Sujet Précédent Sujet Suivant

Malware et trojan

Fermé
sebastien - 13 juil. 2009 à 22:57
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 - 31 juil. 2009 à 20:58
Bonjour,
salut

voila je fais l intermedaire pour une amie qui est infecte par different chose. elle est en 56 k et lui faut 3 jours pour ouvrir une page net et pour telecharger des logiciels !!! le plus" rapide" c est de zipper et de l envoyer par msn!!! de toute facon tout ce qu elle veut telecharger en direct se retrouve bloque pour une histoire de win 32

bref voila 2 logs

Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2420
Windows 5.1.2600 Service Pack 3

13/07/2009 22:04:05
mbam-log-2009-07-13 (22-03-48).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 229039
Temps écoulé: 1 hour(s), 9 minute(s), 12 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\rigvtjxsa_navps.dat (Adware.NaviPromo) -> No action taken.
c:\WINDOWS\system32\rigvtjxsa_nav.dat (Adware.NaviPromo) -> No action taken.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> No action taken.



+++++++++++++++++++++++++++++++++++++++++


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:50:28, on 13/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\AOL\1167869352\ee\AOLSoftware.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\aol\aol toolbar 4.0\AolTbServer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\javaws.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://phaniedu76.skyrock.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/ymsgr6/fr/*https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit C:\pav.reg,C:\WINDOWS\system32\userinit.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1167869352\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VR\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.skyrock.com/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.fr/computercheckup/qdiagcc.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/NET/Import/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fr.jackpotcity.microgaming.com/fr.jackpotcity/FlashAX.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4364/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA70B128-BA48-4AC6-9790-84B5E5158BE7}: NameServer = 86.64.145.143 84.103.237.143
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
A voir également:

48 réponses

Réponse 1 / 48
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
13 juil. 2009 à 23:54
Bonjour,

Télécharge Navilog1 depuis-ce lien :

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.



Double clique sur Navilog1.exe pour lancer l'outil.

en tant qu'administrateur".

Au menu principal, choisis 1 et valide.

< Ne fais pas le choix 2 >

Patiente le temps du scan. Il te sera peut-être demandé de redémarrer ton PC.
Laisse l'outil le faire automatiquement, sinon redémarre ton PC normalement s'il te le demande.

Patiente jusqu'au message "Scan terminé le......"
Appuie sur une touche comme demandé ; le bloc-notes va s'ouvrir.
Copie-colle l'intégralité dans ta réponse. Referme le bloc-notes.

PS : le rapport est, aussi, sauvegardé à la racine du disque dur C:\cleannavi.txt

S:Si ton bureau ne réapparaît pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
Tape explorer et valide. Cela te fera apparaître ton bureau
1
Réponse 2 / 48
sebastien
13 juil. 2009 à 23:39
dsl up!
0
Réponse 3 / 48
sebastien
14 juil. 2009 à 06:40
Fix Navipromo version 4.0.1 commencé le 14/07/2009 0:03:05,53

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 13.07.2009 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.20GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Propriétaire ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1335 [VPS 090713-0] 4.8.1335 (Not Activated)


A:\ (USB)
C:\ (Local Disk) - NTFS - Total:69 Go (Free:26 Go)
D:\ (Local Disk) - FAT32 - Total:4 Go (Free:2 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)


voila mais je me demande si elle m a donne le rapport entier j ai un doute....


un grand merci a toi je rreviens en fin de journée ...
0
Réponse 4 / 48
sebastien
14 juil. 2009 à 06:54
la c est mieux !!!!:-)


Fix Navipromo version 4.0.1 commencé le 14/07/2009 0:03:05,53

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 13.07.2009 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.20GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Propriétaire ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1335 [VPS 090713-0] 4.8.1335 (Not Activated)


A:\ (USB)
C:\ (Local Disk) - NTFS - Total:69 Go (Free:26 Go)
D:\ (Local Disk) - FAT32 - Total:4 Go (Free:2 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)


Recherche executée en mode normal

Nettoyage exécuté au redémarrage de l'ordinateur


C:\WINDOWS\Downloaded Program Files\egaccess4.inf supprimé !
C:\WINDOWS\Downloaded Program Files\IaLdr32.inf supprimé !
C:\WINDOWS\system32\rigvtjxsa.dat supprimé !


Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Propri‚taire\locals~1\Temp effectué !


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok





*** Scan terminé 14/07/2009 1:25:50,21 ***
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 48
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
14 juil. 2009 à 09:18
Bonjour,

relance MBAM,

mets le à jour.

7) Dans l'onglet analyse, vérifie que "Exécuter une analyse rapide" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.

8) MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.

9) A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.

10) Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

11) MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)

12) Ferme MBAM en cliquant sur Quitter.

13) Poste le rapport dans ta réponse


0
Réponse 6 / 48
sebastien
14 juil. 2009 à 16:38
merci de ton aide precieuse!!!!





Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2420
Windows 5.1.2600 Service Pack 3

14/07/2009 16:32:17
mbam-log-2009-07-14 (16-32-17).txt

Type de recherche: Examen rapide
Eléments examinés: 100045
Temps écoulé: 14 minute(s), 43 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


je t ai remis un log de HIjackThis au cas ou !!! ca coute rien


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:36:17, on 14/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\AOL\1167869352\ee\AOLSoftware.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
C:\Documents and Settings\Propriétaire\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://phaniedu76.skyrock.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/ymsgr6/fr/*https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit C:\pav.reg,C:\WINDOWS\system32\userinit.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1167869352\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VR\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.skyrock.com/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.fr/computercheckup/qdiagcc.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/NET/Import/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fr.jackpotcity.microgaming.com/fr.jackpotcity/FlashAX.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4364/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA70B128-BA48-4AC6-9790-84B5E5158BE7}: NameServer = 86.64.145.141 84.103.237.141
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
0
Réponse 7 / 48
sebastien
14 juil. 2009 à 16:40
La personne qui utilise cet ordinateur n a pas trouve mieux pour "moins" ramer que de couper AVAST donc comment etre sur qu il y a d autres petits farceurs de cachés ??!!!

merci a toi
0
Réponse 8 / 48
sebastien
14 juil. 2009 à 17:05
autre souci qui vient d apparaitre apres le scan de MAB
le curseur de la souris qui se bloque
et encore mieux toutes les icones ont disparu il ne reste plus que la fentre msn avec laquelle on converse et son fond d ecran!!
0
Réponse 9 / 48
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
14 juil. 2009 à 18:22
Salut,

tu la préviens, à la prochaine initiative de sa part, elle se débrouille sans moi.

=============

Ouvre ce lien et télécharge ZHPDiag :

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
hxxp://telechargement.zebulon.fr/telecharger-zhpdiag.html

Enregistre le sur ton Bureau.

Une fois le téléchargement achevé, lance ZHPDiag.exe et clique sur Unzip dans la fenêtre qui s'ouvre.

Clique sur la clé à molette puis sur Tous pour cocher toutes les cases des options.

Clique sur la loupe pour lancer l'analyse.

A la fin de l'analyse, clique sur l'appareil photo et enregistre le rapport sur ton Bureau.

Ouvre le fichier sauvegardé (ZHPDiag.txt)avec le Bloc-Notes et copie son contenu dans ta réponse.

Pour me le transmettre clique sur ce lien :

http://www.cijoint.fr/

Clique sur Parcourir et cherche le fichier C:\Documents and settings\le_nom_de_ta_session\.ZHPDiag.txt

Clique sur Ouvrir.

Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt

est ajouté dans la page.

Copie ce lien dans ta réponse.
0
Réponse 10 / 48
sebastien
14 juil. 2009 à 20:08
y a un probleme ca marche pas..... la barre de progression bleu est bas est plein mais le rapport ne sort pas et le gestionnaire nous dit pas de reponse!!!


j ai essaye sur mon pc il me disais pareil mais ou bout de 5 fois ca c est debloque et l analyse s est faites !!!en 7 sec....
d ou vient le bleme je sais pas peut etre de son pc
0
Réponse 11 / 48
sebastien
14 juil. 2009 à 20:57
apres XXXXX tentative et meme un redemarrage du pc rien a faire il reste bloque !!!!!et pas de reponse ds le gestionnaire!! on l a laisse 15 min et rien...nada pas de declenchement je pense pas que ce genre de programme ai besoin d aussi longtemps pour generer un log !!!
non?????
0
Réponse 12 / 48
sebastien
14 juil. 2009 à 21:22
bon dsl pour mon impatience!!! apparament son pc marche encore sur le 110 volts il etait tres long pour realiser le scan!!!



Rapport de ZHPDiag v1.23.13 par Nicolas Coolman
Enregistré le 14/07/2009 20:53:17
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Platform : Microsoft Windows XP (5.1.2600) Service Pack 3
MSIE: Internet Explorer v7.0.5730.11
MFIE: Mozilla Firefox (3.5)

---\\ Processus lancés

---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit C:\pav.reg,C:\WINDOWS\system32\userinit.exe,

---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://phaniedu76.skyrock.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

---\\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
R3 - URLSearchHook: AOLTBSearch Class - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll

---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

---\\ Processus lancés
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: c:\program files\google\googletoolbar2.dll - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: (no name) - {710EB7A1-45ED-11D0-924A-0020AFC7AC4D} -

---\\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [MessengerPlus3] C:\Program Files\MessengerPlus! 3\MsgPlus.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1167869352\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EverioService] C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] C:\Program Files\AOL 9.0 VR\AOL.EXE" -b
O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data=1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\aoltbres.dll,10
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe,302

---\\ Piratage de l'Option 'Rétablir les paramètres Web' (O14)
O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=https://www.skyrock.com/

---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} () - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} () - http://aolcc.aol.fr/computercheckup/qdiagcc.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/NET/Import/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fr.jackpotcity.microgaming.com/fr.jackpotcity/FlashAX.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4364/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA70B128-BA48-4AC6-9790-84B5E5158BE7}: NameServer = 86.64.145.141 84.103.237.141
O17 - HKLM\System\CS3\Services\Tcpip\..\{CA70B128-BA48-4AC6-9790-84B5E5158BE7}: NameServer = 86.64.145.141 84.103.237.141

---\\ Protocole additionnel et piratage de protocole (O18)
O18 - cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll
O18 - dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll
O18 - livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
O18 - msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\System32\mshtml.dll
O18 - tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll
O18 - Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\System32\urlmon.dll
O18 - text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\System32\Ati2evxx.dll
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\System32\%SystemRoot%\System32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\System32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\System32\WgaLogon.dll

---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll

---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\System32\browseui.dll

---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: AOL Connectivity Service (AOL ACS) - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: (Ati HotKey Poller) - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus (avast! Antivirus) - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf
O23 - Service: Kodak Camera Connection Software (KodakCCS) - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ScsiAccess (ScsiAccess) - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Spouleur d'impression (Spooler) - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - C:\WINDOWS\system32\wdfmgr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - C:\WINDOWS\wanmpsvc.exe

---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Connexion facile à Internet.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1062837100.job

---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: IE7 Uninstall Stub - <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
O40 - ASIC: Lecteur Windows Media - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE
O40 - ASIC: Personnalisation du navigateur - >{311C1F40-D7EB-11D4-AB6F-00A0C9593B38}S08718 - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Outlook Express - >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
O40 - ASIC: Viewpoint Media Player - {03F998B2-0E00-11D3-A498-00104B6EB52E} - C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll
O40 - ASIC: Q824145 - {057997dd-71e4-43cc-b161-3f8180691a9e} - (not file)
O40 - ASIC: Microsoft VM - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file)
O40 - ASIC: Internet Explorer Classes for Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - (not file)
O40 - ASIC: Fichier Lisezmoi Internet Explorer - {0fde1f56-0d59-4fd7-9624-e3df6b419d0e} - (not file)
O40 - ASIC: IEEX - {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - (not file)
O40 - ASIC: Rendu VML (Vector Graphics Rendering) - {10072CEC-8CC1-11D1-986E-00A0C955B42F} - (not file)
O40 - ASIC: Viewpoint Media Player - {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll
O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: Q867801 - {2298d453-bcae-4519-bf33-1cbf3faf1524} - (not file)
O40 - ASIC: Lecteur Windows Media Microsoft 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: DirectAnimation - {283807B5-2C60-11D0-A31D-00AA00B92C03} - (not file)
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll
O40 - ASIC: Q837009 - {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - (not file)
O40 - ASIC: Liaison de données Dynamic HTML pour Java - {36f8ec70-c29a-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Q822925 - {377483c2-e4b4-4ee8-b577-9aed264c8735} - (not file)
O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Uniscribe - {3bf42070-b3b1-11d1-b5c5-0000f8051515} - (not file)
O40 - ASIC: KB834707 - {3e7bb08a-a7a3-4692-8eac-ac5e7895755b} - (not file)
O40 - ASIC: Création avancée - {4278c270-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
O40 - ASIC: DirectShow - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: Microsoft DirectX - {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Classes Java DirectAnimation - {4f216970-c90c-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.7 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
O40 - ASIC: Microsoft Data Access Components KB870669 - {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - (not file)
O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: Dossiers Web - {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - (not file)
O40 - ASIC: Carnet d'adresses 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
O40 - ASIC: Q831167 - {795d0712-722c-43ec-906a-fc5e678eada9} - (not file)
O40 - ASIC: Mise à jour du Bureau Windows - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
O40 - ASIC: Fax - {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
O40 - ASIC: Microsoft VM - {8FDBBACE-0004-28D3-C4FD-D6AB55AD7362} - (not file)
O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: Fax Provider - {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - (not file)
O40 - ASIC: Q828750 - {96543d59-497a-4801-a1f3-5936aacaf7b1} - (not file)
O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: Planificateur de tâches - {CC2A9BA0-3BDD-11D0-821E-444553540000} - (not file)
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx
O40 - ASIC: Viewpoint Media Player - {D83A8728-F5FD-6620-1276-F9A9EF040CF2} - (not file)
O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)
O40 - ASIC: Q832894 - {eddbec60-89cb-44ef-8291-0850fd28ff6a} - (not file)
O40 - ASIC: Q823353 - {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - (not file)
O40 - ASIC: Q330994 - {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - (not file)

