Infection du PC - Page 4

Précédent
  • 1
  • 2
  • 3
  • 4
  1. loloetseb Messages postés 5684 Statut Membre 174
     
    Je sais,j'ai vu,y'a tout de bizarre sur ce pc.Je serais curieux de savoir ce qui se cache dessous ,c'est assez puissant,j'ai jamais vu ca.

    Bon je relance le 2 d'usbfix,mais il va pas le faire sauter
    0
  2. loloetseb Messages postés 5684 Statut Membre 174
     
    Tiens les tmp reg et txt sont revenus et ont ete de nouveau supprimé par usb

    ############################## [ UsbFix V3.010 ]

    # User : Gavila (Administrateurs) # PC-DE-GAVILA
    # Update on 19/04/09 by C_XX & Chiquitine29
    # Start at: 04:15:40 | 23/04/2009
    # Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

    # Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz
    # Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
    # Internet Explorer 7.0.6001.18000
    # Windows Firewall Status : Disabled
    # AV : Avira AntiVir PersonalEdition Classic 8.0.1.30 [ Enabled | Updated ]
    # FW : PC Tools Firewall Plus[ Enabled ]4.0.0

    # C:\ # Disque fixe local # 71,28 Go (42,99 Go free) [ACER] # NTFS
    # D:\ # Disque fixe local # 70,94 Go (70,57 Go free) [DATA] # NTFS
    # E:\ # Disque CD-ROM
    # F:\ # Disque amovible
    # G:\ # Disque amovible
    # H:\ # Disque amovible
    # I:\ # Disque amovible
    # J:\ # Disque amovible # 124,01 Mo (57,63 Mo free) # FAT32

    ############################## [ Processus actifs ]

    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\PC Tools Firewall Plus\FWService.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\runonce.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\DllHost.exe

    ################## [ Fichiers # Dossiers infectieux ]

    Deleted ! C:\Windows\system32\tmp.reg
    Deleted ! C:\Windows\system32\tmp.txt

    ################## [ Registre # Clés Run infectieuses ]

    # -> Not Found !

    ################## [ Registre # Startup ]

    HKCU_Main: "SEARCH PAGE"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    HKCU_Main: "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    HKCU_Main: "Window Title"=""
    HKLM_logon: "Userinit"="C:\\Windows\\system32\\userinit.exe,"
    HKLM_logon: "DefaultUserName"=""
    HKLM_logon: "LegalNoticeCaption"=""
    HKLM_logon: "LegalNoticeText"=""
    HKLM_Run: RtHDVCpl=RtHDVCpl.exe
    HKLM_Run: Acer Empowering Technology Monitor=C:\Windows\system32\SysMonitor.exe
    HKLM_Run: eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    HKLM_Run: WarReg_PopUp=C:\Acer\WR_PopUp\WarReg_PopUp.exe
    HKLM_Run: StartCCC="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    HKLM_Run: avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    HKLM_Run: 00PCTFW="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
    HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
    HKCU_Run: Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    HKCU_Run: SUPERAntiSpyware=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    ################## [ Registre # Mountpoints2 ]

    # -> Not Found !

    ################## [ Listing des fichiers présent ]

    C:\autoexec.bat
    C:\autorun.inf
    D:\autorun.inf
    J:\7z465.exe
    J:\cureit.exe
    J:\revosetup.exe
    J:\ZHPL 2.33.7.exe
    J:\RegCleaner.exe
    J:\mbam-setup.exe
    J:\RSIT(2).exe
    J:\autorun.inf

    ################## [ Vaccination ]

    # D:\autorun.inf -> Folder created by UsbFix.
    # J:\autorun.inf -> Folder created by UsbFix.

    ################## [ ! Fin du rapport # UsbFix V3.010 ! ]
    0
  3. loloetseb Messages postés 5684 Statut Membre 174
     
    Ben il s'est arretté dans le redemarrage,mais y'avait rien de detecté jusqu'au redemmarage.Bon ,je vais aller faire dodo,je suis pas chez moi,faut que je rentre en voiture la,gag

    A demain
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. loloetseb Messages postés 5684 Statut Membre 174
     
    Bon je l'ai relancé avant de partir,on verra bien mais je suis assez pessimiste sur les detections de mbam la

    Bonne fin de soirée
    0
  6. gen-hackman
     
    ok tu retenteras DrWeb demain moi aussi je vais y aller c'est l'heure des critiqueurs
    0
  7. Cruch
     
    La bone réponce es déjà donné et plussoyé une vingtène de foix.

    Tête de delco

    :) lol
    0
  8. loloetseb Messages postés 5684 Statut Membre 174
     
    C'est crunch le chocolat qui croustille,mdr
    0
  9. loloetseb Messages postés 5684 Statut Membre 174
     
    ;)
    0
  10. loloetseb Messages postés 5684 Statut Membre 174
     
    1 -
    Malwarebytes' Anti-Malware 1.36
    Version de la base de données: 2031
    Windows 6.0.6001 Service Pack 1

    23/04/2009 18:06:02
    mbam-log-2009-04-23 (18-06-02).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 152864
    Temps écoulé: 40 minute(s), 9 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 4

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Windows\rundll16.exe (Fake.Dropped.Malware) -> Delete on reboot.
    C:\Windows\System32\vcmgcd32.dll (Trojan.Agent) -> Delete on reboot.
    C:\Windows\System32\systems.txt (Trojan.Vundo) -> Delete on reboot.
    C:\Windows\logo1_.exe (Worm.Viking) -> Delete on reboot.

