS\system32\DRIVERS\Dot4.sys
O41 - Driver: Pilote de classe Imprimante pour IEEE-1284.4 (Dot4Print) - C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
O41 - Driver: MS Dot4USB Filter Dot4USB Filter (dot4usb) - C:\WINDOWS\system32\DRIVERS\dot4usb.sys
O41 - Driver: Filtre de décodeur DRM (Noyau Microsoft) (drmkaud) - C:\WINDOWS\system32\drivers\drmkaud.sys
O41 - Driver: Intel(R) PRO/1000 NDIS 6 Adapter Driver (E1G60) - C:\WINDOWS\system32\DRIVERS\E1G60I32.sys
O41 - Driver: Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio (HdAudAddService) - C:\WINDOWS\system32\drivers\HdAudio.sys
O41 - Driver: int15 (int15) - C:\Acer\Empowering Technology\eRecovery\int15.sys
O41 - Driver: Service for Realtek HD Audio (WDM) (IntcAzAudAddService) - C:\WINDOWS\system32\drivers\RTKVHDA.sys
O41 - Driver: @%systemroot%\system32\rascfg.dll,-32013 (IpFilterDriver) - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
O41 - Driver: IP in IP Tunnel Driver (IpInIp) - C:\WINDOWS\system32\DRIVERS\ipinip.sys
O41 - Driver: Pilote d’E/S du mappage de découverte de topologie de la couche de liaison (lltdio) - C:\WINDOWS\system32\DRIVERS\lltdio.sys
O41 - Driver: MBAMSwissArmy (MBAMSwissArmy) - C:\Windows\system32\drivers\mbamswissarmy.sys
O41 - Driver: Service Pilote de fonction de classe Moniteur Microsoft (monitor) - C:\WINDOWS\system32\DRIVERS\monitor.sys
O41 - Driver: Proxy de service de répartition Microsoft (MSKSSRV) - C:\WINDOWS\system32\drivers\MSKSSRV.sys
O41 - Driver: Proxy d'horloge de répartition Microsoft (MSPCLOCK) - C:\WINDOWS\system32\drivers\MSPCLOCK.sys
O41 - Driver: Proxy de gestion de qualité de répartition Microsoft (MSPQM) - C:\WINDOWS\system32\drivers\MSPQM.sys
O41 - Driver: Convertisseur en T/site-à-site de répartition Microsoft (MSTEE) - C:\WINDOWS\system32\drivers\MSTEE.sys
O41 - Driver: Filtre NativeWiFi (NativeWifiP) - C:\WINDOWS\system32\DRIVERS\nwifi.sys
O41 - Driver: @%systemroot%\system32\rascfg.dll,-32001 (NdisTapi) - C:\WINDOWS\system32\DRIVERS\ndistapi.sys
O41 - Driver: NDIS mode utilisateur E/S Protocole (Ndisuio) - C:\WINDOWS\system32\DRIVERS\ndisuio.sys
O41 - Driver: @%systemroot%\system32\rascfg.dll,-32002 (NdisWan) - C:\WINDOWS\system32\DRIVERS\ndiswan.sys
O41 - Driver: NetBIOS Interface (NetBIOS) - C:\WINDOWS\system32\DRIVERS\netbios.sys
O41 - Driver: Upper Class Filter Driver (NTIDrvr) - C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
O41 - Driver: IPX Traffic Filter Driver (NwlnkFlt) - C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
O41 - Driver: IPX Traffic Forwarder Driver (NwlnkFwd) - C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
