Probleme windows vista recovery

Résolu
diablesse136 -  
Tigzy Messages postés 7983 Statut Contributeur sécurité -
Bonjour,

quand j'allume mon PC, mon bureau est tout noir, les icones ont disparus et un programme apellé windows vista recovery démarre et me mets que j'ai 5 erreurs critiques. De plus une alerte windows sécurity m'indique que des lusters de mon disque dur sont endommagés et que mes données perso sont en danger....
Est ce vraiment mon disque dur qui est foutu? Quelqu'un peut il m'aider? Merci beaucoup!!

18 réponses

Résumé de la discussion

Le problème décrit est une infection par un faux antivirus qui déclenche des alertes Windows et un programme 'Windows Vista Recovery' au démarrage, rendant le bureau noir et affichant des erreurs critiques. La solution principale est d'utiliser RogueKiller (version recommandée par Tigzy) en mode administratif, effectuer une recherche puis supprimer les éléments malveillants et enregistrer un rapport pour inspection. D'autres échanges évoquent des traces détectées dans le registre, des processus suspects et des outils complémentaires comme TDSSKiller ou des rapports détaillés pour confirmer le nettoyage. Certains échanges indiquent que le nettoyage peut nécessiter l'exécution d'outils en mode suppression et l'analyse des rapports générés pour vérifier la suppression complète et de vérifier l'intégrité du système.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. verni29 Messages postés 6805 Statut Contributeur sécurité 180
     
    Bonjour,

    Ces différentes alertes sont dus à ce faux antivirus.

    ----------------------------------

    Télécharge roguekiller de Tigzy sur ton bureau
    https://www.luanagames.com/index.fr.html

    # Double-clique sur l'exécutable
    Si sous Vista/seven, click droit sur le fichier et choisir exécuter en tant qu'administrateur

    # Choisis l'option de recherche en tapant 1 à l'invite.
    # Laisse l'outil travailler.

    Un rapport va s'ouvrir. Enregistre-le et poste le dans ton prochain message.

    Si l'outil ne se lance pas, renomme le en winlogon.exe.

    A+
    Allez jusqu'au bout de la procédure de désinfection.
    3
  2. diablesse136
     
    Merci de vos réponses rapides :))
    Voici le rapport que j'obtient avec roguekiller :

    RogueKiller V5.2.0 [01/06/2011] par Tigzy
    contact sur http://www.sur-la-toile.com
    mail: tigzyRK<at>gmail<dot>com
    Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

    Systeme d'exploitation: Windows Vista (6.0.6000 ) 32 bits version
    Demarrage : Mode normal
    Utilisateur: Scannella-Deneubourg [Droits d'admin]
    Mode: Recherche -- Date : 02/06/2011 11:55:58

    Processus malicieux: 0

    Entrees de registre: 12
    [SUSP PATH] HKCU\[...]\Run : kjEenXNPEgLSP (C:\ProgramData\kjEenXNPEgLSP.exe) -> FOUND
    [SUSP PATH] HKUS\S-1-5-21-3176534916-1124862880-323688700-1000[...]\Run : kjEenXNPEgLSP (C:\ProgramData\kjEenXNPEgLSP.exe) -> FOUND
    [SUSP PATH] RunAsStdUser Task.job : c:\users\scannella-deneubourg\appdata\roaming\latelierdeschefs\atelier des chefs\latelier des chefs.exe -> FOUND
    [SUSP PATH] Atelier des Chefs.lnk : C:\Users\Scannella-Deneubourg\AppData\Roaming\latelierdeschefs\Atelier des Chefs\LAtelier des Chefs.exe -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
    [HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

    Fichier HOSTS:
    ::1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    [...]

    Termine : << RKreport[1].txt >>
    RKreport[1].txt
    0
    1. Atree
       
      Je me permets de poster mes rapports,
      j'ai exactement le même problème sous Win vista:

      RogueKiller V5.2.1 [02/06/2011] par Tigzy
      contact sur http://www.sur-la-toile.com
      mail: tigzyRK<at>gmail<dot>com
      Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

      Systeme d'exploitation: Windows Vista (6.0.6000 ) 32 bits version
      Demarrage : Mode normal
      Utilisateur: arnaud [Droits d'admin]
      Mode: Recherche -- Date : 02/06/2011 20:01:03

      Processus malicieux: 2
      [SUSP PATH] OoyECuNcnEni.exe -- c:\programdata\ooyecuncneni.exe -> KILLED
      [ROGUE ST] 26074896.exe -- c:\programdata\26074896.exe -> KILLED

      Entrees de registre: 15
      [SUSP PATH] HKCU\[...]\Run : dzpejy ("c:\users\arnaud\appdata\local\dzpejy.exe" dzpejy) -> FOUND
      [SUSP PATH] HKCU\[...]\Run : OoyECuNcnEni (C:\ProgramData\OoyECuNcnEni.exe) -> FOUND
      [SUSP PATH] HKUS\S-1-5-21-1319242416-527118863-3521874293-1000[...]\Run : dzpejy ("c:\users\arnaud\appdata\local\dzpejy.exe" dzpejy) -> FOUND
      [SUSP PATH] HKUS\S-1-5-21-1319242416-527118863-3521874293-1000[...]\Run : OoyECuNcnEni (C:\ProgramData\OoyECuNcnEni.exe) -> FOUND
      [HJPOL] HKCU\[...]\System : DisableTaskMgr (1) -> FOUND
      [HJPOL] HKLM\[...]\System : DisableTaskMgr (1) -> FOUND
      [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
      [HJ] HKCU\[...]\ActiveDesktop : NoChangingWallPaper (1) -> FOUND
      [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
      [HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
      [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
      [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
      [HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
      [HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
      [HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

      Fichier HOSTS:
      127.0.0.1 localhost
      ::1 localhost
      127.0.0.1 www.007guard.com
      127.0.0.1 007guard.com
      127.0.0.1 008i.com
      127.0.0.1 www.008k.com
      127.0.0.1 008k.com
      127.0.0.1 www.00hq.com
      127.0.0.1 00hq.com
      127.0.0.1 010402.com
      127.0.0.1 www.032439.com
      127.0.0.1 032439.com
      127.0.0.1 www.0scan.com
      127.0.0.1 0scan.com
      127.0.0.1 www.1000gratisproben.com
      127.0.0.1 1000gratisproben.com
      127.0.0.1 www.1001namen.com
      127.0.0.1 1001namen.com
      127.0.0.1 100888290cs.com
      127.0.0.1 www.100888290cs.com
      [...]


      Termine : << \RKreport[1].txt >>
      0
  3. diablesse136
     
    C'est très gentil mais que dois je faire avec ce programme? Un antivirus j'en ai déjà un...
    0
    1. Tigzy Messages postés 7983 Statut Contributeur sécurité 582
       
      Relance RogueKiller en mode 2 et 6.
      0
    2. diablesse136
       
      Merci je fais ca tout de suite ;-)
      0
    3. diablesse136
       
      Je vous poste les rapports?
      0
    4. verni29 Messages postés 6805 Statut Contributeur sécurité 180
       
      Tigzy,

      Je te laisse poursuivre.
      Tu es le mieux placé dans ce type d'infections.

      Je suis cela de près.

      Bon AM.

      @+
      0
    5. Tigzy Messages postés 7983 Statut Contributeur sécurité 582
       
      Ok

      Oui poste les rapports
      0
  4. diablesse136
     
    Et le rapport du mode 6 :

    RogueKiller V5.2.0 [01/06/2011] par Tigzy
    contact sur http://www.sur-la-toile.com
    mail: tigzyRK<at>gmail<dot>com
    Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

    Systeme d'exploitation: Windows Vista (6.0.6000 ) 32 bits version
    Demarrage : Mode normal
    Utilisateur: Scannella-Deneubourg [Droits d'admin]
    Mode: Raccourcis RAZ -- Date : 02/06/2011 12:25:32

    Processus malicieux: 0

    Attributs de fichiers restaures:
    Bureau: Success 108 / Fail 0
    Lancement rapide: Success 7 / Fail 0
    Programmes: Success 8 / Fail 0
    Menu demarrer: Success 78 / Fail 0
    Dossier utilisateur: Success 47555 / Fail 1
    Mes documents: Success 1277 / Fail 0
    Mes favoris: Success 221 / Fail 1
    Mes images: Success 5032 / Fail 0
    Ma musique: Success 963 / Fail 0
    Mes videos: Success 123 / Fail 0
    Disques locaux: Success 87 / Fail 1
    Sauvegarde: [FOUND] Success 8 / Fail 0

    Termine : << RKreport[3].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

    :-)
    0
    1. Atree
       
      RogueKiller V5.2.1 [02/06/2011] par Tigzy
      contact sur http://www.sur-la-toile.com
      mail: tigzyRK<at>gmail<dot>com
      Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

      Systeme d'exploitation: Windows Vista (6.0.6000 ) 32 bits version
      Demarrage : Mode normal
      Utilisateur: arnaud [Droits d'admin]
      Mode: Raccourcis RAZ -- Date : 02/06/2011 20:24:44

      Processus malicieux: 0

      Attributs de fichiers restaures:
      Bureau: Success 816 / Fail 0
      Lancement rapide: Success 10 / Fail 0
      Programmes: Success 92031 / Fail 0
      Menu demarrer: Success 483 / Fail 0
      Dossier utilisateur: Success 17962 / Fail 0
      Mes documents: Success 2038 / Fail 0
      Mes favoris: Success 70 / Fail 0
      Mes images: Success 3 / Fail 0
      Ma musique: Success 123 / Fail 0
      Mes videos: Success 5 / Fail 0
      Disques locaux: Success 3528 / Fail 0
      Sauvegarde: [FOUND] Success 321 / Fail 0

      Termine : << \RKreport[3].txt >>
      RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
      0
    2. Tigzy Messages postés 7983 Statut Contributeur sécurité 582
       
      Merci d'ouvrir un nouveau fil
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Tigzy Messages postés 7983 Statut Contributeur sécurité 582
     
    on continue.
    Tes fichiers ont du réapparaitre

    Télécharger et dézipper sur le bureau TDSSKiller

    = Lancer TDSSKiller en faisant un double clique
    = Une fois le scan fini, un rapport s'ouvre
    = Copier coller le contenu dans la prochaine réponse
    = Le rapport se trouve également dans C:\TDSSKiller.XXXXXX_log.txt.( X correspondant a la version, la date et l'heure )

    0
    1. diablesse136
       
      ok, en effet une partie des icones sonr réapparues... Je fais suite...
      0
    2. diablesse136
       
      Je n'arrive pas à lancer TDSSKiller... Je le dezippe sur mon bureau, double clic.
      Il me demande si je l'autorise, je fais ok puis plus rien...
      0
  7. Tigzy Messages postés 7983 Statut Contributeur sécurité 582
     
    Tu as toujours du rootkit

    Essaie de le renommer en winlogon.exe
    Si marche pas

    Télécharger et enregistrer sur le bureau
    Combofix

    =Desactiver l'antivirus
    =Double-clic sur Combofix
    = Presser 1 si demandé
    = Attendre la fermeture de l'outil ( 5 -10 mn ou plus si infection importante)
    =Copier/coller le rapport dans la réponse
    Un rapport dans C:\Combofix.txt à mettre dans la réponse
    Réactiver l'antivirus
    0
    1. diablesse136
       
      Ok, bon rien à faire...
      Je dowload combofix...
      Mais comment cela se fait que j'ai autant de saloperies alors que j'ai un antivirus (avira antivir) ? Cela n'est pas suffisant?
      0
    2. Tigzy Messages postés 7983 Statut Contributeur sécurité 582
       
      Aucun antivirus ne peut connaitre tous les nouveaux virus...
      C'est à toi de faire attention
      0
    3. diablesse136
       
      en cours d'analyse....
      0
  8. diablesse136
     
    Voici enfin le rapport conbofix...

    ComboFix 11-06-01.07 - Scannella-Deneubourg 02/06/2011 13:59:00.1.2 - x86
    Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6000.0.1252.32.1036.18.2047.1229 [GMT 2:00]
    Lancé depuis: c:\users\Scannella-Deneubourg\Desktop\ComboFix.exe
    * Un nouveau point de restauration a été créé
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\WinPCap
    c:\program files\WinPCap\daemon_mgm.exe
    c:\program files\WinPCap\INSTALL.LOG
    c:\program files\WinPCap\NetMonInstaller.exe
    c:\program files\WinPCap\npf_mgm.exe
    c:\program files\WinPCap\rpcapd.exe
    c:\program files\WinPCap\Uninstall.exe
    C:\System
    c:\system\win_qs8.jqx
    c:\users\Scannella-Deneubourg\AppData\Local\osiwlb.dat
    c:\users\Scannella-Deneubourg\AppData\Local\osiwlb_nav.dat
    c:\users\Scannella-Deneubourg\AppData\Local\osiwlb_navps.dat
    c:\users\Scannella-Deneubourg\AppData\Local\osiwlb_navup.dat
    c:\users\Scannella-Deneubourg\AppData\Roaming\inst.exe
    c:\windows\system32\Packet.dll
    c:\windows\system32\pthreadVC.dll
    c:\windows\system32\WanPacket.dll
    c:\windows\system32\wpcap.dll
    .
    Une copie infectée de c:\windows\system32\drivers\volsnap.sys a été trouvée et désinfectée
    Copie restaurée à partir de - Kitty had a snack :p
    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_NPF
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2011-05-02 au 2011-06-02 ))))))))))))))))))))))))))))))))))))
    .
    .
    2011-06-02 12:11 . 2011-06-02 12:21 -------- d-----w- c:\users\Scannella-Deneubourg\AppData\Local\temp
    2011-06-02 12:11 . 2011-06-02 12:11 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
    2011-06-02 12:11 . 2011-06-02 12:11 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-06-02 09:51 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BA60FED3-8D77-48A8-9C90-E6E36425D48D}\mpengine.dll
    2011-05-20 16:33 . 2011-05-20 16:34 -------- d-----w- C:\SmartDraw VP
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-03 17:34 . 2010-03-01 18:31 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-05-02 17:38 . 2011-03-25 17:42 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files\IncrediMail_MediaBar_2\tbIncr.dll" [2010-09-12 3863136]
    .
    [HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-09-12 14:02 3863136 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
    2010-09-12 14:02 3863136 ----a-w- c:\program files\IncrediMail_MediaBar_2\tbIncr.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files\IncrediMail_MediaBar_2\tbIncr.dll" [2010-09-12 3863136]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]
    .
    [HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}"= "c:\program files\IncrediMail_MediaBar_2\tbIncr.dll" [2010-09-12 3863136]
    .
    [HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-10 1232896]
    "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2011-03-31 353736]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
    "c:\program files\NetMeter\NetMeter.exe"="c:\program files\NetMeter\NetMeter.exe" [2007-08-11 331264]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-06 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8530464]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-17 281768]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
    "CorelDRAW Graphics Suite 11b"=c:\program files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=052307 serial=DR12CER-3876917-LLS lang=FR
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-29 445936]
    S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
    S2 DTNetService;DTNetService;c:\program files\DAEMON Tools Net\DTNetSrv.exe [2010-07-29 394560]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    bthsvcs REG_MULTI_SZ BthServ
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2011-06-02 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2009-08-20 11:09]
    .
    2011-06-02 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-12 21:05]
    .
    2011-06-02 c:\windows\Tasks\User_Feed_Synchronization-{57B3A23D-7EF6-4452-9E55-49679E238011}.job
    - c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://mystart.incredimail.com?a=6d9vEP8oxe
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://www.tropal.net/
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    TCP: Interfaces\{4B46903F-BA2F-4DAC-8FBA-09F1FECD512E}: NameServer = 195.238.2.21 195.238.2.22
    FF - ProfilePath - c:\users\Scannella-Deneubourg\AppData\Roaming\Mozilla\Firefox\Profiles\083c7n5h.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://isearch.babylon.com/web/{searchTerms}?babsrc=browsersearch
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
    FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&a=6d9vEP8oxe&search=
    .
    - - - - ORPHELINS SUPPRIMES - - - -
    .
    AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-02 14:20
    Windows 6.0.6000 NTFS
    .
    Recherche de processus cachés ...
    .
    Recherche d'éléments en démarrage automatique cachés ...
    .
    Recherche de fichiers cachés ...
    .
    Scan terminé avec succès
    Fichiers cachés: 0
    .
    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\conime.exe
    c:\windows\System32\rundll32.exe
    c:\windows\ehome\ehmsas.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\IncrediMail\Bin\ImApp.exe
    .
    **************************************************************************
    .
    Heure de fin: 2011-06-02 14:27:39 - La machine a redémarré
    ComboFix-quarantined-files.txt 2011-06-02 12:27
    .
    Avant-CF: 21.080.260.608 octets libres
    Après-CF: 23.531.765.760 octets libres
    .
    - - End Of File - - 52E45C6CAE5D0CF9A2C3628F863D4942
    0
    1. diablesse136
       