    2 -

    23/04/2009 18:06:02
    mbam-log-2009-04-23 (18-06-02).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 152864
    Temps écoulé: 40 minute(s), 9 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 4

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Windows\rundll16.exe (Fake.Dropped.Malware) -> Delete on reboot.
    C:\Windows\System32\vcmgcd32.dll (Trojan.Agent) -> Delete on reboot.
    C:\Windows\System32\systems.txt (Trojan.Vundo) -> Delete on reboot.
    C:\Windows\logo1_.exe (Worm.Viking) -> Delete on reboot.
    0
  11. loloetseb Messages postés 5684 Statut Membre 174
     
    :processes
    explorer.exe

    :files
    C:\Windows\rundll16.exe
    C:\Windows\System32\vcmgcd32.dll
    C:\Windows\System32\systems.txt
    C:\Windows\logo1_.exe

    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
    0
  12. loloetseb Messages postés 5684 Statut Membre 174
     
    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== FILES ==========
    Folder move failed. C:\Windows\rundll16.exe scheduled to be moved on reboot.
    Folder move failed. C:\Windows\System32\vcmgcd32.dll scheduled to be moved on reboot.
    Folder move failed. C:\Windows\System32\systems.txt scheduled to be moved on reboot.
    Folder move failed. C:\Windows\logo1_.exe scheduled to be moved on reboot.
    ========== COMMANDS ==========
    File delete failed. C:\Users\Gavila\AppData\Local\Temp\etilqs_DNDuhvjV994ZzJyigCcQ scheduled to be deleted on reboot.
    File delete failed. C:\Users\Gavila\AppData\Local\Temp\etilqs_xFCiALD91SJUagc4DCx4 scheduled to be deleted on reboot.
    File delete failed. C:\Users\Gavila\AppData\Local\Temp\etilqs_xFCiALD91SJUagc4DCx4-journal scheduled to be deleted on reboot.
    File delete failed. C:\Users\Gavila\AppData\Local\Temp\~DF816A.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Users\Gavila\AppData\Local\Temp\~DF8EE.tmp scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Internet Explorer cache folder emptied.
    Windows Temp folder emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04232009_184346

    Files moved on Reboot...
    File C:\Windows\rundll16.exe not found!
    File C:\Windows\System32\vcmgcd32.dll not found!
    File C:\Windows\System32\systems.txt not found!
    File C:\Windows\logo1_.exe not found!
    File C:\Users\Gavila\AppData\Local\Temp\etilqs_DNDuhvjV994ZzJyigCcQ not found!
    File C:\Users\Gavila\AppData\Local\Temp\etilqs_xFCiALD91SJUagc4DCx4 not found!
    File C:\Users\Gavila\AppData\Local\Temp\etilqs_xFCiALD91SJUagc4DCx4-journal not found!
    C:\Users\Gavila\AppData\Local\Temp\~DF816A.tmp moved successfully.
    C:\Users\Gavila\AppData\Local\Temp\~DF8EE.tmp moved successfully.
    0
  13. loloetseb Messages postés 5684 Statut Membre 174
     
    ;)
    0
  14. loloetseb Messages postés 5684 Statut Membre 174
     
    Rapport de ZHPDiag v1.16.6 par Nicolas Coolman
    Enregistré le 23/04/2009 22:00:46
    Platform : Windows Vista (TM) Home Premium (6.0.6001) Service Pack 1
    MSIE: Internet Explorer v7.0.6001.18000
    MFIE: Mozilla Firefox (3.0.9)

    ---\\ Processus lancés
    RtHDVCpl.exe
    C:\Windows\system32\SysMonitor.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Acer\WR_PopUp\WarReg_PopUp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Windows\system32\Ati2evxx.exe
    %windir%\system32\svchost.exe
    C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\PC Tools Firewall Plus\FWService.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\SearchIndexer.exe

    ---\\ Modification d'une valeur System.ini (F2)
    F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
    F2 - REG:system.ini: Shell=explorer.exe

    ---\\ Pages de démarrage d'Internet Explorer (R0)
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr

    ---\\ Pages de recherche d'Internet Explorer (R1)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html

    ---\\ Browser Helper Objects de navigateur (O2)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    ---\\ Internet Explorer Toolbars (O3)
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

    ---\\ Applications démarrées automatiquement par le registre (O4)
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKLM\..\policies\Explorer: [NoDrives] Data="0"
    O4 - HKLM\..\policies\Explorer: [NoLogOff] Data="0"
    O4 - HKLM\..\policies\Explorer: [NoControlPanel] Data="0"

    ---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
    O5 - control.ini: inetcpl.cpl=no

    ---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

    ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Toolbars\INTERN~1\favicon.ico
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFBARH.ICO

    ---\\ Valeur de registre AppInit_DLLs et sous-clés Winlogon Notify (O20)
    O20 - Winlogon Notify: SABWINLOStartup - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    ---\\ Clé de Registre autorun SharedTaskScheduler (O22)
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030}

    ---\\ Services NT non Microsoft et non désactivés (O23)
    O23 - Service: ePerformance Service (AcerMemUsageCheckService) - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: (Ati External Event Utility) - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: eRecovery Service (eRecoveryService) - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - C:\Program Files\PC Tools Firewall Plus\FWService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - C:\Windows\system32\SLsvc.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - C:\Windows\System32\spoolsv.exe
    O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - C:\Windows\system32\SearchIndexer.exe /Embedding
    0
  15. loloetseb Messages postés 5684 Statut Membre 174
     
    --\\ Tâches planifiées en automatique (O39)
    O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SA.DAT
    O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SCHEDLGU.TXT
    O39 - APT:Automatic Planified Task - C:\Windows\Tasks\WebReg PSC 1500 series.job