---\\ Pilotes lancés au démarrage (O41)

---\\ Logiciels installés (O42)
O42 - Logiciel: ANPSEDIC
O42 - Logiciel: AOL - Assistant de désinstallation
O42 - Logiciel: AOL Auto-diagnostic
O42 - Logiciel: AOL Coach Version 1.0(Build:20040229.1 fr)
O42 - Logiciel: AOL Uninstaller
O42 - Logiciel: ATI Control Panel
O42 - Logiciel: ATI Display Driver
O42 - Logiciel: Adobe Flash Player 10 ActiveX
O42 - Logiciel: Archiveur WinRAR
O42 - Logiciel: Assistant de connexion Windows Live
O42 - Logiciel: CCHelp
O42 - Logiciel: CCScore
O42 - Logiciel: CCleaner (remove only)
O42 - Logiciel: CR2
O42 - Logiciel: Camfrog Video Chat 3.91 (remove only)
O42 - Logiciel: Complément Microsoft Word pour Microsoft Works Suite
O42 - Logiciel: Connexion facile à Internet
O42 - Logiciel: Creative WebCam Monitor
O42 - Logiciel: Creative WebCam Pro Driver
O42 - Logiciel: Creative WebCam Pro Manuel (Français)
O42 - Logiciel: Digital Photo Navigator 1.5
O42 - Logiciel: Disque de souvenirs HP
O42 - Logiciel: ESSANUP
O42 - Logiciel: ESSAdpt
O42 - Logiciel: ESSBrwr
O42 - Logiciel: ESSCAM
O42 - Logiciel: ESSCDBK
O42 - Logiciel: ESSPCD
O42 - Logiciel: ESSTUTOR
O42 - Logiciel: ESScore
O42 - Logiciel: ESSgui
O42 - Logiciel: ESShelp
O42 - Logiciel: ESSini
O42 - Logiciel: ESSvpaht
O42 - Logiciel: ESSvpot
O42 - Logiciel: Ecran de veille AOL Photos
O42 - Logiciel: Google Toolbar for Internet Explorer
O42 - Logiciel: HP Appareils photos Photosmart 6.0
O42 - Logiciel: HP Imaging Device Functions 6.0
O42 - Logiciel: HP Photosmart Premier Software 6.0
O42 - Logiciel: HP Software Update
O42 - Logiciel: HP Solution Center and Imaging Support Tools 6.0
O42 - Logiciel: ImageShack QuickLoad
O42 - Logiciel: Intel(R) Extreme Graphics Driver
O42 - Logiciel: InterVideo WinDVD Player
O42 - Logiciel: Java(TM) 6 Update 14
O42 - Logiciel: KBD
O42 - Logiciel: KSU
O42 - Logiciel: Lecteur Windows Media 10
O42 - Logiciel: Logiciel Kodak EasyShare
O42 - Logiciel: MSXML 4.0 SP2 (KB927978)
O42 - Logiciel: MSXML 4.0 SP2 (KB936181)
O42 - Logiciel: MSXML 4.0 SP2 (KB954430)
O42 - Logiciel: Malwarebytes' Anti-Malware
O42 - Logiciel: Messenger Plus! 3
O42 - Logiciel: Micrografx Windows Draw 6 LE
O42 - Logiciel: Microsoft Data Access Components KB870669
O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs
O42 - Logiciel: Microsoft National Language Support Downlevel APIs
O42 - Logiciel: Microsoft Office 2000 CD-ROM 2
O42 - Logiciel: Microsoft Office 2000 Professional
O42 - Logiciel: Microsoft Office PowerPoint Viewer 2003
O42 - Logiciel: Microsoft Picture It! Photo 7.0
O42 - Logiciel: Microsoft Word 2002
O42 - Logiciel: Microsoft Works 7.0
O42 - Logiciel: Mozilla Firefox (3.5)
O42 - Logiciel: My Pictures And Sounds 7.07
O42 - Logiciel: NVIDIA Windows 2000/XP Display Drivers
O42 - Logiciel: Nikon View 6
O42 - Logiciel: Notifier
O42 - Logiciel: OTtBP
O42 - Logiciel: PCDLNCH
O42 - Logiciel: PS2
O42 - Logiciel: Photo et imagerie HP 2.0 - All-in-One
O42 - Logiciel: Photo et imagerie HP 2.0 - All-in-One Pilote
O42 - Logiciel: Photo et imagerie HP 2.0 - hp psc 1200 series
O42 - Logiciel: Plus de 15 000 Cliparts Volume 3
O42 - Logiciel: PowerCinema NE for Everio
O42 - Logiciel: PowerDirector Express
O42 - Logiciel: PowerProducer
O42 - Logiciel: QuickTime
O42 - Logiciel: RecordNow
O42 - Logiciel: S3Display
O42 - Logiciel: S3Gamma2
O42 - Logiciel: S3Info2
O42 - Logiciel: S3Overlay
O42 - Logiciel: SAMSUNG CDMA Modem Driver Set
O42 - Logiciel: SAMSUNG Mobile Composite Device Software
O42 - Logiciel: SAMSUNG Mobile USB Modem 1.0 Software
O42 - Logiciel: SAMSUNG Mobile USB Modem Software
O42 - Logiciel: SFR
O42 - Logiciel: SFR2
O42 - Logiciel: Samsung Mobile phone USB driver Software
O42 - Logiciel: Samsung PC Studio 3
O42 - Logiciel: Samsung PC Studio 3 USB Driver Installer
O42 - Logiciel: Samsung Samples Installer
O42 - Logiciel: ShowBiz DVD
O42 - Logiciel: ShowShifter
O42 - Logiciel: Simple Installer - Multilanguage Version
O42 - Logiciel: Sonic Update Manager
O42 - Logiciel: Sélecteur d'installation de Microsoft Works Suite 2003
O42 - Logiciel: Viewpoint Media Player
O42 - Logiciel: Visionneuse Journal Windows Microsoft
O42 - Logiciel: Win Généalogic
O42 - Logiciel: Win Généalogic 2005
O42 - Logiciel: WinZip
O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474)
O42 - Logiciel: Windows Internet Explorer 7
O42 - Logiciel: Windows Live Messenger
O42 - Logiciel: Windows Live installer
O42 - Logiciel: Windows Media Format Runtime
O42 - Logiciel: Windows XP Service Pack 3
O42 - Logiciel: aspi
O42 - Logiciel: avast! Antivirus
O42 - Logiciel: eMule
O42 - Logiciel: hp psc 1200 series

---\\ Contenu des dossiers Fichiers Communs (O43)
O43 - CFD:Common File Directory ---AD- C:\Program Files\Fichiers Communs\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\AOL
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\aolback
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\aolshare
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\aolshare(3)
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\BOONTY Shared
O43 - CFD:Common File Directory ---AD- C:\Program Files\Fichiers Communs\Designer
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\EverAd Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Hewlett-Packard
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\HP
O43 - CFD:Common File Directory ---AD- C:\Program Files\Fichiers Communs\InstallShield
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Kodak
O43 - CFD:Common File Directory ---AD- C:\Program Files\Fichiers Communs\Microsoft Shared
O43 - CFD:Common File Directory ---AD- C:\Program Files\Fichiers Communs\MSSoap
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Nikon
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\NSV
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Nullsoft
O43 - CFD:Common File Directory ---AD- C:\Program Files\Fichiers Communs\ODBC
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Panda Software
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Real
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Scanner
O43 - CFD:Common File Directory ---AD- C:\Program Files\Fichiers Communs\Services
O43 - CFD:Common File Directory ---AD- C:\Program Files\Fichiers Communs\Sonic
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Sonic Shared
O43 - CFD:Common File Directory ---AD- C:\Program Files\Fichiers Communs\SpeechEngines
O43 - CFD:Common File Directory ---AD- C:\Program Files\Fichiers Communs\Symantec Shared
O43 - CFD:Common File Directory ---AD- C:\Program Files\Fichiers Communs\System
O43 - CFD:Common File Directory -SH-D- C:\Program Files\Fichiers Communs\WindowsLiveInstaller
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\WinFixer 2005
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\System

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:Last File Created 01/06/2009 - 17:51:12 ---A- C:\WINDOWS\System32\MRT.exe
O44 - LFC:Last File Created 07/07/2009 - 20:34:59 ---A- C:\WINDOWS\ModemLog_Modem standard GSM.txt
O44 - LFC:Last File Created 11/07/2009 - 09:58:06 ---A- C:\WINDOWS\System32\OODBS.lor
O44 - LFC:Last File Created 11/07/2009 - 18:32:31 ---A- C:\WINDOWS\System32\ikhcore.log
O44 - LFC:Last File Created 11/07/2009 - 18:33:27 ---A- C:\WINDOWS\System32\FNTCACHE.DAT
O44 - LFC:Last File Created 11/07/2009 - 20:41:59 ---A- C:\WINDOWS\System32\PerfStringBackup.INI
O44 - LFC:Last File Created 11/07/2009 - 20:44:55 ---A- C:\WINDOWS\System32\perfc009.dat
O44 - LFC:Last File Created 11/07/2009 - 20:44:55 ---A- C:\WINDOWS\System32\perfh009.dat
O44 - LFC:Last File Created 11/07/2009 - 20:44:56 ---A- C:\WINDOWS\System32\perfc00C.dat
O44 - LFC:Last File Created 11/07/2009 - 20:44:56 ---A- C:\WINDOWS\System32\perfh00C.dat
O44 - LFC:Last File Created 13/07/2009 - 21:35:18 ---A- C:\WINDOWS\System32\deploytk.dll
O44 - LFC:Last File Created 13/07/2009 - 21:35:19 ---A- C:\WINDOWS\System32\java.exe
O44 - LFC:Last File Created 13/07/2009 - 21:35:19 ---A- C:\WINDOWS\System32\javacpl.cpl
O44 - LFC:Last File Created 13/07/2009 - 21:35:19 ---A- C:\WINDOWS\System32\javaw.exe
O44 - LFC:Last File Created 13/07/2009 - 21:35:19 ---A- C:\WINDOWS\System32\javaws.exe
O44 - LFC:Last File Created 14/07/2009 - 16:57:56 ---A- C:\WINDOWS\ulead32.ini
O44 - LFC:Last File Created 14/07/2009 - 18:36:26 ---A- C:\WINDOWS\winzip32.ini
O44 - LFC:Last File Created 14/07/2009 - 19:30:27 ---A- C:\WINDOWS\SchedLgU.Txt
O44 - LFC:Last File Created 14/07/2009 - 19:31:38 -S-A- C:\WINDOWS\bootstat.dat
O44 - LFC:Last File Created 14/07/2009 - 19:31:54 ---A- C:\WINDOWS\System32\d3d9caps.dat
O44 - LFC:Last File Created 14/07/2009 - 19:32:06 ---A- C:\WINDOWS\wiaservc.log
O44 - LFC:Last File Created 14/07/2009 - 19:32:22 ---A- C:\WINDOWS\wiadebug.log
O44 - LFC:Last File Created 14/07/2009 - 19:32:25 ---A- C:\WINDOWS\0.log
O44 - LFC:Last File Created 14/07/2009 - 19:33:35 ---A- C:\WINDOWS\win.ini
O44 - LFC:Last File Created 14/07/2009 - 19:33:50 ---A- C:\WINDOWS\System32\wpa.dbl
O44 - LFC:Last File Created 14/07/2009 - 19:39:08 ---A- C:\WINDOWS\WindowsUpdate.log
O44 - LFC:Last File Created 14/07/2009 - 19:53:06 ---A- C:\WINDOWS\ModemLog_Modem 56000 bps Standard.txt
O44 - LFC:Last File Created 17/06/2009 - 10:27:44 ---A- C:\WINDOWS\System32\drivers\mbam.sys
O44 - LFC:Last File Created 17/06/2009 - 10:27:56 ---A- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
O44 - LFC:Last File Created 19/05/2009 - 22:25:37 ---A- C:\WINDOWS\System32\IWNGFMF.DRV
O44 - LFC:Last File Created 25/06/2009 - 00:07:09 ---A- C:\WINDOWS\ModemLog_Conexant HSF V92 56K PCI Modem.txt
O44 - LFC:Last File Created 29/06/2009 - 21:33:43 ---A- C:\WINDOWS\ModemLog_Mobile 115200.txt