      Je refais TDSSKiller maintenant?
      0
    2. Tigzy Messages postés 7983 Statut Contributeur sécurité 582
       
      Yep
      0
    3. diablesse136
       
      Bonjour, désolée mais hier j'ai du partir. Dès que je rentre du boulot, je continue... :-)
      0
  9. diablesse136
     
    Re bonjour,

    J'ai lancé TDSSKiller et voici le rapport, il me demandait une action pour un objet, j'espère que j'ai bien fait... :-)

    2011/06/03 17:02:48.0209 5200 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
    2011/06/03 17:02:48.0458 5200 ================================================================================
    2011/06/03 17:02:48.0458 5200 SystemInfo:
    2011/06/03 17:02:48.0458 5200
    2011/06/03 17:02:48.0458 5200 OS Version: 6.0.6000 ServicePack: 0.0
    2011/06/03 17:02:48.0458 5200 Product type: Workstation
    2011/06/03 17:02:48.0459 5200 ComputerName: PC-SCANNELLA
    2011/06/03 17:02:48.0459 5200 UserName: Scannella-Deneubourg
    2011/06/03 17:02:48.0459 5200 Windows directory: C:\Windows
    2011/06/03 17:02:48.0459 5200 System windows directory: C:\Windows
    2011/06/03 17:02:48.0459 5200 Processor architecture: Intel x86
    2011/06/03 17:02:48.0459 5200 Number of processors: 2
    2011/06/03 17:02:48.0459 5200 Page size: 0x1000
    2011/06/03 17:02:48.0459 5200 Boot type: Normal boot
    2011/06/03 17:02:48.0459 5200 ================================================================================
    2011/06/03 17:02:49.0324 5200 Initialize success
    2011/06/03 17:03:09.0096 5160 ================================================================================
    2011/06/03 17:03:09.0096 5160 Scan started
    2011/06/03 17:03:09.0096 5160 Mode: Manual;
    2011/06/03 17:03:09.0096 5160 ================================================================================
    2011/06/03 17:03:10.0392 5160 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
    2011/06/03 17:03:10.0765 5160 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    2011/06/03 17:03:10.0854 5160 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    2011/06/03 17:03:10.0900 5160 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    2011/06/03 17:03:11.0003 5160 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    2011/06/03 17:03:11.0219 5160 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
    2011/06/03 17:03:11.0439 5160 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    2011/06/03 17:03:11.0498 5160 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2011/06/03 17:03:11.0636 5160 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    2011/06/03 17:03:11.0843 5160 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    2011/06/03 17:03:11.0967 5160 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    2011/06/03 17:03:12.0034 5160 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    2011/06/03 17:03:12.0085 5160 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    2011/06/03 17:03:12.0312 5160 AR5523 (5af581bb431fb7a952216ad01795ef4e) C:\Windows\system32\DRIVERS\ar5523.sys
    2011/06/03 17:03:12.0631 5160 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    2011/06/03 17:03:12.0852 5160 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    2011/06/03 17:03:13.0242 5160 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/06/03 17:03:13.0527 5160 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
    2011/06/03 17:03:13.0638 5160 avgio (f1d43170fdd7399ee17ea32d4f868b0c) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    2011/06/03 17:03:13.0901 5160 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
    2011/06/03 17:03:13.0997 5160 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
    2011/06/03 17:03:14.0154 5160 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
    2011/06/03 17:03:14.0281 5160 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
    2011/06/03 17:03:14.0345 5160 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2011/06/03 17:03:14.0395 5160 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2011/06/03 17:03:14.0502 5160 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2011/06/03 17:03:14.0553 5160 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2011/06/03 17:03:14.0641 5160 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2011/06/03 17:03:14.0682 5160 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2011/06/03 17:03:14.0726 5160 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2011/06/03 17:03:14.0846 5160 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/06/03 17:03:14.0910 5160 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/06/03 17:03:14.0968 5160 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    2011/06/03 17:03:15.0014 5160 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
    2011/06/03 17:03:15.0160 5160 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    2011/06/03 17:03:15.0192 5160 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
    2011/06/03 17:03:15.0225 5160 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    2011/06/03 17:03:15.0382 5160 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    2011/06/03 17:03:15.0533 5160 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
    2011/06/03 17:03:15.0631 5160 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
    2011/06/03 17:03:15.0740 5160 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
    2011/06/03 17:03:15.0969 5160 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/06/03 17:03:16.0317 5160 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2011/06/03 17:03:16.0422 5160 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
    2011/06/03 17:03:16.0720 5160 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    2011/06/03 17:03:17.0058 5160 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
    2011/06/03 17:03:17.0225 5160 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    2011/06/03 17:03:17.0430 5160 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
    2011/06/03 17:03:17.0558 5160 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
    2011/06/03 17:03:17.0700 5160 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/06/03 17:03:17.0783 5160 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
    2011/06/03 17:03:17.0896 5160 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/06/03 17:03:18.0086 5160 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    2011/06/03 17:03:18.0373 5160 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    2011/06/03 17:03:18.0488 5160 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/06/03 17:03:18.0540 5160 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2011/06/03 17:03:18.0596 5160 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2011/06/03 17:03:19.0197 5160 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/06/03 17:03:19.0447 5160 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    2011/06/03 17:03:19.0562 5160 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
    2011/06/03 17:03:19.0677 5160 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    2011/06/03 17:03:19.0837 5160 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/06/03 17:03:19.0948 5160 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    2011/06/03 17:03:20.0084 5160 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2011/06/03 17:03:20.0206 5160 intelide (988981c840084f480ba9e3319cebde1b) C:\Windows\system32\drivers\intelide.sys
    2011/06/03 17:03:20.0257 5160 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/06/03 17:03:20.0545 5160 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    2011/06/03 17:03:20.0599 5160 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
    2011/06/03 17:03:20.0732 5160 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
    2011/06/03 17:03:20.0948 5160 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    2011/06/03 17:03:21.0010 5160 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/06/03 17:03:21.0085 5160 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2011/06/03 17:03:21.0122 5160 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2011/06/03 17:03:21.0379 5160 k750bus (fe8300320281d658a7854d5cfc02a63f) C:\Windows\system32\DRIVERS\k750bus.sys
    2011/06/03 17:03:21.0721 5160 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/06/03 17:03:21.0854 5160 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
    2011/06/03 17:03:22.0033 5160 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
    2011/06/03 17:03:22.0413 5160 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/06/03 17:03:22.0890 5160 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    2011/06/03 17:03:23.0234 5160 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    2011/06/03 17:03:23.0385 5160 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    2011/06/03 17:03:23.0430 5160 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
    2011/06/03 17:03:23.0685 5160 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    2011/06/03 17:03:23.0759 5160 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
    2011/06/03 17:03:23.0823 5160 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
    2011/06/03 17:03:24.0079 5160 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/06/03 17:03:24.0352 5160 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/06/03 17:03:24.0713 5160 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
    2011/06/03 17:03:24.0907 5160 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    2011/06/03 17:03:25.0021 5160 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
    2011/06/03 17:03:25.0171 5160 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2011/06/03 17:03:25.0336 5160 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
    2011/06/03 17:03:25.0483 5160 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/06/03 17:03:25.0700 5160 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/06/03 17:03:25.0770 5160 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/06/03 17:03:25.0849 5160 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    2011/06/03 17:03:25.0905 5160 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    2011/06/03 17:03:25.0946 5160 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
    2011/06/03 17:03:26.0012 5160 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
    2011/06/03 17:03:26.0102 5160 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/06/03 17:03:26.0140 5160 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/06/03 17:03:26.0216 5160 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
    2011/06/03 17:03:26.0267 5160 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
    2011/06/03 17:03:26.0342 5160 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/06/03 17:03:26.0399 5160 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
    2011/06/03 17:03:26.0645 5160 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
    2011/06/03 17:03:26.0683 5160 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
    2011/06/03 17:03:27.0092 5160 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/06/03 17:03:27.0567 5160 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
    2011/06/03 17:03:27.0738 5160 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/06/03 17:03:28.0058 5160 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/06/03 17:03:28.0232 5160 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/06/03 17:03:28.0306 5160 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
    2011/06/03 17:03:28.0426 5160 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
    2011/06/03 17:03:28.0527 5160 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
    2011/06/03 17:03:28.0638 5160 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2011/06/03 17:03:28.0684 5160 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
    2011/06/03 17:03:28.0799 5160 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
    2011/06/03 17:03:28.0933 5160 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
    2011/06/03 17:03:29.0146 5160 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2011/06/03 17:03:29.0212 5160 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
    2011/06/03 17:03:29.0981 5160 nvlddmkm (68ba207655b6cd6bbdcb8917c8f241f5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2011/06/03 17:03:30.0415 5160 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    2011/06/03 17:03:30.0555 5160 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    2011/06/03 17:03:30.0614 5160 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    2011/06/03 17:03:30.0755 5160 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
    2011/06/03 17:03:31.0081 5160 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
    2011/06/03 17:03:31.0191 5160 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
    2011/06/03 17:03:31.0238 5160 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
    2011/06/03 17:03:31.0380 5160 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
    2011/06/03 17:03:31.0513 5160 pciide (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys
    2011/06/03 17:03:31.0554 5160 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    2011/06/03 17:03:31.0675 5160 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
    2011/06/03 17:03:32.0127 5160 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2011/06/03 17:03:32.0845 5160 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/06/03 17:03:32.0886 5160 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    2011/06/03 17:03:32.0994 5160 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
    2011/06/03 17:03:33.0094 5160 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
    2011/06/03 17:03:33.0217 5160 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    2011/06/03 17:03:33.0415 5160 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2011/06/03 17:03:33.0595 5160 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
    2011/06/03 17:03:33.0872 5160 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/06/03 17:03:34.0096 5160 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/06/03 17:03:34.0333 5160 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/06/03 17:03:34.0424 5160 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/06/03 17:03:34.0586 5160 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/06/03 17:03:34.0649 5160 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    2011/06/03 17:03:34.0705 5160 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
    2011/06/03 17:03:34.0805 5160 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
    2011/06/03 17:03:35.0081 5160 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/06/03 17:03:35.0522 5160 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
    2011/06/03 17:03:35.0778 5160 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2011/06/03 17:03:36.0060 5160 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/06/03 17:03:36.0207 5160 Ser2pl (e42f03d1081c4f60d3db6c38235b1456) C:\Windows\system32\DRIVERS\ser2pl.sys
    2011/06/03 17:03:36.0276 5160 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
    2011/06/03 17:03:36.0318 5160 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
    2011/06/03 17:03:36.0368 5160 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
    2011/06/03 17:03:36.0531 5160 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
    2011/06/03 17:03:36.0569 5160 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/06/03 17:03:36.0616 5160 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
    2011/06/03 17:03:36.0736 5160 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2011/06/03 17:03:36.0922 5160 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    2011/06/03 17:03:37.0139 5160 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    2011/06/03 17:03:37.0194 5160 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    2011/06/03 17:03:37.0269 5160 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
    2011/06/03 17:03:37.0347 5160 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
    2011/06/03 17:03:37.0431 5160 sptd (ef4e4e1775db542c767dd0c7b46db926) C:\Windows\system32\Drivers\sptd.sys
    2011/06/03 17:03:37.0432 5160 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: ef4e4e1775db542c767dd0c7b46db926
    2011/06/03 17:03:37.0438 5160 sptd - detected LockedFile.Multi.Generic (1)
    2011/06/03 17:03:37.0649 5160 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
    2011/06/03 17:03:37.0927 5160 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
    2011/06/03 17:03:37.0974 5160 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/06/03 17:03:38.0130 5160 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
    2011/06/03 17:03:38.0239 5160 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
    2011/06/03 17:03:38.0416 5160 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2011/06/03 17:03:38.0544 5160 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2011/06/03 17:03:38.0579 5160 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2011/06/03 17:03:38.0809 5160 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
    2011/06/03 17:03:38.0887 5160 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/06/03 17:03:39.0026 5160 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
    2011/06/03 17:03:39.0064 5160 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
    2011/06/03 17:03:39.0247 5160 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
    2011/06/03 17:03:39.0622 5160 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
    2011/06/03 17:03:39.0919 5160 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
    2011/06/03 17:03:40.0115 5160 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/06/03 17:03:40.0235 5160 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
    2011/06/03 17:03:40.0281 5160 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/06/03 17:03:40.0637 5160 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    2011/06/03 17:03:41.0010 5160 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
    2011/06/03 17:03:41.0129 5160 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    2011/06/03 17:03:41.0298 5160 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    2011/06/03 17:03:41.0664 5160 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2011/06/03 17:03:42.0304 5160 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2011/06/03 17:03:42.0411 5160 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
    2011/06/03 17:03:42.0476 5160 UMPass (08ea9c0247f391af4d4a16885a1c159d) C:\Windows\system32\DRIVERS\umpass.sys
    2011/06/03 17:03:42.0605 5160 usbccgp (b0ba9caffe9b0555ec0317f30cb79cd2) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/06/03 17:03:42.0702 5160 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2011/06/03 17:03:42.0965 5160 usbehci (c9fcd05b0a80ea08c2768e5a279b14de) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/06/03 17:03:43.0220 5160 usbhub (5e44f7d957f7560da06bfe6b84b58a35) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/06/03 17:03:43.0297 5160 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    2011/06/03 17:03:43.0523 5160 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/06/03 17:03:43.0701 5160 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/06/03 17:03:43.0759 5160 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/06/03 17:03:43.0842 5160 usbuhci (d864735b0bfcb65440960a0b7cc1a38d) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/06/03 17:03:43.0970 5160 usb_rndisx (db4721908daa0383ee82ffe430aebae1) C:\Windows\system32\DRIVERS\usb8023x.sys
    2011/06/03 17:03:44.0122 5160 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/06/03 17:03:44.0279 5160 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
    2011/06/03 17:03:44.0314 5160 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    2011/06/03 17:03:44.0370 5160 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    2011/06/03 17:03:44.0503 5160 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    2011/06/03 17:03:44.0717 5160 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
    2011/06/03 17:03:45.0129 5160 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
    2011/06/03 17:03:45.0401 5160 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
    2011/06/03 17:03:45.0678 5160 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    2011/06/03 17:03:45.0894 5160 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2011/06/03 17:03:45.0980 5160 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/06/03 17:03:46.0027 5160 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/06/03 17:03:46.0178 5160 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    2011/06/03 17:03:46.0498 5160 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
    2011/06/03 17:03:46.0768 5160 winusb (086d2e78eecd6195667282adc6ca109f) C:\Windows\system32\DRIVERS\winusb.sys
    2011/06/03 17:03:46.0905 5160 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
    2011/06/03 17:03:47.0041 5160 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
    2011/06/03 17:03:47.0272 5160 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/06/03 17:03:47.0433 5160 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/06/03 17:03:47.0561 5160 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    2011/06/03 17:03:47.0665 5160 ================================================================================