    ---\\ Composants installés (ActiveSetup Installed Components) (O40)
    O40 - ASIC: Microsoft Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
    O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
    O40 - ASIC: Browser Customizations - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
    O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file)
    O40 - ASIC: (no name) - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - (not file)
    O40 - ASIC: Microsoft Windows Media Player 11.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\wmpdxm.dll
    O40 - ASIC: Adobe Shockwave Director 11.0.3 - {233C1507-6A77-46A4-9443-F871F945D258} - C:\Windows\System32\Adobe\Director\swdir.dll
    O40 - ASIC: Adobe Shockwave Director 11.0.3 - {2A202491-F00D-11cf-87CC-0020AFEECF20} - (not file)
    O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\system32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\system32\themeui.dll
    O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
    O40 - ASIC: Microsoft Windows Mail 7 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    O40 - ASIC: (no name) - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
    O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
    O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
    O40 - ASIC: Microsoft Windows Script 5.7 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
    O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
    O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
    O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
    O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
    O40 - ASIC: Address Book 7 - {7790769C-0471-11d2-AF11-00C04FA35D02} - (not file)
    O40 - ASIC: .NET Framework - {7C028AF8-F614-47B3-82DA-BA94E41B1089} - (not file)
    O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
    O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
    O40 - ASIC: .NET Framework - {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - (not file)
    O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
    O40 - ASIC: (no name) - {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - (not file)
    O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\Windows\system32\Macromed\Flash\Flash9f.ocx
    O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
    O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)

    ---\\ Pilotes lancés au démarrage (O41)
    O41 - Driver: Pilote de média asynchrone RAS (AsyncMac) - C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    O41 - Driver: (no object) (atikmdag) - C:\WINDOWS\system32\DRIVERS\atikmdag.sys
    O41 - Driver: ATI PCI Express (3GIO) Filter (AtiPcie) - C:\WINDOWS\system32\DRIVERS\AtiPcie.sys
    O41 - Driver: avgio (avgio) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
    O41 - Driver: avgntflt (avgntflt) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
    O41 - Driver: avipbb (avipbb) - C:\WINDOWS\system32\DRIVERS\avipbb.sys
    O41 - Driver: Pilote MS IEEE-1284.4 (Dot4) - C:\WINDOWS\system32\DRIVERS\Dot4.sys
    O41 - Driver: Pilote de classe Imprimante pour IEEE-1284.4 (Dot4Print) - C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
    O41 - Driver: MS Dot4USB Filter Dot4USB Filter (dot4usb) - C:\WINDOWS\system32\DRIVERS\dot4usb.sys
    O41 - Driver: Filtre de décodeur DRM (Noyau Microsoft) (drmkaud) - C:\WINDOWS\system32\drivers\drmkaud.sys
    O41 - Driver: Intel(R) PRO/1000 NDIS 6 Adapter Driver (E1G60) - C:\WINDOWS\system32\DRIVERS\E1G60I32.sys
    O41 - Driver: Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio (HdAudAddService) - C:\WINDOWS\system32\drivers\HdAudio.sys
    O41 - Driver: int15 (int15) - C:\Acer\Empowering Technology\eRecovery\int15.sys
    O41 - Driver: Service for Realtek HD Audio (WDM) (IntcAzAudAddService) - C:\WINDOWS\system32\drivers\RTKVHDA.sys
    O41 - Driver: @%systemroot%\system32\rascfg.dll,-32013 (IpFilterDriver) - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    O41 - Driver: IP in IP Tunnel Driver (IpInIp) - C:\WINDOWS\system32\DRIVERS\ipinip.sys
    O41 - Driver: Pilote d’E/S du mappage de découverte de topologie de la couche de liaison (lltdio) - C:\WINDOWS\system32\DRIVERS\lltdio.sys
    O41 - Driver: MBAMSwissArmy (MBAMSwissArmy) - C:\Windows\system32\drivers\mbamswissarmy.sys
    O41 - Driver: Service Pilote de fonction de classe Moniteur Microsoft (monitor) - C:\WINDOWS\system32\DRIVERS\monitor.sys
    O41 - Driver: Proxy de service de répartition Microsoft (MSKSSRV) - C:\WINDOWS\system32\drivers\MSKSSRV.sys
    O41 - Driver: Proxy d'horloge de répartition Microsoft (MSPCLOCK) - C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    O41 - Driver: Proxy de gestion de qualité de répartition Microsoft (MSPQM) - C:\WINDOWS\system32\drivers\MSPQM.sys
    O41 - Driver: Convertisseur en T/site-à-site de répartition Microsoft (MSTEE) - C:\WINDOWS\system32\drivers\MSTEE.sys
    O41 - Driver: Filtre NativeWiFi (NativeWifiP) - C:\WINDOWS\system32\DRIVERS\nwifi.sys
    O41 - Driver: @%systemroot%\system32\rascfg.dll,-32001 (NdisTapi) - C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    O41 - Driver: NDIS mode utilisateur E/S Protocole (Ndisuio) - C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    O41 - Driver: @%systemroot%\system32\rascfg.dll,-32002 (NdisWan) - C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    O41 - Driver: NetBIOS Interface (NetBIOS) - C:\WINDOWS\system32\DRIVERS\netbios.sys
    O41 - Driver: Upper Class Filter Driver (NTIDrvr) - C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
    O41 - Driver: IPX Traffic Filter Driver (NwlnkFlt) - C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    O41 - Driver: IPX Traffic Forwarder Driver (NwlnkFwd) - C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    O41 - Driver: PCTAppEvent Driver (PCTAppEvent) - C:\Windows\system32\drivers\PCTAppEvent.sys
    O41 - Driver: pctgntdi (pctgntdi) - C:\Windows\System32\drivers\pctgntdi.sys
    O41 - Driver: pctplfw (pctplfw) - C:\Windows\System32\drivers\pctplfw.sys
    O41 - Driver: Miniport réseau étendu WAN (PPTP) (PptpMiniport) - C:\WINDOWS\system32\DRIVERS\raspptp.sys
    O41 - Driver: @%SystemRoot%\System32\drivers\pacer.sys,-101 (PSched) - C:\WINDOWS\system32\DRIVERS\pacer.sys
    O41 - Driver: (no object) (R300) - C:\WINDOWS\system32\DRIVERS\atikmdag.sys
    O41 - Driver: Remote Access Auto Connection Driver (RasAcd) - C:\WINDOWS\System32\DRIVERS\rasacd.sys
    O41 - Driver: Miniport réseau étendu WAN (L2TP) (Rasl2tp) - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    O41 - Driver: @%systemroot%\system32\rascfg.dll,-32007 (RasPppoe) - C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    O41 - Driver: @%systemroot%\system32\sstpsvc.dll,-202 (RasSstp) - C:\WINDOWS\system32\DRIVERS\rassstp.sys
    O41 - Driver: Répondeur de découverte de topologie de la couche de liaison (rspndr) - C:\WINDOWS\system32\DRIVERS\rspndr.sys
    O41 - Driver: SASDIFSV (SASDIFSV) - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    O41 - Driver: SASENUM (SASENUM) - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
    O41 - Driver: SASKUTIL (SASKUTIL) - C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
    O41 - Driver: PCTools Driver (SFilter) - C:\WINDOWS\system32\DRIVERS\pctfw.sys
    O41 - Driver: @%SystemRoot%\system32\tcpipcfg.dll,-50005 (Smb) - C:\WINDOWS\system32\DRIVERS\smb.sys
    O41 - Driver: ssmdrv (ssmdrv) - C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    O41 - Driver: Pilote de protocole IPv6 Microsoft (Tcpip6) - C:\WINDOWS\system32\DRIVERS\tcpip.sys
    O41 - Driver: Pilote de carte miniport Microsoft Tun (tunmp) - C:\WINDOWS\system32\DRIVERS\tunmp.sys
    O41 - Driver: Pilote de carte miniport Microsoft IPv6 Tunnel (tunnel) - C:\WINDOWS\system32\DRIVERS\tunnel.sys
    O41 - Driver: Pilote de scanneur USB (usbscan) - C:\WINDOWS\system32\DRIVERS\usbscan.sys
    O41 - Driver: (no object) (vga) - C:\WINDOWS\system32\DRIVERS\vgapnp.sys
    O41 - Driver: Remote Access IP ARP Driver (Wanarp) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
    O41 - Driver: Remote Access IPv6 ARP Driver (Wanarpv6) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
    O41 - Driver: (no object) (WUDFRd) - C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
    O41 - Driver: NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller (yukonwlh) - C:\WINDOWS\system32\DRIVERS\yk60x86.sys