---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:Last File Created Prefetch 11/07/2009 - 10:00:22 ---A- C:\WINDOWS\Prefetch\HPOEVM08.EXE-18AF13A4.pf
O45 - LFCP:Last File Created Prefetch 11/07/2009 - 10:00:24 ---A- C:\WINDOWS\Prefetch\HPQIMZONE.EXE-347D8399.pf
O45 - LFCP:Last File Created Prefetch 11/07/2009 - 10:01:50 ---A- C:\WINDOWS\Prefetch\HPRBLOG.EXE-3B2308D4.pf
O45 - LFCP:Last File Created Prefetch 11/07/2009 - 17:02:32 ---A- C:\WINDOWS\Prefetch\HPZIPM12.EXE-02312CF9.pf
O45 - LFCP:Last File Created Prefetch 12/07/2009 - 11:22:43 ---A- C:\WINDOWS\Prefetch\DEFRAG.EXE-2858C7E2.pf
O45 - LFCP:Last File Created Prefetch 12/07/2009 - 11:23:02 ---A- C:\WINDOWS\Prefetch\DFRGNTFS.EXE-38C3807C.pf
O45 - LFCP:Last File Created Prefetch 12/07/2009 - 19:47:48 ---A- C:\WINDOWS\Prefetch\HELPSVC.EXE-1C192440.pf
O45 - LFCP:Last File Created Prefetch 12/07/2009 - 21:01:27 ---A- C:\WINDOWS\Prefetch\ASHAVAST.EXE-1EA93A67.pf
O45 - LFCP:Last File Created Prefetch 12/07/2009 - 21:01:59 ---A- C:\WINDOWS\Prefetch\ASHSIMPL.EXE-20AB57BA.pf
O45 - LFCP:Last File Created Prefetch 13/07/2009 - 00:18:09 ---A- C:\WINDOWS\Prefetch\MDM.EXE-0CC196E4.pf
O45 - LFCP:Last File Created Prefetch 13/07/2009 - 01:05:43 ---A- C:\WINDOWS\Prefetch\SHELLRESTART.EXE-2593009D.pf
O45 - LFCP:Last File Created Prefetch 13/07/2009 - 13:28:25 ---A- C:\WINDOWS\Prefetch\MSPAINT.EXE-146E0237.pf
O45 - LFCP:Last File Created Prefetch 13/07/2009 - 14:18:34 ---A- C:\WINDOWS\Prefetch\AOLSOFTWARE.EXE-023A1AED.pf
O45 - LFCP:Last File Created Prefetch 13/07/2009 - 14:19:03 ---A- C:\WINDOWS\Prefetch\AOLLAUNCH.EXE-053E4555.pf
O45 - LFCP:Last File Created Prefetch 13/07/2009 - 16:10:06 ---A- C:\WINDOWS\Prefetch\DOTNETFX35SETUP.EXE-23739B73.pf
O45 - LFCP:Last File Created Prefetch 13/07/2009 - 16:10:18 ---A- C:\WINDOWS\Prefetch\SETUP.EXE-29DA5566.pf
O45 - LFCP:Last File Created Prefetch 13/07/2009 - 16:25:22 ---A- C:\WINDOWS\Prefetch\RUNDLL32.EXE-41FB74E5.pf
O45 - LFCP:Last File Created Prefetch 13/07/2009 - 16:28:06 ---A- C:\WINDOWS\Prefetch\MSPUB.EXE-0BC9A59D.pf
O45 - LFCP:Last File Created Prefetch 13/07/2009 - 17:58:06 ---A- C:\WINDOWS\Prefetch\MBAM-SETUP.EXE-00CB8FA8.pf
O45 - LFCP:Last File Created Prefetch 13/07/2009 - 17:58:06 ---A- C:\WINDOWS\Prefetch\MBAM-SETUP.TMP-063BDCE4.pf
O45 - LFCP:Last File Created Prefetch 13/07/2009 - 17:58:31 ---A- C:\WINDOWS\Prefetch\MBAMGUI.EXE-17BFFE8F.pf
O45 - LFCP:Last File Created Prefetch 13/07/2009 - 17:58:35 ---A- C:\WINDOWS\Prefetch\REGSVR32.EXE-396DEA2C.pf
O45 - LFCP:Last File Created Prefetch 13/07/2009 - 18:07:33 ---A- C:\WINDOWS\Prefetch\JXPIINSTALL.EXE-0DDB9ED0.pf
O45 - LFCP:Last File Created Prefetch 13/07/2009 - 18:09:47 ---A- C:\WINDOWS\Prefetch\PHOTOED.EXE-2611F664.pf
O45 - LFCP:Last File Created Prefetch 13/07/2009 - 19:08:00 ---A- C:\WINDOWS\Prefetch\DOTNETFX3SETUP.EXE-152F6158.pf
O45 - LFCP:Last File Created Prefetch 13/07/2009 - 19:08:04 ---A- C:\WINDOWS\Prefetch\SETUP.EXE-1ADCC43B.pf
O45 - LFCP:Last File Created Prefetch 13/07/2009 - 19:08:15 ---A- C:\WINDOWS\Prefetch\SETUP.EXE-0F3748A7.pf
O45 - LFCP:Last File Created Prefetch 13/07/2009 - 19:32:49 ---A- C:\WINDOWS\Prefetch\DOTNETFX3SETUP.EXE-01BD9069.pf
O45 - LFCP:Last File Created Prefetch 13/07/2009 - 19:33:01 ---A- C:\WINDOWS\Prefetch\SETUP.EXE-019D6FD9.pf
O45 - LFCP:Last File Created Prefetch 13/07/2009 - 19:43:44 ---A- C:\WINDOWS\Prefetch\JXPIINSTALL.EXE-1E0F4089.pf
O45 - LFCP:Last File Created Prefetch 13/07/2009 - 21:29:04 ---A- C:\WINDOWS\Prefetch\MBAM-DOR.EXE-0C3D2F85.pf
O45 - LFCP:Last File Created Prefetch 13/07/2009 - 21:32:47 ---A- C:\WINDOWS\Prefetch\MSVS.EXE-063EA7E6.pf
O45 - LFCP:Last File Created Prefetch 13/07/2009 - 21:34:46 ---A- C:\WINDOWS\Prefetch\MSI794.TMP-0F5863A6.pf
O45 - LFCP:Last File Created Prefetch 13/07/2009 - 21:34:48 ---A- C:\WINDOWS\Prefetch\MSI79C.TMP-2E59377D.pf
O45 - LFCP:Last File Created Prefetch 13/07/2009 - 21:35:27 ---A- C:\WINDOWS\Prefetch\ZIPPER.EXE-04E4D1E0.pf
O45 - LFCP:Last File Created Prefetch 13/07/2009 - 21:35:42 ---A- C:\WINDOWS\Prefetch\UNPACK200.EXE-2410FE49.pf
O45 - LFCP:Last File Created Prefetch 13/07/2009 - 21:35:58 ---A- C:\WINDOWS\Prefetch\JQS.EXE-31B60334.pf
O45 - LFCP:Last File Created Prefetch 13/07/2009 - 21:55:49 ---A- C:\WINDOWS\Prefetch\WMPLAYER.EXE-1ACCF80A.pf
O45 - LFCP:Last File Created Prefetch 13/07/2009 - 22:06:06 ---A- C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-1E6F140C.pf
O45 - LFCP:Last File Created Prefetch 13/07/2009 - 22:16:45 ---A- C:\WINDOWS\Prefetch\RASAUTOU.EXE-10B4F92F.pf
O45 - LFCP:Last File Created Prefetch 13/07/2009 - 23:36:09 ---A- C:\WINDOWS\Prefetch\EMULE.EXE-01299854.pf
O45 - LFCP:Last File Created Prefetch 13/07/2009 - 23:55:29 ---A- C:\WINDOWS\Prefetch\AOLLOAD.EXE-14EAD641.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 00:05:57 ---A- C:\WINDOWS\Prefetch\CATCHME.EXE-0A01C709.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 00:20:16 ---A- C:\WINDOWS\Prefetch\SHUTDOWN.EXE-00AD91B0.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 00:24:28 ---A- C:\WINDOWS\Prefetch\REG.EXE-07FA5B3F.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 00:24:29 ---A- C:\WINDOWS\Prefetch\FAV.EXE-2EA13748.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 00:24:29 ---A- C:\WINDOWS\Prefetch\SORT.EXE-19728AC5.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 00:24:30 ---A- C:\WINDOWS\Prefetch\ATTRIB.EXE-15ACDFFE.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 00:24:30 ---A- C:\WINDOWS\Prefetch\CMD.EXE-034B0549.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 00:24:30 ---A- C:\WINDOWS\Prefetch\FINDSTR.EXE-1A4FC238.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 00:24:46 ---A- C:\WINDOWS\Prefetch\REGEDIT.EXE-2AE3423E.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 00:25:00 ---A- C:\WINDOWS\Prefetch\GNC.EXE-28DFD5DE.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 00:25:49 ---A- C:\WINDOWS\Prefetch\GNC.EXE-0A9554A5.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 00:25:50 ---A- C:\WINDOWS\Prefetch\FIND.EXE-0EEAD1A7.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 00:26:12 ---A- C:\WINDOWS\Prefetch\NOTEPAD.EXE-2DAE2DE6.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 00:26:13 ---A- C:\WINDOWS\Prefetch\QTTASK.EXE-1876A1A1.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 00:26:22 ---A- C:\WINDOWS\Prefetch\AOLAGENT.EXE-0237ACAF.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 00:26:22 ---A- C:\WINDOWS\Prefetch\HPWUSCHD2.EXE-1852A616.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 00:26:22 ---A- C:\WINDOWS\Prefetch\MSGPLUS.EXE-01F242CB.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 00:26:23 ---A- C:\WINDOWS\Prefetch\AOLDIAL.EXE-29706493.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 00:26:23 ---A- C:\WINDOWS\Prefetch\ASHDISP.EXE-204B2541.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 00:26:23 ---A- C:\WINDOWS\Prefetch\EVERIOSERVICE.EXE-18C28BA4.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 00:26:24 ---A- C:\WINDOWS\Prefetch\JUSCHED.EXE-04A13915.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 00:26:31 ---A- C:\WINDOWS\Prefetch\RUNDLL32.EXE-44D2B0C6.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 01:02:15 ---A- C:\WINDOWS\Prefetch\WIAACMGR.EXE-335C1EE8.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 01:22:23 ---A- C:\WINDOWS\Prefetch\PHONEINFO.EXE-18A7EBAA.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 01:22:24 ---A- C:\WINDOWS\Prefetch\LAUNCHER.EXE-3028F8DC.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 01:22:28 ---A- C:\WINDOWS\Prefetch\CONMGR.EXE-1BC2F0BF.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 01:22:35 ---A- C:\WINDOWS\Prefetch\MULTIMEDIA MANAGER.EXE-28CBC517.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 01:25:44 ---A- C:\WINDOWS\Prefetch\FUNTOPC.EXE-115CFEF9.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 01:57:40 ---A- C:\WINDOWS\Prefetch\JAVAW.EXE-392A4E93.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 01:57:41 ---A- C:\WINDOWS\Prefetch\JAVAWS.EXE-078C20EA.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 02:08:29 ---A- C:\WINDOWS\Prefetch\HPZSTC07.EXE-15B07549.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 02:08:31 ---A- C:\WINDOWS\Prefetch\HPZENG07.EXE-0CEBD9F7.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 12:50:41 ---A- C:\WINDOWS\Prefetch\IMAPI.EXE-201490BB.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 13:05:27 ---A- C:\WINDOWS\Prefetch\Layout.ini
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 13:20:58 ---A- C:\WINDOWS\Prefetch\AVASTSS.SCR-00276811.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 13:20:58 ---A- C:\WINDOWS\Prefetch\SSSTARS.SCR-3464C062.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 14:08:30 ---A- C:\WINDOWS\Prefetch\JAVA.EXE-32FD225F.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 14:47:04 ---A- C:\WINDOWS\Prefetch\AOLTPSD3.EXE-1F7882EF.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 15:17:09 ---A- C:\WINDOWS\Prefetch\MBAM.EXE-0D37CDF0.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 15:35:47 ---A- C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-04C4DE3B.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 15:47:10 ---A- C:\WINDOWS\Prefetch\NOTEPAD.EXE-2F2D61E1.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 16:17:08 ---A- C:\WINDOWS\Prefetch\FIREFOX SETUP 3.5.EXE-272324D9.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 16:17:18 ---A- C:\WINDOWS\Prefetch\SETUP.EXE-07109A5D.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 16:32:03 ---A- C:\WINDOWS\Prefetch\ASHMAISV.EXE-072F6A23.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 16:32:03 ---A- C:\WINDOWS\Prefetch\ASHWEBSV.EXE-3530B302.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 16:34:23 ---A- C:\WINDOWS\Prefetch\AOL.EXE-13408816.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 16:34:49 ---A- C:\WINDOWS\Prefetch\WAOL.EXE-107B2F0A.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 16:46:36 ---A- C:\WINDOWS\Prefetch\ZS.EXE-2A9B1F29.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 16:46:53 ---A- C:\WINDOWS\Prefetch\ATIPRBXX.EXE-2DA84FA2.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 16:48:26 ---A- C:\WINDOWS\Prefetch\SURF_BAGOO.EXE-27BAF588.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 16:49:51 ---A- C:\WINDOWS\Prefetch\DRWTSN32.EXE-01DDCF15.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 16:49:51 ---A- C:\WINDOWS\Prefetch\SPACETRIPPER.EXE-11EFA237.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 16:52:58 ---A- C:\WINDOWS\Prefetch\HPQTHB08.EXE-31C5FF9C.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 17:24:39 ---A- C:\WINDOWS\Prefetch\RUNDLL32.EXE-4532DDE6.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 17:45:18 ---A- C:\WINDOWS\Prefetch\VERCLSID.EXE-28F52AD2.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 17:51:08 ---A- C:\WINDOWS\Prefetch\HPQDIREC.EXE-0FC2BEC3.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 17:51:09 ---A- C:\WINDOWS\Prefetch\MSIEXEC.EXE-330626DC.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 17:54:57 ---A- C:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 17:54:58 ---A- C:\WINDOWS\Prefetch\AOLTBSERVER.EXE-24477E6E.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 17:55:28 ---A- C:\WINDOWS\Prefetch\CCLEANER.EXE-3A2B2AAD.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 18:09:07 ---A- C:\WINDOWS\Prefetch\RUNDLL32.EXE-5560CAC5.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 18:15:32 ---A- C:\WINDOWS\Prefetch\WINWORD.EXE-23347E4F.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 18:15:36 ---A- C:\WINDOWS\Prefetch\MSWORKS.EXE-24630094.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 18:15:40 ---A- C:\WINDOWS\Prefetch\AGENTSVR.EXE-260B72BD.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 18:17:12 ---A- C:\WINDOWS\Prefetch\WINZIP32.EXE-2F3C90C9.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 19:29:51 ---A- C:\WINDOWS\Prefetch\LOGONUI.EXE-312BE1BF.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 19:33:19 ---A- C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 19:33:38 ---A- C:\WINDOWS\Prefetch\WSCNTFY.EXE-0B14C27D.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 19:33:44 ---A- C:\WINDOWS\Prefetch\ALG.EXE-275708CF.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 19:33:44 ---A- C:\WINDOWS\Prefetch\WUAUCLT.EXE-1360D60A.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 19:33:45 ---A- C:\WINDOWS\Prefetch\WGATRAY.EXE-350D4455.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 19:33:54 ---A- C:\WINDOWS\Prefetch\WMIPRVSE.EXE-0D449B4F.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 19:33:57 ---A- C:\WINDOWS\Prefetch\WMIAPSRV.EXE-02740A4B.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 19:37:10 ---A- C:\WINDOWS\Prefetch\SHELLMON.EXE-050422B9.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 19:39:00 ---A- C:\WINDOWS\Prefetch\MSNMSGR.EXE-3744B6D8.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 19:39:33 ---A- C:\WINDOWS\Prefetch\AVAST.SETUP-295443AF.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 19:40:17 ---A- C:\WINDOWS\Prefetch\USNSVC.EXE-0114DAF6.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 19:43:32 ---A- C:\WINDOWS\Prefetch\TASKMGR.EXE-06144C13.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 19:51:35 ---A- C:\WINDOWS\Prefetch\DUMPREP.EXE-0AF2BF67.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 19:51:35 ---A- C:\WINDOWS\Prefetch\DWWIN.EXE-2C373FB7.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 19:52:50 ---A- C:\WINDOWS\Prefetch\FIREFOX.EXE-06188867.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 19:52:52 ---A- C:\WINDOWS\Prefetch\JQSNOTIFY.EXE-359F83C5.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 23:00:16 ---A- C:\WINDOWS\Prefetch\MODE.COM-318FFE37.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 23:00:16 ---A- C:\WINDOWS\Prefetch\NAVILOG1.EXE-01254121.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 23:00:45 ---A- C:\WINDOWS\Prefetch\GETPATHS.EXE-0D417E4D.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 23:00:46 ---A- C:\WINDOWS\Prefetch\CHKNTFS.EXE-30FE9626.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 23:03:12 ---A- C:\WINDOWS\Prefetch\OSV.EXE-36EA78CD.pf
O45 - LFCP:Last File Created Prefetch 14/07/2009 - 23:03:12 ---A- C:\WINDOWS\Prefetch\WSCRIPT.EXE-0C5C5251.pf

