goméo

Question

Bonsoir, j'ai aussi un problème avec google, chaque recherche est redirectionnée vers la page Goméo...  

j'ai fait un scan et je vous mets le rapport. Si quelqu'un peu me donner son avis..merci beaucoup.  

Rapport de ZHPDiag v1.27.1515 par Nicolas Coolman, Update du 26/01/2011  
Run by pascal at 26/01/2011 20:32:03  
Web site :  http://www.premiumorange.com/zeb-help-process/zhpdiag.html  
Contact :  

---\ Web Browser  
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)  

---\ System Information  
Windows XP Home Edition Service Pack 3 (Build 2600)  
Processor: x86 Family 6 Model 28 Stepping 2, GenuineIntel  
Operating System: 32 Bits  
Boot mode: Normal (Normal boot)  
Total RAM: 1011 MB (65% free)  
System Restore: Activé (Enable)  
System drive C: has 62 GB (58%) free of 106 GB  

---\ Logged in mode  
Computer Name: ACER-26A4A80FB7  
User Name: pascal  
All Users Names: SUPPORT_388945a0, pascal, HelpAssistant, ASPNET, Administrateur,   
Unselected Option: O45,O61,O62,O65,O66,O82  
Logged in as Administrator  

---\ Environnement Variables  
%AppData%=%USERPROFILE%\Application Data  
%LocalAppData%=%USERPROFILE%\Local Settings\Application Data  
%StartMenu%=%USERPROFILE%\Menu Démarrer  

---\ DOS/Devices  
C:\ Hard drive, Flash drive, Thumb drive (Free 62 Go of 106 Go)  


---\ Security Center & Tools Informations  
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK  
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK  
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK  
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK  
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK  


---\ Recherche particulière de fichiers génériques  
[MD5.2EB058E823B7699E2B8F029B51B16A94] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 13:00:00.) -- C:\Windows\Explorer.exe [1037824]  
[MD5.E24498ACEAE3213FC65233441A206FDA] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 13:00:00.) -- C:\Windows\System32\Winlogon.exe [512000]  
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.14/04/2008 13:00:00.) -- C:\Windows\System32\drivers\atapi.sys [96512]  
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/04/2008 13:00:00.) -- C:\Windows\System32\drivers
tfs.sys [574976]  


---\ Processus lancés  
[MD5.213822072085B5BBAD9AF30AB577D817] - (.InterVideo - RegMgr Module.) -- C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe   [112152]  
[MD5.126A16F569122AE00AD3D12EF831D651] - (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe   [153376]  
[MD5.9F6B6D0BE4F77F8693E9FD15D81C8A01] - (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe   [141848]  
[MD5.4C53C44E7C20E65445037954DC3A6BA4] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe   [166424]  
[MD5.D8F3B455D3FA4B40C9BF544F55647C19] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe   [137752]  
[MD5.013A269E7AF8B01FF20B384FEEBFFDA5] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.EXE   [16862720]  
[MD5.F56197D5CBDCC6A87C242DC8B8EEEE34] - (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.exe   [256536]  
[MD5.8BFD2044A8B56ACC1448AD8C97243D07] - (.Acer Inc. - eRecovery agent.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe   [425984]  
[MD5.855FFC135F055A3FDDD14DF5D241B4C2] - (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe   [1044480]  
[MD5.DDB896690AB37555E3A09C92F19B1AA4] - (.Dritek System Inc. - Launch Manager.) -- C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE   [821768]  
[MD5.93DB1FF92B03D24738A71E6E4992DFD3] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe   [248552]  
[MD5.98E3FCE83EDD685023F04F7473FAC45D] - (.InterVideo Inc. - WinCinema Manager.) -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe   [114688]  
[MD5.7C36AFFA39FF126EB483F289604EFCC1] - (.Intel Corporation - igfxext Module.) -- C:\WINDOWS\system32\igfxext.exe   [170520]  
[MD5.A1953A905B76837B637863012E8641A9] - (.Realtek Semiconductor Corp. - Realtek HD Audio Data Rerouter.) -- C:\DOCUME~1\pascal\LOCALS~1\Temp\RtkBtMnt.exe   [212992]  
[MD5.DB1A23EE7DD2E5E04E7DE071A6BEF699] - (.Sun Microsystems, Inc. - Java(TM) Update Checker.) -- C:\Program Files\Fichiers communs\Java\Java Update\jucheck.exe   [501480]  
[MD5.C6A360D467CFF0A50566B6E26DD8ADE1] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [624128]  


---\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2)  
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll  
P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.0.) -- C:\WINDOWS\system32\Adobe\Director
p32dsw.dll  
P2 - FPN: [HKLM] [@divx.com/DivX Browser Plugin,version=1.0.0] - (.DivX,Inc. - DivX Web Player version 1.4.2.7.) -- C:\Program Files\DivX\DivX Web Player
pdivx32.dll  
P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_21 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin
ew_plugin
pjp2.dll  
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.51204.0.) -- c:\Program Files\Microsoft Silverlight\4.0.51204.0
pctrl.dll  
P2 - FPN: [HKLM] [@microsoft.com/OfficeLive,version=1.3] - (.Microsoft Corp. - Office Live Update v1.3.) -- C:\Program Files\Microsoft\Office Live
pOLW.dll  
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=14.0.8117.0416] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll  
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll  
P2 - FPN: [HKLM] [@pandasecurity.com/activescan] - (.Panda Security - Panda ActiveScan 2.0 Plugin for Firefox.) -- C:\Program Files\Panda Security\ActiveScan 2.0
pwrapper.dll  


---\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)  
G1 - GCS: Preference [User Data\Default] None  
G0 - GCSP: Preference [User Data\Default][HomePage] https://www.bluewin.ch/de/index.html  


---\ Internet Explorer, Démarrage,Recherche,URSearchHook (R0,R1,R3)  
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.bluewin.ch/de/index.html  
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp  
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp  
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF  
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp  
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF  
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons  
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk  
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0  
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18992 (longhorn_ie8_gdr.101015-1700)) -- C:\WINDOWS\system32\ieframe.dll  
R3 - URLSearchHook: (no name) -  . (.Pas de propriétaire - Pas de description.) (No version) -- {CFBFAE00-17A6-11D0-99CB-00C04FD64497}  


---\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)  
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,  
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"  


---\ Browser Helper Objects de navigateur (O2)  
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} Clé orpheline  
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll  
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Clé orpheline  
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll  
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} . (.Skype Technologies S.A. - Skype add-on for IE.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll  
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll  
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java(TM) Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll  


---\ Applications démarrées par registre & par dossier (O4)  
O4 - HKLM\..\Run: [LaunchApp] Clé orpheline   
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe   
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe   
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe   
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\Windows\RTHDCPL.exe   
O4 - HKLM\..\Run: [Alcmtr] . (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) -- C:\Windows\ALCMTR.exe   
O4 - HKLM\..\Run: [AzMixerSel] . (.Realtek Semiconductor Corp. - Azalia Mixer Selector.) -- C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe   
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe   
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe   
O4 - HKLM\..\Run: [IMJPMIG8.1] . (.Microsoft Corporation - Microsoft IME.) -- C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe   
O4 - HKLM\..\Run: [MSPY2002] . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe   
O4 - HKLM\..\Run: [PHIME2002ASync] . (.Microsoft Corporation - ???????? 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe   
O4 - HKLM\..\Run: [PHIME2002A] . (.Microsoft Corporation - ???????? 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe   
O4 - HKLM\..\Run: [M3000Mnt] M3000Rmv.dll   
O4 - HKLM\..\Run: [LManager] . (.Dritek System Inc. - Launch Manager.) -- C:\PROGRA~1\LAUNCH~1\QtZgAcer.exe   
O4 - HKLM\..\Run: [eRecoveryService] . (.Acer Inc. - eRecovery agent.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe   
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe   
O4 - HKCU\..\Run: [MsnMsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\MsnMsgr.exe   
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe   
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe   
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe   
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe   
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe   
O4 - HKUS\S-1-5-21-3238996621-1518820140-3030111292-1006\..\Run: [MsnMsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\MsnMsgr.exe   
O4 - HKUS\S-1-5-21-3238996621-1518820140-3030111292-1006\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe   
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Démarrage\InterVideo WinCinema Manager.lnk . (.InterVideo Inc..)  -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe  
O4 - Global Startup: C:\Documents And Settings\pascal\Menu Démarrer\Programmes\Démarrage\OneNote 2007 - Capture d'écran et lancement.lnk . (.Microsoft Corporation.)  -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE  


---\ Autres liens utilisateurs (O4)  
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe Reader 8.lnk . (.Pas de propriétaire.)  -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81000000003}\SC_Reader.exe  
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Lanceur de tâches Microsoft Works.lnk . (.Microsoft® Corporation.)  -- C:\Program Files\Microsoft Works\MSWorks.exe  
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Microsoft Office PowerPoint Viewer 2003.lnk . (.Microsoft Corporation.)  -- C:\Program Files\Microsoft Office\PowerPoint Viewer\PPTVIEW.EXE  
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\MSN.lnk . (.Microsoft Corporation.)  -- C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe  
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Messenger.lnk . (.Microsoft Corporation.)  -- C:\Program Files\Messenger\msmsgs.exe  
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Movie Maker.lnk . (.Microsoft Corporation.)  -- C:\Program Files\Movie Maker\moviemk.exe  
O4 - Global Startup: C:\Documents And Settings\pascal\Menu Démarrer\Programmes\Assistance à distance.lnk . (.Microsoft Corporation.)  -- C:\WINDOWS\system32cimlby.exe  
O4 - Global Startup: C:\Documents And Settings\pascal\Menu Démarrer\Programmes\Internet Explorer.lnk . (.Microsoft Corporation.)  -- C:\Program Files\Internet Explorer\iexplore.exe  
O4 - Global Startup: C:\Documents And Settings\pascal\Menu Démarrer\Programmes\Windows Media Player.lnk . (.Microsoft Corporation.)  -- C:\Program Files\Windows Media Player\wmplayer.exe  


---\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)  
O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~2\Office12\EXCEL.exe  


---\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)  
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll  
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll  
O9 - Extra button: &Envoyer à OneNote - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\PokerStars\main.ico  
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico  
O9 - Extra button: Skype Plug-In - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (.Pas de propriétaire - Pas de description.) -- C:\PROGRA~1\MICROS~2\Office12\REFBARH.ICO  
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (.Pas de propriétaire - Pas de description.) -- C:\PROGRA~1\MICROS~2\Office12\REFBARH.ICO  
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe  


---\ Winsock hijacker (Layered Service Provider) (O10)  
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll  
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll  
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll  


---\ Objets ActiveX (Downloaded Program Files)(O16)  
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab  
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...  
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab  
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab  
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab  


---\ Modification Domaine/Adresses DNS (O17)  
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F650B9A-2015-4B84-B823-892295EA5CA3}: DhcpNameServer = 192.168.1.1  
O17 - HKLM\System\CS1\Services\Tcpip\..\{1F650B9A-2015-4B84-B823-892295EA5CA3}: DhcpNameServer = 192.168.1.1  
O17 - HKLM\System\CS3\Services\Tcpip\..\{1F650B9A-2015-4B84-B823-892295EA5CA3}: DhcpNameServer = 192.168.1.1  
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1  


---\ Protocole additionnel et piratage de protocole (O18)  
O18 - Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} . (.Skype Technologies S.A. - Skype add-on for IE.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll  
O18 - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype for COM API.) -- C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL  


---\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)  
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\Windows\System32\crypt32.dll  
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\Windows\System32\cryptnet.dll  
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\Windows\System32\cscdll.dll  
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll  
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll  
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll  
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll  
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\Windows\System32\sclgntfy.dll  
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\WlNotify.dll  
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll  
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll  


---\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)  
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll  
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll  
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll  
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll  
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll  


---\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)  
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll  


---\ Liste des services NT non Microsoft et non désactivés (O23)  
O23 - Service:  (IviRegMgr) . (.InterVideo - RegMgr Module.) - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe  
O23 - Service:  (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe  


---\ Enumération Active Desktop & MHTML Editor (O24)  
O24 - Default MHTML Editor: Last - .(.Microsoft Corporation - Microsoft Office Word.) - C:\Program Files\Microsoft Office\Office12\WINWORD.exe  


---\ Tâches planifiées en automatique (O39)  
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\User_Feed_Synchronization-{9ECCD5FA-ED99-45D2-A64E-717306865091}.job  


---\ Pilotes lancés au démarrage (O41)  
O41 - Driver:  (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys  
O41 - Driver:  (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys  
O41 - Driver:  (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\Windows\System32\DRIVERS\i8042prt.sys  
O41 - Driver:  (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\Windows\System32\DRIVERS\imapi.sys  
O41 - Driver:  (intelppm) . (.Microsoft Corporation - Pilote de périphérique processeur.) - C:\Windows\System32\DRIVERS\intelppm.sys  
O41 - Driver:  (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\Windows\System32\DRIVERS\ipsec.sys  
O41 - Driver:  (Kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\Windows\System32\DRIVERS\kbdclass.sys  
O41 - Driver:  (Mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\Windows\System32\DRIVERS\mouclass.sys  
O41 - Driver:  (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\Windows\System32\DRIVERS\mrxsmb.sys  
O41 - Driver:  (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS
etbios.sys  
O41 - Driver:  (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS
etbt.sys  
O41 - Driver:  (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\System32\DRIVERSasacd.sys  
O41 - Driver:  (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERSdbss.sys  
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys  
O41 - Driver:  (redbook) . (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) - C:\Windows\System32\DRIVERSedbook.sys  
O41 - Driver:  (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\Windows\System32\DRIVERS	cpip.sys  
O41 - Driver:  (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\System32\DRIVERS	ermdd.sys  
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys  
O41 - Driver:  (WmiAcpi) . (.Microsoft Corporation - Windows Management Interface for ACPI.) - C:\Windows\System32\DRIVERS\wmiacpi.sys  


---\ Logiciels installés (O42)  
O42 - Logiciel: Acer Crystal Eye Webcam 1.0.1.3 - (.SuYin.) [HKLM] -- {F7952CA2-A925-4CA1-A934-A46E8EC9CA18}  
O42 - Logiciel: Acer ScreenSaver - (.Acer Incorporated.) [HKLM] -- {79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}  
O42 - Logiciel: Activation Assistant for the 2007 Microsoft Office suites - (.Microsoft Corporation.) [HKLM] -- Activation Assistant for the 2007 Microsoft Office suites  
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX  
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin  
O42 - Logiciel: Adobe Reader 8.1.0 - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1033-7B44-A81000000003}  
O42 - Logiciel: Adobe Shockwave Player - (.Adobe Systems, Inc..) [HKLM] -- Adobe Shockwave Player  
O42 - Logiciel: Ares 2.1.1 - (.Ares Development Group.) [HKLM] -- Ares  
O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] -- {D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}  
O42 - Logiciel: Atheros for Acer Driver v7.6.0.224_Foxconn Installation Program - (.Atheros.) [HKLM] -- {28006915-2739-4EBE-B5E8-49B25D32EB33}  
O42 - Logiciel: CamfrogWEB Advanced ActiveX Plugin (www.bobtv.fr) - (.Pas de propriétaire.) [HKLM] -- CFWebAdvancedU_BOBTV.FR  
O42 - Logiciel: DivX Web Player - (.DivX,Inc..) [HKLM] -- {B7050CBDB2504B34BC2A9CA0A692CC29}  
O42 - Logiciel: Everest Casino (Remove Only) - (.Pas de propriétaire.) [HKLM] -- Everest Casino  
O42 - Logiciel: Everest Poker (Remove Only) - (.Pas de propriétaire.) [HKLM] -- Everest Poker  
O42 - Logiciel: Everest Poker.fr (Remove Only) - (.Pas de propriétaire.) [HKLM] -- Everest Poker.fr  
O42 - Logiciel: Everest Poker.net (Remove Only) - (.Pas de propriétaire.) [HKLM] -- Everest Poker.net  
O42 - Logiciel: Full Tilt Poker - (.Full Tilt Poker.) [HKLM] -- {D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}  
O42 - Logiciel: Galerie de photos Windows Live - (.Microsoft Corporation.) [HKLM] -- {1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}  
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595  
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484  
O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5  
O42 - Logiciel: Hotfix for Windows XP (KB976002-v5) - (.Microsoft Corporation.) [HKLM] -- KB976002-v5  
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3  
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {133742BA-6F46-4D3E-85AF-78631D9AD8B8}  
O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver - (.Pas de propriétaire.) [HKLM] -- HDMI  
O42 - Logiciel: InterVideo WinDVD - (.Pas de propriétaire.) [HKLM] -- {91810AFC-A4F8-4EBA-A5AA-B198BBC81144}  
O42 - Logiciel: JMicron JMB38X Flash Media Controller - (.JMicron Technology Corp..) [HKLM] -- {26604C7E-A313-4D12-867F-7C6E7820BE4C}  
O42 - Logiciel: Java(TM) 6 Update 21 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216011FF}  
O42 - Logiciel: Java(TM) 6 Update 7 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160070}  
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM] -- {8E5233E1-7495-44FB-8DEB-4BE906D59619}  
O42 - Logiciel: Launch Manager - (.Pas de propriétaire.) [HKLM] -- LManager  
O42 - Logiciel: Lecteur Windows Media 11 - (.Pas de propriétaire.) [HKLM] -- Windows Media Player  
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}  
O42 - Logiciel: MSXML 4.0 SP2 (KB936181) - (.Microsoft Corporation.) [HKLM] -- {C04E32E0-0416-434D-AFB9-6969D703A9EF}  
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}  
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}  
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Microsoft.) [HKLM] -- {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}  
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Pas de propriétaire.) [HKLM] -- Microsoft .NET Framework 1.1  (1033)  
O42 - Logiciel: Microsoft .NET Framework 1.1 French Language Pack - (.Microsoft.) [HKLM] -- {9A394342-4A68-4EBA-85A6-55B559F4E700}  
O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB2416447) - (.Pas de propriétaire.) [HKLM] -- M2416447  
O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB979906) - (.Pas de propriétaire.) [HKLM] -- M979906  
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}  
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}  
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1  
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}  
O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}  
O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP - (.Microsoft Corporation.) [HKLM] -- MSCompPackV1  
O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs - (.Microsoft Corporation.) [HKLM] -- IDNMitigationAPIs  
O42 - Logiciel: Microsoft National Language Support Downlevel APIs - (.Microsoft Corporation.) [HKLM] -- NLSDownlevelMapping  
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}  
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}  
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}  
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}  
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}  
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}  
O42 - Logiciel: Microsoft Office Excel MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE}  
O42 - Logiciel: Microsoft Office Home and Student 2007 - (.Microsoft Corporation.) [HKLM] -- HOMESTUDENTR  
O42 - Logiciel: Microsoft Office Home and Student 2007 - (.Microsoft Corporation.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}  
O42 - Logiciel: Microsoft Office Live Add-in 1.3 - (.Microsoft Corporation.) [HKLM] -- {57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}  
O42 - Logiciel: Microsoft Office OneNote MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-00A1-040C-0000-0000000FF1CE}  
O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE}  
O42 - Logiciel: Microsoft Office Proof (Arabic) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE}  
O42 - Logiciel: Microsoft Office Proof (Dutch) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE}  
O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}  
O42 - Logiciel: Microsoft Office Proof (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE}  
O42 - Logiciel: Microsoft Office Proof (German) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE}  
O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}  
O42 - Logiciel: Microsoft Office Proofing (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002C-040C-0000-0000000FF1CE}  
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}  
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}  
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}  
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}  
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}  
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}  
O42 - Logiciel: Microsoft Office Shared MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE}  
O42 - Logiciel: Microsoft Office Word MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE}  
O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] - (.Microsoft Corporation.) [HKLM] -- {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}  
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}  
O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- Wudf01000  
O42 - Logiciel: Microsoft Works - (.Microsoft Corporation.) [HKLM] -- {6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}  
O42 - Logiciel: Mobile Partner - (.Huawei Technologies Co.,Ltd.) [HKLM] -- Mobile Partner  
O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238}  
O42 - Logiciel: Panda ActiveScan 2.0 - (.Panda Security.) [HKLM] -- ActiveScan 2.0  
O42 - Logiciel: PokerStars - (.PokerStars.) [HKLM] -- PokerStars  
O42 - Logiciel: REALTEK GbE & FE Ethernet PCI-E NIC Driver - (.Realtek.) [HKLM] -- {C9BED750-1211-4480-B1A5-718A3BE15525}  
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}  
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2288621) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{5C497F0B-2061-4CC9-A61C-6B45B867354D}  
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2288931) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CD769337-C8AC-46DB-A7DC-643E50089263}  
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2289158) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{210B16C0-CEBD-4DE9-B474-04A7E8735E16}  
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2344875) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}  
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2345043) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{536FB502-775F-4494-BACE-C02CC90B7A5B}  
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB969559) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{69F52148-9BF6-4CDC-BF76-103DEAF3DD08}  
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB976321) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{7F207DCA-3399-40CB-A968-6E5991B1421A}  
O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473  
O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB2345035) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{B23002DD-34EC-4988-B810-A5E2A0BF04F1}  
O42 - Logiciel: Security Update for Microsoft Office InfoPath 2007 (KB979441) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}  
O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB982158) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{F5B70033-E79C-4569-90BF-BC9B4E4F3F46}  
O42 - Logiciel: Security Update for Microsoft Office PowerPoint Viewer (KB2413381) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3DED0A62-44C8-4E00-A785-5212F297A9D9}  
O42 - Logiciel: Security Update for Microsoft Office Visio Viewer 2007 (KB973709) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{71127777-8B2C-4F97-AF7A-6CF8CAC8224D}  
O42 - Logiciel: Security Update for Microsoft Office Word 2007 (KB2344993) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}  
O42 - Logiciel: Security Update for Microsoft Office system 2007 (972581) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}  
O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB974234) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{FCD742B9-7A55-44BC-A776-F795F21FEDDC}  
O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] -- {A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}  
O42 - Logiciel: Skype Toolbars - (.Skype Technologies S.A..) [HKLM] -- {CD95D125-2992-4858-B3EF-5F6FB52FBAD6}  
O42 - Logiciel: Skype(TM) 5.1 - (.Skype Technologies S.A..) [HKLM] -- {E633D396-5188-4E9D-8F6B-BFB8BF3467E8}  
O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics.) [HKLM] -- SynTPDeinstKey  
O42 - Logiciel: Update for 2007 Microsoft Office System (KB967642) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}  
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707  
O42 - Logiciel: Update for Microsoft Office OneNote 2007 (KB980729) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{329050A9-EF80-40F9-B633-74508F54C1FF}  
O42 - Logiciel: VLC media player 0.9.2 - (.VideoLAN Team.) [HKLM] -- VLC media player  
O42 - Logiciel: Windows Internet Explorer 7 - (.Microsoft Corporation.) [HKLM] -- ie7  
O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] -- ie8  
O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {B3B487E7-6171-4376-9074-B28082CEB504}  
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {3175E049-F9A9-4A3D-8F19-AC9FB04514D1}  
O42 - Logiciel: Windows Live FolderShare - (.Microsoft Corporation.) [HKLM] -- {76810709-A7D3-468D-9167-A1780C1E766C}  
O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM] -- {5DD76286-9BE7-4894-A990-E905E91AC818}  
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {445B183D-F4F1-45C8-B9DB-F11355CA657B}  
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM] -- {4634B21A-CC07-4396-890C-2B8168661FEA}  
O42 - Logiciel: Windows Media Format 11 runtime - (.Microsoft Corporation.) [HKLM] -- WMFDist11  
O42 - Logiciel: Windows Media Format 11 runtime - (.Pas de propriétaire.) [HKLM] -- Windows Media Format Runtime  
O42 - Logiciel: Windows Media Player 11 - (.Microsoft Corporation.) [HKLM] -- wmp11  

---\ HKCU & HKLM Software Keys  
[HKCU\Software\Adobe]  
[HKCU\Software\AppDataLow\Software\Adobe]  
[HKCU\Software\AppDataLow\Software\Freecause]  
[HKCU\Software\AppDataLow\Software\Macromedia]  
[HKCU\Software\AppDataLow\Software\Yahoo]  
[HKCU\Software\AppDataLow\Software]  
[HKCU\Software\AppDataLow]  
[HKCU\Software\Ares]  
[HKCU\Software\Aurigma]  
[HKCU\Software\CamfrogWEBAdvanced]  
[HKCU\Software\CamfrogWEB]  
[HKCU\Software\Classes]  
[HKCU\Software\DivXNetworks]  
[HKCU\Software\Full Tilt Poker]  
[HKCU\Software\Google]  
[HKCU\Software\Grand Virtual]  
[HKCU\Software\HookNetwork]  
[HKCU\Software\IM Providers]  
[HKCU\Software\Intel]  
[HKCU\Software\InterVideo]  
[HKCU\Software\JavaSoft]  
[HKCU\Software\Local AppWizard-Generated Applications]  
[HKCU\Software\Macromedia]  
[HKCU\Software\MimarSinan]  
[HKCU\Software\MozillaPlugins]  
[HKCU\Software\Mozilla]  
[HKCU\Software\Netscape]  
[HKCU\Software\ODBC]  
[HKCU\Software\Policies]  
[HKCU\Software\Quanta]  
[HKCU\Software\Realtek]  
[HKCU\Software\RegisteredApplications]  
[HKCU\Software\Skype]  
[HKCU\Software\Sony Corporation]  
[HKCU\Software\Synaptics]  
[HKCU\Software\Titan Poker]  
[HKCU\Software\Trolltech]  
[HKCU\Software\VB and VBA Program Settings]  
[HKCU\Software\YahooPartnerToolbar]  
[HKCU\Software\Yahoo]  
[HKCU\Software\acer]  
[HKCU\Software\kde.org]  
[HKCU\Software\shockwave.com]  
[HKLM\Software\Acer Incorporated]  
[HKLM\Software\Adobe]  
[HKLM\Software\Ahead]  
[HKLM\Software\America Online]  
[HKLM\Software\Atheros]  
[HKLM\Software\BrowserChoice]  
[HKLM\Software\C07ft5Y]  
[HKLM\Software\Classes]  
[HKLM\Software\Clients]  
[HKLM\Software\DivXNetworks]  
[HKLM\Software\Full Tilt Poker]  
[HKLM\Software\Gemplus]  
[HKLM\Software\Google]  
[HKLM\Software\Huawei technologies]  
[HKLM\Software\InstalledOptions]  
[HKLM\Software\Intel]  
[HKLM\Software\InterVideo Inc.]  
[HKLM\Software\InterVideo]  
[HKLM\Software\JMicron Technology Corp.]  
[HKLM\Software\JavaSoft]  
[HKLM\Software\JreMetrics]  
[HKLM\Software\Macromedia]  
[HKLM\Software\MimarSinan]  
[HKLM\Software\MozillaPlugins]  
[HKLM\Software\Mozilla]  
[HKLM\Software\Nero]  
[HKLM\Software\ODBC]  
[HKLM\Software\PTECH]  
[HKLM\Software\Panda Software]  
[HKLM\Software\Policies]  
[HKLM\Software\Program Groups]  
[HKLM\Software\Quanta]  
[HKLM\Software\RTLSetup]  
[HKLM\Software\Realtek Semiconductor Corp.]  
[HKLM\Software\Realtek]  
[HKLM\Software\RegisteredApplications]  
[HKLM\Software\Schlumberger]  
[HKLM\Software\Secure]  
[HKLM\Software\SiteAdvisor]  
[HKLM\Software\Skype]  
[HKLM\Software\SuYin]  
[HKLM\Software\Synaptics]  
[HKLM\Software\Titan Poker]  
[HKLM\Software\VideoLAN]  
[HKLM\Software\WebCam]  
[HKLM\Software\Windows 3.1 Migration Status]  
[HKLM\Software\Windows]  
[HKLM\Software\Yahoo]  
[HKLM\Software\acer]  


---\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)  
O43 - CFD: 03/10/2008 - 23:01:36 ----D- C:\Program Files\Acer Incorporated  
O43 - CFD: 04/10/2008 - 07:44:44 ----D- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites  
O43 - CFD: 04/10/2008 - 07:44:44 ----D- C:\Program Files\Adobe  
O43 - CFD: 17/11/2009 - 17:34:36 ----D- C:\Program Files\Alice  
O43 - CFD: 03/01/2010 - 21:58:20 ----D- C:\Program Files\Ares  
O43 - CFD: 04/10/2008 - 07:44:54 ----D- C:\Program Files\Atheros  
O43 - CFD: 09/12/2010 - 00:04:44 ----D- C:\Program Files\CFWebAdvancedU_BOBTV.FR  
O43 - CFD: 14/07/2008 - 10:53:56 ----D- C:\Program Files\ComPlus Applications  
O43 - CFD: 16/12/2008 - 00:07:46 ----D- C:\Program Files\DivX  
O43 - CFD: 17/01/2010 - 20:55:54 ----D- C:\Program Files\Everest Casino  
O43 - CFD: 18/01/2011 - 18:36:18 ----D- C:\Program Files\Everest Poker  
O43 - CFD: 28/10/2010 - 21:36:42 ----D- C:\Program Files\Everest Poker.fr  
O43 - CFD: 16/10/2010 - 18:59:20 ----D- C:\Program Files\Everest Poker.net  
O43 - CFD: 20/01/2011 - 10:35:06 ----D- C:\Program Files\Fichiers communs  
O43 - CFD: 17/10/2010 - 02:28:42 ----D- C:\Program Files\Full Tilt Poker  
O43 - CFD: 04/10/2008 - 19:50:56 --H-D- C:\Program Files\InstallShield Installation Information  
O43 - CFD: 04/10/2008 - 07:45:12 ----D- C:\Program Files\Intel  
O43 - CFD: 26/12/2010 - 20:46:08 ----D- C:\Program Files\Internet Explorer  
O43 - CFD: 04/10/2008 - 07:45:14 ----D- C:\Program Files\InterVideo  
O43 - CFD: 26/01/2011 - 15:00:32 ----D- C:\Program Files\Java  
O43 - CFD: 03/10/2008 - 23:00:38 ----D- C:\Program Files\Launch Manager  
O43 - CFD: 06/10/2008 - 16:37:38 ----D- C:\Program Files\Messenger  
O43 - CFD: 18/03/2009 - 01:28:00 ----D- C:\Program Files\Microsoft  
O43 - CFD: 04/10/2008 - 07:45:22 ----D- C:\Program Files\microsoft frontpage  
O43 - CFD: 04/10/2008 - 07:45:44 ----D- C:\Program Files\Microsoft Office  
O43 - CFD: 26/12/2010 - 03:05:40 ----D- C:\Program Files\Microsoft Silverlight  
O43 - CFD: 18/03/2009 - 01:21:44 ----D- C:\Program Files\Microsoft SQL Server Compact Edition  
O43 - CFD: 18/03/2009 - 01:22:46 ----D- C:\Program Files\Microsoft Sync Framework  
O43 - CFD: 17/11/2009 - 22:11:08 ----D- C:\Program Files\Microsoft Works  
O43 - CFD: 04/10/2008 - 07:46:02 ----D- C:\Program Files\Microsoft.NET  
O43 - CFD: 02/12/2010 - 15:52:34 ----D- C:\Program Files\Mobile Partner  
O43 - CFD: 13/08/2010 - 01:42:32 ----D- C:\Program Files\Movie Maker  
O43 - CFD: 08/11/2009 - 15:19:12 ----D- C:\Program Files\MSBuild  
O43 - CFD: 04/10/2008 - 07:46:02 ----D- C:\Program Files\MSN  
O43 - CFD: 04/10/2008 - 07:46:04 ----D- C:\Program Files\MSN Gaming Zone  
O43 - CFD: 06/10/2008 - 19:26:40 ----D- C:\Program Files\MSXML 4.0  
O43 - CFD: 04/10/2008 - 07:46:04 ----D- C:\Program Files\NetMeeting  
O43 - CFD: 04/10/2008 - 07:46:04 ----D- C:\Program Files\Online Services  
O43 - CFD: 26/12/2010 - 03:01:10 ----D- C:\Program Files\Outlook Express  
O43 - CFD: 19/06/2010 - 11:47:38 ----D- C:\Program Files\Panda Security  
O43 - CFD: 14/08/2010 - 23:04:12 ----D- C:\Program Files\PokerStars  
O43 - CFD: 04/10/2008 - 07:46:06 ----D- C:\Program Files\Realtek  
O43 - CFD: 08/11/2009 - 15:19:00 ----D- C:\Program Files\Reference Assemblies  
O43 - CFD: 04/10/2008 - 07:46:06 ----D- C:\Program Files\Services en ligne  
O43 - CFD: 20/01/2011 - 10:35:06 R---D- C:\Program Files\Skype  
O43 - CFD: 14/07/2008 - 11:10:00 ----D- C:\Program Files\Synaptics  
O43 - CFD: 14/07/2008 - 11:02:02 --H-D- C:\Program Files\Uninstall Information  
O43 - CFD: 04/10/2008 - 19:14:28 ----D- C:\Program Files\VideoLAN  
O43 - CFD: 09/12/2010 - 16:00:14 ----D- C:\Program Files\Windows Live  
O43 - CFD: 06/11/2009 - 13:04:02 ----D- C:\Program Files\Windows Live SkyDrive  
O43 - CFD: 26/01/2011 - 13:24:04 ----D- C:\Program Files\Windows Media Connect 2  
O43 - CFD: 26/01/2011 - 14:19:30 ----D- C:\Program Files\Windows Media Player  
O43 - CFD: 04/10/2008 - 07:46:10 ----D- C:\Program Files\Windows NT  
O43 - CFD: 14/07/2008 - 10:54:42 --H-D- C:\Program Files\WindowsUpdate  
O43 - CFD: 04/10/2008 - 07:46:10 ----D- C:\Program Files\xerox  
O43 - CFD: 19/11/2008 - 05:30:14 ----D- C:\Program Files\Yahoo!  
O43 - CFD: 26/01/2011 - 20:32:06 ----D- C:\Program Files\ZHPDiag  
O43 - CFD: 04/10/2008 - 07:44:56 ----D- C:\Program Files\Fichiers Communs\Adobe  
O43 - CFD: 03/10/2008 - 23:02:26 ----D- C:\Program Files\Fichiers Communs\CrystalEye  
O43 - CFD: 04/10/2008 - 07:44:56 ----D- C:\Program Files\Fichiers Communs\DESIGNER  
O43 - CFD: 04/10/2008 - 07:44:56 ----D- C:\Program Files\Fichiers Communs\InstallShield  
O43 - CFD: 04/10/2008 - 07:44:56 ----D- C:\Program Files\Fichiers Communs\InterVideo  
O43 - CFD: 20/09/2010 - 19:04:06 ----D- C:\Program Files\Fichiers Communs\Java  
O43 - CFD: 03/01/2010 - 19:58:20 ----D- C:\Program Files\Fichiers Communs\Microsoft Shared  
O43 - CFD: 04/10/2008 - 07:45:10 ----D- C:\Program Files\Fichiers Communs\MSSoap  
O43 - CFD: 04/10/2008 - 07:45:10 ----D- C:\Program Files\Fichiers Communs\ODBC  
O43 - CFD: 04/10/2008 - 07:45:10 ----D- C:\Program Files\Fichiers Communs\Services  
O43 - CFD: 20/01/2011 - 10:35:06 ----D- C:\Program Files\Fichiers Communs\Skype  
O43 - CFD: 04/10/2008 - 07:45:10 ----D- C:\Program Files\Fichiers Communs\SpeechEngines  
O43 - CFD: 04/10/2008 - 07:45:12 ----D- C:\Program Files\Fichiers Communs\System  
O43 - CFD: 18/03/2009 - 00:52:52 ----D- C:\Program Files\Fichiers Communs\Windows Live  
O43 - CFD: 04/10/2008 - 18:42:22 -SH-D- C:\Program Files\Fichiers Communs\WindowsLiveInstaller  
O43 - CFD: 26/01/2011 - 11:29:44 ----D- C:\Documents and Settings\pascal\Application Data\Adobe  
O43 - CFD: 09/12/2010 - 00:08:42 ----D- C:\Documents and Settings\pascal\Application Data\CamfrogWEB  
O43 - CFD: 26/01/2011 - 13:19:26 ----D- C:\Documents and Settings\pascal\Application Data\dvdcss  
O43 - CFD: 04/10/2008 - 07:43:40 ----D- C:\Documents and Settings\pascal\Application Data\Identities  
O43 - CFD: 04/10/2008 - 07:43:40 ----D- C:\Documents and Settings\pascal\Application Data\InstallShield  
O43 - CFD: 03/10/2008 - 23:12:18 ----D- C:\Documents and Settings\pascal\Application Data\InterVideo  
O43 - CFD: 03/10/2008 - 23:01:48 ----D- C:\Documents and Settings\pascal\Application Data\Macromedia  
O43 - CFD: 26/01/2011 - 17:02:24 -S--D- C:\Documents and Settings\pascal\Application Data\Microsoft  
O43 - CFD: 20/01/2011 - 10:37:18 ----D- C:\Documents and Settings\pascal\Application Data\Skype  
O43 - CFD: 20/01/2011 - 10:28:44 ----D- C:\Documents and Settings\pascal\Application Data\skypePM  
O43 - CFD: 10/10/2008 - 11:51:16 ----D- C:\Documents and Settings\pascal\Application Data\Sun  
O43 - CFD: 04/10/2008 - 17:30:18 ----D- C:\Documents and Settings\pascal\Application Data\Template  
O43 - CFD: 04/10/2008 - 19:15:42 ----D- C:\Documents and Settings\pascal\Application Data\vlc  
O43 - CFD: 03/10/2008 - 23:01:50 ----D- C:\Documents and Settings\pascal\Application Data\Yahoo!  


---\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)  
O44 - LFC:[MD5.D8ED1200F915817C00FCFD7FACEE1200] - 26/01/2011 - 19:14:27 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\WindowsUpdate.log   [1524712]  
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 26/01/2011 - 18:29:39 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\0.log   [0]  
O44 - LFC:[MD5.3F8ED3943F404F62D2C22ED2231B8CBA] - 26/01/2011 - 18:29:38 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\spupdsvc.log   [125368]  
O44 - LFC:[MD5.D8ED1200F915817C00FCFD7FACEE1200] - 26/01/2011 - 18:29:16 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wiadebug.log   [159]  
O44 - LFC:[MD5.FFDD27CA6A7419B7CED9F09DDA6DA74D] - 26/01/2011 - 18:29:16 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wmsetup.log   [34187]  
O44 - LFC:[MD5.D8ED1200F915817C00FCFD7FACEE1200] - 26/01/2011 - 18:29:13 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wiaservc.log   [50]  
O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 26/01/2011 - 18:28:50 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\bootstat.dat   [2048]  
O44 - LFC:[MD5.D8ED1200F915817C00FCFD7FACEE1200] - 26/01/2011 - 18:27:53 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\SchedLgU.Txt   [32598]  
O44 - LFC:[MD5.1EC4FFC57A2ACEB30CE7AE321FA082B1] - 26/01/2011 - 18:04:52 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\KB975558.log   [23271]  
O44 - LFC:[MD5.3DAFCD2D96B7CFA40B60D051805FA440] - 26/01/2011 - 18:04:48 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\KB2378111.log   [27566]  
O44 - LFC:[MD5.EFC15BD6431D10EC148817D7A8097F04] - 26/01/2011 - 18:04:47 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\updspapi.log   [277757]  
O44 - LFC:[MD5.480B3ACBC2D7DF4F3F3EA910B54A4B68] - 26/01/2011 - 18:04:44 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\KB954155.log   [21091]  
O44 - LFC:[MD5.5C986220DABBFB4FCD4AA67C5DCCE9C4] - 26/01/2011 - 18:04:40 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\KB978695.log   [22171]  
O44 - LFC:[MD5.8C261DC1B9E2AF3939263DDAE251887C] - 26/01/2011 - 18:04:36 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\KB973540.log   [22065]  
O44 - LFC:[MD5.4DF3849779E0FE3F297C8A7613031F0E] - 26/01/2011 - 18:04:27 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\KB952069.log   [31863]  
O44 - LFC:[MD5.6D6F4B1886E91EB37ABCCAD19C561EE0] - 26/01/2011 - 17:25:59 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\amcompat.tlb   [16832]  
O44 - LFC:[MD5.A32B14BE5EDAE794FCE1A9E970827509] - 26/01/2011 - 17:25:59 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32
scompat.tlb   [23392]  
O44 - LFC:[MD5.E4478DF37C06221A5E3F4EAE52F88F90] - 26/01/2011 - 15:00:33 ---A- . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\WINDOWS\System32\java.exe   [145184]  
O44 - LFC:[MD5.359B080F9226D078847E363C7AEDA903] - 26/01/2011 - 15:00:33 ---A- . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\WINDOWS\System32\javaw.exe   [145184]  
O44 - LFC:[MD5.06CCE24882D9577D3795432E1B22FE4A] - 26/01/2011 - 15:00:33 ---A- . (.Sun Microsystems, Inc. - Java(TM) Web Start Launcher.) -- C:\WINDOWS\System32\javaws.exe   [153376]  
O44 - LFC:[MD5.CDD0F29DE91755807AF738CE9D945658] - 26/01/2011 - 15:00:30 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\jupdate-1.6.0_23-b05.log   [4484]  
O44 - LFC:[MD5.99ABECAD02A0FB23F99743A30606F214] - 26/01/2011 - 14:22:35 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\wpa.dbl   [1158]  
O44 - LFC:[MD5.3C8F8431DAD4745989649C53B286CF87] - 26/01/2011 - 13:34:49 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wmsetup10.log   [512]  
O44 - LFC:[MD5.C633C40C71E3A93F127613471C7DD227] - 26/01/2011 - 13:24:25 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\FaxSetup.log   [1122785]  
O44 - LFC:[MD5.9CE1BBA4169A0D4E42A5CC1C55953BB4] - 26/01/2011 - 13:24:25 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\MSCompPackV1.log   [10321]  
O44 - LFC:[MD5.3AE7F32C9FEEF04784EE05BEA729501E] - 26/01/2011 - 13:24:25 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\comsetup.log   [378071]  
O44 - LFC:[MD5.83B0B5D25AC58949D2678BFAAA7D927A] - 26/01/2011 - 13:24:25 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\iis6.log   [175727]  
O44 - LFC:[MD5.08AD78C47E3C0C69FA8EDC1C15A82A2C] - 26/01/2011 - 13:24:25 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\imsins.log   [1374]  
O44 - LFC:[MD5.1937161A0FC959F3537B63DC34FB479C] - 26/01/2011 - 13:24:25 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\msgsocm.log   [55564]  
O44 - LFC:[MD5.5F2F39F3F6491A63EB47492ED1718FB7] - 26/01/2011 - 13:24:25 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS
tdtcsetup.log   [227368]  
O44 - LFC:[MD5.FE9B05BE07441987D734FE66CBAC8385] - 26/01/2011 - 13:24:25 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\ocgen.log   [537937]  
O44 - LFC:[MD5.B44BF295D5328FEA622598F08997CF5A] - 26/01/2011 - 13:24:25 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\ocmsn.log   [61419]  
O44 - LFC:[MD5.F7B420758B81E5B20853569706B5F624] - 26/01/2011 - 13:24:25 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\setupapi.log   [75478]  
O44 - LFC:[MD5.B9D356074822C0DCF0B0F716094F295F] - 26/01/2011 - 13:24:25 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS	soc.log   [428293]  
O44 - LFC:[MD5.5D298DC06B20035DA815BD5ECC286D30] - 26/01/2011 - 13:24:19 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\imsins.BAK   [1374]  
O44 - LFC:[MD5.EC516A54366AB1587B6E77FD51278401] - 26/01/2011 - 13:24:19 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wmp11.log   [25656]  
O44 - LFC:[MD5.9C15E1A70B5BB66438B559CE940B0899] - 26/01/2011 - 13:24:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\win.ini   [1686]  
O44 - LFC:[MD5.762DF9386366FAEE122241F4B55224B8] - 26/01/2011 - 13:23:20 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\WMFDist11.log   [34117]  
O44 - LFC:[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - 26/01/2011 - 13:23:15 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\WMSysPr9.prx   [316640]  
O44 - LFC:[MD5.6F224C9E4B789AB9AE7F378751D5A431] - 26/01/2011 - 13:22:27 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\Wudf01000Inst.log   [18870]  
O44 - LFC:[MD5.E662417E8A78877AA0229538CBECBE7A] - 26/01/2011 - 13:12:36 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\setupapi.log.1.old   [1044257]  
O44 - LFC:[MD5.1EA15F5993A1661AB1388C880CF1FDFB] - 26/01/2011 - 13:11:12 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\DirectX.log   [118261]  
O44 - LFC:[MD5.5E7DF6340AE753756A0905B51874E908] - 12/01/2011 - 18:48:49 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\KB2419632.log   [19133]  
O44 - LFC:[MD5.54CBECAE607869112D94DC9352502780] - 11/01/2011 - 18:13:53 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\PerfStringBackup.INI   [1267872]  
O44 - LFC:[MD5.3FC69DC4BE0F2C48FB49783830B04C8D] - 11/01/2011 - 18:13:53 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfc009.dat   [91376]  
O44 - LFC:[MD5.F10FEE0BFB9118711BEA3D485421F617] - 11/01/2011 - 18:13:53 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfc00C.dat   [109634]  
O44 - LFC:[MD5.4B956C9039B30754234A8EB6068B5A60] - 11/01/2011 - 18:13:53 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfh009.dat   [486928]  
O44 - LFC:[MD5.3C2095D6A57DA837B049F4A0DAE40691] - 11/01/2011 - 18:13:53 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfh00C.dat   [562376]  
O44 - LFC:[MD5.35A0A89529C172BEAB5B15BAC0A867AD] - 30/12/2010 - 23:08:05 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt   [25298]  


---\ Opérations et fonctions au démarrage de Windows Explorer (O46)  
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll  


---\ Export de clé d'application autorisée (O47)  
O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe  
O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe  
O47 - AAKE:Key Export SP - "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" [Enabled] .(.Microsoft Corporation - Microsoft Office OneNote.) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.exe

NicoVA · Answer

Salut 

--> Héberge ton rapport ZHPdiag sur http://www.cijoint.fr/ 

    * Télécharge TDSSKiller (de Kaspersky Labs) sur ton Bureau. 

    * Lance le (si tu utilises Windows Vista ou 7 : fais un clic-droit dessus et choisis "Exécuter en tant qu'administrateur") 
    * Clique sur [Start Scan] pour démarrer l'analyse. 
    * Si des éléments sont trouvés, clique sur [Continue] puis sur [Reboot Now] 
    * Un rapport s'ouvrira au redémarrage de l'ordinateur. 
    * Copie/colle son contenu dans ta prochaine réponse. 
    Note : Le rapport se trouve également sous C:\TDSSKiller.N°deversion_Date_Heure_log.txt 


++

pascal · Answer

voilà le lien.
http://www.cijoint.fr/cjlink.php?file=cj201101/cij5Xm0HGb.txt

aucun élément trouvé avec TDSSKILLER

NicoVA · Answer

Salut 

J'aimerais que tu me poste quand même son rapport ;)

1/

--> Rends toi sur VirusTotal 

--> Affiche les fichiers et dossiers cachés 

--> Upload ce fichier
 
C:\Windows\Explorer.exe 
C:\Windows\System32\Winlogon.exe 
 

--> Copie et colle les liens des rapports dans ta prochaine réponse.

2/

&#x25B6; Rends-toi à cette adresse afin de télécharger AD-Remover (créé par C_XX) : http://www.teamxscript.org/adremoverTelechargement.html

&#x25B6; Clique sur TÉLÉCHARGER et enregistre-le sur ton bureau.

&#x25B6; Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( le bureau )

&#x25B6; Double clique sur AD-R

* Sous Vista : clic droit sur AD-Remover et sélectionner "Exécuter en tant qu'administrateur"

&#x25B6; Au menu principal clic sur [ NETTOYER ].

&#x25B6; Laisse travailler l'outil et ne touche à rien ...

&#x25B6; Poste le rapport qui apparait à la fin.

( le rapport est sauvegardé aussi sous C:\Ad-report.log )


3/

&#x25B6; Télécharge http://www.teamxscript.org/usbfixTelechargement.html UsbFix] et enregistre-le sur ton bureau

&#x25B6; tutoriel recherche

&#x25B6; Double-clique sur  UsbFix présent sur ton bureau, l'installation se fera automatiquement

&#x25B6; Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

&#x25B6; Choisi Rechercher 

&#x25B6; Laisse travailler l'outil

&#x25B6; Ensuite post le rapport UsbFix.txt qui apparaîtra

* Note : le rapport UsbFix.txt est sauvegardé a la racine du disque

* Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides



A++

pascal · Answer

désolé je suis pas très fort en informatique...dis moi si il te faut d'autre rapport?
rapport de AD-R.

======= RAPPORT D'AD-REMOVER 2.0.0.2,D | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 20/01/11 à 19:00
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 19:52:18 le 27/01/2011, Mode normal

Microsoft Windows XP Édition familiale Service Pack 3 (X86) 
pascal@ACER-26A4A80FB7 ( ) 
 
============== ACTION(S) ==============


Fichier supprimé: C:\log_lobby.txt
Fichier supprimé: C:\log_lobby_dumper.txt
Dossier supprimé: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Everest Casino
Dossier supprimé: C:\Program Files\Everest Casino
Dossier supprimé: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Everest Poker
Dossier supprimé: C:\Program Files\Everest Poker
Fichier supprimé: C:\Documents and Settings\All Users\Bureau\Everest Casino.lnk
Fichier supprimé: C:\Documents and Settings\All Users\Bureau\Everest Poker.fr.lnk
Fichier supprimé: C:\Documents and Settings\All Users\Bureau\Everest Poker.lnk
Fichier supprimé: C:\Documents and Settings\All Users\Bureau\Everest Poker.net.lnk

(!) -- Fichiers temporaires supprimés.


Clé supprimée: HKLM\Software\Titan Poker
Clé supprimée: HKCU\Software\Grand Virtual
Clé supprimée: HKCU\Software\Titan Poker
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Everest Casino
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Everest Poker
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Everest Casino
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Everest Poker
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}


============== SCAN ADDITIONNEL ==============

** Internet Explorer Version [8.0.6001.18702] **

[HKCU\Software\Microsoft\Internet Explorer\Main] 
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\Main] 
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] 
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 382 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 12 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 27/01/2011 (2991 Octet(s)) 

Fin à: 19:54:35, 27/01/2011 
 
============== E.O.F ==============

pascal · Answer

Antivirus Version Last Update Result 
AhnLab-V3 2011.01.27.01 2011.01.27 - 
AntiVir 7.11.2.16 2011.01.27 TR/Patched.Gen 
Antiy-AVL 2.0.3.7 2011.01.27 Trojan/Win32.Patched.gen 
Avast 4.8.1351.0 2011.01.27 Win32:WinPatch 
Avast5 5.0.677.0 2011.01.27 Win32:WinPatch 
AVG 10.0.0.1190 2011.01.27 Win32/Patched.GB 
BitDefender 7.2 2011.01.27 - 
CAT-QuickHeal 11.00 2011.01.27 - 
ClamAV 0.96.4.0 2011.01.27 - 
Commtouch 5.2.11.5 2011.01.27 - 
Comodo 7522 2011.01.27 - 
DrWeb 5.0.2.03300 2011.01.27 Win32.Dat.15 
Emsisoft 5.1.0.1 2011.01.27 Trojan.Win32.Patched!IK 
eSafe 7.0.17.0 2011.01.27 - 
eTrust-Vet 36.1.8122 2011.01.27 - 
F-Prot 4.6.2.117 2011.01.26 - 
F-Secure 9.0.16160.0 2011.01.27 - 
Fortinet 4.2.254.0 2011.01.27 W32/Patched.Y!tr 
GData 21 2011.01.27 Win32:WinPatch 
Ikarus T3.1.1.97.0 2011.01.27 Trojan.Win32.Patched 
Jiangmin 13.0.900 2011.01.27 - 
K7AntiVirus 9.78.3662 2011.01.27 Virus 
Kaspersky 7.0.0.125 2011.01.27 Trojan.Win32.Patched.lp 
McAfee 5.400.0.1158 2011.01.27 W32/Bamital 
McAfee-GW-Edition 2010.1C 2011.01.27 - 
Microsoft 1.6502 2011.01.27 - 
NOD32 5825 2011.01.27 - 
Norman 6.06.12 2011.01.27 - 
nProtect 2011-01-18.01 2011.01.18 - 
Panda 10.0.3.5 2011.01.27 - 
PCTools 7.0.3.5 2011.01.27 HeurEngine.ZeroDayThreat 
Prevx 3.0 2011.01.27 - 
Rising 23.42.03.06 2011.01.27 Trojan.Win32.Generic.126FBFEC 
Sophos 4.61.0 2011.01.27 Troj/Patched-Y 
SUPERAntiSpyware 4.40.0.1006 2011.01.27 - 
Symantec 20101.3.0.103 2011.01.27 Suspicious.Mystic 
TheHacker 6.7.0.1.120 2011.01.26 - 
TrendMicro 9.120.0.1004 2011.01.27 - 
TrendMicro-HouseCall 9.120.0.1004 2011.01.27 - 
VBA32 3.12.14.3 2011.01.26 - 
VIPRE 8218 2011.01.27 Trojan.Win32.Generic!BT 
ViRobot 2011.1.27.4278 2011.01.27 - 
VirusBuster 13.6.168.0 2011.01.27 - 
Additional informationShow all  
MD5   : 2eb058e823b7699e2b8f029b51b16a94 
SHA1  : 561fd33774c1710434b5ac18974a93b2f3a6fc4f 
SHA256: 84547ff64d6671cedb465be4bd74bde0378b9f0eed8ffc70864cf3fa7739a47f

pascal · Answer

voilà j'ai fait les rapports que tu m'as demandé..as tu besoin d'autre chose?
merci

NicoVA · Answer

Salut ! 

Ok ton explorer est patché mais je soupçonne aussi que winlogon soit patché donc :  

- fait un rapport virustotal avec C:\Windows\System32\Winlogon.exe  

Ensuite poste le résultat en entier et poste le rapport TDSSkiller

pascal · Answer

voilà le rapport de virustotal :

MD5: e24498aceae3213fc65233441a206fda 
Date first seen: 2011-01-27 19:33:09 (UTC) 
Date last seen: 2011-01-27 19:33:09 (UTC) 
Detection ratio: 16/43 

et voilà celui de TDSSKILLER:

2011/01/28 17:53:22.0125	TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
2011/01/28 17:53:22.0125	================================================================================
2011/01/28 17:53:22.0125	SystemInfo:
2011/01/28 17:53:22.0125	
2011/01/28 17:53:22.0125	OS Version: 5.1.2600 ServicePack: 3.0
2011/01/28 17:53:22.0125	Product type: Workstation
2011/01/28 17:53:22.0125	ComputerName: ACER-26A4A80FB7
2011/01/28 17:53:22.0125	UserName: pascal
2011/01/28 17:53:22.0125	Windows directory: C:\WINDOWS
2011/01/28 17:53:22.0125	System windows directory: C:\WINDOWS
2011/01/28 17:53:22.0125	Processor architecture: Intel x86
2011/01/28 17:53:22.0125	Number of processors: 2
2011/01/28 17:53:22.0125	Page size: 0x1000
2011/01/28 17:53:22.0125	Boot type: Normal boot
2011/01/28 17:53:22.0125	================================================================================
2011/01/28 17:53:22.0859	Initialize success
2011/01/28 17:53:30.0515	================================================================================
2011/01/28 17:53:30.0515	Scan started
2011/01/28 17:53:30.0515	Mode: Manual; 
2011/01/28 17:53:30.0515	================================================================================
2011/01/28 17:53:34.0875	abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/01/28 17:53:34.0921	ACPI            (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/28 17:53:35.0031	ACPIEC          (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/01/28 17:53:35.0109	adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/01/28 17:53:35.0265	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/01/28 17:53:35.0406	AFD             (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/01/28 17:53:35.0468	agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/01/28 17:53:35.0562	agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/01/28 17:53:35.0765	Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/01/28 17:53:35.0859	aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/01/28 17:53:36.0000	aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/01/28 17:53:36.0093	AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/01/28 17:53:36.0218	alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/01/28 17:53:36.0375	amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/01/28 17:53:36.0531	amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/01/28 17:53:36.0843	AR5416          (7cae93fe5511d0c0688cfa56cf241e31) C:\WINDOWS\system32\DRIVERS\athw.sys
2011/01/28 17:53:37.0109	asc             (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/01/28 17:53:37.0156	asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/01/28 17:53:37.0406	asc3550         (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/01/28 17:53:37.0531	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/28 17:53:37.0765	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/28 17:53:37.0875	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/28 17:53:37.0921	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/28 17:53:38.0078	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/28 17:53:38.0171	cbidf           (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/01/28 17:53:38.0234	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/28 17:53:38.0312	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/01/28 17:53:38.0468	cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/01/28 17:53:38.0531	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/28 17:53:38.0578	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/28 17:53:38.0625	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/28 17:53:38.0750	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/01/28 17:53:38.0921	CmdIde          (e3726ad522d0bdae090671048c991ab3) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/01/28 17:53:38.0968	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/01/28 17:53:39.0171	Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/01/28 17:53:39.0218	dac2w2k         (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/01/28 17:53:39.0343	dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/01/28 17:53:39.0437	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/28 17:53:39.0531	DKbFltr         (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
2011/01/28 17:53:39.0781	dmboot          (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/28 17:53:39.0953	dmio            (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/28 17:53:40.0000	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/28 17:53:40.0046	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/28 17:53:40.0171	dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/01/28 17:53:40.0218	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/28 17:53:40.0421	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/28 17:53:40.0500	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/01/28 17:53:40.0531	Fips            (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/28 17:53:40.0640	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/01/28 17:53:40.0718	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/01/28 17:53:40.0828	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/28 17:53:40.0890	Ftdisk          (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/28 17:53:40.0953	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/28 17:53:41.0000	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/01/28 17:53:41.0140	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/28 17:53:41.0390	hpn             (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/01/28 17:53:41.0484	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/28 17:53:41.0718	hwdatacard      (8adf5ef39e896a65beded878494ee2b6) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2011/01/28 17:53:41.0828	i2omgmt         (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/01/28 17:53:41.0968	i2omp           (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/01/28 17:53:42.0031	i8042prt        (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/28 17:53:42.0312	ialm            (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/01/28 17:53:42.0703	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/28 17:53:42.0765	ini910u         (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/01/28 17:53:42.0875	int15.sys       (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Acer\Empowering Technology\eRecovery\int15.sys
2011/01/28 17:53:43.0296	IntcAzAudAddService (19afbb8427ce65042599555e578170df) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/01/28 17:53:43.0609	IntelIde        (4b6da2f0a4095857a9e3f3697399d575) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/01/28 17:53:43.0656	intelppm        (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/28 17:53:43.0687	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/01/28 17:53:43.0734	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/28 17:53:43.0765	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/28 17:53:43.0828	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/28 17:53:43.0875	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/28 17:53:43.0937	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/28 17:53:44.0000	isapnp          (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/28 17:53:44.0078	JMCR            (da971cfc625d13636e04c405948e9d62) C:\WINDOWS\system32\DRIVERS\jmcr.sys
2011/01/28 17:53:44.0125	Kbdclass        (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/28 17:53:44.0187	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/28 17:53:44.0265	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/28 17:53:44.0562	M3000Srv        (8da3ac548c6ef91b284dcff1a84be3db) C:\WINDOWS\system32\Drivers\M3000KNT.sys
2011/01/28 17:53:44.0734	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/28 17:53:44.0781	Modem           (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/28 17:53:44.0890	Mouclass        (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/28 17:53:44.0937	mouhid          (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/28 17:53:45.0000	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/28 17:53:45.0031	mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/01/28 17:53:45.0093	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/28 17:53:45.0265	MRxSmb          (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/28 17:53:45.0421	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/28 17:53:45.0484	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/28 17:53:45.0531	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/28 17:53:45.0640	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/28 17:53:45.0703	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/28 17:53:45.0796	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/01/28 17:53:45.0859	Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/28 17:53:45.0937	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/01/28 17:53:46.0078	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/28 17:53:46.0125	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/01/28 17:53:46.0156	NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS
distapi.sys
2011/01/28 17:53:46.0218	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS
disuio.sys
2011/01/28 17:53:46.0265	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS
diswan.sys
2011/01/28 17:53:46.0328	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/28 17:53:46.0390	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS
etbios.sys
2011/01/28 17:53:46.0437	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS
etbt.sys
2011/01/28 17:53:46.0656	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/28 17:53:46.0687	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/28 17:53:46.0859	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/28 17:53:46.0890	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS
wlnkflt.sys
2011/01/28 17:53:46.0968	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS
wlnkfwd.sys
2011/01/28 17:53:47.0031	Parport         (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\drivers\Parport.sys
2011/01/28 17:53:47.0125	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/28 17:53:47.0171	ParVdm          (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/28 17:53:47.0359	pavboot         (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
2011/01/28 17:53:47.0390	PCI             (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/28 17:53:47.0468	PCIIde          (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/28 17:53:47.0531	Pcmcia          (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/28 17:53:47.0921	perc2           (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/01/28 17:53:47.0953	perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/01/28 17:53:48.0171	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERSaspptp.sys
2011/01/28 17:53:48.0218	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/28 17:53:48.0375	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/28 17:53:48.0437	ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/01/28 17:53:48.0468	Ql10wnt         (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/01/28 17:53:48.0562	ql12160         (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/01/28 17:53:48.0593	ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/01/28 17:53:48.0671	ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/01/28 17:53:48.0718	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERSasacd.sys
2011/01/28 17:53:48.0781	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERSasl2tp.sys
2011/01/28 17:53:48.0859	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERSaspppoe.sys
2011/01/28 17:53:48.0906	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERSaspti.sys
2011/01/28 17:53:48.0968	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERSdbss.sys
2011/01/28 17:53:49.0031	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/28 17:53:49.0078	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERSdpdr.sys
2011/01/28 17:53:49.0312	RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/28 17:53:49.0359	redbook         (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERSedbook.sys
2011/01/28 17:53:49.0468	RTLE8023xp      (b52b25f41bf3511071a0e7d10d659c56) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/01/28 17:53:49.0687	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/28 17:53:49.0796	Serial          (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\drivers\Serial.sys
2011/01/28 17:53:49.0875	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/28 17:53:50.0093	sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/01/28 17:53:50.0203	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/01/28 17:53:50.0296	Sparrow         (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/01/28 17:53:50.0375	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/28 17:53:50.0453	sr              (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/28 17:53:50.0515	Srv             (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/28 17:53:50.0578	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/01/28 17:53:50.0640	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/28 17:53:50.0687	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/28 17:53:50.0750	symc810         (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/01/28 17:53:50.0828	symc8xx         (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/01/28 17:53:50.0859	sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/01/28 17:53:50.0906	sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/01/28 17:53:50.0968	SynTP           (409f7eeb079d6154ccb26a02e6e27844) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/01/28 17:53:51.0187	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/28 17:53:51.0265	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS	cpip.sys
2011/01/28 17:53:51.0343	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/28 17:53:51.0375	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/28 17:53:51.0500	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS	ermdd.sys
2011/01/28 17:53:51.0578	TosIde          (b411668322c3bf4e690888706b999679) C:\WINDOWS\system32\DRIVERS	oside.sys
2011/01/28 17:53:51.0671	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/28 17:53:51.0750	ultra           (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/01/28 17:53:51.0828	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/28 17:53:52.0046	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/28 17:53:52.0093	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/28 17:53:52.0140	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/28 17:53:52.0203	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/28 17:53:52.0234	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/28 17:53:52.0265	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/28 17:53:52.0312	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/01/28 17:53:52.0359	viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/01/28 17:53:52.0375	ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/01/28 17:53:52.0421	VolSnap         (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/28 17:53:52.0484	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/28 17:53:52.0546	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/28 17:53:52.0671	WmiAcpi         (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/01/28 17:53:52.0765	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/01/28 17:53:52.0843	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/28 17:53:52.0875	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/01/28 17:53:53.0187	================================================================================
2011/01/28 17:53:53.0187	Scan finished
2011/01/28 17:53:53.0187	================================================================================

pascal · Answer

Désolé je me suis trompé avec le rapport virustotal, voilà le bon rapport,merci beaucoup.

Antivirus Version Last Update Result 
AhnLab-V3 2011.01.27.01 2011.01.27 - 
AntiVir 7.11.2.31 2011.01.28 TR/Patched.Gen 
Antiy-AVL 2.0.3.7 2011.01.28 Trojan/Win32.Patched 
Avast 4.8.1351.0 2011.01.28 Win32:WinPatch 
Avast5 5.0.677.0 2011.01.28 Win32:WinPatch 
AVG 10.0.0.1190 2011.01.28 - 
BitDefender 7.2 2011.01.28 - 
CAT-QuickHeal 11.00 2011.01.28 - 
ClamAV 0.96.4.0 2011.01.28 - 
Commtouch 5.2.11.5 2011.01.28 - 
Comodo 7526 2011.01.28 - 
DrWeb 5.0.2.03300 2011.01.28 Win32.Dat.15 
Emsisoft 5.1.0.1 2011.01.28 Trojan.Win32.Patched!IK 
eSafe 7.0.17.0 2011.01.27 - 
eTrust-Vet 36.1.8124 2011.01.28 - 
F-Prot 4.6.2.117 2011.01.27 - 
F-Secure 9.0.16160.0 2011.01.28 - 
Fortinet 4.2.254.0 2011.01.28 W32/Patched.Y!tr 
GData 21 2011.01.28 Win32:WinPatch 
Ikarus T3.1.1.97.0 2011.01.28 Trojan.Win32.Patched 
Jiangmin 13.0.900 2011.01.28 - 
K7AntiVirus 9.78.3675 2011.01.28 Virus 
Kaspersky 7.0.0.125 2011.01.28 Trojan.Win32.Patched.lk 
McAfee 5.400.0.1158 2011.01.28 W32/Bamital 
McAfee-GW-Edition 2010.1C 2011.01.28 - 
Microsoft 1.6502 2011.01.28 - 
NOD32 5827 2011.01.28 Win32/Patched.GN 
Norman 6.06.12 2011.01.28 - 
nProtect 2011-01-18.01 2011.01.18 - 
Panda 10.0.3.5 2011.01.28 Suspicious file 
PCTools 7.0.3.5 2011.01.27 - 
Prevx 3.0 2011.01.28 - 
Rising 23.42.04.06 2011.01.28 - 
Sophos 4.61.0 2011.01.28 Troj/Patched-Y 
SUPERAntiSpyware 4.40.0.1006 2011.01.28 - 
Symantec 20101.3.0.103 2011.01.28 Trojan.Bamital.B!inf 
TheHacker 6.7.0.1.120 2011.01.26 - 
TrendMicro 9.120.0.1004 2011.01.28 - 
TrendMicro-HouseCall 9.120.0.1004 2011.01.28 - 
VBA32 3.12.14.3 2011.01.26 - 
VIPRE 8228 2011.01.28 Trojan.Win32.Generic!BT 
ViRobot 2011.1.28.4280 2011.01.28 - 
VirusBuster 13.6.169.0 2011.01.28 - 
Additional informationShow all  
MD5   : e24498aceae3213fc65233441a206fda 
SHA1  : b8949a822c11942c144184426c09aad7780accb2 
SHA256: 56dfb2fd30a4af759367d6b040479cc538e21e30b10ed630689d2d2d1ce83396 
ssdeep: 6144:7NZlxEdL5RvGlcHF37newMLao6nMnKHOD13XRnCfOVSePfLtisgZYkg:cdz+lcDKao6nSK
HsRqOMgxZgI 
File size : 512000 bytes 
First seen: 2011-01-27 19:33:09 
Last seen : 2011-01-28 16:51:56 
TrID: 
Win64 Executable Generic (80.9%)
Win32 Executable Generic (8.0%)
Win32 Dynamic Link Library (generic) (7.1%)
Generic Win/DOS Executable (1.8%)
DOS Executable Generic (1.8%) 
sigcheck: 
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. Tous droits r_serv_s.
product......: Syst_me d_exploitation Microsoft_ Windows_
description..: Application d_ouverture de session Windows NT
original name: WINLOGON.EXE
internal name: winlogon
file version.: 5.1.2600.5512 (xpsp.080413-2113)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
 
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0xB4F4
timedatestamp....: 0x48027549 (Sun Apr 13 21:04:09 2008)
machinetype......: 0x14c (I386)

[[ 3 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x70991, 0x70A00, 6.82, f1b4c864f36694d4d0fc08d28dee4b62
.data, 0x72000, 0x4E70, 0x2000, 6.29, 7ef0af9865e6a12742203edcbae7c43f
.rsrc, 0x77000, 0xA18C, 0xA200, 3.69, 2de1a63c2a7883cf163c3699bb614883

[[ 20 import(s) ]]
ADVAPI32.dll: ConvertStringSecurityDescriptorToSecurityDescriptorA, A_SHAInit, A_SHAUpdate, A_SHAFinal, LsaStorePrivateData, LsaRetrievePrivateData, LsaNtStatusToWinError, CryptGetUserKey, CryptGetKeyParam, CryptEncrypt, CryptSetProvParam, CryptSignHashW, CryptDeriveKey, CryptGetProvParam, RegOpenCurrentUser, RegDeleteKeyW, AddAccessAllowedAceEx, RegSetKeySecurity, I_ScSendTSMessage, MD5Init, MD5Update, MD5Final, SetFileSecurityA, AllocateLocallyUniqueId, LsaOpenPolicy, LsaQueryInformationPolicy, LsaFreeMemory, LsaClose, RegNotifyChangeKeyValue, QueryServiceConfigW, SetKernelObjectSecurity, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegEnumKeyExW, GetCurrentHwProfileW, RegCloseKey, RegQueryValueExW, RegOpenKeyW, FreeSid, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, AddAccessAllowedAce, InitializeAcl, GetLengthSid, AllocateAndInitializeSid, RegOpenKeyExW, CreateProcessAsUserW, DuplicateTokenEx, CloseServiceHandle, ControlService, StartServiceW, QueryServiceStatus, OpenServiceW, OpenSCManagerW, EqualSid, GetTokenInformation, RegSetValueExW, RegCreateKeyExW, CryptGenRandom, CryptDestroyHash, CryptVerifySignatureW, CryptSetHashParam, CryptGetHashParam, CryptHashData, CryptCreateHash, CryptDecrypt, ReportEventW, RegisterEventSourceW, CryptImportKey, CryptAcquireContextW, CryptReleaseContext, CryptDestroyKey, RegEnumValueW, RegQueryInfoKeyW, RegDeleteValueW, CredFree, CredDeleteW, CredEnumerateW, CopySid, GetSidLengthRequired, GetSidSubAuthority, GetSidSubAuthorityCount, GetUserNameW, OpenThreadToken, EnumServicesStatusW, ImpersonateLoggedOnUser, RegQueryValueExA, CheckTokenMembership, DeregisterEventSource, LsaGetUserName, RevertToSelf, LookupAccountSidW, IsValidSid, SetTokenInformation, LogonUserW, LookupAccountNameW, OpenProcessToken, SynchronizeWindows31FilesAndWindowsNTRegistry, QueryWindows31FilesMigration, AdjustTokenPrivileges, RegQueryInfoKeyA
AUTHZ.dll: AuthzInitializeResourceManager, AuthzAccessCheck, AuthziFreeAuditEventType, AuthziInitializeAuditEvent, AuthziInitializeAuditParams, AuthziInitializeAuditEventType, AuthziLogAuditEvent, AuthzFreeAuditEvent, AuthzFreeResourceManager, AuthzFreeHandle
CRYPT32.dll: CryptImportPublicKeyInfo, CryptVerifyMessageSignature, CertCreateCertificateContext, CertSetCertificateContextProperty, CertVerifyCertificateChainPolicy, CryptSignMessage, CertCloseStore, CertComparePublicKeyInfo, CryptExportPublicKeyInfo, CertFindExtension, CryptDecryptMessage, CertGetCertificateContextProperty, CertAddCertificateContextToStore, CertOpenStore, CertVerifySubjectCertificateContext, CertGetIssuerCertificateFromStore, CertDuplicateCertificateContext, CertFreeCertificateContext, CertEnumCertificatesInStore, CryptImportPublicKeyInfoEx
GDI32.dll: RemoveFontResourceW, AddFontResourceW
KERNEL32.dll: WTSGetActiveConsoleSessionId, GetTimeFormatW, GetUserDefaultLCID, FileTimeToSystemTime, FileTimeToLocalFileTime, GetProcAddress, LoadLibraryW, GetModuleHandleW, SystemTimeToFileTime, GetSystemTime, SetLastError, TerminateProcess, GetCurrentProcess, CreateTimerQueueTimer, CreateThread, lstrcpynW, GetShortPathNameW, GetProfileStringW, FreeLibrary, ReleaseSemaphore, CreateSemaphoreW, GetSystemInfo, GetComputerNameW, GetEnvironmentVariableW, WaitForSingleObjectEx, LoadResource, FindResourceW, SetThreadExecutionState, DeleteTimerQueueTimer, ResetEvent, GetSystemDirectoryW, TransactNamedPipe, SetNamedPipeHandleState, GetTickCount, CreateFileW, GlobalGetAtomNameW, VirtualLock, VirtualQuery, GetDriveTypeW, Beep, ExpandEnvironmentStringsW, OpenMutexW, QueueUserWorkItem, LeaveCriticalSection, EnterCriticalSection, DisconnectNamedPipe, SearchPathW, lstrcatW, LocalReAlloc, TerminateThread, ResumeThread, GetDiskFreeSpaceExW, GlobalMemoryStatusEx, DeleteFileW, WriteProfileStringW, ReadFile, FindVolumeClose, FindNextVolumeW, FindFirstVolumeW, FormatMessageW, SetPriorityClass, MoveFileExW, WaitForMultipleObjectsEx, GetExitCodeProcess, SleepEx, InterlockedExchange, FindClose, FindFirstFileW, GetWindowsDirectoryW, SetTimerQueueTimer, GetComputerNameA, GetVersionExW, VerSetConditionMask, WriteFile, WaitNamedPipeW, WaitForMultipleObjects, ConnectNamedPipe, GetVersionExA, DuplicateHandle, OpenProcess, GetOverlappedResult, lstrcmpW, SetEnvironmentVariableW, UnregisterWait, CreateNamedPipeW, CreateRemoteThread, CreateActCtxW, GetModuleFileNameW, ExitProcess, LoadLibraryExW, SetErrorMode, SetUnhandledExceptionFilter, GetPrivateProfileStringW, LocalSize, VirtualAlloc, VirtualQueryEx, DebugBreak, CreateFileA, InitializeCriticalSection, ProcessIdToSessionId, SetInformationJobObject, AssignProcessToJobObject, TerminateJobObject, PostQueuedCompletionStatus, PulseEvent, GetQueuedCompletionStatus, CreateIoCompletionPort, CreateJobObjectW, ActivateActCtx, DeactivateActCtx, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetSystemTimeAsFileTime, UnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, GetCurrentProcessId, SetThreadPriority, GetCurrentThreadId, lstrcmpiW, GetProfileIntW, LoadLibraryExA, lstrcpyW, lstrlenW, Sleep, LocalAlloc, CreateEventW, GetExitCodeThread, SetThreadAffinityMask, GetProcessAffinityMask, CreateWaitableTimerW, CreateMutexW, OpenEventW, RegisterWaitForSingleObject, WaitForSingleObject, CreateProcessW, SetWaitableTimer, ReleaseMutex, SetEvent, UnregisterWaitEx, CloseHandle, lstrlenA, lstrcpyA, MultiByteToWideChar, GetACP, WideCharToMultiByte, HeapAlloc, GetProcessHeap, HeapFree, lstrcpynA, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, lstrcmpiA, GetFileSize, SetFilePointer, GlobalAlloc, GlobalFree, GetLastError, LocalFree, lstrcatA, lstrcmpA, GetLogicalDriveStringsA, GetDriveTypeA, GetVolumeInformationW, GlobalMemoryStatus, CreateMutexA, FindResourceExW, LockResource, SizeofResource, VerifyVersionInfoW, GetSystemDirectoryA, GetCurrentThread, DelayLoadFailureHook, BaseInitAppcompatCacheSupport, OpenProfileUserMapping, CloseProfileUserMapping, BaseCleanupAppcompatCacheSupport, InitializeCriticalSectionAndSpinCount, VirtualProtect, CreateEventA, TlsSetValue, TlsGetValue, DeleteCriticalSection, TlsAlloc, VirtualFree, TlsFree
msvcrt.dll: wcslen, _vsnwprintf, wcsncpy, wcsstr, atoi, wcstok, memmove, wcschr, swprintf, swscanf, _local_unwind2, _wcslwr, wcscmp, _snwprintf, malloc, _c_exit, _exit, _XcptFilter, _cexit, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, __3@YAXPAX@Z, __2@YAPAXI@Z, __CxxFrameHandler, _itow, _snprintf, _wtol, _strnicmp, sscanf, wcstombs, sprintf, strchr, strncmp, atof, _ftol, isspace, wcscpy, _controlfp, wcsncmp, _wcsupr, ceil, wcscat, _except_handler3, free, _wcsicmp
NDdeApi.dll: -, -, -, -
ntdll.dll: RtlSubAuthoritySid, RtlAllocateHeap, NtPowerInformation, NtSetSystemPowerState, NtRaiseHardError, RtlDeleteCriticalSection, NtOpenSymbolicLinkObject, NtReplyPort, NtCompleteConnectPort, NtReplyWaitReceivePort, NtAcceptConnectPort, NtCreatePort, RtlConvertSidToUnicodeString, RtlFreeUnicodeString, NtLockProductActivationKeys, RtlTimeToTimeFields, NtUnmapViewOfSection, NtMapViewOfSection, NtOpenSection, NtQuerySymbolicLinkObject, NtQueryVolumeInformationFile, NtSetSecurityObject, RtlAdjustPrivilege, NtOpenFile, NtFsControlFile, RtlAllocateAndInitializeSid, RtlDestroyEnvironment, RtlFreeHeap, NtQueryInformationToken, NtShutdownSystem, RtlEnterCriticalSection, RtlLeaveCriticalSection, RtlInitializeCriticalSection, RtlCreateEnvironment, RtlQueryEnvironmentVariable_U, RtlSetEnvironmentVariable, RtlInitUnicodeString, NtOpenKey, NtQueryValueKey, RtlInitializeSid, RtlLengthRequiredSid, NtAllocateLocallyUniqueId, RtlGetDaclSecurityDescriptor, RtlCopySid, RtlLengthSid, NtSetInformationThread, NtDuplicateToken, NtDuplicateObject, RtlEqualSid, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, NtClose, RtlOpenCurrentUser, RtlAddAce, RtlCreateAcl, RtlNtStatusToDosError, NtSetInformationProcess, NtQuerySystemInformation, NtCreateEvent, NtCreatePagingFile, RtlDosPathNameToNtPathName_U, RtlRegisterWait, NtSetValueKey, NtCreateKey, RtlTimeToSecondsSince1980, NtQuerySystemTime, NtPrivilegeObjectAuditAlarm, NtPrivilegeCheck, NtOpenThreadToken, NtOpenProcessToken, RtlInitString, RtlUnhandledExceptionFilter, NtQueryInformationProcess, DbgBreakPoint, RtlCheckProcessParameters, RtlSetThreadIsCritical, RtlSetProcessIsCritical, RtlGetNtProductType, NtInitiatePowerAction, DbgPrint, NtFilterToken, NtQueryInformationJobObject, NtOpenEvent, RtlGetAce, RtlQueryInformationAcl, NtQuerySecurityObject, RtlCompareUnicodeString, NtOpenDirectoryObject
PROFMAP.dll: InitializeProfileMappingApi, RemapAndMoveUserW
PSAPI.DLL: EnumProcesses, EnumProcessModules, GetModuleBaseNameW
REGAPI.dll: RegDefaultUserConfigQueryW, RegUserConfigQuery
RPCRT4.dll: RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcImpersonateClient, I_RpcMapWin32Status, RpcServerRegisterIf, RpcGetAuthorizationContextForClient, RpcFreeAuthorizationContext, RpcServerListen, RpcRevertToSelf, NdrServerCall2, UuidCreate
Secur32.dll: LsaCallAuthenticationPackage, GetUserNameExW, LsaLookupAuthenticationPackage, LsaRegisterLogonProcess
SETUPAPI.dll: SetupDiDestroyDeviceInfoList, SetupDiEnumDeviceInfo, SetupDiGetClassDevsW, SetupDiGetDeviceRegistryPropertyW
USER32.dll: SetFocus, EnumWindows, CreateWindowStationW, RegisterLogonProcess, RecordShutdownReason, LoadLocalFonts, UnhookWindowsHook, SetWindowsHookW, GetWindowTextW, CallNextHookEx, DialogBoxParamW, GetWindowPlacement, GetSystemMenu, DeleteMenu, SetWindowPlacement, SetUserObjectInformationW, GetAsyncKeyState, PostThreadMessageW, SetUserObjectSecurity, CreateDesktopW, GetMessageTime, SetTimer, SetLogonNotifyWindow, UnlockWindowStation, ReplyMessage, UnregisterHotKey, RegisterHotKey, OpenInputDesktop, GetUserObjectInformationW, CloseDesktop, RegisterDeviceNotificationW, SetThreadDesktop, CreateWindowExW, GetMessageW, TranslateMessage, RegisterWindowMessageW, RegisterClassW, SetCursor, FindWindowW, MessageBoxW, SendNotifyMessageW, PostQuitMessage, MsgWaitForMultipleObjects, GetWindowRect, GetSystemMetrics, PeekMessageW, DispatchMessageW, KillTimer, SetProcessWindowStation, UpdateWindow, ShowWindow, SetWindowPos, PostMessageW, ExitWindowsEx, EnumDisplayMonitors, SystemParametersInfoW, GetDlgItem, SendMessageW, CreateDialogParamW, DestroyWindow, GetWindowLongW, GetDlgItemTextW, EndDialog, SetWindowLongW, LoadStringW, SetWindowTextW, SetDlgItemTextW, wsprintfW, wsprintfA, LockWindowStation, MBToWCSEx, SetWindowStationUser, UpdatePerUserSystemParameters, DialogBoxIndirectParamW, wvsprintfW, SetLastErrorEx, LoadCursorW, CheckDlgButton, IsDlgButtonChecked, DefWindowProcW, CloseWindowStation, LoadImageW, GetParent, GetKeyState, GetDesktopWindow, SetForegroundWindow, SwitchDesktop, OpenDesktopW
USERENV.dll: -, WaitForUserPolicyForegroundProcessing, GetAllUsersProfileDirectoryW, -, -, -, WaitForMachinePolicyForegroundProcessing, -, -, -, UnloadUserProfile, LoadUserProfileW, -, RegisterGPNotification, CreateEnvironmentBlock, DestroyEnvironmentBlock, UnregisterGPNotification, GetUserProfileDirectoryW
VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
WINSTA.dll: WinStationRequestSessionsList, WinStationQueryLogonCredentialsW, WinStationIsHelpAssistantSession, WinStationAutoReconnect, _WinStationWaitForConnect, _WinStationNotifyLogoff, WinStationDisconnect, _WinStationCallback, WinStationNameFromLogonIdW, _WinStationFUSCanRemoteUserDisconnect, WinStationEnumerate_IndexedW, WinStationGetMachinePolicy, WinStationQueryInformationW, WinStationFreeMemory, WinStationReset, _WinStationNotifyDisconnectPipe, WinStationConnectW, WinStationSetInformationW, WinStationShutdownSystem, WinStationCheckLoopBack, _WinStationNotifyLogon
WINTRUST.dll: CryptCATAdminEnumCatalogFromHash, CryptCATCatalogInfoFromContext, CryptCATAdminCalcHashFromFileHandle, CryptCATAdminAcquireContext, CryptCATAdminReleaseCatalogContext, WTHelperProvDataFromStateData, WinVerifyTrust, WTHelperGetProvSignerFromChain, CryptCATAdminReleaseContext
WS2_32.dll: -, -, getaddrinfo
 
ExifTool: 
file metadata
CharacterSet: Unicode
CodeSize: 461312
CompanyName: Microsoft Corporation
EntryPoint: 0xb4f4
FileDescription: Application d'ouverture de session Windows NT
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 500 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 5.1.2600.5512 (xpsp.080413-2113)
FileVersionNumber: 5.1.2600.5512
ImageVersion: 21315.20512
InitializedDataSize: 49664
InternalName: winlogon
LanguageCode: French
LegalCopyright: Microsoft Corporation. Tous droits r serv s.
LinkerVersion: 187.7
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 5.1
ObjectFileType: Executable application
OriginalFilename: WINLOGON.EXE
PEType: PE32
ProductName: Syst me d'exploitation Microsoft Windows 
ProductVersion: 5.1.2600.5512
ProductVersionNumber: 5.1.2600.5512
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2008:04:13 23:04:09+02:00
UninitializedDataSize: 0
Warning: Possibly corrupt Version resource
 


VT Community

NicoVA · Answer

Salut !

* Sous Vista : &#x25B6; Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

&#x25B6; Clique sur Démarrer puis sur panneau de configuration
&#x25B6; Double Clique sur l'icône "Comptes d'utilisateurs"
&#x25B6; Clique ensuite sur désactiver et valide.
&#x25B6; Redémarre le PC

&#x25B6; Télécharge Combofix de sUBs et enregistre le sur le Bureau.

 &#x25B6; désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)

Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

&#x25B6; Je te conseille d'installer la console de récupération !!
 
ensuite envois le rapport stp

A+

pascal · Answer

voilà le rapport de combofix :

ComboFix 11-01-28.01 - pascal 28/01/2011  20:31:08.1.2 - x86
Microsoft Windows XP Édition familiale  5.1.2600.3.1252.33.1036.18.1012.552 [GMT 1:00]
Lancé depuis: c:\documents and settings\pascal\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\pascal\Application Data\Adobe\plugs

c:\windows\system32\winlogon.exe . . . est infecté!!

Une copie infectée de c:\windows\explorer.exe a été trouvée et désinfectée 
Copie restaurée à partir de - c:\system volume information\_restore{62695C6D-F498-4843-849E-F39E2183FBDF}\RP7\A0001609.exe 

.
(((((((((((((((((((((((((((((   Fichiers créés du 2010-12-28 au 2011-01-28  ))))))))))))))))))))))))))))))))))))
.

2011-01-27 21:15 . 2011-01-27 21:15	--------	d-----w-	c:\documents and settings\pascal\Application Data\Malwarebytes
2011-01-27 21:15 . 2010-12-20 17:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-27 21:15 . 2011-01-27 21:15	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-27 21:15 . 2011-01-27 21:43	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-01-27 21:15 . 2010-12-20 17:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-01-27 20:31 . 2011-01-27 20:31	--------	d-----w-	c:\windows\system32\wbem\Repository
2011-01-27 20:30 . 2011-01-27 20:30	--------	d-----w-	c:\program files\Everest Casino
2011-01-27 20:29 . 2011-01-27 20:34	--------	d-----w-	c:\program files\Everest Poker
2011-01-27 18:52 . 2011-01-27 20:30	--------	d-----w-	c:\program files\Ad-Remover
2011-01-26 19:28 . 2011-01-27 20:30	--------	d-----w-	c:\program files\ZHPDiag
2011-01-26 16:38 . 2011-01-27 20:30	--------	d-----w-	c:\documents and settings\pascal\Local Settings\Application Data\Google
2011-01-26 12:24 . 2011-01-26 12:24	--------	d-----w-	c:\program files\Windows Media Connect 2
2011-01-26 12:22 . 2011-01-26 12:23	--------	d-----w-	C:\e9c632968382284c6365
2011-01-26 12:22 . 2011-01-26 12:23	--------	d-----w-	c:\windows\system32\drivers\UMDF
2011-01-26 12:21 . 2011-01-26 12:22	--------	d-----w-	C:\94e65bd9e159a2070acb55a764
2011-01-26 12:19 . 2011-01-26 12:19	--------	d-----w-	c:\documents and settings\pascal\Application Data\dvdcss
2011-01-26 12:12 . 2006-11-01 17:31	1669120	----a-w-	c:\program files\Windows Media Player\wmsetsdk.exe
2011-01-26 12:12 . 2004-08-11 00:45	47616	----a-w-	c:\program files\Windows Media Player\msoobci.dll
2011-01-26 12:01 . 2011-01-26 12:01	--------	d-----w-	c:\documents and settings\pascal\Local Settings\Application Data\WMTools Downloaded Files
2011-01-20 09:35 . 2011-01-20 09:35	--------	d-----w-	c:\program files\Fichiers communs\Skype

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2008-04-14 12:00	86016	----a-w-	c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2008-04-14 12:00	249856	----a-w-	c:\windows\system32\odbc32.dll
2010-11-06 00:21 . 2008-04-14 12:00	916480	----a-w-	c:\windows\system32\wininet.dll
2010-11-06 00:21 . 2008-04-14 12:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2010-11-06 00:21 . 2008-04-14 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2010-11-03 12:26 . 2008-04-14 12:00	385024	----a-w-	c:\windows\system32\html.iec
2010-11-02 15:17 . 2008-04-14 12:00	40960	----a-w-	c:\windows\system32\drivers
dproxy.sys
.

------- Sigcheck -------

[-] 2008-04-14 . E24498ACEAE3213FC65233441A206FDA . 512000 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . 2EB058E823B7699E2B8F029B51B16A94 . 1037824 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"M3000Mnt"="M3000Rmv.dll " [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\pascal\Menu D'marrer\Programmes\D'marrage\
OneNote 2007 - Capture d''cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-6-4 114688]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"=
"c:\Program Files\Java\jre6\bin\java.exe"=
"c:\Program Files\Ares\Ares.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"c:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"=
"c:\Program Files\Skype\Phone\Skype.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [19/06/2010 11:47 28552]
R3 M3000Srv;Acer Crystal Eye webcam Driver;c:\windows\system32\drivers\M3000KNT.sys [05/05/2008 08:01 254976]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [21/05/2008 09:11 96856]
.
Contenu du dossier 'Tâches planifiées'

2011-01-28 c:\windows\Tasks\User_Feed_Synchronization-{9ECCD5FA-ED99-45D2-A64E-717306865091}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.bluewin.ch/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://fr.fr.acer.yahoo.com/
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-userini - c:\windows\explorer.exe:userini.exe
HKLM-Run-userini - c:\windows\explorer.exe:userini.exe
HKLM-Explorer_Run-userini - c:\windows\explorer.exe:userini.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-28 20:41
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(2904)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxext.exe
c:\docume~1\pascal\LOCALS~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Heure de fin: 2011-01-28  20:45:43 - La machine a redémarré
ComboFix-quarantined-files.txt  2011-01-28 19:45

Avant-CF: 67 512 795 136 octets libres
Après-CF: 69 017 247 744 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP  dition familiale" /noexecute=optin /fastdetect

- - End Of File - - 9B2249550079F0599D29CC56D6B103B5

NicoVA · Answer

Salut !

Sympa ! Tu a explorer et winlogon de patché et il y a pas l'air d'avoir de remplaçant valide ^^ On va donc procéder comme suis :

Suis ces instructions très précisément, prends le temps de tout bien lire ! Si tu as des questions n'hésite surtout pas :

1/

--> Télécharge ce dossier nommé Pascal à la racine de ton disque dur qui est C:\

--> Il faut donc que tu ai C:\Pascal.zip présent, ensuite tu le décompresse toujours dans C:\

--> Tu dois avoir le dossier C:\Pascal , si ce n'est pas le cas ne continue pas le reste et fais moi part du problème que tu rencontre

2/

Désactive la protection de ton antivirus, anti-spyware et ferme internet et tes applications 

-> Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :


KillAll::

FCopy::
C:\Pascal\explorer.exe | C:\windows\explorer.exe
C:\Pascal\winlogon.exe | C:\windows\system32\winlogon.exe

Folder::
c:\program files\Everest Casino     
c:\program files\Everest Poker     


-> Enregistre ce fichier sous le nom CFScript

-> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

-> Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

* Ne touche à rien tant que le scan n'est pas terminé.

-> Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

-> Si le fichier n'apparait pas, il se trouve ici dans C:\ sous le nom de ComboFix.txt


A plus tard,

pascal · Answer

Je comprends pas comment faire cette manipulation? Oú est le fichier Combofix.exe?

 Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

pascal · Answer

bon, j'ai fait glisser le CFScript sur l'icone combofix, j'ai démarré le scan, il a scaner très vite, quand l'ordi c'est rallumer j'ai eu un message comme quoi winolog.exe a du être supprimer ou un truc dans le genre et j'ai pas de rapport ni sur le bureau, ni sur le C:\  

je crois que j'ai pas fait un bonne manipulation, je touche plus rien, j'attends ton aide..

Merci pour le temps que tu prends pour m'aider.

NicoVA · Answer

Salut !

Pourrais tu m'en dire un peu plus sur ce message ? 

Tu arrive à aller sur ta session ?

++

pascal · Answer

salut,

Ca n'a rien changer, il fonctionne comme avant avec touours le même bug...
et oui je peux aller sur ma session comme avant!

NicoVA · Answer

Salut

Ok donc Winlogon n'a pas été supprimé. 

Relance une routine ComboFix.

A+

pascal · Answer

voilà le dernier rapport de Combofix! c'est bien ça que tu m'as demandé?

ComboFix 11-01-28.03 - pascal 29/01/2011  16:37:57.3.2 - x86
Microsoft Windows XP Édition familiale  5.1.2600.3.1252.33.1036.18.1012.663 [GMT 1:00]
Lancé depuis: c:\documents and settings\pascal\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\winlogon.exe . . . est infecté!!

Une copie infectée de c:\windows\explorer.exe a été trouvée et désinfectée 
Copie restaurée à partir de - c:\system volume information\_restore{62695C6D-F498-4843-849E-F39E2183FBDF}\RP8\A0001704.exe 

.
(((((((((((((((((((((((((((((   Fichiers créés du 2010-12-28 au 2011-01-29  ))))))))))))))))))))))))))))))))))))
.

2011-01-28 22:15 . 2011-01-28 22:15	--------	d-----w-	C:\Pascal
2011-01-27 21:15 . 2011-01-27 21:15	--------	d-----w-	c:\documents and settings\pascal\Application Data\Malwarebytes
2011-01-27 21:15 . 2010-12-20 17:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-27 21:15 . 2011-01-27 21:15	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-27 21:15 . 2011-01-27 21:43	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-01-27 21:15 . 2010-12-20 17:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-01-27 20:31 . 2011-01-27 20:31	--------	d-----w-	c:\windows\system32\wbem\Repository
2011-01-27 20:30 . 2011-01-27 20:30	--------	d-----w-	c:\program files\Everest Casino
2011-01-27 20:29 . 2011-01-27 20:34	--------	d-----w-	c:\program files\Everest Poker
2011-01-27 18:52 . 2011-01-27 20:30	--------	d-----w-	c:\program files\Ad-Remover
2011-01-26 19:28 . 2011-01-27 20:30	--------	d-----w-	c:\program files\ZHPDiag
2011-01-26 16:38 . 2011-01-27 20:30	--------	d-----w-	c:\documents and settings\pascal\Local Settings\Application Data\Google
2011-01-26 12:24 . 2011-01-26 12:24	--------	d-----w-	c:\program files\Windows Media Connect 2
2011-01-26 12:22 . 2011-01-26 12:23	--------	d-----w-	C:\e9c632968382284c6365
2011-01-26 12:22 . 2011-01-26 12:23	--------	d-----w-	c:\windows\system32\drivers\UMDF
2011-01-26 12:21 . 2011-01-26 12:22	--------	d-----w-	C:\94e65bd9e159a2070acb55a764
2011-01-26 12:19 . 2011-01-26 12:19	--------	d-----w-	c:\documents and settings\pascal\Application Data\dvdcss
2011-01-26 12:12 . 2006-11-01 17:31	1669120	----a-w-	c:\program files\Windows Media Player\wmsetsdk.exe
2011-01-26 12:12 . 2004-08-11 00:45	47616	----a-w-	c:\program files\Windows Media Player\msoobci.dll
2011-01-26 12:01 . 2011-01-26 12:01	--------	d-----w-	c:\documents and settings\pascal\Local Settings\Application Data\WMTools Downloaded Files
2011-01-20 09:35 . 2011-01-20 09:35	--------	d-----w-	c:\program files\Fichiers communs\Skype

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-28 22:12 . 2011-01-28 22:12	682143	----a-w-	C:\Pascal.zip
2010-11-18 18:12 . 2008-04-14 12:00	86016	----a-w-	c:\windows\system32\isign32.dll
2010-11-12 17:53 . 2010-05-25 08:00	472808	----a-w-	c:\windows\system32\deployJava1.dll
2010-11-12 15:34 . 2008-10-10 10:50	73728	----a-w-	c:\windows\system32\javacpl.cpl
2010-11-09 14:52 . 2008-04-14 12:00	249856	----a-w-	c:\windows\system32\odbc32.dll
2010-11-06 00:21 . 2008-04-14 12:00	916480	----a-w-	c:\windows\system32\wininet.dll
2010-11-06 00:21 . 2008-04-14 12:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2010-11-06 00:21 . 2008-04-14 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2010-11-03 12:26 . 2008-04-14 12:00	385024	----a-w-	c:\windows\system32\html.iec
2010-11-02 15:17 . 2008-04-14 12:00	40960	----a-w-	c:\windows\system32\drivers
dproxy.sys
.

------- Sigcheck -------

[-] 2008-04-14 . E24498ACEAE3213FC65233441A206FDA . 512000 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . 2EB058E823B7699E2B8F029B51B16A94 . 1037824 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"M3000Mnt"="M3000Rmv.dll " [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\pascal\Menu D'marrer\Programmes\D'marrage\
OneNote 2007 - Capture d''cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-6-4 114688]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"=
"c:\Program Files\Java\jre6\bin\java.exe"=
"c:\Program Files\Ares\Ares.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"c:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"=
"c:\Program Files\Skype\Phone\Skype.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [19/06/2010 11:47 28552]
R3 M3000Srv;Acer Crystal Eye webcam Driver;c:\windows\system32\drivers\M3000KNT.sys [05/05/2008 08:01 254976]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [21/05/2008 09:11 96856]
.
Contenu du dossier 'Tâches planifiées'

2011-01-29 c:\windows\Tasks\User_Feed_Synchronization-{9ECCD5FA-ED99-45D2-A64E-717306865091}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.bluewin.ch/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://fr.fr.acer.yahoo.com/
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-29 16:47
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(2216)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxext.exe
c:\docume~1\pascal\LOCALS~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Heure de fin: 2011-01-29  16:52:20 - La machine a redémarré
ComboFix-quarantined-files.txt  2011-01-29 15:52
ComboFix2.txt  2011-01-28 19:45

Avant-CF: 68 791 263 232 octets libres
Après-CF: 68 939 423 744 octets libres

- - End Of File - - 35AE4836B85A807427BE9769CA1D9165

pascal · Answer

Comme je vois que mon fichier est bien infecté, j'ai fait un scan avec virustotal, ca peut peut etre d'aider..merci

Antivirus Version Last Update Result 
AhnLab-V3 2011.01.27.01 2011.01.27 - 
AntiVir 7.11.2.31 2011.01.28 TR/Patched.Gen 
Antiy-AVL 2.0.3.7 2011.01.28 Trojan/Win32.Patched 
Avast 4.8.1351.0 2011.01.29 Win32:WinPatch 
Avast5 5.0.677.0 2011.01.29 Win32:WinPatch 
AVG 10.0.0.1190 2011.01.29 - 
BitDefender 7.2 2011.01.29 - 
CAT-QuickHeal 11.00 2011.01.29 - 
ClamAV 0.96.4.0 2011.01.29 - 
Commtouch 5.2.11.5 2011.01.28 - 
Comodo 7531 2011.01.29 - 
DrWeb 5.0.2.03300 2011.01.29 Win32.Dat.15 
Emsisoft 5.1.0.1 2011.01.29 Trojan.Win32.Patched!IK 
eSafe 7.0.17.0 2011.01.27 - 
eTrust-Vet 36.1.8126 2011.01.28 - 
F-Prot 4.6.2.117 2011.01.28 - 
F-Secure 9.0.16160.0 2011.01.29 - 
Fortinet 4.2.254.0 2011.01.29 W32/Patched.Y!tr 
GData 21 2011.01.29 Win32:WinPatch 
Ikarus T3.1.1.97.0 2011.01.29 Trojan.Win32.Patched 
Jiangmin 13.0.900 2011.01.29 - 
K7AntiVirus 9.78.3680 2011.01.29 Virus 
Kaspersky 7.0.0.125 2011.01.29 Trojan.Win32.Patched.lk 
McAfee 5.400.0.1158 2011.01.29 W32/Bamital 
McAfee-GW-Edition 2010.1C 2011.01.29 - 
Microsoft 1.6502 2011.01.29 - 
NOD32 5829 2011.01.29 Win32/Patched.GN 
Norman 6.06.12 2011.01.29 - 
nProtect 2011-01-18.01 2011.01.18 - 
Panda 10.0.3.5 2011.01.29 Suspicious file 
PCTools 7.0.3.5 2011.01.27 - 
Prevx 3.0 2011.01.29 - 
Rising 23.42.04.06 2011.01.28 - 
Sophos 4.61.0 2011.01.29 Troj/Patched-Y 
SUPERAntiSpyware 4.40.0.1006 2011.01.29 - 
Symantec 20101.3.0.103 2011.01.29 Trojan.Bamital.B!inf 
TheHacker 6.7.0.1.120 2011.01.26 - 
TrendMicro 9.120.0.1004 2011.01.29 - 
TrendMicro-HouseCall 9.120.0.1004 2011.01.29 - 
VBA32 3.12.14.3 2011.01.29 - 
VIPRE 8240 2011.01.29 Trojan.Win32.Generic!BT 
ViRobot 2011.1.29.4282 2011.01.29 - 
VirusBuster 13.6.171.1 2011.01.29 - 
Additional informationShow all  
MD5   : e24498aceae3213fc65233441a206fda 
SHA1  : b8949a822c11942c144184426c09aad7780accb2 
SHA256: 56dfb2fd30a4af759367d6b040479cc538e21e30b10ed630689d2d2d1ce83396 
ssdeep: 6144:7NZlxEdL5RvGlcHF37newMLao6nMnKHOD13XRnCfOVSePfLtisgZYkg:cdz+lcDKao6nSK
HsRqOMgxZgI 
File size : 512000 bytes 
First seen: 2011-01-27 19:33:09 
Last seen : 2011-01-29 17:50:39 
TrID: 
Win64 Executable Generic (80.9%)
Win32 Executable Generic (8.0%)
Win32 Dynamic Link Library (generic) (7.1%)
Generic Win/DOS Executable (1.8%)
DOS Executable Generic (1.8%) 
sigcheck: 
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. Tous droits r_serv_s.
product......: Syst_me d_exploitation Microsoft_ Windows_
description..: Application d_ouverture de session Windows NT
original name: WINLOGON.EXE
internal name: winlogon
file version.: 5.1.2600.5512 (xpsp.080413-2113)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
 
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0xB4F4
timedatestamp....: 0x48027549 (Sun Apr 13 21:04:09 2008)
machinetype......: 0x14c (I386)

[[ 3 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x70991, 0x70A00, 6.82, f1b4c864f36694d4d0fc08d28dee4b62
.data, 0x72000, 0x4E70, 0x2000, 6.29, 7ef0af9865e6a12742203edcbae7c43f
.rsrc, 0x77000, 0xA18C, 0xA200, 3.69, 2de1a63c2a7883cf163c3699bb614883

[[ 20 import(s) ]]
ADVAPI32.dll: ConvertStringSecurityDescriptorToSecurityDescriptorA, A_SHAInit, A_SHAUpdate, A_SHAFinal, LsaStorePrivateData, LsaRetrievePrivateData, LsaNtStatusToWinError, CryptGetUserKey, CryptGetKeyParam, CryptEncrypt, CryptSetProvParam, CryptSignHashW, CryptDeriveKey, CryptGetProvParam, RegOpenCurrentUser, RegDeleteKeyW, AddAccessAllowedAceEx, RegSetKeySecurity, I_ScSendTSMessage, MD5Init, MD5Update, MD5Final, SetFileSecurityA, AllocateLocallyUniqueId, LsaOpenPolicy, LsaQueryInformationPolicy, LsaFreeMemory, LsaClose, RegNotifyChangeKeyValue, QueryServiceConfigW, SetKernelObjectSecurity, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegEnumKeyExW, GetCurrentHwProfileW, RegCloseKey, RegQueryValueExW, RegOpenKeyW, FreeSid, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, AddAccessAllowedAce, InitializeAcl, GetLengthSid, AllocateAndInitializeSid, RegOpenKeyExW, CreateProcessAsUserW, DuplicateTokenEx, CloseServiceHandle, ControlService, StartServiceW, QueryServiceStatus, OpenServiceW, OpenSCManagerW, EqualSid, GetTokenInformation, RegSetValueExW, RegCreateKeyExW, CryptGenRandom, CryptDestroyHash, CryptVerifySignatureW, CryptSetHashParam, CryptGetHashParam, CryptHashData, CryptCreateHash, CryptDecrypt, ReportEventW, RegisterEventSourceW, CryptImportKey, CryptAcquireContextW, CryptReleaseContext, CryptDestroyKey, RegEnumValueW, RegQueryInfoKeyW, RegDeleteValueW, CredFree, CredDeleteW, CredEnumerateW, CopySid, GetSidLengthRequired, GetSidSubAuthority, GetSidSubAuthorityCount, GetUserNameW, OpenThreadToken, EnumServicesStatusW, ImpersonateLoggedOnUser, RegQueryValueExA, CheckTokenMembership, DeregisterEventSource, LsaGetUserName, RevertToSelf, LookupAccountSidW, IsValidSid, SetTokenInformation, LogonUserW, LookupAccountNameW, OpenProcessToken, SynchronizeWindows31FilesAndWindowsNTRegistry, QueryWindows31FilesMigration, AdjustTokenPrivileges, RegQueryInfoKeyA
AUTHZ.dll: AuthzInitializeResourceManager, AuthzAccessCheck, AuthziFreeAuditEventType, AuthziInitializeAuditEvent, AuthziInitializeAuditParams, AuthziInitializeAuditEventType, AuthziLogAuditEvent, AuthzFreeAuditEvent, AuthzFreeResourceManager, AuthzFreeHandle
CRYPT32.dll: CryptImportPublicKeyInfo, CryptVerifyMessageSignature, CertCreateCertificateContext, CertSetCertificateContextProperty, CertVerifyCertificateChainPolicy, CryptSignMessage, CertCloseStore, CertComparePublicKeyInfo, CryptExportPublicKeyInfo, CertFindExtension, CryptDecryptMessage, CertGetCertificateContextProperty, CertAddCertificateContextToStore, CertOpenStore, CertVerifySubjectCertificateContext, CertGetIssuerCertificateFromStore, CertDuplicateCertificateContext, CertFreeCertificateContext, CertEnumCertificatesInStore, CryptImportPublicKeyInfoEx
GDI32.dll: RemoveFontResourceW, AddFontResourceW
KERNEL32.dll: WTSGetActiveConsoleSessionId, GetTimeFormatW, GetUserDefaultLCID, FileTimeToSystemTime, FileTimeToLocalFileTime, GetProcAddress, LoadLibraryW, GetModuleHandleW, SystemTimeToFileTime, GetSystemTime, SetLastError, TerminateProcess, GetCurrentProcess, CreateTimerQueueTimer, CreateThread, lstrcpynW, GetShortPathNameW, GetProfileStringW, FreeLibrary, ReleaseSemaphore, CreateSemaphoreW, GetSystemInfo, GetComputerNameW, GetEnvironmentVariableW, WaitForSingleObjectEx, LoadResource, FindResourceW, SetThreadExecutionState, DeleteTimerQueueTimer, ResetEvent, GetSystemDirectoryW, TransactNamedPipe, SetNamedPipeHandleState, GetTickCount, CreateFileW, GlobalGetAtomNameW, VirtualLock, VirtualQuery, GetDriveTypeW, Beep, ExpandEnvironmentStringsW, OpenMutexW, QueueUserWorkItem, LeaveCriticalSection, EnterCriticalSection, DisconnectNamedPipe, SearchPathW, lstrcatW, LocalReAlloc, TerminateThread, ResumeThread, GetDiskFreeSpaceExW, GlobalMemoryStatusEx, DeleteFileW, WriteProfileStringW, ReadFile, FindVolumeClose, FindNextVolumeW, FindFirstVolumeW, FormatMessageW, SetPriorityClass, MoveFileExW, WaitForMultipleObjectsEx, GetExitCodeProcess, SleepEx, InterlockedExchange, FindClose, FindFirstFileW, GetWindowsDirectoryW, SetTimerQueueTimer, GetComputerNameA, GetVersionExW, VerSetConditionMask, WriteFile, WaitNamedPipeW, WaitForMultipleObjects, ConnectNamedPipe, GetVersionExA, DuplicateHandle, OpenProcess, GetOverlappedResult, lstrcmpW, SetEnvironmentVariableW, UnregisterWait, CreateNamedPipeW, CreateRemoteThread, CreateActCtxW, GetModuleFileNameW, ExitProcess, LoadLibraryExW, SetErrorMode, SetUnhandledExceptionFilter, GetPrivateProfileStringW, LocalSize, VirtualAlloc, VirtualQueryEx, DebugBreak, CreateFileA, InitializeCriticalSection, ProcessIdToSessionId, SetInformationJobObject, AssignProcessToJobObject, TerminateJobObject, PostQueuedCompletionStatus, PulseEvent, GetQueuedCompletionStatus, CreateIoCompletionPort, CreateJobObjectW, ActivateActCtx, DeactivateActCtx, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetSystemTimeAsFileTime, UnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, GetCurrentProcessId, SetThreadPriority, GetCurrentThreadId, lstrcmpiW, GetProfileIntW, LoadLibraryExA, lstrcpyW, lstrlenW, Sleep, LocalAlloc, CreateEventW, GetExitCodeThread, SetThreadAffinityMask, GetProcessAffinityMask, CreateWaitableTimerW, CreateMutexW, OpenEventW, RegisterWaitForSingleObject, WaitForSingleObject, CreateProcessW, SetWaitableTimer, ReleaseMutex, SetEvent, UnregisterWaitEx, CloseHandle, lstrlenA, lstrcpyA, MultiByteToWideChar, GetACP, WideCharToMultiByte, HeapAlloc, GetProcessHeap, HeapFree, lstrcpynA, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, lstrcmpiA, GetFileSize, SetFilePointer, GlobalAlloc, GlobalFree, GetLastError, LocalFree, lstrcatA, lstrcmpA, GetLogicalDriveStringsA, GetDriveTypeA, GetVolumeInformationW, GlobalMemoryStatus, CreateMutexA, FindResourceExW, LockResource, SizeofResource, VerifyVersionInfoW, GetSystemDirectoryA, GetCurrentThread, DelayLoadFailureHook, BaseInitAppcompatCacheSupport, OpenProfileUserMapping, CloseProfileUserMapping, BaseCleanupAppcompatCacheSupport, InitializeCriticalSectionAndSpinCount, VirtualProtect, CreateEventA, TlsSetValue, TlsGetValue, DeleteCriticalSection, TlsAlloc, VirtualFree, TlsFree
msvcrt.dll: wcslen, _vsnwprintf, wcsncpy, wcsstr, atoi, wcstok, memmove, wcschr, swprintf, swscanf, _local_unwind2, _wcslwr, wcscmp, _snwprintf, malloc, _c_exit, _exit, _XcptFilter, _cexit, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, __3@YAXPAX@Z, __2@YAPAXI@Z, __CxxFrameHandler, _itow, _snprintf, _wtol, _strnicmp, sscanf, wcstombs, sprintf, strchr, strncmp, atof, _ftol, isspace, wcscpy, _controlfp, wcsncmp, _wcsupr, ceil, wcscat, _except_handler3, free, _wcsicmp
NDdeApi.dll: -, -, -, -
ntdll.dll: RtlSubAuthoritySid, RtlAllocateHeap, NtPowerInformation, NtSetSystemPowerState, NtRaiseHardError, RtlDeleteCriticalSection, NtOpenSymbolicLinkObject, NtReplyPort, NtCompleteConnectPort, NtReplyWaitReceivePort, NtAcceptConnectPort, NtCreatePort, RtlConvertSidToUnicodeString, RtlFreeUnicodeString, NtLockProductActivationKeys, RtlTimeToTimeFields, NtUnmapViewOfSection, NtMapViewOfSection, NtOpenSection, NtQuerySymbolicLinkObject, NtQueryVolumeInformationFile, NtSetSecurityObject, RtlAdjustPrivilege, NtOpenFile, NtFsControlFile, RtlAllocateAndInitializeSid, RtlDestroyEnvironment, RtlFreeHeap, NtQueryInformationToken, NtShutdownSystem, RtlEnterCriticalSection, RtlLeaveCriticalSection, RtlInitializeCriticalSection, RtlCreateEnvironment, RtlQueryEnvironmentVariable_U, RtlSetEnvironmentVariable, RtlInitUnicodeString, NtOpenKey, NtQueryValueKey, RtlInitializeSid, RtlLengthRequiredSid, NtAllocateLocallyUniqueId, RtlGetDaclSecurityDescriptor, RtlCopySid, RtlLengthSid, NtSetInformationThread, NtDuplicateToken, NtDuplicateObject, RtlEqualSid, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, NtClose, RtlOpenCurrentUser, RtlAddAce, RtlCreateAcl, RtlNtStatusToDosError, NtSetInformationProcess, NtQuerySystemInformation, NtCreateEvent, NtCreatePagingFile, RtlDosPathNameToNtPathName_U, RtlRegisterWait, NtSetValueKey, NtCreateKey, RtlTimeToSecondsSince1980, NtQuerySystemTime, NtPrivilegeObjectAuditAlarm, NtPrivilegeCheck, NtOpenThreadToken, NtOpenProcessToken, RtlInitString, RtlUnhandledExceptionFilter, NtQueryInformationProcess, DbgBreakPoint, RtlCheckProcessParameters, RtlSetThreadIsCritical, RtlSetProcessIsCritical, RtlGetNtProductType, NtInitiatePowerAction, DbgPrint, NtFilterToken, NtQueryInformationJobObject, NtOpenEvent, RtlGetAce, RtlQueryInformationAcl, NtQuerySecurityObject, RtlCompareUnicodeString, NtOpenDirectoryObject
PROFMAP.dll: InitializeProfileMappingApi, RemapAndMoveUserW
PSAPI.DLL: EnumProcesses, EnumProcessModules, GetModuleBaseNameW
REGAPI.dll: RegDefaultUserConfigQueryW, RegUserConfigQuery
RPCRT4.dll: RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcImpersonateClient, I_RpcMapWin32Status, RpcServerRegisterIf, RpcGetAuthorizationContextForClient, RpcFreeAuthorizationContext, RpcServerListen, RpcRevertToSelf, NdrServerCall2, UuidCreate
Secur32.dll: LsaCallAuthenticationPackage, GetUserNameExW, LsaLookupAuthenticationPackage, LsaRegisterLogonProcess
SETUPAPI.dll: SetupDiDestroyDeviceInfoList, SetupDiEnumDeviceInfo, SetupDiGetClassDevsW, SetupDiGetDeviceRegistryPropertyW
USER32.dll: SetFocus, EnumWindows, CreateWindowStationW, RegisterLogonProcess, RecordShutdownReason, LoadLocalFonts, UnhookWindowsHook, SetWindowsHookW, GetWindowTextW, CallNextHookEx, DialogBoxParamW, GetWindowPlacement, GetSystemMenu, DeleteMenu, SetWindowPlacement, SetUserObjectInformationW, GetAsyncKeyState, PostThreadMessageW, SetUserObjectSecurity, CreateDesktopW, GetMessageTime, SetTimer, SetLogonNotifyWindow, UnlockWindowStation, ReplyMessage, UnregisterHotKey, RegisterHotKey, OpenInputDesktop, GetUserObjectInformationW, CloseDesktop, RegisterDeviceNotificationW, SetThreadDesktop, CreateWindowExW, GetMessageW, TranslateMessage, RegisterWindowMessageW, RegisterClassW, SetCursor, FindWindowW, MessageBoxW, SendNotifyMessageW, PostQuitMessage, MsgWaitForMultipleObjects, GetWindowRect, GetSystemMetrics, PeekMessageW, DispatchMessageW, KillTimer, SetProcessWindowStation, UpdateWindow, ShowWindow, SetWindowPos, PostMessageW, ExitWindowsEx, EnumDisplayMonitors, SystemParametersInfoW, GetDlgItem, SendMessageW, CreateDialogParamW, DestroyWindow, GetWindowLongW, GetDlgItemTextW, EndDialog, SetWindowLongW, LoadStringW, SetWindowTextW, SetDlgItemTextW, wsprintfW, wsprintfA, LockWindowStation, MBToWCSEx, SetWindowStationUser, UpdatePerUserSystemParameters, DialogBoxIndirectParamW, wvsprintfW, SetLastErrorEx, LoadCursorW, CheckDlgButton, IsDlgButtonChecked, DefWindowProcW, CloseWindowStation, LoadImageW, GetParent, GetKeyState, GetDesktopWindow, SetForegroundWindow, SwitchDesktop, OpenDesktopW
USERENV.dll: -, WaitForUserPolicyForegroundProcessing, GetAllUsersProfileDirectoryW, -, -, -, WaitForMachinePolicyForegroundProcessing, -, -, -, UnloadUserProfile, LoadUserProfileW, -, RegisterGPNotification, CreateEnvironmentBlock, DestroyEnvironmentBlock, UnregisterGPNotification, GetUserProfileDirectoryW
VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
WINSTA.dll: WinStationRequestSessionsList, WinStationQueryLogonCredentialsW, WinStationIsHelpAssistantSession, WinStationAutoReconnect, _WinStationWaitForConnect, _WinStationNotifyLogoff, WinStationDisconnect, _WinStationCallback, WinStationNameFromLogonIdW, _WinStationFUSCanRemoteUserDisconnect, WinStationEnumerate_IndexedW, WinStationGetMachinePolicy, WinStationQueryInformationW, WinStationFreeMemory, WinStationReset, _WinStationNotifyDisconnectPipe, WinStationConnectW, WinStationSetInformationW, WinStationShutdownSystem, WinStationCheckLoopBack, _WinStationNotifyLogon
WINTRUST.dll: CryptCATAdminEnumCatalogFromHash, CryptCATCatalogInfoFromContext, CryptCATAdminCalcHashFromFileHandle, CryptCATAdminAcquireContext, CryptCATAdminReleaseCatalogContext, WTHelperProvDataFromStateData, WinVerifyTrust, WTHelperGetProvSignerFromChain, CryptCATAdminReleaseContext
WS2_32.dll: -, -, getaddrinfo
 
ExifTool: 
file metadata
CharacterSet: Unicode
CodeSize: 461312
CompanyName: Microsoft Corporation
EntryPoint: 0xb4f4
FileDescription: Application d'ouverture de session Windows NT
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 500 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 5.1.2600.5512 (xpsp.080413-2113)
FileVersionNumber: 5.1.2600.5512
ImageVersion: 21315.20512
InitializedDataSize: 49664
InternalName: winlogon
LanguageCode: French
LegalCopyright: Microsoft Corporation. Tous droits r serv s.
LinkerVersion: 187.7
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 5.1
ObjectFileType: Executable application
OriginalFilename: WINLOGON.EXE
PEType: PE32
ProductName: Syst me d'exploitation Microsoft Windows 
ProductVersion: 5.1.2600.5512
ProductVersionNumber: 5.1.2600.5512
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2008:04:13 23:04:09+02:00
UninitializedDataSize: 0
Warning: Possibly corrupt Version resource
 


VT Community

NicoVA · Answer

Salut !

Bon on va passer par un LiveCD ;-) T'inquiète pas c'est pas bien compliqué si tu suis tout à la lettre :-)

--> Télécharge OTLPEnet :: http://oldtimer.geekstogo.com/OTLPENet.exe sur ton Bureau

--> Quand le téléchargement sera fini, Double Clic sur OTLPENet.exe et assures-toi d'avoir insérer un CDR vierge dans ton graveur CD/DVD.
Une fenêtre va s'ouvrir pour te demander si tu souhaites graver Le CD, clique sur le bouton Oui.

--> Patiente le temps de la décompression et de la gravure du CD.

--> démarrer sur le cdrom crée de Reatogo , voir : booter sur un DVDl

--> Ton système doit montrer un bureau Reatogo-X-PE

( En fonction de votre type de connexion Internet, tu dois être en mesure d'accéder au Net, si bien que tu peux accéder à ce sujet plus facilement. )

--> Double-click sur l'icone OTLPE

--> Lorsque la fenêtre RunScanner apparait clique sur Yes

--> A la fenêtre Select User Profile choisi <gras>ta session

--> vérifier que "<gras>Automatically Load All Remaining Users" est sélectionné et press OK

--> OTLPE se lance alors, sous Custom Scan box colle le contenu du cadre ci dessous:

:files
C:\WINDOWS\System32\winlogon.exe|c:\Pascal\winlogon.exe /replace
C:\WINDOWS\explorer.exe|c:\Pascal\explorer.exe /replace

--> clic RUN FIX.

--> une fois terminé , le fichier se trouve là C:\OTL.txt

--> copie_colle le contenu dans ta prochaine réponse

Si ton rapport est trop long, utilise le site http://www.ci-joint.fr pour envoyer ton rapport, et poste le lien dans ta prochaine réponse.

Si tu as des questions n'hésite pas ;-)

pascal · Answer

Désolé mais il n'y a pas une autre solution car j'ai un pc acer aspire qui n'a pas de lecteur cd, et j'ai pas de lecteur cd externe sous la main, aurait il pas une autre solution? merci

NicoVA · Answer

Salut !

Il y a toujours une solution ^^ 

Regarde ce tutoriel pour t'aider à faire booter ton pc sur une clé USB ;)

A+

Goméo

22 réponses

Votre réponse

Discussions similaires

Newsletters