O41 - Driver: PCTAppEvent Driver (PCTAppEvent) - C:\Windows\system32\drivers\PCTAppEvent.sys
O41 - Driver: pctgntdi (pctgntdi) - C:\Windows\System32\drivers\pctgntdi.sys
O41 - Driver: pctplfw (pctplfw) - C:\Windows\System32\drivers\pctplfw.sys
O41 - Driver: Miniport réseau étendu WAN (PPTP) (PptpMiniport) - C:\WINDOWS\system32\DRIVERS\raspptp.sys
O41 - Driver: @%SystemRoot%\System32\drivers\pacer.sys,-101 (PSched) - C:\WINDOWS\system32\DRIVERS\pacer.sys
O41 - Driver: (no object) (R300) - C:\WINDOWS\system32\DRIVERS\atikmdag.sys
O41 - Driver: Remote Access Auto Connection Driver (RasAcd) - C:\WINDOWS\System32\DRIVERS\rasacd.sys
O41 - Driver: Miniport réseau étendu WAN (L2TP) (Rasl2tp) - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
O41 - Driver: @%systemroot%\system32\rascfg.dll,-32007 (RasPppoe) - C:\WINDOWS\system32\DRIVERS\raspppoe.sys
O41 - Driver: @%systemroot%\system32\sstpsvc.dll,-202 (RasSstp) - C:\WINDOWS\system32\DRIVERS\rassstp.sys
O41 - Driver: Répondeur de découverte de topologie de la couche de liaison (rspndr) - C:\WINDOWS\system32\DRIVERS\rspndr.sys
O41 - Driver: SASDIFSV (SASDIFSV) - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
O41 - Driver: SASENUM (SASENUM) - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
O41 - Driver: SASKUTIL (SASKUTIL) - C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
O41 - Driver: PCTools Driver (SFilter) - C:\WINDOWS\system32\DRIVERS\pctfw.sys
O41 - Driver: @%SystemRoot%\system32\tcpipcfg.dll,-50005 (Smb) - C:\WINDOWS\system32\DRIVERS\smb.sys
O41 - Driver: ssmdrv (ssmdrv) - C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
O41 - Driver: Pilote de protocole IPv6 Microsoft (Tcpip6) - C:\WINDOWS\system32\DRIVERS\tcpip.sys
O41 - Driver: Pilote de carte miniport Microsoft Tun (tunmp) - C:\WINDOWS\system32\DRIVERS\tunmp.sys
O41 - Driver: Pilote de carte miniport Microsoft IPv6 Tunnel (tunnel) - C:\WINDOWS\system32\DRIVERS\tunnel.sys
O41 - Driver: Pilote de scanneur USB (usbscan) - C:\WINDOWS\system32\DRIVERS\usbscan.sys
O41 - Driver: (no object) (vga) - C:\WINDOWS\system32\DRIVERS\vgapnp.sys
O41 - Driver: Remote Access IP ARP Driver (Wanarp) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O41 - Driver: Remote Access IPv6 ARP Driver (Wanarpv6) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O41 - Driver: (no object) (WUDFRd) - C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
O41 - Driver: NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller (yukonwlh) - C:\WINDOWS\system32\DRIVERS\yk60x86.sys