---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll

---\\ Export de clé d'application autorisée (ECAA)(O47)
O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export SP - "C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"
O47 - AAKE:Key Export SP - "C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
O47 - AAKE:Key Export SP - "C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
O47 - AAKE:Key Export SP - "C:\Documents and Settings\Propriétaire\Bureau\eMule\emule.exe"="C:\Documents and Settings\Propriétaire\Bureau\eMule\emule.exe:*:Enabled:eMule"
O47 - AAKE:Key Export SP - "C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
O47 - AAKE:Key Export SP - "C:\Program Files\Wanadoo Messager\Wanadoo Messager.exe"="C:\Program Files\Wanadoo Messager\Wanadoo Messager.exe:*:Enabled:Application Messager"
O47 - AAKE:Key Export SP - "C:\Documents and Settings\Propriétaire\Local Settings\Temp\Rar$EX18.859\iPuissance_4D.exe"="C:\Documents and Settings\Propriétaire\Local Settings\Temp\Rar$EX18.859\iPuissance_4D.exe:*:Enabled:Application MFC iPuissance 4D"
O47 - AAKE:Key Export SP - "C:\Documents and Settings\Propriétaire\Local Settings\Temp\Rar$EX33.969\iPuissance_4D.exe"="C:\Documents and Settings\Propriétaire\Local Settings\Temp\Rar$EX33.969\iPuissance_4D.exe:*:Enabled:Application MFC iPuissance 4D"
O47 - AAKE:Key Export SP - "C:\Program Files\AOL 9.0d\waol.exe"="C:\Program Files\AOL 9.0d\waol.exe:*:Enabled:AOL"
O47 - AAKE:Key Export SP - "C:\Program Files\TribalWeb.net\tribalweb.exe"="C:\Program Files\TribalWeb.net\tribalweb.exe:*:Enabled:TribalWeb.net : Réseau privé sur Internet"
O47 - AAKE:Key Export SP - "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
O47 - AAKE:Key Export SP - "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
O47 - AAKE:Key Export SP - "C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
O47 - AAKE:Key Export SP - "C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL"
O47 - AAKE:Key Export SP - "C:\Program Files\Fichiers communs\AOL\Loader\aolload.exe"="C:\Program Files\Fichiers communs\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
O47 - AAKE:Key Export SP - "C:\Program Files\Fichiers communs\AOL\1167869352\ee\aolsoftware.exe"="C:\Program Files\Fichiers communs\AOL\1167869352\ee\aolsoftware.exe:*:Enabled:AOL Services"
O47 - AAKE:Key Export SP - "C:\Program Files\AOL 9.0a\waol.exe"="C:\Program Files\AOL 9.0a\waol.exe:*:Enabled:AOL"
O47 - AAKE:Key Export SP - "C:\Program Files\Pando Networks\Pando\pando.exe"="C:\Program Files\Pando Networks\Pando\pando.exe:*:Disabled:pando"
O47 - AAKE:Key Export SP - "C:\Program Files\AOL 9.0b\waol.exe"="C:\Program Files\AOL 9.0b\waol.exe:*:Enabled:AOL"
O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"
O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
O47 - AAKE:Key Export SP - "C:\Program Files\WinMX\WinMX.exe"="C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application"
O47 - AAKE:Key Export SP - "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
O47 - AAKE:Key Export SP - "C:\Program Files\AOL 9.0c\waol.exe"="C:\Program Files\AOL 9.0c\waol.exe:*:Enabled:AOL"
O47 - AAKE:Key Export SP - "C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL"
O47 - AAKE:Key Export SP - "C:\Program Files\AOL 9.0 VR\waol.exe"="C:\Program Files\AOL 9.0 VR\waol.exe:*:Enabled:AOL"
O47 - AAKE:Key Export SP - "C:\Program Files\Fichiers communs\AOL\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Fichiers communs\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
O47 - AAKE:Key Export SP - "C:\Program Files\Fichiers communs\AOL\System Information\sinf.exe"="C:\Program Files\Fichiers communs\AOL\System Information\sinf.exe:*:Enabled:AOL System Information"
O47 - AAKE:Key Export SP - "C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe"="C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe:*:Enabled:CyberLink PowerCinema NE for Everio"
O47 - AAKE:Key Export SP - "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"="C:\Program Files\CyberLink\PCM4Everio\EverioService.exe:*:Enabled:CyberLink PowerCinema NE for Everio Resident Program"
O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
O47 - AAKE:Key Export SP - "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
O47 - AAKE:Key Export SP - "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export DP - "C:\Program Files\AOL 9.0d\waol.exe"="C:\Program Files\AOL 9.0d\waol.exe:*:Enabled:AOL"
O47 - AAKE:Key Export DP - "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
O47 - AAKE:Key Export DP - "C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL"
O47 - AAKE:Key Export DP - "C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
O47 - AAKE:Key Export DP - "C:\Program Files\AOL 9.0a\waol.exe"="C:\Program Files\AOL 9.0a\waol.exe:*:Enabled:AOL"
O47 - AAKE:Key Export DP - "C:\Program Files\AOL 9.0b\waol.exe"="C:\Program Files\AOL 9.0b\waol.exe:*:Enabled:AOL"
O47 - AAKE:Key Export DP - "C:\Program Files\AOL 9.0c\waol.exe"="C:\Program Files\AOL 9.0c\waol.exe:*:Enabled:AOL"
O47 - AAKE:Key Export DP - "C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL"
O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
O47 - AAKE:Key Export DP - "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
O47 - AAKE:Key Export DP - "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

---\\ Déni du service (Local Security Authority) (LSA) (O48)
O48 - LSA:Local Security Authority Authentication Packages - C:\WINDOWS\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages - C:\WINDOWS\System32\scecli.dll

---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vgasave.sys

---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d

---\\ MountPoints2 Shell Key (MPSK) (O51)
O51 - MPSK:{079b8462-c74e-11dc-9512-00038a000015}\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
O51 - MPSK:{e3ed222a-f810-11dc-955d-00038a000015}\Shell\AutoRun\command - G:\InstallTomTomHOME.exe
O51 - MPSK:{f46aebc2-2b66-11de-9721-00038a000015}\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