    ---\\ Logiciels installés (O42)
    O42 - Logiciel: Adobe Flash Player ActiveX
    O42 - Logiciel: Adobe Flash Player 10 Plugin
    O42 - Logiciel: Adobe Shockwave Player 11
    O42 - Logiciel: Avira AntiVir Personal - Free Antivirus
    O42 - Logiciel: AuralogComponentsUninstall9
    O42 - Logiciel: CCleaner (remove only)
    O42 - Logiciel: Defraggler (remove only)
    O42 - Logiciel: eMule
    O42 - Logiciel: HijackThis 2.0.2
    O42 - Logiciel: HP Imaging Device Functions 8.0
    O42 - Logiciel: HP Solution Center 8.0
    O42 - Logiciel: HP Customer Participation Program 8.0
    O42 - Logiciel: HP OCR Software 8.0
    O42 - Logiciel: NTI CD & DVD-Maker
    O42 - Logiciel: Security Update for CAPICOM (KB931906)
    O42 - Logiciel: Malwarebytes' Anti-Malware
    O42 - Logiciel: Motamo 4.22
    O42 - Logiciel: Mozilla Firefox (3.0.9)
    O42 - Logiciel: nCleaner second 2.3.4.0
    O42 - Logiciel: PC Tools Firewall Plus 5.0
    O42 - Logiciel: Microsoft Office Professional Plus 2007
    O42 - Logiciel: scrabbleproB 1.0.11
    O42 - Logiciel: Scrabble® 2003 Edition
    O42 - Logiciel: SLD Codec Pack
    O42 - Logiciel: VideoLAN VLC media player 0.8.6f
    O42 - Logiciel: Archiveur WinRAR
    O42 - Logiciel: ZebHelpProcess 2.33.6
    O42 - Logiciel: Google Earth
    O42 - Logiciel: Java(TM) 6 Update 12
    O42 - Logiciel: Free Games Offer, Desktop Shortcut
    O42 - Logiciel: HP Product Assistant
    O42 - Logiciel: OpenOffice.org Installer 1.0
    O42 - Logiciel: Acer Picture Slide DVD
    O42 - Logiciel: Skype™ 3.8
    O42 - Logiciel: NTI Backup NOW! 4.7
    O42 - Logiciel: Acer ScreenSaver
    O42 - Logiciel: MSXML 4.0 SP2 (KB954430)
    O42 - Logiciel: Update for Outlook 2007 Junk Email Filter (kb962871)
    O42 - Logiciel: Security Update for Microsoft Office Word 2007 (KB956358)
    O42 - Logiciel: Update for Microsoft Office Outlook 2007 (KB952142)
    O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB951338)
    O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB954326)
    O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB951944)
    O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB956828)
    O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB959997)
    O42 - Logiciel: Update for Office 2007 (KB946691)
    O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB951550)
    O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 1 (SP1)
    O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB960003)
    O42 - Logiciel: Security Update for Microsoft Office Publisher 2007 (KB950114)
    O42 - Logiciel: Microsoft Office Access MUI (French) 2007
    O42 - Logiciel: Microsoft Office Excel MUI (French) 2007
    O42 - Logiciel: Update for Microsoft Office Excel 2007 Help (KB957242)
    O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007
    O42 - Logiciel: Microsoft Office Publisher MUI (French) 2007
    O42 - Logiciel: Microsoft Office Outlook MUI (French) 2007
    O42 - Logiciel: Update for Microsoft Office Outlook 2007 Help (KB957246)
    O42 - Logiciel: Microsoft Office Word MUI (French) 2007
    O42 - Logiciel: Microsoft Office Proof (Arabic) 2007
    O42 - Logiciel: Microsoft Office Proof (German) 2007
    O42 - Logiciel: Microsoft Office Proof (English) 2007
    O42 - Logiciel: Microsoft Office Proof (French) 2007
    O42 - Logiciel: Microsoft Office Proof (Dutch) 2007
    O42 - Logiciel: Microsoft Office Proof (Spanish) 2007
    O42 - Logiciel: Microsoft Office Proofing (French) 2007
    O42 - Logiciel: Microsoft Office InfoPath MUI (French) 2007
    O42 - Logiciel: Microsoft Office Shared MUI (French) 2007
    O42 - Logiciel: Microsoft Office Language Pack 2007 Service Pack 1 (SP1)
    O42 - Logiciel: Acer Tour
    O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable
    O42 - Logiciel: Galerie de photos Windows Live
    O42 - Logiciel: Acer Zone SoftDMA
    O42 - Logiciel: Acer Empowering Technology
    O42 - Logiciel: Adobe Reader 9 - Français
    O42 - Logiciel: Acer eDataSecurity Management
    O42 - Logiciel: Acer Zone MakeDisk
    O42 - Logiciel: MSXML 4.0 SP2 (KB936181)
    O42 - Logiciel: MSXML 4.0 SP2 (KB941833)
    O42 - Logiciel: HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
    O42 - Logiciel: SUPERAntiSpyware Free Edition
    O42 - Logiciel: Assistant de connexion Windows Live
    O42 - Logiciel: Acer ePerformance Management
    O42 - Logiciel: HP Photosmart Essential
    O42 - Logiciel: HPSSupply
    O42 - Logiciel: Acer Zone Main Page
    O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU]
    O42 - Logiciel: Realtek High Definition Audio Driver
    O42 - Logiciel: 32 Bit HP CIO Components Installer
    O42 - Logiciel: Acer Plug and Record
    O42 - Logiciel: Acer Zone MagicDirector
    O42 - Logiciel: Windows Live installer
    O42 - Logiciel: HP Update