    2011/06/03 17:03:47.0665 5160 Scan finished
    2011/06/03 17:03:47.0665 5160 ================================================================================
    2011/06/03 17:03:47.0680 5420 Detected object count: 1
    2011/06/03 17:03:47.0680 5420 Actual detected object count: 1
    2011/06/03 17:04:29.0332 5420 LockedFile.Multi.Generic(sptd) - User select action: Skip
    2011/06/03 17:05:59.0977 0528 ================================================================================
    2011/06/03 17:05:59.0977 0528 Scan started
    2011/06/03 17:05:59.0977 0528 Mode: Manual;
    2011/06/03 17:05:59.0977 0528 ================================================================================
    2011/06/03 17:06:00.0313 0528 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
    2011/06/03 17:06:00.0661 0528 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    2011/06/03 17:06:00.0858 0528 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    2011/06/03 17:06:00.0995 0528 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    2011/06/03 17:06:01.0124 0528 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    2011/06/03 17:06:01.0222 0528 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
    2011/06/03 17:06:01.0260 0528 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    2011/06/03 17:06:01.0302 0528 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2011/06/03 17:06:01.0366 0528 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    2011/06/03 17:06:01.0430 0528 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    2011/06/03 17:06:01.0505 0528 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    2011/06/03 17:06:01.0563 0528 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    2011/06/03 17:06:01.0598 0528 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    2011/06/03 17:06:01.0699 0528 AR5523 (5af581bb431fb7a952216ad01795ef4e) C:\Windows\system32\DRIVERS\ar5523.sys
    2011/06/03 17:06:02.0010 0528 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    2011/06/03 17:06:02.0090 0528 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    2011/06/03 17:06:02.0155 0528 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/06/03 17:06:02.0239 0528 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
    2011/06/03 17:06:02.0326 0528 avgio (f1d43170fdd7399ee17ea32d4f868b0c) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    2011/06/03 17:06:02.0365 0528 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
    2011/06/03 17:06:02.0425 0528 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
    2011/06/03 17:06:02.0509 0528 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
    2011/06/03 17:06:02.0636 0528 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
    2011/06/03 17:06:02.0675 0528 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2011/06/03 17:06:02.0742 0528 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2011/06/03 17:06:02.0816 0528 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2011/06/03 17:06:02.0958 0528 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2011/06/03 17:06:03.0212 0528 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2011/06/03 17:06:03.0245 0528 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2011/06/03 17:06:03.0289 0528 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2011/06/03 17:06:03.0354 0528 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/06/03 17:06:03.0448 0528 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/06/03 17:06:03.0506 0528 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    2011/06/03 17:06:03.0543 0528 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
    2011/06/03 17:06:03.0590 0528 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    2011/06/03 17:06:03.0622 0528 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
    2011/06/03 17:06:03.0661 0528 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    2011/06/03 17:06:03.0695 0528 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    2011/06/03 17:06:03.0779 0528 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
    2011/06/03 17:06:03.0861 0528 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
    2011/06/03 17:06:03.0978 0528 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
    2011/06/03 17:06:04.0199 0528 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/06/03 17:06:04.0356 0528 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2011/06/03 17:06:04.0419 0528 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
    2011/06/03 17:06:04.0542 0528 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    2011/06/03 17:06:04.0661 0528 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
    2011/06/03 17:06:04.0697 0528 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    2011/06/03 17:06:04.0744 0528 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
    2011/06/03 17:06:04.0830 0528 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
    2011/06/03 17:06:04.0888 0528 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/06/03 17:06:04.0940 0528 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
    2011/06/03 17:06:04.0991 0528 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/06/03 17:06:05.0043 0528 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    2011/06/03 17:06:05.0112 0528 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    2011/06/03 17:06:05.0161 0528 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/06/03 17:06:05.0229 0528 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2011/06/03 17:06:05.0285 0528 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2011/06/03 17:06:05.0370 0528 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/06/03 17:06:05.0453 0528 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    2011/06/03 17:06:05.0526 0528 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
    2011/06/03 17:06:05.0591 0528 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    2011/06/03 17:06:05.0676 0528 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/06/03 17:06:05.0729 0528 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    2011/06/03 17:06:05.0790 0528 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2011/06/03 17:06:05.0854 0528 intelide (988981c840084f480ba9e3319cebde1b) C:\Windows\system32\drivers\intelide.sys
    2011/06/03 17:06:05.0880 0528 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/06/03 17:06:05.0959 0528 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    2011/06/03 17:06:06.0000 0528 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
    2011/06/03 17:06:06.0047 0528 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
    2011/06/03 17:06:06.0088 0528 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    2011/06/03 17:06:06.0116 0528 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/06/03 17:06:06.0174 0528 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2011/06/03 17:06:06.0229 0528 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2011/06/03 17:06:06.0269 0528 k750bus (fe8300320281d658a7854d5cfc02a63f) C:\Windows\system32\DRIVERS\k750bus.sys
    2011/06/03 17:06:06.0311 0528 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/06/03 17:06:06.0352 0528 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
    2011/06/03 17:06:06.0422 0528 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
    2011/06/03 17:06:06.0503 0528 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/06/03 17:06:06.0572 0528 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    2011/06/03 17:06:06.0616 0528 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    2011/06/03 17:06:06.0659 0528 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    2011/06/03 17:06:06.0712 0528 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
    2011/06/03 17:06:06.0775 0528 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    2011/06/03 17:06:06.0833 0528 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
    2011/06/03 17:06:06.0881 0528 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
    2011/06/03 17:06:06.0936 0528 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/06/03 17:06:06.0993 0528 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/06/03 17:06:07.0087 0528 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
    2011/06/03 17:06:07.0148 0528 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    2011/06/03 17:06:07.0187 0528 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
    2011/06/03 17:06:07.0230 0528 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2011/06/03 17:06:07.0286 0528 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
    2011/06/03 17:06:07.0324 0528 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/06/03 17:06:07.0358 0528 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/06/03 17:06:07.0393 0528 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/06/03 17:06:07.0474 0528 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    2011/06/03 17:06:07.0513 0528 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    2011/06/03 17:06:07.0570 0528 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
    2011/06/03 17:06:07.0637 0528 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
    2011/06/03 17:06:07.0726 0528 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/06/03 17:06:07.0789 0528 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/06/03 17:06:07.0832 0528 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
    2011/06/03 17:06:07.0859 0528 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
    2011/06/03 17:06:07.0908 0528 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/06/03 17:06:07.0965 0528 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
    2011/06/03 17:06:08.0012 0528 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
    2011/06/03 17:06:08.0049 0528 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
    2011/06/03 17:06:08.0143 0528 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/06/03 17:06:08.0209 0528 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
    2011/06/03 17:06:08.0313 0528 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/06/03 17:06:08.0366 0528 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/06/03 17:06:08.0416 0528 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/06/03 17:06:08.0473 0528 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
    2011/06/03 17:06:08.0543 0528 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
    2011/06/03 17:06:08.0579 0528 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
    2011/06/03 17:06:08.0688 0528 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2011/06/03 17:06:08.0726 0528 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
    2011/06/03 17:06:08.0791 0528 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
    2011/06/03 17:06:08.0859 0528 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
    2011/06/03 17:06:08.0905 0528 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2011/06/03 17:06:08.0962 0528 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
    2011/06/03 17:06:09.0300 0528 nvlddmkm (68ba207655b6cd6bbdcb8917c8f241f5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2011/06/03 17:06:09.0482 0528 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    2011/06/03 17:06:09.0539 0528 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    2011/06/03 17:06:09.0573 0528 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    2011/06/03 17:06:09.0756 0528 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
    2011/06/03 17:06:09.0865 0528 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
    2011/06/03 17:06:09.0925 0528 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
    2011/06/03 17:06:09.0955 0528 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
    2011/06/03 17:06:10.0006 0528 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
    2011/06/03 17:06:10.0072 0528 pciide (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys
    2011/06/03 17:06:10.0105 0528 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    2011/06/03 17:06:10.0159 0528 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
    2011/06/03 17:06:10.0221 0528 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2011/06/03 17:06:10.0454 0528 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/06/03 17:06:10.0520 0528 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    2011/06/03 17:06:10.0612 0528 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
    2011/06/03 17:06:10.0662 0528 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
    2011/06/03 17:06:10.0735 0528 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    2011/06/03 17:06:10.0816 0528 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2011/06/03 17:06:10.0871 0528 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
    2011/06/03 17:06:10.0908 0528 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/06/03 17:06:11.0006 0528 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/06/03 17:06:11.0068 0528 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/06/03 17:06:11.0109 0528 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/06/03 17:06:11.0146 0528 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/06/03 17:06:11.0217 0528 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    2011/06/03 17:06:11.0307 0528 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
    2011/06/03 17:06:11.0399 0528 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
    2011/06/03 17:06:11.0525 0528 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/06/03 17:06:11.0583 0528 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
    2011/06/03 17:06:11.0639 0528 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2011/06/03 17:06:11.0721 0528 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/06/03 17:06:11.0784 0528 Ser2pl (e42f03d1081c4f60d3db6c38235b1456) C:\Windows\system32\DRIVERS\ser2pl.sys
    2011/06/03 17:06:11.0845 0528 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
    2011/06/03 17:06:11.0888 0528 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
    2011/06/03 17:06:11.0937 0528 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
    2011/06/03 17:06:12.0017 0528 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
    2011/06/03 17:06:12.0072 0528 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/06/03 17:06:12.0143 0528 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
    2011/06/03 17:06:12.0172 0528 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2011/06/03 17:06:12.0249 0528 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    2011/06/03 17:06:12.0292 0528 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    2011/06/03 17:06:12.0346 0528 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    2011/06/03 17:06:12.0413 0528 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
    2011/06/03 17:06:12.0468 0528 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
    2011/06/03 17:06:12.0559 0528 sptd (ef4e4e1775db542c767dd0c7b46db926) C:\Windows\system32\Drivers\sptd.sys
    2011/06/03 17:06:12.0560 0528 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: ef4e4e1775db542c767dd0c7b46db926
    2011/06/03 17:06:12.0572 0528 sptd - detected LockedFile.Multi.Generic (1)
    2011/06/03 17:06:12.0635 0528 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
    2011/06/03 17:06:12.0680 0528 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
    2011/06/03 17:06:12.0718 0528 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/06/03 17:06:12.0808 0528 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
    2011/06/03 17:06:12.0867 0528 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
    2011/06/03 17:06:12.0927 0528 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2011/06/03 17:06:13.0013 0528 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2011/06/03 17:06:13.0074 0528 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2011/06/03 17:06:13.0214 0528 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
    2011/06/03 17:06:13.0272 0528 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/06/03 17:06:13.0346 0528 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
    2011/06/03 17:06:13.0384 0528 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
    2011/06/03 17:06:13.0416 0528 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
    2011/06/03 17:06:13.0459 0528 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
    2011/06/03 17:06:13.0499 0528 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
    2011/06/03 17:06:13.0637 0528 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/06/03 17:06:13.0705 0528 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
    2011/06/03 17:06:13.0751 0528 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/06/03 17:06:13.0816 0528 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    2011/06/03 17:06:13.0890 0528 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
    2011/06/03 17:06:14.0008 0528 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    2011/06/03 17:06:14.0052 0528 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    2011/06/03 17:06:14.0118 0528 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2011/06/03 17:06:14.0168 0528 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2011/06/03 17:06:14.0249 0528 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
    2011/06/03 17:06:14.0313 0528 UMPass (08ea9c0247f391af4d4a16885a1c159d) C:\Windows\system32\DRIVERS\umpass.sys
    2011/06/03 17:06:14.0409 0528 usbccgp (b0ba9caffe9b0555ec0317f30cb79cd2) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/06/03 17:06:14.0465 0528 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2011/06/03 17:06:14.0529 0528 usbehci (c9fcd05b0a80ea08c2768e5a279b14de) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/06/03 17:06:14.0595 0528 usbhub (5e44f7d957f7560da06bfe6b84b58a35) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/06/03 17:06:14.0668 0528 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    2011/06/03 17:06:14.0720 0528 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/06/03 17:06:14.0807 0528 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/06/03 17:06:14.0873 0528 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/06/03 17:06:15.0022 0528 usbuhci (d864735b0bfcb65440960a0b7cc1a38d) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/06/03 17:06:15.0116 0528 usb_rndisx (db4721908daa0383ee82ffe430aebae1) C:\Windows\system32\DRIVERS\usb8023x.sys
    2011/06/03 17:06:15.0227 0528 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/06/03 17:06:15.0266 0528 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
    2011/06/03 17:06:15.0302 0528 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    2011/06/03 17:06:15.0349 0528 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    2011/06/03 17:06:15.0424 0528 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    2011/06/03 17:06:15.0455 0528 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
    2011/06/03 17:06:15.0501 0528 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
    2011/06/03 17:06:15.0598 0528 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
    2011/06/03 17:06:15.0642 0528 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    2011/06/03 17:06:15.0716 0528 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2011/06/03 17:06:15.0787 0528 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/06/03 17:06:15.0811 0528 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/06/03 17:06:15.0933 0528 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    2011/06/03 17:06:15.0992 0528 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
    2011/06/03 17:06:16.0282 0528 winusb (086d2e78eecd6195667282adc6ca109f) C:\Windows\system32\DRIVERS\winusb.sys
    2011/06/03 17:06:16.0403 0528 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
    2011/06/03 17:06:16.0588 0528 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
    2011/06/03 17:06:16.0661 0528 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/06/03 17:06:16.0806 0528 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/06/03 17:06:16.0975 0528 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    2011/06/03 17:06:17.0005 0528 ================================================================================
    2011/06/03 17:06:17.0005 0528 Scan finished
    2011/06/03 17:06:17.0005 0528 ================================================================================
    2011/06/03 17:06:17.0050 1384 Detected object count: 1
    2011/06/03 17:06:17.0051 1384 Actual detected object count: 1
    2011/06/03 17:06:23.0270 1384 sptd (ef4e4e1775db542c767dd0c7b46db926) C:\Windows\system32\Drivers\sptd.sys
    2011/06/03 17:06:23.0271 1384 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: ef4e4e1775db542c767dd0c7b46db926
    2011/06/03 17:06:23.0283 1384 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
    2011/06/03 17:06:23.0285 1384 LockedFile.Multi.Generic(sptd) - User select action: Quarantine
    0
  10. Tigzy Messages postés 7983 Statut Contributeur sécurité 582
     
    Plus de soucis?