---\\ Trojan Driver Search Data (TDSD) (O52)
O52 - TDSD:HKLM\...\Drivers\"timer"="timer.drv"
O52 - TDSD:HKLM\...\Drivers\"MsVideo.PD1030VFW"="p1030vfw.drv"
O52 - TDSD:HKLM\...\Drivers32\"midimapper"="midimap.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.imaadpcm"="imaadp32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msadpcm"="msadp32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msg711"="msg711.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msgsm610"="msgsm32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.trspch"="tssoft32.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.cvid"="iccvid.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.I420"="msh263.drv"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv31"="ir32_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv32"="ir32_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.IYUV"="iyuv_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.mrle"="msrle32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.msvc"="msvidc32.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.UYVY"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YUY2"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YVU9"="tsbyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YVYU"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"wavemapper"="msacm32.drv"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msg723"="msg723.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.M263"="msh263.drv"
O52 - TDSD:HKLM\...\Drivers32\"vidc.M261"="msh261.drv"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msaudio1"="msaud32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.sl_anet"="sl_anet.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv50"="ir50_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv41"="ir41_32.ax"
O52 - TDSD:HKLM\...\Drivers32\"msacm.iac2"="iac25_32.ax"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.DIVX"="DivX.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.MJPG"="pvmjpg20.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.MP42"="mpg4c32.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.MPG4"="mpg4c32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.i263"="C:\WINDOWS\System32\i263_32.drv"
O52 - TDSD:HKLM\...\Drivers32\"MSVideo8"="VfWWDM32.dll"
O52 - TDSD:HKLM\...\Drivers32\"wave"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"midi"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"mixer"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"msacm.siren"="sirenacm.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.LEAD"="LCODCCMP.DLL"
0
Réponse 13 / 48
sebastien
14 juil. 2009 à 21:31
\ Trojan Driver Search Data (TDSD) (O52)
O52 - TDSD:HKLM\...\Drivers\"timer"="timer.drv"
O52 - TDSD:HKLM\...\Drivers\"MsVideo.PD1030VFW"="p1030vfw.drv"
O52 - TDSD:HKLM\...\Drivers32\"midimapper"="midimap.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.imaadpcm"="imaadp32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msadpcm"="msadp32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msg711"="msg711.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msgsm610"="msgsm32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.trspch"="tssoft32.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.cvid"="iccvid.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.I420"="msh263.drv"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv31"="ir32_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv32"="ir32_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.IYUV"="iyuv_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.mrle"="msrle32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.msvc"="msvidc32.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.UYVY"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YUY2"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YVU9"="tsbyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YVYU"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"wavemapper"="msacm32.drv"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msg723"="msg723.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.M263"="msh263.drv"
O52 - TDSD:HKLM\...\Drivers32\"vidc.M261"="msh261.drv"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msaudio1"="msaud32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.sl_anet"="sl_anet.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv50"="ir50_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv41"="ir41_32.ax"
O52 - TDSD:HKLM\...\Drivers32\"msacm.iac2"="iac25_32.ax"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.DIVX"="DivX.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.MJPG"="pvmjpg20.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.MP42"="mpg4c32.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.MPG4"="mpg4c32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.i263"="C:\WINDOWS\System32\i263_32.drv"
O52 - TDSD:HKLM\...\Drivers32\"MSVideo8"="VfWWDM32.dll"
O52 - TDSD:HKLM\...\Drivers32\"wave"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"midi"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"mixer"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"msacm.siren"="sirenacm.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.LEAD"="LCODCCMP.DLL"
O52 - TDSD:HKLM\...\drivers.desc\"msaud32.acm"="Windows Media Audio"
O52 - TDSD:HKLM\...\drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec"
O52 - TDSD:HKLM\...\drivers.desc\"C:\WINDOWS\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec"
O52 - TDSD:HKLM\...\drivers.desc\"ir50_32.dll"="Indeo® video 5.03 "
O52 - TDSD:HKLM\...\drivers.desc\"L3CODECA.ACM"="Fraunhofer IIS MPEG Layer-3 Codec"
O52 - TDSD:HKLM\...\drivers.desc\"wdmaud.drv"="Realtek AC'97 Audio"
O52 - TDSD:HKLM\...\drivers.desc\"iac25_32.ax"="Indeo® audio software"
O52 - TDSD:HKLM\...\drivers.desc\"pvmjpg20.dll"="PICVideo MJPEG Codec"
O52 - TDSD:HKLM\...\drivers.desc\"DivX.dll"="DivX 5.0 Codec"
O52 - TDSD:HKLM\...\drivers.desc\"mpg4c32.dll"="Microsoft MPEG-4 Video Codec v1"
O52 - TDSD:HKLM\...\drivers.desc\"vfwwdm32.dll"="Vidéo WDM pour le pilote de capture Windows (Win32)"
O52 - TDSD:HKLM\...\drivers.desc\"sirenacm.dll"="Messenger Audio Codec"
O52 - TDSD:HKLM\...\drivers.desc\"LCODCCMP.DLL"="LEAD MCMP/MJPEG Codec (VFW)"

---\\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1

---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoDriveTypeAutoRun"=145
O56 - MWPE:[HKLM\...\Policies\Explorer] - "HonorAutoRunSetting"=1

---\\ Liste des Drivers Système (SDL) (O58)
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\1394bus.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\a302.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\a303.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\a304.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\a305.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\a306.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\a307.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\a308.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\a309.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\a310.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\a311.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\a312.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\a313.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\a314.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\aavmker4.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\acpi.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\acpiec.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\aec.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\afd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\AFS2K.SYS
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\agp440.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\agpcpq.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ALCXSENS.SYS
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\alim1541.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\amdagp.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\amdk6.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\amdk7.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\arp1394.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\aswFsBlk.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\aswmon.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\aswmon2.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\aswRdr.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\aswSP.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\aswTdi.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\asyncmac.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\atapi.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ati1btxx.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ati1mdxx.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ati1pdxx.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ati1raxx.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ati1rvxx.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ati1snxx.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ati1ttxx.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ati1tuxx.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ati1xbxx.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ati1xsxx.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ati2mtaa.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ati2mtag.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\atinbtxx.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\atinmdxx.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\atinpdxx.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\atinraxx.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\atinrvxx.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\atinsnxx.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\atinttxx.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\atintuxx.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\atinxbxx.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\atinxsxx.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\atmarpc.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\atmepvc.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\atmlane.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\atmuni.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ATWPKT2.SYS
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\atwpkt264.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\audstub.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\bdasup.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\beep.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\bridge.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\bthenum.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\bthmodem.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\bthpan.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\bthport.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\bthprint.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\bthusb.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\cbidf2k.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ccdecode.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\cdaudio.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\cdfs.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\cdrom.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\cinemst2.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\classpnp.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\cpqdap01.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\crusoe.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\DcCam.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\DcFpoint.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\DCFS2k.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\DcLps.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\DcPtp.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\disk.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\diskdump.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\dmboot.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\dmio.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\dmload.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\dmusic.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\drmk.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\drmkaud.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\dxapi.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\dxg.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\dxgthk.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\el90xbc5.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\enum1394.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ExportIt.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\fastfat.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\fdc.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\fips.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\flpydisk.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\fltmgr.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\fsvga.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\fs_rec.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ftdisk.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\gagp30kx.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\hidbth.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\hidclass.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\hidir.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\hidparse.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\hidusb.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\hpzid412.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\HPZipr12.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\HPZius12.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\hsfbs2s2.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\hsfcxts2.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\hsfdpsp2.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\HSFHWBS2.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\HSF_CNXT.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\HSF_DP.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\http.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\i8042prt.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ialmkchw.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ialmnt5.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ialmsbw.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\imapi.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\intelide.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\intelppm.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ip6fw.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ipfltdrv.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ipinip.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ipnat.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ipsec.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\irenum.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\isapnp.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\kbdclass.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\kmixer.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ks.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ksecdd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mbam.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mbamswissarmy.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mcd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mdmxsdk.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mf.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mnmdd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\modem.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mouclass.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mouhid.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mountmgr.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mpe.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mrxdav.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mrxsmb.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\msdv.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\msfs.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\msgpc.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mskssrv.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mspclock.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mspqm.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mssmbios.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mstee.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mtlmnt5.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mtlstrm.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mtxparhm.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mup.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mutohpen.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\nabtsfec.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ndis.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ndisip.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ndistapi.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ndisuio.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ndiswan.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ndproxy.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\netbios.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\netbt.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\nic1394.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\nikedrv.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\nmnt.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\npfs.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ntfs.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ntmtlfax.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\null.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\nv4_mini.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\nv_agp.SYS
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\nwlnkflt.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\nwlnkfwd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\nwlnkipx.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\nwlnknb.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\nwlnkspx.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ohci1394.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\oprghdlr.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\p1030cam.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\p1030vid.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\p3.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\parport.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\partmgr.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\parvdm.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\PavProc.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\pci.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\pciide.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\pciidex.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\pcmcia.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\pfc.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\portcls.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\processr.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\PS2.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\psched.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ptilink.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\pxhelp20.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\rasacd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\rasl2tp.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\raspppoe.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\raspptp.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\raspti.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\rawwan.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\rdbss.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\rdpcdd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\rdpdr.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\rdpwd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\recagent.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\redbook.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\rfcomm.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\rio8drv.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\riodrv.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\rmcast.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\rndismp.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\rndismpx.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\rootmdm.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\rtl8139.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\s3gnbm.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\scsiport.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\sdbus.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\secdrv.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ser2pl.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\serenum.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\serial.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\sffdisk.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\sffp_sd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\sfloppy.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ShldDrv.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\sisagp.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\SISAGPX.SYS
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\sisgrp.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\slip.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\slnt7554.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\slntamr.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\slnthal.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\slwdmsup.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\smbali.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\smclib.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\sonydcam.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\splitter.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\sr.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\srv.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ssm_bus.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ssm_cm.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ssm_cmnt.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ssm_mdfl.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ssm_mdm.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ssm_wh.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ssm_whnt.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\StarOpen.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\stream.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\streamip.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\swenum.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\swmidi.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\SYMEVENT.SYS
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\sysaudio.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\tape.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\tcpip.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\tcpip6.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\tdi.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\tdpipe.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\tdtcp.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\termdd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\tosdvd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\tsbvcap.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\tunmp.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\uagp35.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\udfs.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\update.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usb8023.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usb8023x.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbcamd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbcamd2.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbccgp.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbehci.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbhub.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbintel.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbohci.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbport.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbprint.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbscan.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbstor.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbuhci.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbvideo.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\vch.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\vdmindvd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\vga.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\viaagp.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\VIAAGP1.SYS
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\viaide.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\videoprt.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\volsnap.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\wa301a.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\wa301b.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\wacompen.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\wadv07nt.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\wadv08nt.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\wadv09nt.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\wadv11nt.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\wanarp.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\wanatw4.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\watv06nt.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\watv10nt.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\wdmaud.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\wmilib.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\wpdusb.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ws2ifsl.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\wstcodec.sys
0
Réponse 14 / 48
sebastien
14 juil. 2009 à 21:34
ah mince je suis con moi je lis pas tout !!!!! dsl encore

http://www.cijoint.fr/cjlink.php?file=cj200907/cijk3jlzHc.txt
0
Réponse 15 / 48
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
14 juil. 2009 à 22:56
Re,

On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix


* Vérifie que tu as fermé/désactivé tous les programmes anti-virus, anti-malware ou anti-spyware afin qu'ils n'interfèrent pas avec le travail de ComboFix.

Envoie le contenu de C:\ComboFix.txt dans ta prochaine réponse afin que je l'examine.
0
Réponse 16 / 48
sebastien
14 juil. 2009 à 23:59
merci a toi !!!!!



ComboFix 09-07-13.01 - Propriétaire 14/07/2009 23:21.1.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.234 [GMT 2:00]
Running from: c:\documents and settings\Propriétaire\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090714-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\data
c:\data\Thumbs.db
c:\windows\config.ini
c:\windows\Installer\1549718.msp
c:\windows\Installer\fee2.msp
c:\windows\patch.exe
c:\windows\Readme.txt
c:\windows\SYSTEM32\Ati2evxx.dll
c:\windows\system32\iAlmcoin.dll
c:\windows\system32\MabryObj.dll
c:\windows\system32\mdm.exe
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games


((((((((((((((((((((((((( Files Created from 2009-06-14 to 2009-07-14 )))))))))))))))))))))))))))))))
.