---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin
O42 - Logiciel: Adobe Shockwave Player 11
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus
O42 - Logiciel: AuralogComponentsUninstall9
O42 - Logiciel: CCleaner (remove only)
O42 - Logiciel: Defraggler (remove only)
O42 - Logiciel: eMule
O42 - Logiciel: HijackThis 2.0.2
O42 - Logiciel: HP Imaging Device Functions 8.0
O42 - Logiciel: HP Solution Center 8.0
O42 - Logiciel: HP Customer Participation Program 8.0
O42 - Logiciel: HP OCR Software 8.0
O42 - Logiciel: NTI CD & DVD-Maker
O42 - Logiciel: Security Update for CAPICOM (KB931906)
O42 - Logiciel: Malwarebytes' Anti-Malware
O42 - Logiciel: Motamo 4.22
O42 - Logiciel: Mozilla Firefox (3.0.9)
O42 - Logiciel: nCleaner second 2.3.4.0
O42 - Logiciel: PC Tools Firewall Plus 5.0
O42 - Logiciel: Microsoft Office Professional Plus 2007
O42 - Logiciel: scrabbleproB 1.0.11
O42 - Logiciel: Scrabble® 2003 Edition
O42 - Logiciel: SLD Codec Pack
O42 - Logiciel: VideoLAN VLC media player 0.8.6f
O42 - Logiciel: Archiveur WinRAR
O42 - Logiciel: ZebHelpProcess 2.33.6
O42 - Logiciel: Google Earth
O42 - Logiciel: Java(TM) 6 Update 12
O42 - Logiciel: Free Games Offer, Desktop Shortcut
O42 - Logiciel: HP Product Assistant
O42 - Logiciel: OpenOffice.org Installer 1.0
O42 - Logiciel: Acer Picture Slide DVD
O42 - Logiciel: Skype™ 3.8
O42 - Logiciel: NTI Backup NOW! 4.7
O42 - Logiciel: Acer ScreenSaver
O42 - Logiciel: MSXML 4.0 SP2 (KB954430)
O42 - Logiciel: Update for Outlook 2007 Junk Email Filter (kb962871)
O42 - Logiciel: Security Update for Microsoft Office Word 2007 (KB956358)
O42 - Logiciel: Update for Microsoft Office Outlook 2007 (KB952142)
O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB951338)
O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB954326)
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB951944)
O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB956828)
O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB959997)
O42 - Logiciel: Update for Office 2007 (KB946691)
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB951550)
O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 1 (SP1)
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB960003)
O42 - Logiciel: Security Update for Microsoft Office Publisher 2007 (KB950114)
O42 - Logiciel: Microsoft Office Access MUI (French) 2007
O42 - Logiciel: Microsoft Office Excel MUI (French) 2007
O42 - Logiciel: Update for Microsoft Office Excel 2007 Help (KB957242)
O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007
O42 - Logiciel: Microsoft Office Publisher MUI (French) 2007
O42 - Logiciel: Microsoft Office Outlook MUI (French) 2007
O42 - Logiciel: Update for Microsoft Office Outlook 2007 Help (KB957246)
O42 - Logiciel: Microsoft Office Word MUI (French) 2007
O42 - Logiciel: Microsoft Office Proof (Arabic) 2007
O42 - Logiciel: Microsoft Office Proof (German) 2007
O42 - Logiciel: Microsoft Office Proof (English) 2007
O42 - Logiciel: Microsoft Office Proof (French) 2007
O42 - Logiciel: Microsoft Office Proof (Dutch) 2007
O42 - Logiciel: Microsoft Office Proof (Spanish) 2007
O42 - Logiciel: Microsoft Office Proofing (French) 2007
O42 - Logiciel: Microsoft Office InfoPath MUI (French) 2007
O42 - Logiciel: Microsoft Office Shared MUI (French) 2007
O42 - Logiciel: Microsoft Office Language Pack 2007 Service Pack 1 (SP1)
O42 - Logiciel: Acer Tour
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable
O42 - Logiciel: Galerie de photos Windows Live
O42 - Logiciel: Acer Zone SoftDMA
O42 - Logiciel: Acer Empowering Technology
O42 - Logiciel: Adobe Reader 9 - Français
O42 - Logiciel: Acer eDataSecurity Management
O42 - Logiciel: Acer Zone MakeDisk
O42 - Logiciel: MSXML 4.0 SP2 (KB936181)
O42 - Logiciel: MSXML 4.0 SP2 (KB941833)
O42 - Logiciel: HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
O42 - Logiciel: SUPERAntiSpyware Free Edition
O42 - Logiciel: Assistant de connexion Windows Live
O42 - Logiciel: Acer ePerformance Management
O42 - Logiciel: HP Photosmart Essential
O42 - Logiciel: HPSSupply
O42 - Logiciel: Acer Zone Main Page
O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU]
O42 - Logiciel: Realtek High Definition Audio Driver
O42 - Logiciel: 32 Bit HP CIO Components Installer
O42 - Logiciel: Acer Plug and Record
O42 - Logiciel: Acer Zone MagicDirector
O42 - Logiciel: Windows Live installer
O42 - Logiciel: HP Update

---\\ Contenu des dossiers Fichiers Communs (O43)
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Adobe
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Borland Shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\DESIGNER
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Hewlett-Packard
O43 - CFD:Common File Directory - C:\Program Files\Common Files\HP
O43 - CFD:Common File Directory - C:\Program Files\Common Files\InstallShield
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Java
O43 - CFD:Common File Directory - C:\Program Files\Common Files\LightScribe
O43 - CFD:Common File Directory - C:\Program Files\Common Files\microsoft shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\MicroWorld
O43 - CFD:Common File Directory - C:\Program Files\Common Files\NewTech Infosystems
O43 - CFD:Common File Directory - C:\Program Files\Common Files\PC Tools
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Services
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Skype
O43 - CFD:Common File Directory - C:\Program Files\Common Files\SpeechEngines
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Steam
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Symantec Shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\System
O43 - CFD:Common File Directory - C:\Program Files\Common Files\WindowsLiveInstaller
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Wise Installation Wizard

---\\ Derniers fichiers modifiés ou crées sous System32 (O44)
O44 - LFC:Last File Created - C:\Windows\System32\amxread.dll -->17/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\apilogen.dll -->17/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\axaltocm.dll -->17/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\ControlSet.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\Debug.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\deploytk.dll -->07/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\eEmpty.exe -->23/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\ezsidmv.dat -->20/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\FNTCACHE.DAT -->23/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\GenProc[].txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\html.iec -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iasads.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iasdatastore.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iashost.exe -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iasrecst.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ieaksie.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iedkcs32.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ieencode.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ieframe.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iertutil.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ieUnatt.exe -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ifxcardm.dll -->17/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\Interfaces.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\java.exe -->07/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\javaw.exe -->07/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\javaws.exe -->07/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\jsproxy.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\kernel32.dll -->13/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\lsasrv.dll -->13/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\mrt.exe -->06/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\msfeeds.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\mshtml.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\mshtml.tlb -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\mstime.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\msvcp80.dll -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\msvcr80.dll -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\ntkrnlpa.exe -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ntoskrnl.exe -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\occache.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\PathFF.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\perfc009.dat -->23/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\perfc00C.dat -->23/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\perfh009.dat -->23/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\perfh00C.dat -->23/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\PerfStringBackup.INI -->23/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\printfilterpipelineprxy.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\printfilterpipelinesvc.exe -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\Profils_FF.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\rpcss.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\sdohlp.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\secur32.dll -->13/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\Uninstall.txt -->22/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\urlmon.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\w32apiw.dll -->23/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\win32k.sys -->09/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\wininet.dll -->03/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\mbam.sys -->06/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\mbamswissarmy.sys -->06/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf -->17/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\PCTCore.sys -->13/03/2009

---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\404FIX.EXE-E9F29DA8.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ACRORD32INFO.EXE-1C0557AA.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgAppLaunch.db -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgCx_SC1.db -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgCx_SC1.db.trx -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AGENT.OMZ.FIX.EXE-855EC73D.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlFaultHistory.db -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlFgAppHistory.db -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlGlobalHistory.db -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-4073331961-3280358938-1957956153-1000.db -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-4073331961-3280358938-1957956153-1000.db -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgRobust.db -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AVCENTER.EXE-AF580B74.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AVWSC.EXE-18A3FCA0.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CACLS.EXE-D332D70E.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CCLEANER.EXE-D4D76A60.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CHKNTFS.EXE-4D884E7D.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CMD.EXE-4A81B364.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CONIME.EXE-9781FD5F.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CONSENT.EXE-531BD9EA.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CSCRIPT.EXE-D1EF4768.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CUREIT.EXE-1DFD69FF.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DEFRAG.EXE-588F90AD.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DFRGNTFS.EXE-7E4077FE.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DLLHOST.EXE-6A473D35.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DLLHOST.EXE-6BCB9FAA.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DLLHOST.EXE-766398D2.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DOWNLOAD.EXE-9E65F675.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DRVINST.EXE-4CB4314A.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DUMPHIVE.EXE-3C570D97.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ESCAN_VIRUS_CLEANER.EXE-88DC0E02.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\FIND.EXE-E2237F6D.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\FINDSTR.EXE-2E9C6FE2.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\FIREFOX.EXE-A606B53C.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\FWSERVICE.EXE-868C0AE2.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GAVILA.EXE-BEA03353.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HIJACKTHIS.EXE-9FD56571.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HPQSTE08.EXE-8FA26316.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\IEDFIX.C.EXE-D93680C7.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\IEDFIX.EXE-DA71DC22.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\Layout.ini -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\LSSRVC.EXE-0D95A0DF.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM-DOR.EXE-547CF556.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM-SETUP.EXE-069937A7.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM-SETUP.EXE-5EF0C92C.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM-SETUP.EXE-A9F8D519.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM-SETUP.TMP-2130A912.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM-SETUP.TMP-634A7E33.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM-SETUP.TMP-9F22BB2B.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM-SETUP.TMP-BB88652A.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM-SETUP.TMP-CF6A6DE8.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM-SETUP.TMP-FFE097D4.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM.EXE-305FF92C.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAMGUI.EXE-4FE652ED.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBRWRWIN.EXE-2144233B.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MEXE.COM-5DEF9C99.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MMLOADDRV.EXE-5475B7CC.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MOBSYNC.EXE-C5E2284F.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MODE.COM-DB34C082.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MOM.EXE-3B2B5194.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MWAVL.EXE-8456F8D0.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NOTEPAD.EXE-86E0E9B9.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NOTEPAD.EXE-D8414F97.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NTVDM.EXE-F6564EE5.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\O4PATCH.EXE-28E081AC.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\OTMOVEIT3.EXE-23DD293D.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PfSvPerfStats.bin -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\POLICIES.EXE-620F90ED.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PROCESS.EXE-05032E94.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PV.EXE-530A0D5F.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\REGCLEANER.EXE-9EE303F3.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\REGEDIT.EXE-90FEEA06.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\REGSVR32.EXE-8461DBEE.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RICHVIDEO.EXE-4FA35CCC.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RSIT(3).EXE-DB20A599.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-230FC512.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-5931CA67.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-6D2968F1.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-6E88E69C.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SCANNINGPROCESS.EXE-7B9EA74D.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SCHTASKS.EXE-5CA45734.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SETUP.EXE-D31D1F84.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SHUTDOWN.EXE-E7D5C9CC.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SMITFRAUDFIX.EXE-8E367461.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SRCHSTS.EXE-9DE5594F.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SSUPDATE.EXE-FC6B201A.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SSVAGENT.EXE-D0A26E22.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SUPERANTISPYWARE.EXE-D7978FB2.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SVCHOST.EXE-3AB35CA7.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SVCHOST.EXE-61AE5AB6.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SVCHOST.EXE-DD9DE812.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWREG.EXE-32F02E35.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWREG.EXE-9CC507F0.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWREG.EXE-BE5D1A81.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TASKENG.EXE-48D4E289.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TASKMGR.EXE-5F5F473D.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\UNINS000.EXE-A34E4C84.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\UNINSTAL.EXE-09AB5A46.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\UNREGX.EXE-E62DDEEA.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\UPDATE.EXE-DB15A2AB.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\USBFIX.EXE-D7AED5B8.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\VACFIX.EXE-F0807E1A.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\VERCLSID.EXE-7C52E31C.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\VSSVC.EXE-B8AFC319.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WERCON.EXE-E36BD04E.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WINRAR.EXE-94E7D80C.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WLRMDR.EXE-C2B47318.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WMPLAYER.EXE-BAD6BD53.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WSCRIPT.EXE-52CF1F0C.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WSQMCONS.EXE-118B52B7.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WUDFHOST.EXE-AFFEF87C.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ZHP2.EXE-B4567A37.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\_IU14D2N.TMP-331FCD1E.pf -->23/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\_START.EXE-FF3D2E40.pf -->23/04/2009

---\\ Déni du service Local Security Authority (LSA) (O48)
O48 - LSA:Local Security Authority Authentication Packages - C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages - C:\Windows\System32\scecli.dll

---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\volmgrx.sys

---\\ Recherche d'infection de Base de Registres (O71)
O71 - BDRI:[hklm\software\microsoft\internet explorer\main]:start page - https://www.msn.com/fr-fr

Réponse 77 / 80

Utilisateur anonyme

---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:files
C:\Windows\System32\w32apiw.dll
C:\Windows\System32\Uninstall.txt
C:\Windows\System32\Profils_FF.txt
C:\Windows\System32\PathFF.txt
C:\Windows\System32\Interfaces.txt
C:\Windows\System32\GenProc[].txt
C:\Windows\System32\ezsidmv.dat
C:\Windows\System32\eEmpty.exe
C:\Windows\System32\Debug.txt
C:\Windows\System32\ControlSet.txt

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

Réponse 78 / 80

loloetseb Messages postés 5684 Statut Membre 174

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
LoadLibrary failed for C:\Windows\System32\w32apiw.dll
C:\Windows\System32\w32apiw.dll NOT unregistered.
C:\Windows\System32\w32apiw.dll moved successfully.
C:\Windows\System32\Uninstall.txt moved successfully.
C:\Windows\System32\Profils_FF.txt moved successfully.
C:\Windows\System32\PathFF.txt moved successfully.
C:\Windows\System32\Interfaces.txt moved successfully.
C:\Windows\System32\GenProc[].txt moved successfully.
C:\Windows\System32\ezsidmv.dat moved successfully.
C:\Windows\System32\eEmpty.exe moved successfully.
C:\Windows\System32\Debug.txt moved successfully.
C:\Windows\System32\ControlSet.txt moved successfully.
========== COMMANDS ==========
File delete failed. C:\Users\Gavila\AppData\Local\Temp\~DF3D13.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04232009_225337

Files moved on Reboot...
C:\Users\Gavila\AppData\Local\Temp\~DF3D13.tmp moved successfully.

Réponse 79 / 80

loloetseb Messages postés 5684 Statut Membre 174

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-26 19:54:14
Windows 6.0.6001 Service Pack 1

---- System - GMER 1.0.15 ----

SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwAllocateVirtualMemory [0x97506B94]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwAlpcConnectPort [0x97506516]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwAssignProcessToJobObject [0x97506586]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwConnectPort [0x975065DA]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwCreateFile [0x97506640]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwCreateProcess [0x9750672E]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwCreateProcessEx [0x975067BA]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwCreateThread [0x9750684A]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwDebugActiveProcess [0x97506980]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwDuplicateObject [0x975069D4]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwLoadDriver [0x97506A3A]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwOpenKey [0x97506A8C]
SSDT 885E97B0 ZwOpenProcess
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwOpenSection [0x97506AE4]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwOpenThread [0x97506B3C]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwProtectVirtualMemory [0x97506BFA]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwRestoreKey [0x97506C58]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwResumeThread [0x97506CB6]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwSecureConnectPort [0x97506D74]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwSetValueKey [0x97506D08]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwSuspendProcess [0x97506DDE]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwSystemDebugControl [0x97506E30]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess [0x8C8BFF20]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwWriteVirtualMemory [0x97506EF4]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwCreateThreadEx [0x975068EC]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwCreateUserProcess [0x975066BE]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 364 81CEE928 4 Bytes [94, 6B, 50, 97]
.text ntkrnlpa.exe!KeSetTimerEx + 370 81CEE934 4 Bytes [16, 65, 50, 97]
.text ntkrnlpa.exe!KeSetTimerEx + 3C4 81CEE988 4 Bytes CALL D234700E
.text ntkrnlpa.exe!KeSetTimerEx + 3F4 81CEE9B8 4 Bytes CALL D234C43E
.text ntkrnlpa.exe!KeSetTimerEx + 40C 81CEE9D0 4 Bytes [40, 66, 50, 97] {INC EAX; PUSH AX; XCHG EDI, EAX}
.text ...
? system32\DRIVERS\44500278.sys Le chemin d'accès spécifié est introuvable. !
? C:\Windows\system32\Drivers\PROCEXP90.SYS Le fichier spécifié est introuvable. !
? C:\Users\Gavila\AppData\Local\Temp\catchme.sys Le fichier spécifié est introuvable. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [74D07BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [74D498C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [74D0D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [74CFF527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [74D07599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [74CFE43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74D3B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [74D0D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [74D0012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [74D00095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [74CF71F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [74D8D802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [74D275E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [74CFDAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [74CF668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [74CF66BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74D01E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp pctgntdi.sys
AttachedDevice \Driver\tdx \Device\Udp pctgntdi.sys
AttachedDevice \Driver\tdx \Device\RawIp pctgntdi.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestionnaire de filtres de système de fichiers Microsoft/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Users\Gavila\AppData\Local\Temp\FtpTemp\base601c.avc 0 bytes
File C:\Windows\System32\drivers\fidbox.dat (size mismatch) 4278304/3491872 bytes
File C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl (size mismatch) 16384/12288 bytes
File C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.002 (size mismatch) 557056/475136 bytes

---- EOF - GMER 1.0.15 ----

Réponse 80 / 80

Utilisateur anonyme

le rsit ne fonctionne toujours pas ?

Infection du PC

80 réponses

Votre réponse

Newsletters