    * Télécharge ZHPDiag
    Capture

    * Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin.
    * Sous vista/seven, si un message d'erreur apparait , clique droit => exécuter en tant qu'admin
    * Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
    * Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
    * Heberge le rapport ici: http://pjjoint.malekal.com/ et colle le lien dans la réponse
    0
  11. diablesse136
     
    Voici... :

    Rapport de ZHPDiag v1.27.222 par Nicolas Coolman, Update du 03/06/2011
    Run by Scannella-Deneubourg at 3/06/2011 17:27:16
    Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html

    ---\\ Web Browser
    MSIE: Internet Explorer v8.0.6001.18904 (Defaut)
    MFIE: Mozilla Firefox 4.0.1 v4.0.1
    GCIE: Google Chrome

    ---\\ System Information
    Windows Vista Home Premium Edition, 32-bit (Build 6000)
    Processor: x86 Family 6 Model 15 Stepping 6, GenuineIntel
    Operating System: 32 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 2046 MB (47% free)
    System Restore: Activé (Enable)
    System drive C: has 23 GB (16%) free of 133 GB

    ---\\ Logged in mode
    Computer Name: PC-SCANNELLA
    User Name: Scannella-Deneubourg
    All Users Names: Scannella-Deneubourg, Mcx1, ASPNET, Administrateur,
    Unselected Option: O45,O61,O62,O65,O66,O82
    Logged in as Administrator

    ---\\ Environnement Variables
    %AppData%=
    %LocalAppData%=
    %StartMenu%=

    ---\\ DOS/Devices
    A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
    C:\ Hard drive, Flash drive, Thumb drive (Free 23 Go of 133 Go)
    D:\ CD-ROM drive (Not Inserted)
    E:\ Hard drive, Flash drive, Thumb drive (Free 80 Go of 100 Go)
    F:\ CD-ROM drive (Not Inserted)
    H:\ CD-ROM drive (Not Inserted)

    ---\\ Security Center & Tools Informations
    [HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
    [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
    [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
    [HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: OK
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK
    [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions: OK
    [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK
    [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoStartMenuSubFolder: OK
    [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoResolveSearch: OK
    [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoClose: OK
    [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableTaskMgr: OK
    [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableRegistryTools: OK
    [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] NoDispScrSavPage: OK
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
    [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK

    ---\\ Recherche particulière de fichiers génériques
    [MD5.37440D09DEAE0B672A04DCCF7ABF06BE] - (.Microsoft Corporation - Explorateur Windows.) (.29/10/2008 07:20:29.) -- C:\Windows\Explorer.exe [2923520]
    [MD5.D4385B03E8CCCEE6F0EE249F827C1F3E] - (.Microsoft Corporation - Application de démarrage de Windows.) (.2/11/2006 10:45:57.) -- C:\Windows\system32\Wininit.exe [95744]
    [MD5.EC3B3E6071E3FCD4290BFD42676EE064] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.23/02/2010 07:39:13.) -- C:\Windows\system32\wininet.dll [916480]
    [MD5.9F75392B9128A91ABAFB044EA350BAAD] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.2/11/2006 10:45:57.) -- C:\Windows\system32\Winlogon.exe [308224]
    [MD5.B35CFCEF838382AB6490B321C87EDF17] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/02/2008 15:58:18.) -- C:\Windows\system32\drivers\atapi.sys [21560]
    [MD5.37430AA7A66D7A63407ADC2C0D05E9F6] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.17/12/2007 23:50:41.) -- C:\Windows\system32\drivers\ntfs.sys [1060920]

    ---\\ Processus lancés
    [MD5.4B555106290BD117334E9A08761C035A] - (...) -- C:\Windows\System32\rundll32.exe [44544]
    [MD5.9D5E8B45BD348DF0882C69EED0E83111] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [281768]
    [MD5.7DE0794DCFC80FF16B0A68D74515B267] - (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\bin\IncMail.exe [353736]
    [MD5.2E0953919779A44BF9DFB7B07C58535A] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe [125440]
    [MD5.26D4DC9C41770AEE627004A0EB60605B] - (...) -- C:\Program Files\NetMeter\NetMeter.exe [331264]
    [MD5.693E4C15CEE5D6487D7913A2701B5E40] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376]
    [MD5.F018E866BBF4A54DE48E2CFB1411EF27] - (.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe [255432]
    [MD5.E83508D9A0F0D0D8449317DC6A4C5E02] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [924632]
    [MD5.3B2CC09944488DB5ED5DFDC315C9AB57] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [16856]
    [MD5.62BB79160F86CD962F312C68C6239BFD] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53472]
    [MD5.BE01E566D1F569AAB32D0335613E1EEA] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\system32\DllHost.exe [7168]
    [MD5.A3F8BB3A06EB64266EA8A6908919F87D] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [657920]

    ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    M3 - MFPP: Plugins - [Scannella-Deneubourg] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml
    M3 - MFPP: Plugins - [Scannella-Deneubourg] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml
    M3 - MFPP: Plugins - [Scannella-Deneubourg] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
    M3 - MFPP: Plugins - [Scannella-Deneubourg] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml
    M3 - MFPP: Plugins - [Scannella-Deneubourg] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml
    M3 - MFPP: Plugins - [Scannella-Deneubourg] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml
    M3 - MFPP: Plugins - [Scannella-Deneubourg] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml
    P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - np-mswmp.) -- C:\Program Files\Mozilla Firefox\Plugins\np-mswmp.dll
    P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.0.1.) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll
    P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    P2 - FPN: [HKLM] [@garmin.com/GpsControl] - (.GARMIN Corp. - Garmin Communicator Plug-In 2.9.2.0.) -- C:\Program Files\Garmin GPS Plugin\npGarmin.dll
    P2 - FPN: [HKLM] [@google.com/npPicasa3,version=3.0.0] - (.Google, Inc. - Picasa plugin.) -- C:\Program Files\Google\Picasa3\npPicasa3.dll
    P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.60310.0.) -- C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
    P2 - FPN: [HKLM] [@microsoft.com/OfficeLive,version=1.3] - (.Microsoft Corp. - Office Live Update v1.5.) -- C:\Program Files\Microsoft\Office Live\npOLW.dll
    P2 - FPN: [HKLM] [@microsoft.com/OfficeLive,version=1.5] - (.Microsoft Corp. - Office Live Update v1.5.) -- C:\Program Files\Microsoft\Office Live\npOLW.dll
    P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=14.0.8117.0416] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    P2 - FPN: [HKLM] [@pack.google.com/Google Updater;version=13] - (.Google - Google Updater plugin<br><a href="http://pack.google.com/">http://pack.) -- C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    P2 - FPN: [HKLM] [@veetle.com/vbp;version=0.9.17] - (.Veetle Inc - Version 0.9.17, copyright 2008-2010 Veetle Inc<br><a href="http://www..) -- C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
    P2 - FPN: [HKLM] [@veetle.com/veetleCorePlugin,version=0.9.17] - (.Veetle Inc - Version 0.9.17, Copyright 2006-2009 Veetle Inc<br><a href="http://www..) -- C:\Program Files\Veetle\plugins\npVeetle.dll
    P2 - FPN: [HKLM] [@veetle.com/veetlePlayerPlugin,version=0.9.17] - (.Veetle Inc - Version 0.9.17, copyright 2006-2010 Veetle Inc<br><a href="http://www..) -- C:\Program Files\Veetle\Player\npvlc.dll
    P2 - FPN: [HKLM] [@videolan.org/vlc,version=1.1.8] - (.the VideoLAN Team - Version 1.1.8, copyright 1996-2011 The VideoLAN Team<br><a href="http:.) -- C:\Program Files\VideoLAN\VLC\npvlc.dll

    ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tropal.net
    R0 - HKUS\S-1-5-21-3176534916-1124862880-323688700-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
    R1 - HKUS\S-1-5-21-3176534916-1124862880-323688700-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com
    R3 - URLSearchHook: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} . (.Conduit Ltd. - Conduit Toolbar.) (6.1.0.7) -- C:\Program Files\IncrediMail_MediaBar_2\tbIncr.dll
    R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)) -- C:\Windows\system32\ieframe.dll
    R3 - URLSearchHook: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} . (.Conduit Ltd. - Conduit Toolbar.) (6.1.0.7) -- C:\Program Files\IncrediMail_MediaBar_2\tbIncr.dll
    R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2

    ---\\ Internet Explorer, Proxy Management (R5)
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

    ---\\ ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
    F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
    F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"

    ---\\ Browser Helper Objects de navigateur (O2)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\ConduitEngine\ConduitEngine.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Clé orpheline
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLi
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
    O2 - BHO: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\IncrediMail_MediaBar_2\tbIncr.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll

    ---\\ Internet Explorer Toolbars (O3)
    O3 - Toolbar: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\IncrediMail_MediaBar_2\tbIncr.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\ConduitEngine\ConduitEngine.dll

    ---\\ ---\\ Applications démarrées par registre & par dossier (O4)
    O4 - HKLM\..\Run: [NvSvc] . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 169.0.) -- C:\Windows\system32\nvsvc.dll
    O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll
    O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\system32\NvMcTray.dll
    O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
    O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
    O4 - HKCU\..\Run: [IncrediMail] . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
    O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] . (...) -- C:\Program Files\NetMeter\NetMeter.exe
    O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-21-3176534916-1124862880-323688700-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
    O4 - HKUS\S-1-5-21-3176534916-1124862880-323688700-1000\..\Run: [IncrediMail] . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
    O4 - HKUS\S-1-5-21-3176534916-1124862880-323688700-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-21-3176534916-1124862880-323688700-1000\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] . (...) -- C:\Program Files\NetMeter\NetMeter.exe
    O4 - HKUS\S-1-5-21-3176534916-1124862880-323688700-1000\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe

    ---\\ ---\\ Autres liens utilisateurs (O4)
    O4 - Global Startup: C:\Users\Scannella-Deneubourg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
    O4 - Global Startup: C:\Users\Scannella-Deneubourg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Mail\WinMail.exe
    O4 - Global Startup: C:\Users\Scannella-Deneubourg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
    O4 - Global Startup: C:\Users\Scannella-Deneubourg\Desktop\Windows Live Messenger .lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    O4 - Global Startup: C:\Users\Scannella-Deneubourg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\IncrediMail 2.0.lnk . (.IncrediMail, Ltd..) -- C:\Program Files\IncrediMail\bin\IncMail.exe
    O4 - Global Startup: C:\Users\Scannella-Deneubourg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
    O4 - Global Startup: C:\Users\Scannella-Deneubourg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe
    O4 - Global Startup: C:\Users\Scannella-Deneubourg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk . (.Nero AG.) -- C:\Program Files\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe

    ---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
    O8 - Extra context menu item: Add to Google Photos Screensa&ver . (.Google Inc. - Google Photos Screensaver.) -- C:\Windows\system32\GPhotos.scr
    O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Excel.) -- C:\PROGRA~1\MICROS~2\Office10\EXCEL.exe

    ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} . (.Microsoft Corporation - Synchronisation des favoris ActiveSync.) -- C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} . (.Microsoft Corporation - Synchronisation des favoris ActiveSync.) -- C:\Windows\WindowsMobile\INetRepl.dll

    ---\\ Winsock hijacker (Layered Service Provider) (O10)
    O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
    O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll
    O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
    O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
    O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur d?espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
    O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Fournisseur d?espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll

    ---\\ Objets ActiveX (Downloaded Program Files)(O16)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

    ---\\ Modification Domaine/Adresses DNS (O17)
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4B46903F-BA2F-4DAC-8FBA-09F1FECD512E}: NameServer = 195.238.2.21 195.238.2.22
    O17 - HKLM\System\CS1\Services\Tcpip\..\{4B46903F-BA2F-4DAC-8FBA-09F1FECD512E}: NameServer = 195.238.2.21 195.238.2.22
    O17 - HKLM\System\CS2\Services\Tcpip\..\{6A4392BB-A564-4A21-896E-319CDAFF9409}: DhcpNameServer = 192.168.1.1

    ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\Windows\System32\webcheck.dll

    ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
    O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\system32\browseui.dll

    ---\\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 - Service: (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: (DTNetService) . (.DT Soft Ltd - DAEMON Tools Net Service.) - C:\Program Files\DAEMON Tools Net\DTNetSrv.exe
    O23 - Service: (EPSON_PM_RPCV4_01) . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.exe
    O23 - Service: (gusvc) . (.Google - gusvc.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: (IDriverT) . (.Macrovision Corporation - IDriverT Module.) - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 (Nero BackItUp Scheduler 4.0) . (.Nero AG - Nero BackItUp.) - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: (Planificateur LiveUpdate automatique) - Clé orpheline
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Clé orpheline

    ---\\ Enumération Active Desktop & MHTML Editor (O24)
    O24 - Default MHTML Editor: Last - .(...) - (.not file.)