2009-07-14 20:32 . 2009-07-14 20:33 -------- d-----w- c:\windows\system32\NtmsData
2009-07-13 22:00 . 2009-07-13 23:26 -------- d-----w- c:\program files\Navilog1
2009-07-13 20:35 . 2009-07-13 20:35 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-13 20:35 . 2009-07-13 20:35 -------- d-----w- c:\program files\Java
2009-07-13 16:58 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 16:58 . 2009-07-13 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-13 16:58 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 16:58 . 2009-07-13 16:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-29 17:32 . 2009-06-29 17:32 -------- d-----w- C:\Pilotes_V92

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-14 21:37 . 2005-12-08 14:53 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-14 16:04 . 2003-01-02 05:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-12 22:58 . 2008-01-19 23:29 -------- d-----w- c:\program files\eMule
2009-07-11 19:44 . 2003-01-02 12:25 49486 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-11 19:44 . 2003-01-02 12:25 369208 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-11 19:07 . 2003-09-05 17:42 -------- d-----w- c:\program files\Fichiers communs\Real
2009-07-11 17:34 . 2003-01-02 05:29 -------- d---a-w- c:\program files\Fichiers communs\Adobe
2009-07-11 16:33 . 2004-12-20 10:49 -------- d-----w- c:\program files\Yahoo!
2009-07-11 16:29 . 2005-01-03 10:04 -------- d-----w- c:\documents and settings\All Users\Application Data\RTE
2009-07-11 16:27 . 2006-12-10 15:29 -------- d-----w- c:\program files\Spyware Doctor
2009-07-11 15:54 . 2007-03-15 21:04 -------- d-----w- c:\program files\Camfrog
2009-07-11 15:11 . 2005-11-28 16:01 -------- d-----w- c:\program files\TribalWeb.net
2009-05-19 21:25 . 2005-02-27 10:52 318 ----a-w- c:\windows\system32\IWNGFMF.DRV
2009-05-19 21:25 . 2005-02-26 14:27 -------- d-----w- c:\program files\Win Généalogic
2009-05-07 15:33 . 2003-01-01 17:18 348672 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:45 . 2004-08-23 18:35 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:45 . 2004-08-19 23:09 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-19 19:50 . 2003-01-01 16:55 1847296 ----a-w- c:\windows\system32\win32k.sys
2006-12-31 10:19 . 2006-12-31 10:19 278528 -c--a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
1999-04-06 12:27 . 1999-04-06 12:27 99840 -c--a-w- c:\program files\Fichiers communs\IRAABOUT.DLL
1998-12-09 02:53 . 1998-12-09 02:53 70144 -c--a-w- c:\program files\Fichiers communs\IRAMDMTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 48640 -c--a-w- c:\program files\Fichiers communs\IRALPTTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 31744 -c--a-w- c:\program files\Fichiers communs\IRAWEBTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 186368 -c--a-w- c:\program files\Fichiers communs\IRAREG.DLL
1998-12-09 02:53 . 1998-12-09 02:53 17920 -c--a-w- c:\program files\Fichiers communs\IRASRIAL.DLL
2009-06-24 15:27 . 2009-07-14 15:17 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AOL Fast Start"="c:\program files\AOL 9.0 VR\AOL.EXE" [2007-06-21 50480]
"NVIEW"="nview.dll" - c:\windows\system32\nview.dll [2003-03-04 831557]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOLSAV"="c:\progra~1\TECHCI~1\AOLSAV\AOLAgent.exe" [2004-03-15 73728]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-08-08 181384]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-09-23 49152]
"HostManager"="c:\program files\Fichiers communs\AOL\1167869352\ee\AOLSoftware.exe" [2006-11-17 50736]
"AOLDialer"="c:\program files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 70952]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-06-09 98304]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 151552]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-13 148888]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\1167869352\\ee\\aolsoftware.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\AOL 9.0 VR\\waol.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [03/04/2008 00:51 114768]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShldDrv.sys [05/11/2005 12:11 26656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/04/2008 00:51 20560]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [05/11/2005 12:11 163856]
R3 PD1030VID;Creative WebCam Pro;c:\windows\system32\drivers\p1030vid.sys [01/01/2004 15:57 167661]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
S3 ComFiltr;Panda Anti-Dialer;\??\c:\windows\system32\DRIVERS\COMFiltr.sys --> c:\windows\system32\DRIVERS\COMFiltr.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2004-04-08 c:\windows\Tasks\Connexion facile à Internet.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2003-02-22 06:34]

2004-02-21 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8062837100.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uStart Page = hxxp://phaniedu76.skyrock.com/
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/ymsgr6/fr/*https://fr.yahoo.com/
IE: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html
DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} - hxxp://minitelweb.minitel.com/imin_data/ocx/MDM.cab
DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
FF - ProfilePath - c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\httk9uhl.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-14 23:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AOLSAV = c:\progra~1\TECHCI~1\AOLSAV\AOLAgent.exe?exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="7D7F76BF8F2CD253FC17EB1FFAA44A207FD08D80CBF237F05737BD59DFCBA0CF084D332AC167CA9EE63C8EC75011140343437DF2F785DAA9AB7BE8C0F2197E57B76DBED226B9E5C76A77BD6385BA195D1D02DB1907EF6E257C7EB3B1AD98C325204212F99FA1497B1F2AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D1407A6171C11EC38DE3DA9C6AECB7A5D1407A9FD6445DC5DF06F1E508715BAD92BD4371A2E64915B1257196C15B89FB9EEA3BDF5EA4D50D0548BEEFDE8D0891CC2B3DCAA7970852A5502401AECB33E5CFBE00B4AC2A96775D05B2CD57CE3F9FDF0F7627609C74A70EEF49E61342438BDCDC9756E34A3681C9278248F3D850A24E1399D1BA62CB7C8AC69346625F8DE10F14F47270B78B9290AB48634A6DEDB4A07C44888A1D4C8E12245E21D7D9525963C98AA119658E9186A116BA6B80EB4BE159A01834B6D1D7F25A8F34F03532429C47FB11CAAE8AAF3ADC6CA997924FE6306EE4AA47894F5FACEE3111CF8FC16B565134F071F434EDE8EC00214F0A948AE952A8AD9035D3C3B7E7C4B742D545BB93D96DCECCF74508E8D9FD3F2AB96C32BC66A8C62C8CE7843552C931D6B8A78CC317E16B69BFC4BCAED34E265BA5945F55D7EFDD3AB645BA53AE04431874B951565F79C22E5D282733988BA6F32D44842636C7116108BB708D6BC179F582F7D4F485FF34398DDD9773B58C7682B5E6956266ADEE7E1A903271A132CA7B84721CB06C884011C7BD95D04915DFCC13F6C0DB5689D580D94D9D1B56F065F8619936F94799A16E27CAF3EE758AD2C97B7B4D2E7836FCC0496FAEB9F8E8CB2251C8D3129ECE6105FA72B47FD0455C9D077CE2CD59273FDBBEE48EB92620BDC7A3AEA1E3F51FD5288B343B8A3A0CE7E9525E6ADDC9B33782E5249DC8B10317272562B579709D7955B4F90E8796DFD44925CCF021DDE161D59E528DECDF01256F9C2F00F322AD062571B4E4262DD27EC7A29FD68FCC96DA13EC63525DE92254305C8068FD980A9177F2B5E400798F21B7E0E0DB2A582E90D6381E2F68937C5480A2356B4168987E8DA09C5F3D27B70C6DA013AC5836122BDD09AC6AFDA53B4468302F06D3977F0DB77B22D04771490BBC96DE61D4871906316081D3D26119272700A0B3FD4B2D2CDE118E2A86727A7190CAF1BC768F41304C436C425024EE95752537AC2BFD37FEAB01E55315C2B70D4671B7DE69DDFEC76F083BFFCC61C235231E8BBA3162A2936F99E1BFBD0CB8734A473DD31645BC568B542B67014BF101596CC6F22B6B86908D8666CFE86E8ED548E752E717FC125DBAF3BF13E4BB3622612705A12C435BC8AED36A64501960AA4F64E8404F1A5FA2481A7E2BB13A4B2DE363DE15C270A813B5DC3CA6A"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3896)
c:\program files\MessengerPlus! 3\MsgPlusLoader.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\AOL\ACS\AOLacsd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\program files\Fichiers communs\Panda Software\PavShld\PavPrSrv.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\ScsiAccess.EXE
c:\windows\system32\wdfmgr.exe
c:\windows\wanmpsvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\AOL 9.0 VR\waol.exe
c:\windows\system32\wscntfy.exe
c:\program files\AOL 9.0 VR\shellmon.exe
.
**************************************************************************
.
Completion time: 2009-07-14 23:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-14 21:53

Pre-Run: 27 873 959 936 octets libres
Post-Run: 29 236 592 640 octets libres

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=,1,2,3,4
231 --- E O F --- 2009-06-14 23:51
0
Réponse 17 / 48
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
15 juil. 2009 à 00:54
Re,

Copie ou imprime les instructions avant

Déconnecte toi d'internet et ferme toutes tes applications.

Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :


RegLock::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]


Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.
0
Réponse 18 / 48
sebastien
15 juil. 2009 à 22:56
re, et merci


ComboFix 09-07-13.01 - Propriétaire 15/07/2009 22:27.2.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.220 [GMT 2:00]
Running from: c:\documents and settings\Propriétaire\Bureau\ComboFix.exe
Command switches used :: c:\documents and settings\Propriétaire\Bureau\CFscript.txt
AV: avast! antivirus 4.8.1335 [VPS 090715-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2009-06-15 to 2009-07-15 )))))))))))))))))))))))))))))))
.

2009-07-14 22:15 . 2009-07-14 22:24 20458 ----a-w- c:\windows\hpoins01.dat
2009-07-14 22:15 . 2003-04-06 04:33 16622 ------w- c:\windows\hpomdl01.dat
2009-07-14 20:32 . 2009-07-14 20:33 -------- d-----w- c:\windows\system32\NtmsData
2009-07-13 22:00 . 2009-07-13 23:26 -------- d-----w- c:\program files\Navilog1
2009-07-13 20:35 . 2009-07-13 20:35 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-13 20:35 . 2009-07-13 20:35 -------- d-----w- c:\program files\Java
2009-07-13 16:58 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 16:58 . 2009-07-13 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-13 16:58 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 16:58 . 2009-07-13 16:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-29 17:32 . 2009-06-29 17:32 -------- d-----w- C:\Pilotes_V92