    ---\\ Contenu des dossiers Fichiers Communs (O43)
    O43 - CFD:Common File Directory - C:\Program Files\Common Files\Adobe
    O43 - CFD:Common File Directory - C:\Program Files\Common Files\Borland Shared
    O43 - CFD:Common File Directory - C:\Program Files\Common Files\DESIGNER
    O43 - CFD:Common File Directory - C:\Program Files\Common Files\Hewlett-Packard
    O43 - CFD:Common File Directory - C:\Program Files\Common Files\HP
    O43 - CFD:Common File Directory - C:\Program Files\Common Files\InstallShield
    O43 - CFD:Common File Directory - C:\Program Files\Common Files\Java
    O43 - CFD:Common File Directory - C:\Program Files\Common Files\LightScribe
    O43 - CFD:Common File Directory - C:\Program Files\Common Files\microsoft shared
    O43 - CFD:Common File Directory - C:\Program Files\Common Files\MicroWorld
    O43 - CFD:Common File Directory - C:\Program Files\Common Files\NewTech Infosystems
    O43 - CFD:Common File Directory - C:\Program Files\Common Files\PC Tools
    O43 - CFD:Common File Directory - C:\Program Files\Common Files\Services
    O43 - CFD:Common File Directory - C:\Program Files\Common Files\Skype
    O43 - CFD:Common File Directory - C:\Program Files\Common Files\SpeechEngines
    O43 - CFD:Common File Directory - C:\Program Files\Common Files\Steam
    O43 - CFD:Common File Directory - C:\Program Files\Common Files\Symantec Shared
    O43 - CFD:Common File Directory - C:\Program Files\Common Files\System
    O43 - CFD:Common File Directory - C:\Program Files\Common Files\WindowsLiveInstaller
    O43 - CFD:Common File Directory - C:\Program Files\Common Files\Wise Installation Wizard