    ---\\ Tâches planifiées en automatique (O39)
    O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GlaryInitialize.job
    O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Google Software Updater.job
    O39 - APT:Automatic Planified Task - C:\Windows\Tasks\User_Feed_Synchronization-{57B3A23D-7EF6-4452-9E55-49679E238011}.job
    [MD5.3F93A3628B9A928D35F169120F3E50EB] [APT] [GlaryInitialize] (.Glarysoft Ltd.) -- C:\Program Files\Glary Utilities\initialize.exe
    [MD5.5467F1FF0AF264566740F67E8B810735] [APT] [Google Software Updater] (.Google.) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    [MD5.00000000000000000000000000000000] [APT] [RealUpgradeLogonTaskS-1-5-21-3176534916-1124862880-323688700-1000] (.Pas de propriétaire.) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe (.not file.)
    [MD5.00000000000000000000000000000000] [APT] [RealUpgradeScheduledTaskS-1-5-21-3176534916-1124862880-323688700-1000] (.Pas de propriétaire.) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe (.not file.)
    [MD5.00000000000000000000000000000000] [APT] [{30185F3E-363D-4AED-86D0-1D58DD7DB037}] (.Pas de propriétaire.) -- C:\Program Files\Babylon\Babylon-Pro\Utils\uninstbb.exe (.not file.)

    ---\\ Pilotes lancés au démarrage (O41)
    O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
    O41 - Driver: (avgio) . (.Avira GmbH - Avira AntiVir Support for Minifilter.) - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for Security Enhancement.) - C:\Windows\System32\DRIVERS\avipbb.sys
    O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
    O41 - Driver: (DfsC) . (.Microsoft Corporation - DFS Client MUP Surrogate Driver.) - C:\Windows\System32\Drivers\dfsc.sys
    O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\Windows\System32\DRIVERS\i8042prt.sys
    O41 - Driver: (kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\Windows\System32\DRIVERS\kbdclass.sys
    O41 - Driver: (mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\Windows\System32\DRIVERS\mouclass.sys
    O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
    O41 - Driver: (netbt) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
    O41 - Driver: (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
    O41 - Driver: C:\Windows\system32\drivers\pacer.sys (PSched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys
    O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\System32\DRIVERS\rasacd.sys
    O41 - Driver: (rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERS\rdbss.sys
    O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
    O41 - Driver: (RDPENCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
    O41 - Driver: (Serial) . (.Microsoft Corporation - Pilote de périphérique série.) - C:\Windows\System32\DRIVERS\serial.sys
    O41 - Driver: C:\Windows\system32\tcpipcfg.dll (Smb) . (.Microsoft Corporation - SMB Transport driver.) - C:\Windows\System32\DRIVERS\smb.sys
    O41 - Driver: (ssmdrv) . (.Avira GmbH - AVIRA SnapShot Driver.) - C:\Windows\System32\DRIVERS\ssmdrv.sys
    O41 - Driver: C:\Windows\system32\tcpipcfg.dll (Tcpip) . (.Microsoft Corporation - TCP/IP Driver.) - C:\Windows\System32\drivers\tcpip.sys
    O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
    O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
    O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
    O41 - Driver: (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys

    ---\\ Logiciels installés (O42)
    O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
    O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
    O42 - Logiciel: Adobe Reader X (10.0.1) - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-AA0000000001}
    O42 - Logiciel: Advertising Center - (.Nero AG.) [HKLM] -- {b2ec4a38-b545-4a00-8214-13fe0e915e6d}
    O42 - Logiciel: Application Suite - (.Pas de propriétaire.) [HKLM] -- {B0946E23-2123-4ED5-A5B5-6071686D286C}
    O42 - Logiciel: Assistant de connexion Windows Live ID - (.Microsoft Corporation.) [HKLM] -- {0840B4D6-7DD1-4187-8523-E6FC0007EFB7}
    O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM] -- Avira AntiVir Desktop
    O42 - Logiciel: Conduit Engine - (.Conduit Ltd..) [HKLM] -- conduitEngine
    O42 - Logiciel: DolbyFiles - (.Nero AG.) [HKLM] -- {b1adf008-e898-4fe2-8a1f-690d9a06acaf}
    O42 - Logiciel: EPSON Logiciel imprimante - (.SEIKO EPSON Corporation.) [HKLM] -- EPSON Printer and Utilities
    O42 - Logiciel: EPSON Scan - (.Pas de propriétaire.) [HKLM] -- EPSON Scanner
    O42 - Logiciel: EPSON Scan Assistant - (.Pas de propriétaire.) [HKLM] -- {2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}
    O42 - Logiciel: ESDX6000_CX5900 Guide util. - (.Pas de propriétaire.) [HKLM] -- ESDX6000_CX5900 Guide util.
    O42 - Logiciel: Galerie de photos Windows Live - (.Microsoft Corporation.) [HKLM] -- {1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}
    O42 - Logiciel: Garmin Communicator Plugin - (.Garmin Ltd or its subsidiaries.) [HKLM] -- {C7DD94A8-F775-426C-B56C-8E555A59F9E2}
    O42 - Logiciel: Garmin MapSource - (.Garmin Ltd or its subsidiaries.) [HKLM] -- {58FA5D40-E35A-47ED-8AFA-68CCC758559E}
    O42 - Logiciel: Garmin POI Loader - (.Garmin Ltd or its subsidiaries.) [HKLM] -- {328019A7-0012-401D-96A2-4CDDD02675A8}
    O42 - Logiciel: Garmin Training Center 3.4.3 - (.Garmin Ltd or its subsidiaries.) [HKLM] -- {CEAEEFA6-DEBC-4B16-8F04-84C81440CA32}
    O42 - Logiciel: Garmin USB Drivers - (.Garmin Ltd or its subsidiaries.) [HKLM] -- {65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}
    O42 - Logiciel: Gestionnaire pour appareils Windows Mobile - (.Microsoft Corporation.) [HKLM] -- {904CCF62-818D-4675-BC76-D37EB399F917}
    O42 - Logiciel: Glary Utilities 2.18.0.786 - (.Glarysoft Ltd.) [HKLM] -- Glary Utilities_is1
    O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
    O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
    O42 - Logiciel: IncrediMail - (.IncrediMail.) [HKLM] -- {5E97F3BD-CDDC-4188-9D98-532E14FABB5D}
    O42 - Logiciel: IncrediMail 2.0 - (.IncrediMail Ltd..) [HKLM] -- IncrediMail
    O42 - Logiciel: IncrediMail MediaBar 2 Toolbar - (.IncrediMail MediaBar 2.) [HKLM] -- IncrediMail_MediaBar_2 Toolbar
    O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3
    O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {133742BA-6F46-4D3E-85AF-78631D9AD8B8}
    O42 - Logiciel: Java(TM) 6 Update 11 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216011FF}
    O42 - Logiciel: Java(TM) 6 Update 2 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160020}
    O42 - Logiciel: Java(TM) 6 Update 3 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160030}
    O42 - Logiciel: Java(TM) 6 Update 5 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160050}
    O42 - Logiciel: Java(TM) 6 Update 7 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160070}
    O42 - Logiciel: Java(TM) SE Runtime Environment 6 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160000}
    O42 - Logiciel: Java(TM) SE Runtime Environment 6 Update 1 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160010}
    O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM] -- {8E5233E1-7495-44FB-8DEB-4BE906D59619}
    O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    O42 - Logiciel: MSXML 4.0 SP2 (KB927978) - (.Microsoft Corporation.) [HKLM] -- {37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    O42 - Logiciel: MSXML 4.0 SP2 (KB936181) - (.Microsoft Corporation.) [HKLM] -- {C04E32E0-0416-434D-AFB9-6969D703A9EF}
    O42 - Logiciel: MSXML 4.0 SP2 (KB941833) - (.Microsoft Corporation.) [HKLM] -- {C523D256-313D-4866-B36A-F3DE528246EF}
    O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
    O42 - Logiciel: Menu Templates - Starter Kit - (.Nero AG.) [HKLM] -- {b78120a0-cf84-4366-a393-4d0a59bc546c}
    O42 - Logiciel: Messenger Plus! Live - (.Yuna Software.) [HKLM] -- Messenger Plus! Live
    O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Microsoft.) [HKLM] -- {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Pas de propriétaire.) [HKLM] -- Microsoft .NET Framework 1.1 (1033)
    O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB953297) - (.Pas de propriétaire.) [HKLM] -- M953297
    O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra - (.Microsoft Corporation.) [HKLM] -- {3E31821C-7917-367E-938E-E65FC413EA31}
    O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
    O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
    O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
    O42 - Logiciel: Microsoft Office Live Add-in 1.5 - (.Microsoft Corporation.) [HKLM] -- {F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}
    O42 - Logiciel: Microsoft Office XP Professional avec FrontPage - (.Microsoft Corporation.) [HKLM] -- {9028040C-6000-11D3-8CFE-0050048383C9}
    O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] - (.Microsoft Corporation.) [HKLM] -- {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
    O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {770657D0-A123-3C07-8E44-1C83EC895118}
    O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {837b34e3-7c30-493c-8f6a-2b0f04e2912c}
    O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
    O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}
    O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
    O42 - Logiciel: Microsoft Windows Media Video 9 VCM - (.Pas de propriétaire.) [HKLM] -- WMV9_VCM
    O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - fra
    O42 - Logiciel: Movie Templates - Starter Kit - (.Nero AG.) [HKLM] -- {e498385e-1c51-459a-b45f-1721e37aa1a0}
    O42 - Logiciel: Mozilla Firefox 4.0.1 (x86 fr) - (.Mozilla.) [HKLM] -- Mozilla Firefox 4.0.1 (x86 fr)
    O42 - Logiciel: NVIDIA Drivers - (.Pas de propriétaire.) [HKLM] -- NVIDIA Drivers
    O42 - Logiciel: Nero 9 - (.Nero AG.) [HKLM] -- {19dd3a52-b9eb-4b06-819c-4bb92511f5d2}
    O42 - Logiciel: Nero 9 Trial - (.Nero AG.) [HKLM] -- {5493b4c4-569a-4ae1-840a-eb3ba5b6af85}
    O42 - Logiciel: Nero BurnRights - (.Nero AG.) [HKLM] -- {7829db6f-a066-4e40-8912-cb07887c20bb}
    O42 - Logiciel: Nero ControlCenter - (.Nero AG.) [HKLM] -- {bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}
    O42 - Logiciel: Nero CoverDesigner - (.Nero AG.) [HKLM] -- {62ac81f6-bdd3-4110-9d36-3e9eaab40999}
    O42 - Logiciel: Nero Disc Copy Gadget - (.Nero AG.) [HKLM] -- {f1861f30-3419-44db-b2a1-c274825698b3}
    O42 - Logiciel: Nero DiscSpeed - (.Nero AG.) [HKLM] -- {869200db-287a-4dc0-b02b-2b6787fbcd4c}
    O42 - Logiciel: Nero DriveSpeed - (.Nero AG.) [HKLM] -- {33cf58f5-48d8-4575-83d6-96f574e4d83a}
    O42 - Logiciel: Nero InfoTool - (.Nero AG.) [HKLM] -- {fbcdfd61-7dcf-4e71-9226-873ba0053139}
    O42 - Logiciel: Nero Installer - (.Nero AG.) [HKLM] -- {e8a80433-302b-4ff1-815d-fcc8eac482ff}
    O42 - Logiciel: Nero Live - (.Nero AG.) [HKLM] -- {df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}
    O42 - Logiciel: Nero PhotoSnap - (.Nero AG.) [HKLM] -- {9e82b934-9a25-445b-b8df-8012808074ac}
    O42 - Logiciel: Nero Recode - (.Nero AG.) [HKLM] -- {359cfc0a-beb1-440d-95ba-cf63a86da34f}
    O42 - Logiciel: Nero Rescue Agent - (.Nero AG.) [HKLM] -- {368ba326-73ad-4351-84ed-3c0a7a52cc53}
    O42 - Logiciel: Nero ShowTime - (.Nero AG.) [HKLM] -- {d9dcf92e-72eb-412d-ac71-3b01276e5f8b}
    O42 - Logiciel: Nero StartSmart - (.Nero AG.) [HKLM] -- {7748ac8c-18e3-43bb-959b-088faea16fb2}
    O42 - Logiciel: Nero Vision - (.Nero AG.) [HKLM] -- {43e39830-1826-415d-8bae-86845787b54b}
    O42 - Logiciel: Nero WaveEditor - (.Nero AG.) [HKLM] -- {a209525b-3377-43f4-b886-32f6b6e7356f}
    O42 - Logiciel: NeroBurningROM - (.Nero AG.) [HKLM] -- {d025a639-b9c9-417d-8531-208859000af8}
    O42 - Logiciel: NeroExpress - (.Nero AG.) [HKLM] -- {595a3116-40bb-4e0f-a2e8-d7951da56270}
    O42 - Logiciel: NeroLiveGadget - (.Nero AG.) [HKLM] -- {9e9fdde6-2c26-492a-85a0-05646b3f2795}
    O42 - Logiciel: NetMeter 1.1.3 - (.ReadError.) [HKLM] -- NetMeter_is1
    O42 - Logiciel: Nvu 1.0 - (.Pas de propriétaire.) [HKLM] -- Nvu_is1
    O42 - Logiciel: OGA Notifier 2.0.0048.0 - (.Microsoft Corporation.) [HKLM] -- {B2544A03-10D0-4E5E-BA69-0362FFC20D18}
    O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238}
    O42 - Logiciel: PIF DESIGNER - (.Pas de propriétaire.) [HKLM] -- {B90450DF-E781-46FD-B1F1-0C86DA40E443}
    O42 - Logiciel: PackBarre - (.PackBarre.) [HKCU] -- bf49a51268b6150a
    O42 - Logiciel: Photo Notifier and Animation Creator - (.IncrediMail Ltd..) [HKLM] -- Photo Notifier and Animation Creator
    O42 - Logiciel: Photo Notifier and Animation Creator - (.Nom de votre société.) [HKLM] -- {6B7F28D4-160E-40C6-B7C8-5EC6B9734DA7}
    O42 - Logiciel: Picasa 3 - (.Google, Inc..) [HKLM] -- Picasa 3
    O42 - Logiciel: Ressources Windows Mobile - (.Microsoft Corporation.) [HKLM] -- Windows Mobile Device Handbook
    O42 - Logiciel: Retoucher - (.AKVIS LLC.) [HKLM] -- {D77DBB31-D3EB-4405-8785-488CA60ECE46}
    O42 - Logiciel: SopCast 3.0.3 - (.SopCast.com.) [HKLM] -- SopCast
    O42 - Logiciel: SoundTrax - (.Nero AG.) [HKLM] -- {c5a7cb6c-e76d-408f-ba0e-85605420fe9d}
    O42 - Logiciel: Spelling Dictionaries Support For Adobe Reader 9 - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-5464-3428-900000000004}
    O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
    O42 - Logiciel: VLC media player 1.1.8 - (.VideoLAN.) [HKLM] -- VLC media player
    O42 - Logiciel: Veetle TV 0.9.17 - (.Veetle, Inc.) [HKLM] -- Veetle TV
    O42 - Logiciel: Visual C++ 2008 x86 Runtime - (v9.0.30729) - (.Microsoft Corporation.) [HKLM] -- {F333A33D-125C-32A2-8DCE-5C5D14231E27}
    O42 - Logiciel: Visual C++ 2008 x86 Runtime - v9.0.30729.01 - (.Microsoft Corporation.) [HKLM] -- {F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01
    O42 - Logiciel: WinRAR archiver - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver
    O42 - Logiciel: Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) - (.Garmin.) [HKLM] -- 49CF605F02C7954F4E139D18828DE298CD59217C
    O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {B3B487E7-6171-4376-9074-B28082CEB504}
    O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {3175E049-F9A9-4A3D-8F19-AC9FB04514D1}
    O42 - Logiciel: Windows Live FolderShare - (.Microsoft Corporation.) [HKLM] -- {76810709-A7D3-468D-9167-A1780C1E766C}
    O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM] -- {5DD76286-9BE7-4894-A990-E905E91AC818}
    O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {445B183D-F4F1-45C8-B9DB-F11355CA657B}
    O42 - Logiciel: Windows Media Player Firefox Plugin - (.Microsoft Corp.) [HKLM] -- {69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    O42 - Logiciel: Windows Mobile Device Center Driver Update - (.Microsoft Corporation.) [HKLM] -- {E7044E25-3038-4A76-9064-344AC038043E}
    O42 - Logiciel: XBC 5.1 - (.XBConnect.) [HKLM] -- XBC 5.1
    O42 - Logiciel: neroxml - (.Nero AG.) [HKLM] -- {56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    O42 - Logiciel: µTorrent - (.Pas de propriétaire.) [HKCU] -- uTorrent
    O42 - Logiciel: µTorrent - (.Pas de propriétaire.) [HKLM] -- uTorrent

    ---\\ HKCU & HKLM Software Keys
    [HKCU\Software\ABBYY]
    [HKCU\Software\ASProtect]
    [HKCU\Software\AVS4YOU]
    [HKCU\Software\Adobe]
    [HKCU\Software\Ahead]
    [HKCU\Software\AppDataLow\Aurigma]
    [HKCU\Software\AppDataLow\Software\Conduit]
    [HKCU\Software\AppDataLow\Software\Google]
    [HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_2]
    [HKCU\Software\AppDataLow\Software\Microsoft]
    [HKCU\Software\AppDataLow\Software\Monitored]
    [HKCU\Software\AppDataLow\Software\conduitEngine]
    [HKCU\Software\AppDataLow\Software\settings]
    [HKCU\Software\AppDataLow\Software]
    [HKCU\Software\AppDataLow\Toolbar]
    [HKCU\Software\AppDataLow]
    [HKCU\Software\Apple Computer, Inc.]
    [HKCU\Software\Avira]
    [HKCU\Software\Babylon]
    [HKCU\Software\BitTorrent]
    [HKCU\Software\CDDB]
    [HKCU\Software\Classes]
    [HKCU\Software\Clients]
    [HKCU\Software\Corel]
    [HKCU\Software\Cyanide]
    [HKCU\Software\DT Soft]
    [HKCU\Software\Digital River]
    [HKCU\Software\DivXNetworks]
    [HKCU\Software\EPSON]
    [HKCU\Software\Electronic Arts]
    [HKCU\Software\Folder Manager]
    [HKCU\Software\Foxit Software]
    [HKCU\Software\Freeware]
    [HKCU\Software\Garmin]
    [HKCU\Software\GlarySoft]
    [HKCU\Software\Google]
    [HKCU\Software\IM Providers]
    [HKCU\Software\IM]
    [HKCU\Software\ImInstaller]
    [HKCU\Software\IncrediMail]
    [HKCU\Software\InstallShield]
    [HKCU\Software\JEDI-VCL]
    [HKCU\Software\Jasc]
    [HKCU\Software\JavaSoft]
    [HKCU\Software\Lphant]
    [HKCU\Software\Macromedia]
    [HKCU\Software\Magnet]
    [HKCU\Software\Micro Application]
    [HKCU\Software\Moyea]
    [HKCU\Software\MozillaPlugins]
    [HKCU\Software\Mozilla]
    [HKCU\Software\NVIDIA Corporation]
    [HKCU\Software\Nero]
    [HKCU\Software\Netscape]
    [HKCU\Software\Northcode Inc]
    [HKCU\Software\Norton]
    [HKCU\Software\Nosibay]
    [HKCU\Software\ODBC]
    [HKCU\Software\PIXELA]
    [HKCU\Software\Patchou]
    [HKCU\Software\Policies]
    [HKCU\Software\Protexis]
    [HKCU\Software\RealNetworks]
    [HKCU\Software\Safer Networking Limited]
    [HKCU\Software\SecuROM]
    [HKCU\Software\SmartDraw.com]
    [HKCU\Software\Softonic]
    [HKCU\Software\Symantec]
    [HKCU\Software\Sysinternals]
    [HKCU\Software\SystemQQX]
    [HKCU\Software\TechSmith]
    [HKCU\Software\Trolltech]
    [HKCU\Software\Unity]
    [HKCU\Software\VB and VBA Program Settings]
    [HKCU\Software\VSO]
    [HKCU\Software\Veetle]
    [HKCU\Software\Wget]
    [HKCU\Software\WinRAR SFX]
    [HKCU\Software\WinRAR]
    [HKCU\Software\YahooPartnerToolbar]
    [HKCU\Software\ZjSoft]
    [HKCU\Software\latelierdeschefs]
    [HKLM\Software\<company>]
    [HKLM\Software\ABBYY]
    [HKLM\Software\AKVIS]
    [HKLM\Software\ASUS]
    [HKLM\Software\AVS4YOU]
    [HKLM\Software\Adobe]
    [HKLM\Software\Ahead]
    [HKLM\Software\Avira]
    [HKLM\Software\Classes]
    [HKLM\Software\Clients]
    [HKLM\Software\Conduit]
    [HKLM\Software\Cyanide]
    [HKLM\Software\DATA BECKER]
    [HKLM\Software\DT Soft]
    [HKLM\Software\DivXNetworks]
    [HKLM\Software\DivX]
    [HKLM\Software\EPSON]
    [HKLM\Software\EliaShim]
    [HKLM\Software\Garmin]
    [HKLM\Software\GlarySoft]
    [HKLM\Software\Google]
    [HKLM\Software\ImInstaller]
    [HKLM\Software\IncrediMail_MediaBar_2]
    [HKLM\Software\InstallShield]
    [HKLM\Software\Intel]
    [HKLM\Software\InterVideo]
    [HKLM\Software\JavaSoft]
    [HKLM\Software\Macromedia]
    [HKLM\Software\Moyea]
    [HKLM\Software\MozillaPlugins]
    [HKLM\Software\Mozilla]
    [HKLM\Software\MusicNet]
    [HKLM\Software\NVIDIA Corporation]
    [HKLM\Software\Nero]
    [HKLM\Software\Norton]
    [HKLM\Software\ODBC]
    [HKLM\Software\Patchou]
    [HKLM\Software\Policies]
    [HKLM\Software\RealNetworks]
    [HKLM\Software\RegisteredApplications]
    [HKLM\Software\Safer Networking Limited]
    [HKLM\Software\Sonic]
    [HKLM\Software\Swearware]
    [HKLM\Software\Symantec]
    [HKLM\Software\VSO]
    [HKLM\Software\Veetle]
    [HKLM\Software\VideoConverter]
    [HKLM\Software\VideoLAN]
    [HKLM\Software\Volatile]
    [HKLM\Software\WholeSecurity]
    [HKLM\Software\Wow6432Node]
    [HKLM\Software\X-AVCSD]
    [HKLM\Software\mozilla.org]

    ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 - CFD: 9/07/2009 - 21:17:40 - [1863] ----D- C:\Program Files\A123 AVI MPEG WMV ASF MOV FLV to 3GP Converter
    O43 - CFD: 5/07/2010 - 21:46:06 - [48] ----D- C:\Program Files\ABC 3GP Converter
    O43 - CFD: 17/02/2011 - 20:38:30 - [166318478] ----D- C:\Program Files\Adobe
    O43 - CFD: 28/12/2009 - 21:11:50 - [0] ----D- C:\Program Files\Ahead
    O43 - CFD: 20/04/2007 - 17:00:36 - [8312868] ----D- C:\Program Files\AKVIS
    O43 - CFD: 1/03/2010 - 20:31:50 - [123443820] ----D- C:\Program Files\Avira
    O43 - CFD: 9/07/2009 - 23:36:14 - [3928648] ----D- C:\Program Files\AVS4YOU
    O43 - CFD: 2/06/2011 - 14:05:16 - [930598915] ----D- C:\Program Files\Common Files
    O43 - CFD: 10/12/2010 - 23:37:06 - [532064] ----D- C:\Program Files\Conduit
    O43 - CFD: 10/12/2010 - 23:36:54 - [3939185] ----D- C:\Program Files\ConduitEngine
    O43 - CFD: 4/07/2007 - 19:28:32 - [220830788] ----D- C:\Program Files\Corel
    O43 - CFD: 27/11/2010 - 10:55:14 - [0] ----D- C:\Program Files\Cyanide
    O43 - CFD: 29/07/2010 - 22:20:14 - [20639066] ----D- C:\Program Files\DAEMON Tools Net
    O43 - CFD: 2/07/2010 - 14:05:08 - [304608] ----D- C:\Program Files\DIFX
    O43 - CFD: 27/07/2010 - 14:37:32 - [1122850] ----D- C:\Program Files\DivX
    O43 - CFD: 3/01/2009 - 13:45:10 - [772608] ----D- C:\Program Files\DVD Decrypter
    O43 - CFD: 23/04/2009 - 11:51:00 - [148] ----D- C:\Program Files\eMule
    O43 - CFD: 20/08/2009 - 22:04:22 - [33094974] ----D- C:\Program Files\epson
    O43 - CFD: 10/04/2007 - 16:05:48 - [0] -SH-D- C:\Program Files\Fichiers communs
    O43 - CFD: 30/10/2007 - 20:39:14 - [7318528] ----D- C:\Program Files\FileZilla
    O43 - CFD: 14/07/2010 - 14:07:08 - [8758918] ----D- C:\Program Files\Garmin
    O43 - CFD: 2/07/2010 - 14:05:12 - [12266640] ----D- C:\Program Files\Garmin GPS Plugin
    O43 - CFD: 28/12/2009 - 21:21:32 - [16165836] ----D- C:\Program Files\Glary Utilities
    O43 - CFD: 6/11/2010 - 13:03:00 - [80010819] ----D- C:\Program Files\Google
    O43 - CFD: 31/03/2011 - 18:28:54 - [34956411] ----D- C:\Program Files\IncrediMail
    O43 - CFD: 16/03/2011 - 19:35:18 - [4081866] ----D- C:\Program Files\IncrediMail_MediaBar_2
    O43 - CFD: 29/03/2010 - 17:19:46 - [4017394] ----D- C:\Program Files\InstallShield Installation Information
    O43 - CFD: 31/03/2010 - 18:34:38 - [4805745] ----D- C:\Program Files\Internet Explorer
    O43 - CFD: 20/04/2009 - 20:09:38 - [12692] ----D- C:\Program Files\Jardins3D
    O43 - CFD: 23/02/2009 - 23:58:08 - [568564153] ----D- C:\Program Files\Java
    O43 - CFD: 27/07/2010 - 14:51:16 - [0] ----D- C:\Program Files\LiveCAD
    O43 - CFD: 11/11/2010 - 10:40:50 - [18169301] ----D- C:\Program Files\Messenger Plus! Live
    O43 - CFD: 13/09/2010 - 10:54:28 - [752723] ----D- C:\Program Files\Microsoft
    O43 - CFD: 11/05/2009 - 20:13:04 - [7503022] ----D- C:\Program Files\Microsoft ActiveSync
    O43 - CFD: 2/11/2006 - 14:37:36 - [92804023] ----D- C:\Program Files\Microsoft Games
    O43 - CFD: 10/04/2007 - 20:53:08 - [151664026] ----D- C:\Program Files\Microsoft Office
    O43 - CFD: 21/04/2011 - 22:15:00 - [39414723] ----D- C:\Program Files\Microsoft Silverlight
    O43 - CFD: 14/04/2009 - 18:41:58 - [1829877] ----D- C:\Program Files\Microsoft SQL Server Compact Edition
    O43 - CFD: 11/03/2010 - 19:05:32 - [99153006] ----D- C:\Program Files\Movie Maker
    O43 - CFD: 2/05/2011 - 19:38:36 - [34327687] ----D- C:\Program Files\Mozilla Firefox
    O43 - CFD: 2/11/2006 - 14:37:36 - [25757] ----D- C:\Program Files\MSBuild
    O43 - CFD: 2/11/2006 - 14:37:36 - [3272760] ----D- C:\Program Files\MSN
    O43 - CFD: 26/11/2009 - 00:47:00 - [0] ----D- C:\Program Files\MSXML 4.0
    O43 - CFD: 27/12/2009 - 19:25:00 - [1136472966] ----D- C:\Program Files\Nero
    O43 - CFD: 24/08/2009 - 18:51:34 - [1026410] ----D- C:\Program Files\NetMeter
    O43 - CFD: 15/08/2007 - 17:05:34 - [21549536] ----D- C:\Program Files\Nvu
    O43 - CFD: 31/12/2010 - 13:22:42 - [2757956] ----D- C:\Program Files\Photo Notifier and Animation Creator
    O43 - CFD: 27/07/2010 - 14:42:22 - [0] ----D- C:\Program Files\Real
    O43 - CFD: 2/11/2006 - 14:37:36 - [38637313] ----D- C:\Program Files\Reference Assemblies
    O43 - CFD: 11/05/2009 - 20:03:22 - [7439438] ----D- C:\Program Files\Ressources Windows Mobile
    O43 - CFD: 27/09/2009 - 22:21:00 - [8841750] ----D- C:\Program Files\SopCast
    O43 - CFD: 27/11/2010 - 10:56:04 - [4984496] ----D- C:\Program Files\Spybot - Search & Destroy
    O43 - CFD: 2/11/2006 - 15:01:56 - [0] ----D- C:\Program Files\Uninstall Information
    O43 - CFD: 20/11/2009 - 19:40:58 - [0] ----D- C:\Program Files\Unity
    O43 - CFD: 13/08/2007 - 19:42:20 - [399736] ----D- C:\Program Files\uTorrent
    O43 - CFD: 29/08/2010 - 21:36:14 - [37376791] ----D- C:\Program Files\Veetle
    O43 - CFD: 4/09/2009 - 19:36:20 - [83579680] ----D- C:\Program Files\VideoLAN
    O43 - CFD: 2/07/2008 - 18:35:20 - [1547264] ----D- C:\Program Files\WinAVI MP4 Converter
    O43 - CFD: 2/07/2008 - 18:38:44 - [6382080] ----D- C:\Program Files\WinAVI Video Converter
    O43 - CFD: 30/08/2007 - 13:27:34 - [1016832] ----D- C:\Program Files\Windows Calendar
    O43 - CFD: 2/11/2006 - 14:42:34 - [2761216] ----D- C:\Program Files\Windows Collaboration
    O43 - CFD: 12/04/2007 - 14:28:24 - [4486592] ----D- C:\Program Files\Windows Defender
    O43 - CFD: 2/11/2006 - 14:42:34 - [7078008] ----D- C:\Program Files\Windows Journal
    O43 - CFD: 13/12/2010 - 10:02:26 - [117435320] ----D- C:\Program Files\Windows Live
    O43 - CFD: 14/04/2009 - 18:38:52 - [245112] ----D- C:\Program Files\Windows Live SkyDrive
    O43 - CFD: 16/04/2010 - 14:47:14 - [9071240] ----D- C:\Program Files\Windows Mail
    O43 - CFD: 29/10/2009 - 18:52:48 - [4496487] ----D- C:\Program Files\Windows Media Player
    O43 - CFD: 10/04/2007 - 16:05:48 - [7940176] ----D- C:\Program Files\Windows NT
    O43 - CFD: 2/11/2006 - 14:42:34 - [13463714] ----D- C:\Program Files\Windows Photo Gallery
    O43 - CFD: 10/01/2008 - 16:14:44 - [56544611] ----D- C:\Program Files\Windows Sidebar
    O43 - CFD: 27/04/2007 - 13:51:00 - [1449240] ----D- C:\Program Files\WinRAR
    O43 - CFD: 26/04/2007 - 21:05:40 - [3389948] ----D- C:\Program Files\WinRAR2
    O43 - CFD: 1/08/2007 - 15:33:44 - [102430] ----D- C:\Program Files\WMV9_VCM
    O43 - CFD: 20/08/2009 - 21:52:56 - [3269506] ----D- C:\Program Files\XBC
    O43 - CFD: 3/06/2011 - 17:27:36 - [3892842] ----D- C:\Program Files\ZHPDiag
    O43 - CFD: 17/02/2011 - 20:38:54 - [3515885] ----D- C:\Program Files\Common Files\Adobe
    O43 - CFD: 28/12/2009 - 21:11:16 - [0] ----D- C:\Program Files\Common Files\Ahead
    O43 - CFD: 9/07/2009 - 23:36:18 - [0] ----D- C:\Program Files\Common Files\AVSMedia
    O43 - CFD: 4/07/2007 - 19:28:30 - [86016] ----D- C:\Program Files\Common Files\Designer
    O43 - CFD: 18/04/2007 - 19:39:14 - [20366949] ----D- C:\Program Files\Common Files\InstallShield
    O43 - CFD: 12/04/2007 - 18:44:40 - [50433601] ----D- C:\Program Files\Common Files\Java
    O43 - CFD: 13/09/2010 - 10:54:44 - [268398122] ----D- C:\Program Files\Common Files\microsoft shared
    O43 - CFD: 27/12/2009 - 19:28:36 - [148041605] ----D- C:\Program Files\Common Files\Nero
    O43 - CFD: 27/07/2010 - 14:37:32 - [0] ----D- C:\Program Files\Common Files\PX Storage Engine
    O43 - CFD: 27/07/2010 - 14:42:36 - [0] ----D- C:\Program Files\Common Files\Real
    O43 - CFD: 2/11/2006 - 13:18:34 - [2702] ----D- C:\Program Files\Common Files\Services
    O43 - CFD: 2/11/2006 - 13:18:34 - [41100711] ----D- C:\Program Files\Common Files\SpeechEngines
    O43 - CFD: 1/03/2010 - 20:22:30 - [5810912] ----D- C:\Program Files\Common Files\Symantec Shared
    O43 - CFD: 14/06/2007 - 12:49:16 - [21267036] ----D- C:\Program Files\Common Files\System
    O43 - CFD: 14/04/2009 - 18:33:48 - [337970750] ----D- C:\Program Files\Common Files\Windows Live
    O43 - CFD: 25/02/2008 - 20:24:54 - [33604626] -S--D- C:\Program Files\Common Files\WindowsLiveInstaller
    O43 - CFD: 17/02/2011 - 20:48:30 - [136894119] ----D- C:\ProgramData\Adobe
    O43 - CFD: 2/11/2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Application Data
    O43 - CFD: 1/03/2010 - 20:31:50 - [134561831] ----D- C:\ProgramData\Avira
    O43 - CFD: 10/04/2007 - 16:05:48 - [0] -SH-D- C:\ProgramData\Bureau
    O43 - CFD: 26/07/2010 - 21:40:46 - [988] ----D- C:\ProgramData\DAEMON Tools Lite
    O43 - CFD: 29/07/2010 - 22:19:56 - [1732] ----D- C:\ProgramData\DAEMON Tools Net
    O43 - CFD: 2/11/2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Desktop
    O43 - CFD: 27/07/2010 - 14:37:38 - [1313551] ----D- C:\ProgramData\DivX
    O43 - CFD: 2/11/2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Documents
    O43 - CFD: 21/02/2009 - 14:23:08 - [18819] ----D- C:\ProgramData\DVD Shrink
    O43 - CFD: 18/04/2007 - 19:31:38 - [408347] ----D- C:\ProgramData\EPSON
    O43 - CFD: 10/04/2007 - 16:05:48 - [0] -SH-D- C:\ProgramData\Favoris
    O43 - CFD: 2/11/2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Favorites
    O43 - CFD: 15/07/2010 - 07:21:44 - [39954] ----D- C:\ProgramData\GARMIN
    O43 - CFD: 20/08/2009 - 22:05:34 - [463001] ----D- C:\ProgramData\Google
    O43 - CFD: 3/06/2011 - 16:32:56 - [13864] ----D- C:\ProgramData\Google Updater
    O43 - CFD: 27/02/2008 - 13:49:20 - [131] ----D- C:\ProgramData\IM
    O43 - CFD: 27/02/2008 - 13:48:36 - [20325300] ----D- C:\ProgramData\IncrediMail
    O43 - CFD: 20/04/2007 - 19:04:12 - [186] ----D- C:\ProgramData\InstallShield
    O43 - CFD: 3/07/2007 - 15:22:40 - [1686] ----D- C:\ProgramData\Macromedia
    O43 - CFD: 27/07/2010 - 12:38:00 - [1062] ----D- C:\ProgramData\McAfee
    O43 - CFD: 10/04/2007 - 16:05:48 - [0] -SH-D- C:\ProgramData\Menu Démarrer
    O43 - CFD: 12/11/2010 - 20:07:10 - [65574] ----D- C:\ProgramData\Messenger Plus!
    O43 - CFD: 5/06/2010 - 00:16:06 - [285687554] -S--D- C:\ProgramData\Microsoft
    O43 - CFD: 10/04/2007 - 16:05:48 - [0] -SH-D- C:\ProgramData\Modèles
    O43 - CFD: 27/12/2009 - 19:06:00 - [17763462] ----D- C:\ProgramData\Nero
    O43 - CFD: 1/03/2010 - 20:27:12 - [9024] ----D- C:\ProgramData\Norton
    O43 - CFD: 30/11/2009 - 21:16:32 - [8248810] ----D- C:\ProgramData\NortonInstaller
    O43 - CFD: 21/11/2009 - 10:54:44 - [151976] ----D- C:\ProgramData\NVIDIA
    O43 - CFD: 24/02/2009 - 23:01:30 - [4252] ----D- C:\ProgramData\Office Genuine Advantage
    O43 - CFD: 28/11/2008 - 22:30:52 - [72] ----D- C:\ProgramData\PCSettings
    O43 - CFD: 31/12/2010 - 13:22:44 - [2137856] ----D- C:\ProgramData\Photo Notifier and Animation Creator
    O43 - CFD: 11/04/2008 - 20:17:02 - [1942898] ----D- C:\ProgramData\PIXELA
    O43 - CFD: 22/06/2010 - 21:39:06 - [32165] ----D- C:\ProgramData\Real
    O43 - CFD: 27/11/2010 - 10:56:04 - [701989] ----D- C:\ProgramData\Spybot - Search & Destroy
    O43 - CFD: 2/11/2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Start Menu
    O43 - CFD: 28/11/2008 - 22:38:46 - [64] ----D- C:\ProgramData\Symantec
    O43 - CFD: 2/11/2006 - 15:02:06 - [0] -SH-D- C:\ProgramData\Templates
    O43 - CFD: 18/04/2007 - 19:37:28 - [5081320] ----D- C:\ProgramData\UDL
    O43 - CFD: 5/07/2010 - 21:09:50 - [1429418] ----D- C:\ProgramData\VOWSoft
    O43 - CFD: 25/02/2008 - 20:21:42 - [222074] ----D- C:\ProgramData\WLInstaller
    O43 - CFD: 17/02/2011 - 20:47:32 - [5695055] ----D- C:\Users\Scannella-Deneubourg\AppData\Roaming\Adobe
    O43 - CFD: 28/07/2008 - 14:33:40 - [141307] ----D- C:\Users\Scannella-Deneubourg\AppData\Roaming\Apple Computer
    O43 - CFD: 9/07/2009 - 20:53:22 - [99] ----D- C:\Users\Scannella-Deneubourg\AppData\Roaming\AVS4YOU
    O43 - CFD: 8/05/2007 - 16:16:40 - [3805582] ----D- C:\Users\Scannella-Deneubourg\AppData\Roaming\Corel
    O43 - CFD: 26/07/2010 - 21:53:16 - [1109] ----D- C:\Users\Scannella-Deneubourg\AppData\Roaming\DAEMON Tools Lite
    O43 - CFD: 30/07/2010 - 14:28:24 - [5450] ----D- C:\Users\Scannella-Deneubourg\AppData\Roaming\DAEMON Tools Net
    O43 - CFD: 5/07/2010 - 20:23:50 - [106496] ----D- C:\Users\Scannella-Deneubourg\AppData\Roaming\DivX
    O43 - CFD: 9/07/2009 - 21:12:12 - [0] ----D- C:\Users\Scannella-Deneubourg\AppData\Roaming\Download Manager
    O43 - CFD: 5/07/2010 - 21:04:10 - [199] ----D- C:\Users\Scannella-Deneubourg\AppData\Roaming\dvdcss
    O43 - CFD: 29/03/2010 - 16:12:14 - [61] ----D- C:\Users\Scannella-Deneubourg\AppData\Roaming\EASYTools
    O43 - CFD: 11/06/2008 - 11:24:50 - [763] ----D- C:\Users\Scannella-Deneubourg\AppData\Roaming\EPSON
    O43 - CFD: 15/07/2010 - 07:48:54 - [60099546] ----D- C:\Users\Scannella-Deneubourg\AppData\Roaming\GARMIN
    O43 - CFD: 20/08/2009 - 22:07:56 - [412210] ----D- C:\Users\Scannella-Deneubourg\AppData\Roaming\GlarySoft
    O43 - CFD: 12/04/2007 - 21:02:14 - [0] ----D- C:\Users\Scannella-Deneubourg\AppData\Roaming\Google
    O43 - CFD: 10/04/2007 - 16:07:34 - [0] ----D- C:\Users\Scannella-Deneubourg\AppData\Roaming\Identities
    O43 - CFD: 11/08/2010 - 19:12:06 - [12986346] ----D- C:\Users\Scannella-Deneubourg\AppData\Roaming\latelierdeschefs
    O43 - CFD: 29/03/2010 - 20:32:38 - [3245] ----D- C:\Users\Scannella-Deneubourg\AppData\Roaming\LiveCAD3
    O43 - CFD: 3/07/2007 - 15:27:10 - [7787073] ----D- C:\Users\Scannella-Deneubourg\AppData\Roaming\Macromedia
    O43 - CFD: 2/11/2006 - 14:37:36 - [0] ----D- C:\Users\Scannella-Deneubourg\AppData\Roaming\Media Center Programs
    O43 - CFD: 21/04/2011 - 22:46:16 - [10330034] -S--D- C:\Users\Scannella-Deneubourg\AppData\Roaming\Microsoft
    O43 - CFD: 9/07/2009 - 21:18:12 - [83489] ----D- C:\Users\Scannella-Deneubourg\AppData\Roaming\Moyea
    O43 - CFD: 26/04/2009 - 21:54:06 - [40445830] ----D- C:\Users\Scannella-Deneubourg\AppData\Roaming\Mozilla
    O43 - CFD: 31/12/2009 - 11:44:04 - [2123897] ----D- C:\Users\Scannella-Deneubourg\AppData\Roaming\Nero
    O43 - CFD: 24/08/2009 - 18:57:08 - [21954] ----D- C:\Users\Scannella-Deneubourg\AppData\Roaming\NetMeter
    O43 - CFD: 15/08/2007 - 17:05:38 - [1778827] ----D- C:\Users\Scannella-Deneubourg\AppData\Roaming\Nvu
    O43 - CFD: 28/10/2007 - 23:27:56 - [2289810] ----D- C:\Users\Scannella-Deneubourg\AppData\Roaming\OpenOffice.org2
    O43 - CFD: 27/07/2010 - 14:42:34 - [286640] ----D- C:\Users\Scannella-Deneubourg\AppData\Roaming\Real
    O43 - CFD: 26/07/2007 - 17:52:18 - [0] R---D- C:\Users\Scannella-Deneubourg\AppData\Roaming\SecuROM
    O43 - CFD: 16/12/2007 - 23:20:44 - [120513] ----D- C:\Users\Scannella-Deneubourg\AppData\Roaming\Symantec
    O43 - CFD: 13/04/2011 - 10:30:56 - [2881717] ----D- C:\Users\Scannella-Deneubourg\AppData\Roaming\uTorrent
    O43 - CFD: 4/04/2011 - 20:49:28 - [2477395] ----D- C:\Users\Scannella-Deneubourg\AppData\Roaming\vlc
    O43 - CFD: 21/02/2009 - 14:27:02 - [16945] ----D- C:\Users\Scannella-Deneubourg\AppData\Roaming\Vso
    O43 - CFD: 26/04/2007 - 21:05:54 - [139] ----D- C:\Users\Scannella-Deneubourg\AppData\Roaming\WinRAR
    O43 - CFD: 6/08/2008 - 10:14:04 - [0] ----D- C:\Users\Scannella-Deneubourg\AppData\Roaming\XnView
    O43 - CFD: 18/04/2007 - 20:04:52 - [161866] ----D- C:\Users\Scannella-Deneubourg\Appdata\Local\ABBYY
    O43 - CFD: 16/02/2010 - 13:10:28 - [62137726] ----D- C:\Users\Scannella-Deneubourg\Appdata\Local\Adobe
    O43 - CFD: 11/05/2007 - 22:08:28 - [1950597] ----D- C:\Users\Scannella-Deneubourg\Appdata\Local\Ahead
    O43 - CFD: 28/07/2008 - 14:27:18 - [0] ----D- C:\Users\Scannella-Deneubourg\Appdata\Local\Apple
    O43 - CFD: 7/08/2008 - 16:26:24 - [179632] ----D- C:\Users\Scannella-Deneubourg\Appdata\Local\Apple Computer
    O43 - CFD: 10/04/2007 - 16:07:28 - [0] -SH-D- C:\Users\Scannella-Deneubourg\Appdata\Local\Application Data
    O43 - CFD: 7/05/2008 - 18:47:06 - [5988] ----D- C:\Users\Scannella-Deneubourg\Appdata\Local\ApplicationHistory
    O43 - CFD: 4/03/2008 - 17:13:24 - [170854] ----D- C:\Users\Scannella-Deneubourg\Appdata\Local\Apps
    O43 - CFD: 27/11/2010 - 10:54:24 - [0] ----D- C:\Users\Scannella-Deneubourg\Appdata\Local\Deployment
    O43 - CFD: 26/07/2007 - 17:52:52 - [4228] ----D- C:\Users\Scannella-Deneubourg\Appdata\Local\Electronic Arts
    O43 - CFD: 23/04/2009 - 11:51:00 - [0] ----D- C:\Users\Scannella-Deneubourg\Appdata\Local\eMule
    O43 - CFD: 6/11/2010 - 13:03:54 - [33557742] ----D- C:\Users\Scannella-Deneubourg\Appdata\Local\Google
    O43 - CFD: 10/04/2007 - 16:07:28 - [0] -SH-D- C:\Users\Scannella-Deneubourg\Appdata\Local\Historique
    O43 - CFD: 13/02/2011 - 20:12:40 - [307629983] ----D- C:\Users\Scannella-Deneubourg\Appdata\Local\IM
    O43 - CFD: 17/09/2007 - 21:27:30 - [18658] ----D- C:\Users\Scannella-Deneubourg\Appdata\Local\IsolatedStorage
    O43 - CFD: 17/02/2011 - 20:47:32 - [3944650435] ----D- C:\Users\Scannella-Deneubourg\Appdata\Local\Microsoft
    O43 - CFD: 12/07/2007 - 21:19:24 - [2000032] ----D- C:\Users\Scannella-Deneubourg\Appdata\Local\Microsoft Games
    O43 - CFD: 11/04/2007 - 14:12:20 - [46234217] ----D- C:\Users\Scannella-Deneubourg\Appdata\Local\Mozilla
    O43 - CFD: 18/09/2009 - 18:13:54 - [0] ----D- C:\Users\Scannella-Deneubourg\Appdata\Local\Real
    O43 - CFD: 4/04/2009 - 10:09:34 - [1524] ----D- C:\Users\Scannella-Deneubourg\Appdata\Local\Symant
    0
  12. diablesse136
     
    oups...voici le lien sorry :
    http://pjjoint.malekal.com/files.php?id=2707c445f791513
    0
    1. Tigzy Messages postés 7983 Statut Contributeur sécurité 582
       
      Je regarde ça lundi, tu peux faire un UP si je t'oublie?
      0
    2. diablesse136
       
      ok, mais c'est quoi un UP?? Bon we!
      0
    3. Tigzy Messages postés 7983 Statut Contributeur sécurité 582
       
      c'est juste écrire un message pour faire remonter le sujet
      0
    4. diablesse136
       
      Ah ok, LOL! Pas de soucis.... Merci;
      0
  13. diablesse136
     
    Bonjour,

    voici le lien :
    http://pjjoint.malekal.com/files.php?id=2707c445f791513
    0
  14. Tigzy Messages postés 7983 Statut Contributeur sécurité 582
     
    Télécharger sur le bureau
    AD-Remover
    = Double-Clic AD-R pour l'installer
    = Double-Clic AD-Remover, raccourci qui vient de se créer sur le bureau
    = Faire Nettoyer
    = En fin de scan donner le rapport

    0
  15. diablesse136
     
    Bonjour,

    voici le rapport AD-remover :

    ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par TeamXscript le 12/04/11
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Site web: http://www.teamxscript.org

    C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 17:18:38 le 07/06/2011, Mode normal

    Microsoft® Windows Vista(TM) Édition Familiale Premium (X86)
    Scannella-Deneubourg@PC-SCANNELLA (System manufacturer System Product Name)

    ============== ACTION(S) ==============

    Fichier supprimé: C:\Windows\pack.epk
    Fichier supprimé: C:\Users\Scannella-Deneubourg\AppData\Local\lpfkom.bat

    (!) -- Fichiers temporaires supprimés.

    Clé supprimée: HKLM\Software\Classes\Conduit.Engine
    Clé supprimée: HKLM\Software\Classes\Toolbar.CT2542115
    Clé supprimée: HKLM\Software\Classes\Toolbar.CT2724386
    Clé supprimée: HKLM\Software\Conduit
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
    Clé supprimée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F

    Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo jimddp
    Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo hpfanicgkffmccehnpkikogcffaepkfp
    Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo dgnckdmmolaijpbbakmplfhlfpdhglgc
    Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{30F9B915-B755-4826-820B-08FBA6BD249D}

    ============== SCAN ADDITIONNEL ==============

    **** Mozilla Firefox Version [4.0.1 (fr)] ****

    HKLM_MozillaPlugins\@garmin.com/GpsControl (x)
    Searchplugins\bing.xml ( hxxp://www.bing.com/search)
    Components\browsercomps.dll (Mozilla Foundation)
    Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox)

    -- C:\Users\Scannella-Deneubourg\AppData\Roaming\Mozilla\FireFox\Profiles\083c7n5h.default --
    Searchplugins\LiveSearch.xml ( hxxp://search.live.com/results.aspx)
    Searchplugins\MyStart Search.xml (?)
    Prefs.js - browser.download.dir, C:\\Users\\Scannella-Deneubourg\\Desktop
    Prefs.js - browser.download.lastDir, C:\\Users\\Scannella-Deneubourg\\Desktop
    Prefs.js - browser.search.defaultenginename, MyStart Search
    Prefs.js - browser.search.defaulturl, hxxp://isearch.babylon.com/web/{searchTerms}?babsrc=browsersearch
    Prefs.js - browser.search.selectedEngine, Google
    Prefs.js - browser.startup.homepage, hxxp://www.google.be/
    Prefs.js - browser.startup.homepage_override.buildID, 20110413222027
    Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1
    Prefs.js - keyword.URL, hxxp://mystart.incredimail.com/?loc=ff_address_bar&a=6d9vEP8oxe&search=

    ========================================

    **** Internet Explorer Version [8.0.6001.18904] ****

    HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
    HKCU_Main|Start Page - hxxp://fr.msn.com/
    HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
    HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Start Page - hxxp://fr.msn.com/
    HKCU_URLSearchHooks|{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} (x)
    HKCU_Toolbar\WebBrowser|{32099AAC-C132-4136-9E9A-4E364A424E17} (x)
    HKCU_Toolbar\WebBrowser|{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} (x)
    HKCU_ElevationPolicy\{1A84286C-B9A7-4CB6-AB1A-A81E9E0B05E5} - C:\Program Files\Veetle\VLCBroadcast\lbclient.exe (?)
    HKCU_ElevationPolicy\{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - C:\Program Files\Veetle\Player\vtl_hfs.exe (?)
    HKCU_ElevationPolicy\{680FA47E-AB59-46BE-B594-7358726E108B} - C:\Program Files\Veetle\Player\player.exe (?)
    HKCU_ElevationPolicy\{6BA65345-9487-4A32-A7E1-729FDD682FC4} - C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe (x)
    HKCU_ElevationPolicy\{AD6C7CB1-6324-401E-94F4-A09BDC10C866} - C:\Program Files\Veetle\VLCBroadcast\vlc_encoder.exe (?)
    HKCU_ElevationPolicy\{B35DA1E7-9B66-4EFD-BFDF-BC6BE929CF7A} - c:\program files\Google\googletoolbar1user.exe (x)
    HKCU_ElevationPolicy\{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - C:\Program Files\Veetle\Player\vtl_hfax.exe (?)
    HKLM_ElevationPolicy\{08FF730A-494F-4cba-AA0B-E4F1D44715F9} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\symerr.exe (x)
    HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
    HKLM_Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - "@C:\Windows\WindowsMobile\INetRepl.dll,-222" (C:\Windows\WindowsMobile\INetRepl.dll,210)
    HKLM_Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - "?" (?)
    BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 2 Fichier(s)
    C:\Program Files\Ad-Remover\Backup: 15 Fichier(s)

    C:\Ad-Report-CLEAN[1].txt - 07/06/2011 17:18:49 (5402 Octet(s))

    Fin à: 17:20:09, 07/06/2011

    ============== E.O.F ==============
    0
  16. Tigzy Messages postés 7983 Statut Contributeur sécurité 582
     
    Ok, c'est bon pour moi.
    Plus de problèmes?
    0
    1. diablesse136
       
      Non tout fonctionne bien :-). Juste une petite question, existe il un petit programme que l'on peut faire tourner de temps en temps pour détecter ces rootkit avant qu'ils ne fassent des dégâts?
      Et MERCI beaucoup!! Heureusement qu'il y a des forums comme celui-ci pour aider les gens comme moi, lol!
      0
  17. Tigzy Messages postés 7983 Statut Contributeur sécurité 582
     
    * Télécharge DELFix de Xplode
    * Lance le.
    * A l'invite, tape 2 (suppression)
    * Un rapport va s'ouvrir à la fin, colle le dans la réponse

    ----------

    Tu peux lire ce sujet sur les logiciels recommandés, et les attitudes responsables sur le web
    Et celui ci, sur les logiciels gratuits à éviter

    ------

    Tu peux garder Malwarebytes pour un scan de temps à autres

    -----

    Pense à marquer le fil comme résolu

    ------------------

    Pour ta question, en principe non.
    Tout évolue très vite, et les logiciels qu'on utilise peuvent être obsolète du jour au lendemain, tandis que d'autres sont plus rapide à se mettre à jour.
    Il faut se tenir informé, ou venir nous voir :)
    0
  18. diablesse136
     
    Hello,

    voici le dernier rapport :-) :

    # DelFix v8.0 - Rapport créé le 08/06/2011 à 18:34
    # Mis à jour le 01/06/11 à 13h par Xplode
    # Système d'exploitation : Windows Vista (TM) Home Premium (32 bits) [version 6.0.6001] Service Pack 1
    # Nom d'utilisateur : Scannella-Deneubourg - PC-SCANNELLA (Administrateur)
    # Exécuté depuis : C:\Users\Scannella-Deneubourg\Downloads\delfix.exe
    # Option [Suppression]

    ~~~~~~ Dossier(s) ~~~~~~

    Supprimé : C:\32788R22FWJFW
    Supprimé : C:\Qoobox
    Supprimé : C:\Program Files\Ad-Remover
    Supprimé : C:\Program Files\ZHPDiag
    Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP

    ~~~~~~ Fichier(s) ~~~~~~

    Supprimé : C:\Ad-Report-CLEAN[1].txt
    Supprimé : C:\ComboFix.txt
    Supprimé : C:\PhysicalDisk0_MBR.bin
    Supprimé : C:\TDSSKiller.2.5.3.0_03.06.2011_17.02.48_log.txt
    Supprimé : C:\Windows\grep.exe
    Supprimé : C:\Windows\msnfix.txt
    Supprimé : C:\Windows\PEV.exe
    Supprimé : C:\Windows\sed.exe
    Supprimé : C:\Windows\SWREG.exe
    Supprimé : C:\Windows\SWSC.exe
    Supprimé : C:\Windows\SWXCACLS.exe
    Supprimé : C:\Windows\zip.exe

    ~~~~~~ Registre ~~~~~~

    Clé Supprimée : HKCU\SOFTWARE\Ad-Remover
    Clé Supprimée : HKLM\Software\Swearware
    Clé Supprimée : HKLM\Software\Classes\.cfxxe
    Clé Supprimée : HKLM\Software\Classes\cfxxefile
    Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Remover
    Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
    Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

    ~~~~~~ Autre ~~~~~~

    -> Prefetch vidé

    ########## EOF - "C:\DelFixSuppr.txt" - [1674 octets] ##########
    0
    1. diablesse136
       
      Encore une petite question... J'ai lu les sujets sur la sécurité, merci!!
      Comme antivirus est ce que commodo internet security premium est valable ou est ce qu'antivir est mieux?
      Merci encore!
      0
    2. Tigzy Messages postés 7983 Statut Contributeur sécurité 582
       
      J'aurais tendance à dire que les gratuits font toujours l'affaire
      0
  19. tams777 Messages postés 45 Statut Membre
     
    Si windows vista se lance cela veut dire que ton disque dur est toujours actif, mais effectivement tu pourrais avoir des problmées avec tes données, maintenant tu pourrais faire un diagnotique pour savoir si ton DD à atteint un état critique avec "HDD Regenerator" mais comme tu n'as pas accés à ton bureau du au lancement permanent d'un programme de vista donc tu ne peut installé "hdd regenerator", essaye de faire CTRL+ALT+SUPP>Ouvrir gestionnaire des périphérique, une fenêtre s'ouvre aller en haut à gauche dans fichier>nouvelle tache (éxécuter) dans la nouvelle barre qui apparaît mettre explorer.exe normallement tu devrais avoir tes icones réapparaitre.

    Donne moi les résultats qui tu auras ????
    -1
    1. Tigzy Messages postés 7983 Statut Contributeur sécurité 582
       
      Ces différentes alertes sont dus à ce faux antivirus.

      Autrement dit, c'est un rogue
      0
    2. verni29 Messages postés 6805 Statut Contributeur sécurité 180
       
      Oui.

      et donc utiliser roguekiller.

      :-)
      0