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-15 16:48 . 2005-12-08 14:53 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-14 22:24 . 2003-09-06 08:29 82380 ----a-w- c:\windows\system32\drivers\AFS2K.SYS
2009-07-14 16:04 . 2003-01-02 05:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-12 22:58 . 2008-01-19 23:29 -------- d-----w- c:\program files\eMule
2009-07-11 19:44 . 2003-01-02 12:25 49486 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-11 19:44 . 2003-01-02 12:25 369208 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-11 19:07 . 2003-09-05 17:42 -------- d-----w- c:\program files\Fichiers communs\Real
2009-07-11 17:34 . 2003-01-02 05:29 -------- d---a-w- c:\program files\Fichiers communs\Adobe
2009-07-11 16:33 . 2004-12-20 10:49 -------- d-----w- c:\program files\Yahoo!
2009-07-11 16:29 . 2005-01-03 10:04 -------- d-----w- c:\documents and settings\All Users\Application Data\RTE
2009-07-11 16:27 . 2006-12-10 15:29 -------- d-----w- c:\program files\Spyware Doctor
2009-07-11 15:54 . 2007-03-15 21:04 -------- d-----w- c:\program files\Camfrog
2009-07-11 15:11 . 2005-11-28 16:01 -------- d-----w- c:\program files\TribalWeb.net
2009-06-16 14:40 . 2003-01-01 17:17 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2003-01-01 16:55 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:10 . 2003-05-30 07:00 1297408 ----a-w- c:\windows\system32\quartz.dll
2009-05-19 21:25 . 2005-02-27 10:52 318 ----a-w- c:\windows\system32\IWNGFMF.DRV
2009-05-19 21:25 . 2005-02-26 14:27 -------- d-----w- c:\program files\Win Généalogic
2009-05-07 15:33 . 2003-01-01 17:18 348672 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:45 . 2004-08-23 18:35 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:45 . 2004-08-19 23:09 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-19 19:50 . 2003-01-01 16:55 1847296 ----a-w- c:\windows\system32\win32k.sys
2006-12-31 10:19 . 2006-12-31 10:19 278528 -c--a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
1999-04-06 12:27 . 1999-04-06 12:27 99840 -c--a-w- c:\program files\Fichiers communs\IRAABOUT.DLL
1998-12-09 02:53 . 1998-12-09 02:53 70144 -c--a-w- c:\program files\Fichiers communs\IRAMDMTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 48640 -c--a-w- c:\program files\Fichiers communs\IRALPTTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 31744 -c--a-w- c:\program files\Fichiers communs\IRAWEBTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 186368 -c--a-w- c:\program files\Fichiers communs\IRAREG.DLL
1998-12-09 02:53 . 1998-12-09 02:53 17920 -c--a-w- c:\program files\Fichiers communs\IRASRIAL.DLL
2009-06-24 15:27 . 2009-07-14 15:17 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-14_21.37.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-15 16:48 . 2009-07-15 16:48 16384 c:\windows\Temp\Perflib_Perfdata_530.dat
+ 2009-07-15 16:49 . 2009-07-15 16:49 16384 c:\windows\Temp\Perflib_Perfdata_104.dat
+ 2003-03-09 20:30 . 2003-03-09 20:30 73728 c:\windows\system32\spool\drivers\w32x86\3\hpztbi07.dll
+ 2003-03-09 20:30 . 2003-03-09 20:30 81920 c:\windows\system32\spool\drivers\w32x86\3\hpzflt07.dll
+ 2003-03-09 20:30 . 2003-03-09 20:30 46592 c:\windows\system32\spool\drivers\w32x86\3\hpzcin06.exe
+ 2003-09-06 08:21 . 2003-03-09 20:31 55979 c:\windows\system32\spool\drivers\w32x86\3\hpopd907.dat
+ 2003-09-06 08:21 . 2003-03-09 20:31 56040 c:\windows\system32\spool\drivers\w32x86\3\hpop6107.dat
+ 2003-09-06 08:21 . 2003-03-09 20:31 38537 c:\windows\system32\spool\drivers\w32x86\3\hpop4107.dat
+ 2003-09-06 08:21 . 2003-03-09 20:31 31705 c:\windows\system32\spool\drivers\w32x86\3\hpop4007.dat
+ 2003-09-06 08:21 . 2003-03-09 20:31 55998 c:\windows\system32\spool\drivers\w32x86\3\hpop2207.dat
+ 2003-09-06 08:21 . 2003-03-09 20:31 55643 c:\windows\system32\spool\drivers\w32x86\3\hpop2107.dat
+ 2003-09-06 08:21 . 2003-03-09 20:31 55973 c:\windows\system32\spool\drivers\w32x86\3\hpop2007.dat
+ 2003-09-06 08:21 . 2003-03-09 20:31 31630 c:\windows\system32\spool\drivers\w32x86\3\hpop1107.dat
+ 2003-09-06 08:21 . 2003-03-09 20:31 31688 c:\windows\system32\spool\drivers\w32x86\3\hpop1007.dat
+ 2003-09-05 14:48 . 2008-07-08 13:03 18296 c:\windows\system32\spmsg.dll
- 2003-09-05 14:48 . 2008-07-09 07:40 18296 c:\windows\system32\spmsg.dll
+ 2003-03-09 20:31 . 2003-03-09 20:31 81920 c:\windows\system32\hpovst08.dll
+ 2003-01-01 17:17 . 2009-06-16 14:40 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2003-03-09 20:30 . 2003-03-09 20:30 155699 c:\windows\system32\spool\drivers\w32x86\3\hpzvip07.dll
+ 2003-03-09 20:30 . 2003-03-09 20:30 430080 c:\windows\system32\spool\drivers\w32x86\3\hpztbx07.exe
+ 2003-03-09 20:30 . 2003-03-09 20:30 188416 c:\windows\system32\spool\drivers\w32x86\3\hpztbu07.exe
+ 2003-03-09 20:30 . 2003-03-09 20:30 172032 c:\windows\system32\spool\drivers\w32x86\3\hpzstw07.exe
+ 2003-03-09 20:30 . 2003-03-09 20:30 372736 c:\windows\system32\spool\drivers\w32x86\3\hpzstc07.exe
+ 2003-03-09 20:30 . 2003-03-09 20:30 184386 c:\windows\system32\spool\drivers\w32x86\3\hpzsnt07.dll
+ 2003-03-09 20:30 . 2003-03-09 20:30 344064 c:\windows\system32\spool\drivers\w32x86\3\hpzslk07.dll
+ 2003-09-06 08:21 . 2003-03-09 20:30 184320 c:\windows\system32\spool\drivers\w32x86\3\hpzscr07.dll
+ 2003-03-09 20:31 . 2003-03-09 20:31 417792 c:\windows\system32\spool\drivers\w32x86\3\hpzrp307.dll
+ 2003-03-09 20:30 . 2003-03-09 20:30 372736 c:\windows\system32\spool\drivers\w32x86\3\hpzres07.dll
+ 2003-03-09 20:30 . 2003-03-09 20:30 319488 c:\windows\system32\spool\drivers\w32x86\3\hpzpre07.exe
+ 2003-03-09 20:30 . 2003-03-09 20:30 135168 c:\windows\system32\spool\drivers\w32x86\3\hpzpcl07.dll
+ 2003-03-09 20:30 . 2003-03-09 20:30 147512 c:\windows\system32\spool\drivers\w32x86\3\hpzlnt07.dll
+ 2003-03-09 20:30 . 2003-03-09 20:30 196608 c:\windows\system32\spool\drivers\w32x86\3\hpzjui07.dll
+ 2003-03-09 20:30 . 2003-03-09 20:30 204800 c:\windows\system32\spool\drivers\w32x86\3\hpzime07.dll
+ 2003-03-09 20:30 . 2003-03-09 20:30 761856 c:\windows\system32\spool\drivers\w32x86\3\hpzimc07.dll
+ 2003-03-09 20:30 . 2003-03-09 20:30 843776 c:\windows\system32\spool\drivers\w32x86\3\hpzeng07.exe
+ 2003-03-09 20:30 . 2003-03-09 20:30 270336 c:\windows\system32\spool\drivers\w32x86\3\hpzcon07.dll
+ 2003-03-09 20:30 . 2003-03-09 20:30 208896 c:\windows\system32\spool\drivers\w32x86\3\hpzcoi07.dll
+ 2003-03-09 20:30 . 2003-03-09 20:30 241664 c:\windows\system32\spool\drivers\w32x86\3\hpzcfg07.exe
+ 2003-03-09 20:30 . 2003-03-09 20:30 184386 c:\windows\system32\hpzsnt07.dll
- 2003-02-28 08:10 . 2003-02-28 08:10 274432 c:\windows\system32\hpgwiamd.dll
+ 2003-02-28 08:10 . 2003-03-09 20:31 274432 c:\windows\system32\hpgwiamd.dll
+ 2003-01-01 16:55 . 2009-06-16 14:40 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2003-03-09 20:31 . 2003-03-09 20:31 9089024 c:\windows\system32\spool\drivers\w32x86\3\hpzr3207.dll
+ 2008-05-07 05:11 . 2009-06-03 19:10 1297408 c:\windows\system32\dllcache\quartz.dll
+ 2009-07-14 22:25 . 2009-07-14 22:25 1157632 c:\windows\Installer\1f7ea3.msi
+ 2009-07-14 22:20 . 2009-07-14 22:20 2031104 c:\windows\Installer\1f7e8a.msi
+ 2009-07-14 22:18 . 2009-07-14 22:18 2401792 c:\windows\Installer\1f7e2c.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AOL Fast Start"="c:\program files\AOL 9.0 VR\AOL.EXE" [2007-06-21 50480]
"NVIEW"="nview.dll" - c:\windows\system32\nview.dll [2003-03-04 831557]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOLSAV"="c:\progra~1\TECHCI~1\AOLSAV\AOLAgent.exe" [2004-03-15 73728]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-08-08 181384]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-09-23 49152]
"HostManager"="c:\program files\Fichiers communs\AOL\1167869352\ee\AOLSoftware.exe" [2006-11-17 50736]
"AOLDialer"="c:\program files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 70952]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-06-09 98304]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 151552]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-13 148888]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\1167869352\\ee\\aolsoftware.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\AOL 9.0 VR\\waol.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [03/04/2008 00:51 114768]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShldDrv.sys [05/11/2005 12:11 26656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/04/2008 00:51 20560]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [05/11/2005 12:11 163856]
R3 PD1030VID;Creative WebCam Pro;c:\windows\system32\drivers\p1030vid.sys [01/01/2004 15:57 167661]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
S3 ComFiltr;Panda Anti-Dialer;\??\c:\windows\system32\DRIVERS\COMFiltr.sys --> c:\windows\system32\DRIVERS\COMFiltr.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2004-04-08 c:\windows\Tasks\Connexion facile à Internet.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2003-02-22 06:34]

2004-02-21 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8062837100.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uStart Page = hxxp://phaniedu76.skyrock.com/
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/ymsgr6/fr/*https://fr.yahoo.com/
IE: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html
DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} - hxxp://minitelweb.minitel.com/imin_data/ocx/MDM.cab
DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
FF - ProfilePath - c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\httk9uhl.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-15 22:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AOLSAV = c:\progra~1\TECHCI~1\AOLSAV\AOLAgent.exe?exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="7D7F76BF8F2CD253FC17EB1FFAA44A207FD08D80CBF237F05737BD59DFCBA0CF084D332AC167CA9EE63C8EC75011140343437DF2F785DAA9AB7BE8C0F2197E57B76DBED226B9E5C76A77BD6385BA195D1D02DB1907EF6E257C7EB3B1AD98C325204212F99FA1497B1F2AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D1407A6171C11EC38DE3DA9C6AECB7A5D1407A9FD6445DC5DF06F1E508715BAD92BD4371A2E64915B1257196C15B89FB9EEA3BDF5EA4D50D0548BEEFDE8D0891CC2B3DCAA7970852A5502401AECB33E5CFBE00B4AC2A96775D05B2CD57CE3F9FDF0F7627609C74A70EEF49E61342438BDCDC9756E34A3681C9278248F3D850A24E1399D1BA62CB7C8AC69346625F8DE10F14F47270B78B9290AB48634A6DEDB4A07C44888A1D4C8E12245E21D7D9525963C98AA119658E9186A116BA6B80EB4BE159A01834B6D1D7F25A8F34F03532429C47FB11CAAE8AAF3ADC6CA997924FE6306EE4AA47894F5FACEE3111CF8FC16B565134F071F434EDE8EC00214F0A948AE952A8AD9035D3C3B7E7C4B742D545BB93D96DCECCF74508E8D9FD3F2AB96C32BC66A8C62C8CE7843552C931D6B8A78CC317E16B69BFC4BCAED34E265BA5945F55D7EFDD3AB645BA53AE04431874B951565F79C22E5D282733988BA6F32D44842636C7116108BB708D6BC179F582F7D4F485FF34398DDD9773B58C7682B5E6956266ADEE7E1A903271A132CA7B84721CB06C884011C7BD95D04915DFCC13F6C0DB5689D580D94D9D1B56F065F8619936F94799A16E27CAF3EE758AD2C97B7B4D2E7836FCC0496FAEB9F8E8CB2251C8D3129ECE6105FA72B47FD0455C9D077CE2CD59273FDBBEE48EB92620BDC7A3AEA1E3F51FD5288B343B8A3A0CE7E9525E6ADDC9B33782E5249DC8B10317272562B579709D7955B4F90E8796DFD44925CCF021DDE161D59E528DECDF01256F9C2F00F322AD062571B4E4262DD27EC7A29FD68FCC96DA13EC63525DE92254305C8068FD980A9177F2B5E400798F21B7E0E0DB2A582E90D6381E2F68937C5480A2356B4168987E8DA09C5F3D27B70C6DA013AC5836122BDD09AC6AFDA53B4468302F06D3977F0DB77B22D04771490BBC96DE61D4871906316081D3D26119272700A0B3FD4B2D2CDE118E2A86727A7190CAF1BC768F41304C436C425024EE95752537AC2BFD37FEAB01E55315C2B70D4671B7DE69DDFEC76F083BFFCC61C235231E8BBA3162A2936F99E1BFBD0CB8734A473DD31645BC568B542B67014BF101596CC6F22B6B86908D8666CFE86E8ED548E752E717FC125DBAF3BF13E4BB3622612705A12C435BC8AED36A64501960AA4F64E8404F1A5FA2481A7E2BB13A4B2DE363DE15C270A813B5DC3CA6A"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(228)
c:\program files\MessengerPlus! 3\MsgPlusLoader.dll
c:\windows\system32\eappprxy.dll
.
Completion time: 2009-07-15 22:50
ComboFix-quarantined-files.txt 2009-07-15 20:49
ComboFix2.txt 2009-07-14 21:53

Pre-Run: 27 715 805 184 octets libres
Post-Run: 28 883 468 288 octets libres

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=,1,2,3,4
250 --- E O F --- 2009-07-14 23:09
0
Réponse 19 / 48
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
15 juil. 2009 à 23:04
Bonjour,

désolé, mon script était inepte.

Fais ceci :

Copie ou imprime les instructions avant

Déconnecte toi d'internet et ferme toutes tes applications.

Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :


RegNull::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]


Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.

0
Réponse 20 / 48
sebastien
15 juil. 2009 à 23:49
voila !!!!!!!


ComboFix 09-07-13.01 - Propriétaire 15/07/2009 23:19.3.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.144 [GMT 2:00]
Running from: c:\documents and settings\Propriétaire\Bureau\ComboFix.exe
Command switches used :: c:\documents and settings\Propriétaire\Bureau\CFscript.txt
AV: avast! antivirus 4.8.1335 [VPS 090715-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2009-06-15 to 2009-07-15 )))))))))))))))))))))))))))))))
.