    ---\\ Derniers fichiers modifiés ou crées sous System32 (O44)
    O44 - LFC:Last File Created - C:\Windows\System32\amxread.dll -->17/03/2009
    O44 - LFC:Last File Created - C:\Windows\System32\apilogen.dll -->17/03/2009
    O44 - LFC:Last File Created - C:\Windows\System32\axaltocm.dll -->17/04/2009
    O44 - LFC:Last File Created - C:\Windows\System32\ControlSet.txt -->22/04/2009
    O44 - LFC:Last File Created - C:\Windows\System32\Debug.txt -->22/04/2009
    O44 - LFC:Last File Created - C:\Windows\System32\deploytk.dll -->07/03/2009
    O44 - LFC:Last File Created - C:\Windows\System32\eEmpty.exe -->23/04/2009
    O44 - LFC:Last File Created - C:\Windows\System32\ezsidmv.dat -->20/02/2009
    O44 - LFC:Last File Created - C:\Windows\System32\FNTCACHE.DAT -->23/04/2009
    O44 - LFC:Last File Created - C:\Windows\System32\GenProc[].txt -->22/04/2009
    O44 - LFC:Last File Created - C:\Windows\System32\html.iec -->03/03/2009
    O44 - LFC:Last File Created - C:\Windows\System32\iasads.dll -->03/03/2009
    O44 - LFC:Last File Created - C:\Windows\System32\iasdatastore.dll -->03/03/2009
    O44 - LFC:Last File Created - C:\Windows\System32\iashost.exe -->03/03/2009
    O44 - LFC:Last File Created - C:\Windows\System32\iasrecst.dll -->03/03/2009
    O44 - LFC:Last File Created - C:\Windows\System32\ieaksie.dll -->03/03/2009
    O44 - LFC:Last File Created - C:\Windows\System32\iedkcs32.dll -->03/03/2009
    O44 - LFC:Last File Created - C:\Windows\System32\ieencode.dll -->03/03/2009
    O44 - LFC:Last File Created - C:\Windows\System32\ieframe.dll -->03/03/2009
    O44 - LFC:Last File Created - C:\Windows\System32\iertutil.dll -->03/03/2009
    O44 - LFC:Last File Created - C:\Windows\System32\ieUnatt.exe -->03/03/2009
    O44 - LFC:Last File Created - C:\Windows\System32\ifxcardm.dll -->17/04/2009
    O44 - LFC:Last File Created - C:\Windows\System32\Interfaces.txt -->22/04/2009
    O44 - LFC:Last File Created - C:\Windows\System32\java.exe -->07/03/2009
    O44 - LFC:Last File Created - C:\Windows\System32\javaw.exe -->07/03/2009
    O44 - LFC:Last File Created - C:\Windows\System32\javaws.exe -->07/03/2009
    O44 - LFC:Last File Created - C:\Windows\System32\jsproxy.dll -->03/03/2009
    O44 - LFC:Last File Created - C:\Windows\System32\kernel32.dll -->13/02/2009
    O44 - LFC:Last File Created - C:\Windows\System32\lsasrv.dll -->13/02/2009
    O44 - LFC:Last File Created - C:\Windows\System32\mrt.exe -->06/04/2009
    O44 - LFC:Last File Created - C:\Windows\System32\msfeeds.dll -->03/03/2009
    O44 - LFC:Last File Created - C:\Windows\System32\mshtml.dll -->03/03/2009
    O44 - LFC:Last File Created - C:\Windows\System32\mshtml.tlb -->03/03/2009
    O44 - LFC:Last File Created - C:\Windows\System32\mstime.dll -->03/03/2009
    O44 - LFC:Last File Created - C:\Windows\System32\msvcp80.dll -->22/04/2009
    O44 - LFC:Last File Created - C:\Windows\System32\msvcr80.dll -->22/04/2009
    O44 - LFC:Last File Created - C:\Windows\System32\ntkrnlpa.exe -->03/03/2009
    O44 - LFC:Last File Created - C:\Windows\System32\ntoskrnl.exe -->03/03/2009
    O44 - LFC:Last File Created - C:\Windows\System32\occache.dll -->03/03/2009
    O44 - LFC:Last File Created - C:\Windows\System32\PathFF.txt -->22/04/2009
    O44 - LFC:Last File Created - C:\Windows\System32\perfc009.dat -->23/04/2009
    O44 - LFC:Last File Created - C:\Windows\System32\perfc00C.dat -->23/04/2009
    O44 - LFC:Last File Created - C:\Windows\System32\perfh009.dat -->23/04/2009
    O44 - LFC:Last File Created - C:\Windows\System32\perfh00C.dat -->23/04/2009
    O44 - LFC:Last File Created - C:\Windows\System32\PerfStringBackup.INI -->23/04/2009
    O44 - LFC:Last File Created - C:\Windows\System32\printfilterpipelineprxy.dll -->03/03/2009
    O44 - LFC:Last File Created - C:\Windows\System32\printfilterpipelinesvc.exe -->03/03/2009
    O44 - LFC:Last File Created - C:\Windows\System32\Profils_FF.txt -->22/04/2009
    O44 - LFC:Last File Created - C:\Windows\System32\rpcss.dll -->03/03/2009
    O44 - LFC:Last File Created - C:\Windows\System32\sdohlp.dll -->03/03/2009
    O44 - LFC:Last File Created - C:\Windows\System32\secur32.dll -->13/02/2009
    O44 - LFC:Last File Created - C:\Windows\System32\Uninstall.txt -->22/04/2009
    O44 - LFC:Last File Created - C:\Windows\System32\urlmon.dll -->03/03/2009
    O44 - LFC:Last File Created - C:\Windows\System32\w32apiw.dll -->23/04/2009
    O44 - LFC:Last File Created - C:\Windows\System32\win32k.sys -->09/02/2009
    O44 - LFC:Last File Created - C:\Windows\System32\wininet.dll -->03/03/2009
    O44 - LFC:Last File Created - C:\Windows\System32\drivers\mbam.sys -->06/04/2009
    O44 - LFC:Last File Created - C:\Windows\System32\drivers\mbamswissarmy.sys -->06/04/2009
    O44 - LFC:Last File Created - C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf -->17/04/2009
    O44 - LFC:Last File Created - C:\Windows\System32\drivers\PCTCore.sys -->13/03/2009

    ---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\404FIX.EXE-E9F29DA8.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ACRORD32INFO.EXE-1C0557AA.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgAppLaunch.db -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgCx_SC1.db -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgCx_SC1.db.trx -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AGENT.OMZ.FIX.EXE-855EC73D.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlFaultHistory.db -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlFgAppHistory.db -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlGlobalHistory.db -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-4073331961-3280358938-1957956153-1000.db -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-4073331961-3280358938-1957956153-1000.db -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgRobust.db -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AVCENTER.EXE-AF580B74.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AVWSC.EXE-18A3FCA0.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CACLS.EXE-D332D70E.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CCLEANER.EXE-D4D76A60.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CHKNTFS.EXE-4D884E7D.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CMD.EXE-4A81B364.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CONIME.EXE-9781FD5F.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CONSENT.EXE-531BD9EA.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CSCRIPT.EXE-D1EF4768.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CUREIT.EXE-1DFD69FF.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DEFRAG.EXE-588F90AD.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DFRGNTFS.EXE-7E4077FE.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DLLHOST.EXE-6A473D35.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DLLHOST.EXE-6BCB9FAA.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DLLHOST.EXE-766398D2.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DOWNLOAD.EXE-9E65F675.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DRVINST.EXE-4CB4314A.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DUMPHIVE.EXE-3C570D97.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ESCAN_VIRUS_CLEANER.EXE-88DC0E02.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\FIND.EXE-E2237F6D.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\FINDSTR.EXE-2E9C6FE2.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\FIREFOX.EXE-A606B53C.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\FWSERVICE.EXE-868C0AE2.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GAVILA.EXE-BEA03353.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HIJACKTHIS.EXE-9FD56571.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HPQSTE08.EXE-8FA26316.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\IEDFIX.C.EXE-D93680C7.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\IEDFIX.EXE-DA71DC22.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\Layout.ini -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\LSSRVC.EXE-0D95A0DF.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM-DOR.EXE-547CF556.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM-SETUP.EXE-069937A7.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM-SETUP.EXE-5EF0C92C.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM-SETUP.EXE-A9F8D519.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM-SETUP.TMP-2130A912.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM-SETUP.TMP-634A7E33.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM-SETUP.TMP-9F22BB2B.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM-SETUP.TMP-BB88652A.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM-SETUP.TMP-CF6A6DE8.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM-SETUP.TMP-FFE097D4.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM.EXE-305FF92C.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAMGUI.EXE-4FE652ED.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBRWRWIN.EXE-2144233B.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MEXE.COM-5DEF9C99.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MMLOADDRV.EXE-5475B7CC.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MOBSYNC.EXE-C5E2284F.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MODE.COM-DB34C082.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MOM.EXE-3B2B5194.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MWAVL.EXE-8456F8D0.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NOTEPAD.EXE-86E0E9B9.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NOTEPAD.EXE-D8414F97.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NTVDM.EXE-F6564EE5.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\O4PATCH.EXE-28E081AC.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\OTMOVEIT3.EXE-23DD293D.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PfSvPerfStats.bin -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\POLICIES.EXE-620F90ED.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PROCESS.EXE-05032E94.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PV.EXE-530A0D5F.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\REGCLEANER.EXE-9EE303F3.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\REGEDIT.EXE-90FEEA06.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\REGSVR32.EXE-8461DBEE.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RICHVIDEO.EXE-4FA35CCC.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RSIT(3).EXE-DB20A599.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-230FC512.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-5931CA67.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-6D2968F1.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-6E88E69C.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SCANNINGPROCESS.EXE-7B9EA74D.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SCHTASKS.EXE-5CA45734.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SETUP.EXE-D31D1F84.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SHUTDOWN.EXE-E7D5C9CC.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SMITFRAUDFIX.EXE-8E367461.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SRCHSTS.EXE-9DE5594F.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SSUPDATE.EXE-FC6B201A.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SSVAGENT.EXE-D0A26E22.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SUPERANTISPYWARE.EXE-D7978FB2.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SVCHOST.EXE-3AB35CA7.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SVCHOST.EXE-61AE5AB6.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SVCHOST.EXE-DD9DE812.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWREG.EXE-32F02E35.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWREG.EXE-9CC507F0.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWREG.EXE-BE5D1A81.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TASKENG.EXE-48D4E289.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TASKMGR.EXE-5F5F473D.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\UNINS000.EXE-A34E4C84.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\UNINSTAL.EXE-09AB5A46.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\UNREGX.EXE-E62DDEEA.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\UPDATE.EXE-DB15A2AB.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\USBFIX.EXE-D7AED5B8.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\VACFIX.EXE-F0807E1A.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\VERCLSID.EXE-7C52E31C.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\VSSVC.EXE-B8AFC319.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WERCON.EXE-E36BD04E.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WINRAR.EXE-94E7D80C.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WLRMDR.EXE-C2B47318.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WMPLAYER.EXE-BAD6BD53.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WSCRIPT.EXE-52CF1F0C.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WSQMCONS.EXE-118B52B7.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WUDFHOST.EXE-AFFEF87C.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ZHP2.EXE-B4567A37.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\_IU14D2N.TMP-331FCD1E.pf -->23/04/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\_START.EXE-FF3D2E40.pf -->23/04/2009

    ---\\ Déni du service Local Security Authority (LSA) (O48)
    O48 - LSA:Local Security Authority Authentication Packages - C:\Windows\System32\msv1_0.dll
    O48 - LSA:Local Security Authority Notification Packages - C:\Windows\System32\scecli.dll

    ---\\ Contrôle du Safe Boot (CSB) (O49)
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys
    O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys
    O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sermouse.sys
    O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vga.sys
    O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vgasave.sys
    O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\volmgr.sys
    O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\volmgrx.sys
    O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ipnat.sys
    O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\nsiproxy.sys
    O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpencdd.sys
    O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sermouse.sys
    O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vga.sys
    O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vgasave.sys
    O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\volmgr.sys
    O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\volmgrx.sys
    O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sermouse.sys
    O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vga.sys
    O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vgasave.sys
    O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\volmgr.sys
    O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\volmgrx.sys
    O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ipnat.sys
    O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\nsiproxy.sys
    O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpencdd.sys
    O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sermouse.sys
    O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vga.sys
    O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vgasave.sys
    O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\volmgr.sys
    O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\volmgrx.sys

    ---\\ Recherche d'infection de Base de Registres (O71)
    O71 - BDRI:[hklm\software\microsoft\internet explorer\main]:start page - https://www.msn.com/fr-fr
    0
  16. gen-hackman
     
    ---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

    ---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :

    ---> Double-clique sur OTMoveIt3.exe afin de le lancer.

    ---> Copie (Ctrl+C) le texte suivant ci-dessous :


    :processes
    explorer.exe

    :files
    C:\Windows\System32\w32apiw.dll
    C:\Windows\System32\Uninstall.txt
    C:\Windows\System32\Profils_FF.txt
    C:\Windows\System32\PathFF.txt
    C:\Windows\System32\Interfaces.txt
    C:\Windows\System32\GenProc[].txt
    C:\Windows\System32\ezsidmv.dat
    C:\Windows\System32\eEmpty.exe
    C:\Windows\System32\Debug.txt
    C:\Windows\System32\ControlSet.txt

    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]



    ---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

    ---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

    ---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log
    0
  17. loloetseb Messages postés 5684 Statut Membre 174
     
    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== FILES ==========
    LoadLibrary failed for C:\Windows\System32\w32apiw.dll
    C:\Windows\System32\w32apiw.dll NOT unregistered.
    C:\Windows\System32\w32apiw.dll moved successfully.
    C:\Windows\System32\Uninstall.txt moved successfully.
    C:\Windows\System32\Profils_FF.txt moved successfully.
    C:\Windows\System32\PathFF.txt moved successfully.
    C:\Windows\System32\Interfaces.txt moved successfully.
    C:\Windows\System32\GenProc[].txt moved successfully.
    C:\Windows\System32\ezsidmv.dat moved successfully.
    C:\Windows\System32\eEmpty.exe moved successfully.
    C:\Windows\System32\Debug.txt moved successfully.
    C:\Windows\System32\ControlSet.txt moved successfully.
    ========== COMMANDS ==========
    File delete failed. C:\Users\Gavila\AppData\Local\Temp\~DF3D13.tmp scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Internet Explorer cache folder emptied.
    Windows Temp folder emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04232009_225337

    Files moved on Reboot...
    C:\Users\Gavila\AppData\Local\Temp\~DF3D13.tmp moved successfully.
    0
  18. loloetseb Messages postés 5684 Statut Membre 174
     
    GMER 1.0.15.14966 - http://www.gmer.net
    Rootkit scan 2009-04-26 19:54:14
    Windows 6.0.6001 Service Pack 1

    ---- System - GMER 1.0.15 ----

    SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwAllocateVirtualMemory [0x97506B94]
    SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwAlpcConnectPort [0x97506516]
    SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwAssignProcessToJobObject [0x97506586]
    SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwConnectPort [0x975065DA]
    SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwCreateFile [0x97506640]
    SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwCreateProcess [0x9750672E]
    SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwCreateProcessEx [0x975067BA]
    SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwCreateThread [0x9750684A]
    SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwDebugActiveProcess [0x97506980]
    SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwDuplicateObject [0x975069D4]
    SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwLoadDriver [0x97506A3A]
    SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwOpenKey [0x97506A8C]
    SSDT 885E97B0 ZwOpenProcess
    SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwOpenSection [0x97506AE4]
    SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwOpenThread [0x97506B3C]
    SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwProtectVirtualMemory [0x97506BFA]
    SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwRestoreKey [0x97506C58]
    SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwResumeThread [0x97506CB6]
    SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwSecureConnectPort [0x97506D74]
    SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwSetValueKey [0x97506D08]
    SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwSuspendProcess [0x97506DDE]
    SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwSystemDebugControl [0x97506E30]
    SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess [0x8C8BFF20]
    SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwWriteVirtualMemory [0x97506EF4]
    SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwCreateThreadEx [0x975068EC]
    SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwCreateUserProcess [0x975066BE]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetTimerEx + 364 81CEE928 4 Bytes [94, 6B, 50, 97]
    .text ntkrnlpa.exe!KeSetTimerEx + 370 81CEE934 4 Bytes [16, 65, 50, 97]
    .text ntkrnlpa.exe!KeSetTimerEx + 3C4 81CEE988 4 Bytes CALL D234700E
    .text ntkrnlpa.exe!KeSetTimerEx + 3F4 81CEE9B8 4 Bytes CALL D234C43E
    .text ntkrnlpa.exe!KeSetTimerEx + 40C 81CEE9D0 4 Bytes [40, 66, 50, 97] {INC EAX; PUSH AX; XCHG EDI, EAX}
    .text ...
    ? system32\DRIVERS\44500278.sys Le chemin d'accès spécifié est introuvable. !
    ? C:\Windows\system32\Drivers\PROCEXP90.SYS Le fichier spécifié est introuvable. !
    ? C:\Users\Gavila\AppData\Local\Temp\catchme.sys Le fichier spécifié est introuvable. !

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [74D07BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [74D498C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [74D0D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [74CFF527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [74D07599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [74CFE43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74D3B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [74D0D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [74D0012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [74D00095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [74CF71F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [74D8D802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [74D275E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [74CFDAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [74CF668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [74CF66BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[4492] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74D01E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\tdx \Device\Tcp pctgntdi.sys
    AttachedDevice \Driver\tdx \Device\Udp pctgntdi.sys
    AttachedDevice \Driver\tdx \Device\RawIp pctgntdi.sys
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestionnaire de filtres de système de fichiers Microsoft/Microsoft Corporation)

    ---- Files - GMER 1.0.15 ----

    File C:\Users\Gavila\AppData\Local\Temp\FtpTemp\base601c.avc 0 bytes
    File C:\Windows\System32\drivers\fidbox.dat (size mismatch) 4278304/3491872 bytes
    File C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl (size mismatch) 16384/12288 bytes
    File C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.002 (size mismatch) 557056/475136 bytes

    ---- EOF - GMER 1.0.15 ----
    0
  19. gen-hackman
     
    le rsit ne fonctionne toujours pas ?
    0
Précédent
  • 1
  • 2
  • 3
  • 4