2009-07-14 22:15 . 2009-07-14 22:24 20458 ----a-w- c:\windows\hpoins01.dat
2009-07-14 22:15 . 2003-04-06 04:33 16622 ------w- c:\windows\hpomdl01.dat
2009-07-14 20:32 . 2009-07-14 20:33 -------- d-----w- c:\windows\system32\NtmsData
2009-07-13 22:00 . 2009-07-13 23:26 -------- d-----w- c:\program files\Navilog1
2009-07-13 20:35 . 2009-07-13 20:35 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-13 20:35 . 2009-07-13 20:35 -------- d-----w- c:\program files\Java
2009-07-13 16:58 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 16:58 . 2009-07-13 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-13 16:58 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 16:58 . 2009-07-13 16:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-29 17:32 . 2009-06-29 17:32 -------- d-----w- C:\Pilotes_V92

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-15 16:48 . 2005-12-08 14:53 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-14 22:24 . 2003-09-06 08:29 82380 ----a-w- c:\windows\system32\drivers\AFS2K.SYS
2009-07-14 16:04 . 2003-01-02 05:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-12 22:58 . 2008-01-19 23:29 -------- d-----w- c:\program files\eMule
2009-07-11 19:44 . 2003-01-02 12:25 49486 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-11 19:44 . 2003-01-02 12:25 369208 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-11 19:07 . 2003-09-05 17:42 -------- d-----w- c:\program files\Fichiers communs\Real
2009-07-11 17:34 . 2003-01-02 05:29 -------- d---a-w- c:\program files\Fichiers communs\Adobe
2009-07-11 16:33 . 2004-12-20 10:49 -------- d-----w- c:\program files\Yahoo!
2009-07-11 16:29 . 2005-01-03 10:04 -------- d-----w- c:\documents and settings\All Users\Application Data\RTE
2009-07-11 16:27 . 2006-12-10 15:29 -------- d-----w- c:\program files\Spyware Doctor
2009-07-11 15:54 . 2007-03-15 21:04 -------- d-----w- c:\program files\Camfrog
2009-07-11 15:11 . 2005-11-28 16:01 -------- d-----w- c:\program files\TribalWeb.net
2009-06-16 14:40 . 2003-01-01 17:17 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2003-01-01 16:55 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:10 . 2003-05-30 07:00 1297408 ----a-w- c:\windows\system32\quartz.dll
2009-05-19 21:25 . 2005-02-27 10:52 318 ----a-w- c:\windows\system32\IWNGFMF.DRV
2009-05-19 21:25 . 2005-02-26 14:27 -------- d-----w- c:\program files\Win Généalogic
2009-05-07 15:33 . 2003-01-01 17:18 348672 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:45 . 2004-08-23 18:35 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:45 . 2004-08-19 23:09 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-19 19:50 . 2003-01-01 16:55 1847296 ----a-w- c:\windows\system32\win32k.sys
2006-12-31 10:19 . 2006-12-31 10:19 278528 -c--a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
1999-04-06 12:27 . 1999-04-06 12:27 99840 -c--a-w- c:\program files\Fichiers communs\IRAABOUT.DLL
1998-12-09 02:53 . 1998-12-09 02:53 70144 -c--a-w- c:\program files\Fichiers communs\IRAMDMTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 48640 -c--a-w- c:\program files\Fichiers communs\IRALPTTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 31744 -c--a-w- c:\program files\Fichiers communs\IRAWEBTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 186368 -c--a-w- c:\program files\Fichiers communs\IRAREG.DLL
1998-12-09 02:53 . 1998-12-09 02:53 17920 -c--a-w- c:\program files\Fichiers communs\IRASRIAL.DLL
2009-06-24 15:27 . 2009-07-14 15:17 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-14_21.37.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-15 16:48 . 2009-07-15 16:48 16384 c:\windows\Temp\Perflib_Perfdata_530.dat
+ 2009-07-15 16:49 . 2009-07-15 16:49 16384 c:\windows\Temp\Perflib_Perfdata_104.dat
+ 2003-03-09 20:30 . 2003-03-09 20:30 73728 c:\windows\system32\spool\drivers\w32x86\3\hpztbi07.dll
+ 2003-03-09 20:30 . 2003-03-09 20:30 81920 c:\windows\system32\spool\drivers\w32x86\3\hpzflt07.dll
+ 2003-03-09 20:30 . 2003-03-09 20:30 46592 c:\windows\system32\spool\drivers\w32x86\3\hpzcin06.exe
+ 2003-09-06 08:21 . 2003-03-09 20:31 55979 c:\windows\system32\spool\drivers\w32x86\3\hpopd907.dat
+ 2003-09-06 08:21 . 2003-03-09 20:31 56040 c:\windows\system32\spool\drivers\w32x86\3\hpop6107.dat
+ 2003-09-06 08:21 . 2003-03-09 20:31 38537 c:\windows\system32\spool\drivers\w32x86\3\hpop4107.dat
+ 2003-09-06 08:21 . 2003-03-09 20:31 31705 c:\windows\system32\spool\drivers\w32x86\3\hpop4007.dat
+ 2003-09-06 08:21 . 2003-03-09 20:31 55998 c:\windows\system32\spool\drivers\w32x86\3\hpop2207.dat
+ 2003-09-06 08:21 . 2003-03-09 20:31 55643 c:\windows\system32\spool\drivers\w32x86\3\hpop2107.dat
+ 2003-09-06 08:21 . 2003-03-09 20:31 55973 c:\windows\system32\spool\drivers\w32x86\3\hpop2007.dat
+ 2003-09-06 08:21 . 2003-03-09 20:31 31630 c:\windows\system32\spool\drivers\w32x86\3\hpop1107.dat
+ 2003-09-06 08:21 . 2003-03-09 20:31 31688 c:\windows\system32\spool\drivers\w32x86\3\hpop1007.dat
+ 2003-09-05 14:48 . 2008-07-08 13:03 18296 c:\windows\system32\spmsg.dll
- 2003-09-05 14:48 . 2008-07-09 07:40 18296 c:\windows\system32\spmsg.dll
+ 2003-03-09 20:31 . 2003-03-09 20:31 81920 c:\windows\system32\hpovst08.dll
+ 2003-01-01 17:17 . 2009-06-16 14:40 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2003-03-09 20:30 . 2003-03-09 20:30 155699 c:\windows\system32\spool\drivers\w32x86\3\hpzvip07.dll
+ 2003-03-09 20:30 . 2003-03-09 20:30 430080 c:\windows\system32\spool\drivers\w32x86\3\hpztbx07.exe
+ 2003-03-09 20:30 . 2003-03-09 20:30 188416 c:\windows\system32\spool\drivers\w32x86\3\hpztbu07.exe
+ 2003-03-09 20:30 . 2003-03-09 20:30 172032 c:\windows\system32\spool\drivers\w32x86\3\hpzstw07.exe
+ 2003-03-09 20:30 . 2003-03-09 20:30 372736 c:\windows\system32\spool\drivers\w32x86\3\hpzstc07.exe
+ 2003-03-09 20:30 . 2003-03-09 20:30 184386 c:\windows\system32\spool\drivers\w32x86\3\hpzsnt07.dll
+ 2003-03-09 20:30 . 2003-03-09 20:30 344064 c:\windows\system32\spool\drivers\w32x86\3\hpzslk07.dll
+ 2003-09-06 08:21 . 2003-03-09 20:30 184320 c:\windows\system32\spool\drivers\w32x86\3\hpzscr07.dll
+ 2003-03-09 20:31 . 2003-03-09 20:31 417792 c:\windows\system32\spool\drivers\w32x86\3\hpzrp307.dll
+ 2003-03-09 20:30 . 2003-03-09 20:30 372736 c:\windows\system32\spool\drivers\w32x86\3\hpzres07.dll
+ 2003-03-09 20:30 . 2003-03-09 20:30 319488 c:\windows\system32\spool\drivers\w32x86\3\hpzpre07.exe
+ 2003-03-09 20:30 . 2003-03-09 20:30 135168 c:\windows\system32\spool\drivers\w32x86\3\hpzpcl07.dll
+ 2003-03-09 20:30 . 2003-03-09 20:30 147512 c:\windows\system32\spool\drivers\w32x86\3\hpzlnt07.dll
+ 2003-03-09 20:30 . 2003-03-09 20:30 196608 c:\windows\system32\spool\drivers\w32x86\3\hpzjui07.dll
+ 2003-03-09 20:30 . 2003-03-09 20:30 204800 c:\windows\system32\spool\drivers\w32x86\3\hpzime07.dll
+ 2003-03-09 20:30 . 2003-03-09 20:30 761856 c:\windows\system32\spool\drivers\w32x86\3\hpzimc07.dll
+ 2003-03-09 20:30 . 2003-03-09 20:30 843776 c:\windows\system32\spool\drivers\w32x86\3\hpzeng07.exe
+ 2003-03-09 20:30 . 2003-03-09 20:30 270336 c:\windows\system32\spool\drivers\w32x86\3\hpzcon07.dll
+ 2003-03-09 20:30 . 2003-03-09 20:30 208896 c:\windows\system32\spool\drivers\w32x86\3\hpzcoi07.dll
+ 2003-03-09 20:30 . 2003-03-09 20:30 241664 c:\windows\system32\spool\drivers\w32x86\3\hpzcfg07.exe
+ 2003-03-09 20:30 . 2003-03-09 20:30 184386 c:\windows\system32\hpzsnt07.dll
- 2003-02-28 08:10 . 2003-02-28 08:10 274432 c:\windows\system32\hpgwiamd.dll
+ 2003-02-28 08:10 . 2003-03-09 20:31 274432 c:\windows\system32\hpgwiamd.dll
+ 2003-01-01 16:55 . 2009-06-16 14:40 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2003-03-09 20:31 . 2003-03-09 20:31 9089024 c:\windows\system32\spool\drivers\w32x86\3\hpzr3207.dll
+ 2008-05-07 05:11 . 2009-06-03 19:10 1297408 c:\windows\system32\dllcache\quartz.dll
+ 2009-07-14 22:25 . 2009-07-14 22:25 1157632 c:\windows\Installer\1f7ea3.msi
+ 2009-07-14 22:20 . 2009-07-14 22:20 2031104 c:\windows\Installer\1f7e8a.msi
+ 2009-07-14 22:18 . 2009-07-14 22:18 2401792 c:\windows\Installer\1f7e2c.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AOL Fast Start"="c:\program files\AOL 9.0 VR\AOL.EXE" [2007-06-21 50480]
"NVIEW"="nview.dll" - c:\windows\system32\nview.dll [2003-03-04 831557]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOLSAV"="c:\progra~1\TECHCI~1\AOLSAV\AOLAgent.exe" [2004-03-15 73728]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-08-08 181384]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-09-23 49152]
"HostManager"="c:\program files\Fichiers communs\AOL\1167869352\ee\AOLSoftware.exe" [2006-11-17 50736]
"AOLDialer"="c:\program files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 70952]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-06-09 98304]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 151552]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-13 148888]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\1167869352\\ee\\aolsoftware.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\AOL 9.0 VR\\waol.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [03/04/2008 00:51 114768]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShldDrv.sys [05/11/2005 12:11 26656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/04/2008 00:51 20560]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [05/11/2005 12:11 163856]
R3 PD1030VID;Creative WebCam Pro;c:\windows\system32\drivers\p1030vid.sys [01/01/2004 15:57 167661]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
S3 ComFiltr;Panda Anti-Dialer;\??\c:\windows\system32\DRIVERS\COMFiltr.sys --> c:\windows\system32\DRIVERS\COMFiltr.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2004-04-08 c:\windows\Tasks\Connexion facile à Internet.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2003-02-22 06:34]

2004-02-21 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8062837100.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uStart Page = hxxp://phaniedu76.skyrock.com/
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/ymsgr6/fr/*https://fr.yahoo.com/
IE: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html
DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} - hxxp://minitelweb.minitel.com/imin_data/ocx/MDM.cab
DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
FF - ProfilePath - c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\httk9uhl.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-15 23:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AOLSAV = c:\progra~1\TECHCI~1\AOLSAV\AOLAgent.exe?exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1416)
c:\program files\MessengerPlus! 3\MsgPlusLoader.dll
c:\windows\system32\eappprxy.dll
.
Completion time: 2009-07-15 23:40
ComboFix-quarantined-files.txt 2009-07-15 21:39
ComboFix2.txt 2009-07-15 20:50
ComboFix3.txt 2009-07-14 21:53

Pre-Run: 28 172 034 048 octets libres
Post-Run: 28 880 392 192 octets libres

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=,1,2,3,4
247 --- E O F --- 2009-07-14 23:09
0

Discussions similaires

Comment supprimer tor.jack sur Android
sabinelouisonbruno -
akaloupile -

4 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses
Virus : trojan:win32/wacatac.h!ml
Alky09 -
bazfile -

8 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses