fichier csrss.exe infecté et navigation internet impossible

Section d'analyse de rapports et de désinfection : malwares en tous genre et autres indésirables. Demandes de nettoyage uniquement. Prise en charge restreinte : équipe spécialisée.

Modérateur: Modérateurs

Règles du forum :arrow: Les désinfections sont prises en charge par un groupe spécifique, tout le monde ne peut pas intervenir pour désinfecter les machines (règles).
:arrow: Les procédures sont sur-mesure, ne faites pas la même chose chez vous (explications).
:arrow: Un topic par machine, chacun crée le sien. ;)

fichier csrss.exe infecté et navigation internet impossible

Messagepar terrificolor » 16 Fév 2011 22:37

Bonjour,
il y a quelques jours à l'ouverture de windows je découvrais deux nouvelles icones sur le bureau. elles sont apparues comme par magie car je n'ai rien installé de nouveau.
Aprés les avoir effacées deux fenêtres de dialogue sont apparues,

la première disant:
Windows ne trouve pas 'C:\DOCUME~1\Terri\LOCALS~1\Temp\csrss.exe'. Vérifiez que vous avez entré le nom correctement et essayez à nouveau.
Pour rechercher un fichier, cliquez sur le bouton Démarrer, puis sur Rechercher.

La seconde:
Impossible de charger ou d'exécuter 'C:\DOCUME~1\Terri\LOCALS~1\Temp\csrss.exe' spécifié dans le Registre. Vérifiez que le fichier existe sur votre
ordinateur ou supprimez la référence dans le Registre.

Depuis ces étranges phénomènes lorsque je navigue sur le net je suis régulièrement redirigé vers des pages indésirables du type "Orange" ou "Gameo"...

En effectuant un scan rapide avec "Malwarebytes anti-malware" j'obtient ceci:
1 fichier infecté impossible à supprimer:
Vendeur>Trojan.Agent Catégorie>File Elément>C:\Documents and Settings\Terri\Local Settings\Temp\csrss.exe Action effectuée>No action taken

Voilà si quelqu'un pouvait me donner un petit coup de main ça serait vraiment sympa, je vous remercie d'avance.

Voici le log Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:02:19, on 16/02/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Terri\Application Data\dwm.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
C:\Program Files\System Control Manager\edd.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\Terri\LOCALS~1\Temp\csrss.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\WINDOW~4\Datamngr\DATAMN~1.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\System32\dllhost.exe
C:\Documents and Settings\Terri\Application Data\Microsoft\conhost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
D:\Logiciels Setup\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/403
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avg.com/special-enhance-prot ... -bnr-appf8
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:61273
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll
F3 - REG:win.ini: load=C:\DOCUME~1\Terri\LOCALS~1\Temp\csrss.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WINDOW~4\ToolBar\SearchquDx.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll
O3 - Toolbar: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WINDOW~4\ToolBar\SearchquDx.dll
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Getting started with MacDrive] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto
O4 - HKLM\..\Run: [MacDrive application] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\WINDOW~4\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstall ... gBQAEEATgA"&"inst=NwA3AC0ANAA0ADIAOAA2ADQAMQAxADQALQBUADQALQBCAEEAUgA5AEcAKwAxAC0ARgBMACsAOQAtAEYAOQBNADYAKwAxAC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AA"&"prod=90"&"ver=9.0.872
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\Terri\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3666291156
O17 - HKLM\System\CCS\Services\Tcpip\..\{07632219-9E70-479F-A943-3CBC4BDEC5B2}: NameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{07632219-9E70-479F-A943-3CBC4BDEC5B2}: NameServer = 192.168.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{07632219-9E70-479F-A943-3CBC4BDEC5B2}: NameServer = 192.168.0.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{07632219-9E70-479F-A943-3CBC4BDEC5B2}: NameServer = 192.168.0.254
O20 - AppInit_DLLs: c:\progra~1\window~4\datamngr\datamngr.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MacDrive service (MacDriveService) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Windows Internet Name Service - Unknown owner - C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe

--
End of file - 10280 bytes
terrificolor
 
Messages: 23
Inscription: 23 Mar 2010 18:11

Re: fichier csrss.exe infecté et navigation internet impossi

Messagepar Florinator » 17 Fév 2011 10:54

Bonjour,

Trés bien, on va s'occuper de cela:

Télécharge Tdsskiller sur ton Bureau

  • Décompresse le fichier en faisant un clique droit dessus
  • Double clique dessus
  • Clique sur "StartScan"
  • Si des nuisibles sont trouvés (Malicious Objects), vérifie que l'option "Cure"ou "Quarantine" est selectionné
  • Si des objects suspects ("Suspicious objects") ont été détectés, sur l'écran de demande de confirmation, modifie l'action à entreprendre et indique "Quarantine" au lieu de "Skip".
  • Clique alors sur le bouton "continu" puis "RebootNow"
  • Copie-colle le rapport qui apparait

NB:Le fichier est également présent ici : C:\tdsskiller\report.txt

A++
Le savoir n'est utile que si il est transmis.
Avatar de l’utilisateur
Florinator
Maître Libellulien
Maître Libellulien
 
Messages: 661
Inscription: 28 Déc 2009 16:19

Re: fichier csrss.exe infecté et navigation internet impossi

Messagepar terrificolor » 18 Fév 2011 21:18

Bonjour, merci de votre réponse voici le rapport de TDSS killer 2.4.17.0 :
(par contre j'ai n'ai pas vu le bouton "reboot now")

2011/02/18 21:08:55.0093 0712 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/18 21:08:55.0375 0712 ================================================================================
2011/02/18 21:08:55.0375 0712 SystemInfo:
2011/02/18 21:08:55.0375 0712
2011/02/18 21:08:55.0375 0712 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/18 21:08:55.0375 0712 Product type: Workstation
2011/02/18 21:08:55.0375 0712 ComputerName: PCNECFAB
2011/02/18 21:08:55.0375 0712 UserName: Terri
2011/02/18 21:08:55.0375 0712 Windows directory: C:\WINDOWS
2011/02/18 21:08:55.0375 0712 System windows directory: C:\WINDOWS
2011/02/18 21:08:55.0375 0712 Processor architecture: Intel x86
2011/02/18 21:08:55.0375 0712 Number of processors: 2
2011/02/18 21:08:55.0375 0712 Page size: 0x1000
2011/02/18 21:08:55.0375 0712 Boot type: Normal boot
2011/02/18 21:08:55.0375 0712 ================================================================================
2011/02/18 21:08:56.0218 0712 Initialize success
2011/02/18 21:09:36.0953 3976 ================================================================================
2011/02/18 21:09:36.0953 3976 Scan started
2011/02/18 21:09:36.0953 3976 Mode: Manual;
2011/02/18 21:09:36.0953 3976 ================================================================================
2011/02/18 21:09:37.0734 3976 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/18 21:09:37.0781 3976 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/02/18 21:09:37.0843 3976 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/18 21:09:37.0937 3976 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/18 21:09:38.0187 3976 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/02/18 21:09:38.0281 3976 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/18 21:09:38.0328 3976 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/18 21:09:38.0375 3976 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/18 21:09:38.0437 3976 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/18 21:09:38.0656 3976 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/02/18 21:09:38.0750 3976 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/02/18 21:09:38.0828 3976 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/02/18 21:09:38.0921 3976 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/18 21:09:38.0984 3976 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/18 21:09:39.0062 3976 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/02/18 21:09:39.0109 3976 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/18 21:09:39.0140 3976 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/18 21:09:39.0171 3976 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/18 21:09:39.0234 3976 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/02/18 21:09:39.0265 3976 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/02/18 21:09:39.0343 3976 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/18 21:09:39.0453 3976 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/18 21:09:39.0562 3976 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/18 21:09:39.0625 3976 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/18 21:09:39.0656 3976 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/18 21:09:39.0703 3976 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/18 21:09:39.0750 3976 e1express (8942419786970adb32b05bb7950aee72) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/02/18 21:09:39.0828 3976 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/18 21:09:39.0859 3976 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/02/18 21:09:39.0890 3976 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/18 21:09:39.0937 3976 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/02/18 21:09:40.0031 3976 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/18 21:09:40.0062 3976 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/18 21:09:40.0078 3976 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/18 21:09:40.0140 3976 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/02/18 21:09:40.0187 3976 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/18 21:09:40.0234 3976 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/02/18 21:09:40.0312 3976 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/18 21:09:40.0421 3976 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/18 21:09:40.0906 3976 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/18 21:09:41.0375 3976 ialm (3b743262b6456167888d15f1121b3bf7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/02/18 21:09:42.0421 3976 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/02/18 21:09:42.0500 3976 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/18 21:09:43.0359 3976 IntcAzAudAddService (915ce2a58c6917e3c53be1e91fa66ba8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/02/18 21:09:43.0484 3976 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/18 21:09:43.0531 3976 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/18 21:09:43.0859 3976 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/18 21:09:43.0906 3976 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/18 21:09:43.0953 3976 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/18 21:09:44.0000 3976 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/18 21:09:44.0046 3976 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/02/18 21:09:44.0078 3976 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/18 21:09:44.0125 3976 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/18 21:09:44.0171 3976 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/18 21:09:44.0218 3976 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/18 21:09:44.0281 3976 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/18 21:09:44.0343 3976 MDFSYSNT (07d6a1839473c9b5432f034ee18cdd04) C:\WINDOWS\system32\drivers\MDFSYSNT.sys
2011/02/18 21:09:44.0375 3976 MDPMGRNT (71c3f8fa39c7409bca9099e44c19dd78) C:\WINDOWS\system32\drivers\MDPMGRNT.sys
2011/02/18 21:09:44.0421 3976 MGHwCtrl (25a4177b8abf458691138f0c9684e70f) C:\WINDOWS\System32\drivers\MGHwCtrl.sys
2011/02/18 21:09:44.0484 3976 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/18 21:09:44.0578 3976 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/18 21:09:44.0937 3976 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/18 21:09:45.0078 3976 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/18 21:09:45.0109 3976 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/18 21:09:45.0140 3976 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/18 21:09:45.0187 3976 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/18 21:09:45.0234 3976 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/18 21:09:45.0281 3976 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/18 21:09:45.0343 3976 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/18 21:09:45.0375 3976 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/18 21:09:45.0437 3976 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/18 21:09:45.0781 3976 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/02/18 21:09:45.0968 3976 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/18 21:09:46.0078 3976 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/02/18 21:09:46.0171 3976 NAL (8c48260fd6c281da171bdcc7b7396379) C:\WINDOWS\System32\Drivers\iqvw32.sys
2011/02/18 21:09:46.0234 3976 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/18 21:09:46.0281 3976 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/02/18 21:09:46.0312 3976 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/18 21:09:46.0343 3976 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/18 21:09:46.0390 3976 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/18 21:09:46.0515 3976 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/18 21:09:46.0765 3976 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/18 21:09:46.0859 3976 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/18 21:09:47.0031 3976 NETw4x32 (12b0d99865434387f784268b70e23360) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
2011/02/18 21:09:47.0156 3976 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/02/18 21:09:47.0234 3976 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/18 21:09:47.0265 3976 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
2011/02/18 21:09:47.0359 3976 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/18 21:09:47.0437 3976 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/18 21:09:47.0500 3976 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/18 21:09:47.0562 3976 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/18 21:09:47.0625 3976 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/02/18 21:09:47.0656 3976 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/18 21:09:47.0671 3976 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/18 21:09:47.0703 3976 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/18 21:09:47.0718 3976 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/18 21:09:47.0781 3976 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/18 21:09:47.0796 3976 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/02/18 21:09:47.0953 3976 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/18 21:09:47.0968 3976 Processor (e19c9632ac828f6f214391e2bdda11cb) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/02/18 21:09:48.0000 3976 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/18 21:09:48.0046 3976 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
2011/02/18 21:09:48.0109 3976 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/18 21:09:48.0250 3976 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/18 21:09:48.0328 3976 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/02/18 21:09:48.0359 3976 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/18 21:09:48.0390 3976 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/18 21:09:48.0406 3976 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/18 21:09:48.0453 3976 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/18 21:09:48.0484 3976 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/18 21:09:48.0515 3976 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/18 21:09:48.0562 3976 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/18 21:09:48.0625 3976 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/02/18 21:09:48.0640 3976 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/02/18 21:09:48.0671 3976 rismxdp (d231b577024aa324af13a42f3a807d10) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/02/18 21:09:48.0750 3976 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/02/18 21:09:48.0796 3976 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/18 21:09:48.0828 3976 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/18 21:09:48.0843 3976 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/18 21:09:48.0890 3976 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/18 21:09:48.0953 3976 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/02/18 21:09:49.0453 3976 SNP2STD (b64c7dc23a9c173e5766120becaa01d9) C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
2011/02/18 21:09:50.0062 3976 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/18 21:09:50.0171 3976 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/02/18 21:09:50.0171 3976 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/02/18 21:09:50.0187 3976 sptd - detected Locked file (1)
2011/02/18 21:09:50.0203 3976 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/18 21:09:50.0250 3976 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/18 21:09:50.0343 3976 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/02/18 21:09:50.0390 3976 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/02/18 21:09:50.0437 3976 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/18 21:09:50.0468 3976 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/18 21:09:50.0640 3976 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/18 21:09:50.0718 3976 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/18 21:09:50.0765 3976 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/18 21:09:50.0812 3976 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/18 21:09:50.0875 3976 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/18 21:09:50.0937 3976 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys
2011/02/18 21:09:50.0968 3976 tosrfbd (266df087a8c24da34ff40cf3df86ccfb) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
2011/02/18 21:09:51.0000 3976 tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
2011/02/18 21:09:51.0046 3976 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
2011/02/18 21:09:51.0093 3976 Tosrfhid (7c807ba9660e2995cc0217a14a24094c) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
2011/02/18 21:09:51.0156 3976 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
2011/02/18 21:09:51.0187 3976 TosRfSnd (a4ce9572bc4ac8d329455059b43c5bea) C:\WINDOWS\system32\drivers\tosrfsnd.sys
2011/02/18 21:09:51.0250 3976 tosrfusb (cdda265c7617a2745b48e0de572012a6) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
2011/02/18 21:09:51.0312 3976 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/18 21:09:51.0453 3976 UnlockerDriver5 (4847639d852763ee39415c929470f672) C:\Program Files\Unlocker\UnlockerDriver5.sys
2011/02/18 21:09:51.0578 3976 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/18 21:09:51.0656 3976 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/02/18 21:09:51.0703 3976 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/02/18 21:09:51.0750 3976 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/18 21:09:51.0843 3976 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/18 21:09:51.0906 3976 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/18 21:09:51.0984 3976 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/18 21:09:52.0031 3976 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/18 21:09:52.0078 3976 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/18 21:09:52.0140 3976 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/18 21:09:52.0171 3976 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/18 21:09:52.0234 3976 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/18 21:09:52.0296 3976 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/18 21:09:52.0343 3976 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/18 21:09:52.0421 3976 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/02/18 21:09:52.0703 3976 ================================================================================
2011/02/18 21:09:52.0703 3976 Scan finished
2011/02/18 21:09:52.0703 3976 ================================================================================
2011/02/18 21:09:52.0718 3000 Detected object count: 1
2011/02/18 21:11:37.0531 3000 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/02/18 21:11:37.0531 3000 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/02/18 21:11:37.0546 3000 C:\WINDOWS\system32\Drivers\sptd.sys - copied to quarantine
2011/02/18 21:11:37.0546 3000 Locked file(sptd) - User select action: Quarantine
terrificolor
 
Messages: 23
Inscription: 23 Mar 2010 18:11

Re: fichier csrss.exe infecté et navigation internet impossi

Messagepar Florinator » 19 Fév 2011 13:33

Bonjour,

Ok, rien de particulier à noter, on continu:

Télécharge ZHPDiag crée par Nicolas Coolman

  • Enregistre le sur ton bureau
  • Double clique sur l'icône (Sous vista ou 7, clique droit puis "éxécuter en administrateur)
  • Suis les instructions à l'ecran
  • Clique sur Image pour lancer l'analyse
  • Clique sur Image pour copier le rapport
  • Puis colle le dans ta prochaine réponses
  • Le rapport se situe aussi sous C:\Program Files\ZebHelpProcess\ZHPDiag.txt

A++
Le savoir n'est utile que si il est transmis.
Avatar de l’utilisateur
Florinator
Maître Libellulien
Maître Libellulien
 
Messages: 661
Inscription: 28 Déc 2009 16:19

Re: fichier csrss.exe infecté et navigation internet impossi

Messagepar terrificolor » 19 Fév 2011 17:42

Salut,
voici le rapport de ZHPDiag :

Rapport de ZHPDiag v1.27.1610 par Nicolas Coolman, Update du 19/02/2011
Run by Terri at 19/02/2011 17:34:51
Web site : http://www.premiumorange.com/zeb-help-p ... pdiag.html
Contact : nicolascoolman@yahoo.fr

---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox v3.6.13 (fr) (Defaut)

---\\ System Information
Windows XP Home Edition Service Pack 3 (Build 2600)
Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2039 MB (65% free)
System Restore: Activé (Enable)
System drive C: has 34 GB (38%) free of 88 GB

---\\ Logged in mode
Computer Name: PCNECFAB
User Name: Terri
All Users Names: Terri, SUPPORT_388945a0, HelpAssistant, Administrateur,
Unselected Option: O45,O61,O62,O65,O66,O82
Logged in as Administrator

---\\ Environnement Variables
%AppData%=C:\Documents and Settings\Terri\Application Data
%LocalAppData%=C:\Documents and Settings\Terri\Local Settings\Application Data
%StartMenu%=C:\Documents and Settings\Terri\Menu Démarrer

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 34 Go of 88 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 19 Go of 61 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ CD-ROM drive (Not Inserted)


---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK


---\\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 19:34:04.) -- C:\Windows\Explorer.exe [1037824]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 19:34:30.) -- C:\Windows\System32\Winlogon.exe [512000]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 11:40:32.) -- C:\Windows\System32\drivers\atapi.sys [96512]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 12:15:54.) -- C:\Windows\System32\drivers\ntfs.sys [574976]


---\\ Processus lancés
[MD5.CA8A0E78C3BBBAD05A9A132BC468DF9C] - (.Avira GmbH - Antivirus Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [135336]
[MD5.CCED1300F915817C00FCFD7FA0EE1300] - (.Pas de propriétaire - Pas de description.) -- C:\Documents and Settings\Terri\Application Data\dwm.exe [201728]
[MD5.CCED1300F915817C00FCFD7FA0EE1300] - (.Pas de propriétaire - Pas de description.) -- C:\DOCUME~1\Terri\LOCALS~1\Temp\csrss.exe [198144]
[MD5.A400804BA8FB3F80261D2166A6FE8A02] - (.MSI - System Control Manager.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe [180736]
[MD5.B5C0AEB9DBB6E424936B2288F50BC79B] - (.Sonix - CameraMonitor Application.) -- C:\WINDOWS\vsnp2std.exe [675840]
[MD5.11D1ECF3257258DF1D6D2DF424C2D92B] - (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe [134656]
[MD5.651335DF54C9D07DAEE5D34A976EB401] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [166912]
[MD5.38E9341BAF93C9125BB338DCE840E1F8] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [134656]
[MD5.27DC0F903C1556C28ED444372E811092] - (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.exe [243712]
[MD5.3A57538B12DE39F723BEE00E4A72FC4A] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.EXE [16377344]
[MD5.403E928BA217E38485009636C793F3C9] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Unlocker\UnlockerAssistant.exe [15872]
[MD5.5886EF28D51B69AD40072965D70AD651] - (.Mediafour Corporation - MacDrive application.) -- C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe [201304]
[MD5.0AEE5668EB59912F32FF245BFA72465F] - (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe [421888]
[MD5.F3DEAA1F2FCF70FAF6DE3757CA343FA5] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [421160]
[MD5.3E0724E99C129D0946279D7118482185] - (.Discordia, LTD - Data Manager.) -- C:\PROGRA~1\WINDOW~4\Datamngr\DATAMN~1.EXE [985488]
[MD5.C983E62B6FB74457D173BA93F66F6068] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [281768]
[MD5.CCED1300F915817C00FCFD7FA0EE1300] - (.Pas de propriétaire - Pas de description.) -- C:\Documents and Settings\Terri\Application Data\Microsoft\conhost.exe [192512]
[MD5.F34E7705751BB413283434697BF8E55D] - (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe [357696]
[MD5.4C9521159A1236466CB2365AE02C3B88] - (.TOSHIBA CORPORATION. - TosBtMng.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2756608]
[MD5.48BE1FCFF1C929C899F29BCDC8659D9F] - (.Avira GmbH - Antivirus On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [267944]
[MD5.5AA788D5A2C6737BB9C45933985BC1B8] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [37664]
[MD5.9BC3ED045690E616936B50A40FB8D0DA] - (.Secunia - Secunia PSI Tray.) -- C:\Program Files\Secunia\PSI\psi_tray.exe [291896]
[MD5.75407DBFC47A6AC6243F557861EEB596] - (.TOSHIBA CORPORATION. - TosA2dp.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe [278528]
[MD5.673CF4F6BB1FBE09331B526802FBB892] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [345376]
[MD5.2C92B17E820094F37037B6CE114BEB69] - (.TOSHIBA CORPORATION. - Pas de description.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe [69632]
[MD5.8C91BD35AE9AA8B628EEC5E637BB1D0F] - (.Avira GmbH - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [76968]
[MD5.6A9D25A55FDA74E8F121323E13A4CEAB] - (.TOSHIBA CORPORATION. - TosBtHSP.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe [274432]
[MD5.C31842EB63C7005256A486901FBCD77B] - (.Mediafour Corporation - MacDrive service.) -- C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe [150528]
[MD5.AFF24206FFC1081787155B03C99BA716] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\System Control Manager\edd.exe [40960]
[MD5.1CE8490E8919EF5C72275952C202E749] - (.Secunia - Secunia PSI Agent.) -- C:\Program Files\Secunia\PSI\PSIA.exe [987704]
[MD5.11E8D8272FDBE213ADE3DAD91427CE35] - (.OpenOffice.org - OpenOffice.org 3.3.) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe [11322880]
[MD5.2337EC951C4AF6E1AF65D10BD9615BEB] - (.OpenOffice.org - OpenOffice.org 3.3.) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin [11314688]
[MD5.87843B2DA99051BC66E2D6C211E3D6A4] - (.TOSHIBA CORPORATION - TOSHIBA Bluetooth Service.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [125048]
[MD5.92E618D58A6445D246C0DA9C0265F4B0] - (.Pas de propriétaire - Provides Internet Name Service.) -- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe [4931584]
[MD5.8E5E5A8CC84DA3F683E3BBC045138D52] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [820008]
[MD5.0DAD93BB0FECF5016AE3C06CBB0A873B] - (.Microsoft Corporation - COM Surrogate.) -- C:\WINDOWS\System32\dllhost.exe [5120]
[MD5.5E06A9D23727DAF96FAA796F1135FDCD] - (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376]
[MD5.5A4DA252B2C0550AB83D129C02CF6C19] - (.Microsoft Corporation - Service de cliché instantané de volumes Mic.) -- C:\WINDOWS\System32\vssvc.exe [295424]
[MD5.0E20A3213ED010FC4997D1EF48082ABC] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [912344]
[MD5.BA9A09CF1B9503C363617F3748F6D791] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [16856]
[MD5.8EDAC4D2659E1F525D432D991BF97C53] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [630784]


---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M3 - MFPP: Plugins - [Terri] -- C:\Documents and Settings\Terri\Application Data\Mozilla\Firefox\Profiles\tztlbguf.default\searchplugins\bing.xml
M3 - MFPP: Plugins - [Terri] -- C:\Documents and Settings\Terri\Application Data\Mozilla\Firefox\Profiles\tztlbguf.default\searchplugins\SearchquWebSearch.xml
M3 - MFPP: Plugins - [Terri] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml
M3 - MFPP: Plugins - [Terri] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
M3 - MFPP: Plugins - [Terri] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml
M3 - MFPP: Plugins - [Terri] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [Terri] -- C:\Program Files\Mozilla FireFox\searchplugins\SearchquWebSearch.xml
M3 - MFPP: Plugins - [Terri] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml
M3 - MFPP: Plugins - [Terri] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml
P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll
P2 - FPN:Firefox Plugin Navigator . (.mozilla.org - Default Plug-in.) -- C:\Program Files\Mozilla Firefox\Plugins\npnul32.dll
P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 8.2.6.) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin2.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin3.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin4.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin5.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin6.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin7.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@Apple.com/iTunes,version=1.0] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_24 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
M0 - MFSP: prefs.js [Terri - tztlbguf.default] http://www.google.com/
M2 - MFEP: prefs.js [Terri - tztlbguf.default\illimitux@illimitux.net] [illimitux] Illimitux v (.Illimitux.net.)
M2 - MFEP: prefs.js [Terri - tztlbguf.default\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}] [adblockplus] Adblock Plus v1.3.3 (.Wladimir Palant.)


---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/403
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKUS\S-1-5-21-507921405-573735546-725345543-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/403
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:61273
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R1 - HKUS\S-1-5-21-507921405-573735546-725345543-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.19019 (longhorn_ie8_gdr.101217-1700)) -- C:\WINDOWS\system32\ieframe.dll
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} . (.Conduit Ltd. - Conduit Toolbar.) (5, 7, 3, 1) -- C:\Program Files\Vuze_Remote\tbVuz1.dll


---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"


---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} . (...) -- C:\Program Files\AVG\AVG9\avgssie.dll (.not file.)
O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} . (.Pas de propriétaire - Searchqu Toolbar Link Library.) -- C:\PROGRA~1\WINDOW~4\ToolBar\SearchquDx.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Vuze_Remote\tbVuz1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java(TM) Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll


---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Vuze_Remote\tbVuz1.dll
O3 - Toolbar: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} . (.Pas de propriétaire - Searchqu Toolbar Link Library.) -- C:\PROGRA~1\WINDOW~4\ToolBar\SearchquDx.dll


---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [MGSysCtrl] . (.MSI - System Control Manager.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [snp2std] . (.Sonix - CameraMonitor Application.) -- C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\Windows\RTHDCPL.exe
O4 - HKLM\..\Run: [Alcmtr] . (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) -- C:\Windows\ALCMTR.exe
O4 - HKLM\..\Run: [UnlockerAssistant] . (...) -- C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [Getting started with MacDrive] . (.Mediafour Corporation - Get Started with MacDrive.) -- C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe
O4 - HKLM\..\Run: [MacDrive application] . (.Mediafour Corporation - MacDrive application.) -- C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [DATAMNGR] . (.Discordia, LTD - Data Manager.) -- C:\PROGRA~1\WINDOW~4\Datamngr\DATAMN~1.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [conhost] . (...) -- C:\Documents and Settings\Terri\Application Data\Microsoft\conhost.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exeADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA"&"inst=NwA3AC0ANAA0ADIAOAA2ADQAMQAxADQALQBUADQALQBCAEEAUgA5AEcAKwAxAC0ARgBMACsAOQAtAEYAOQBNADYAKwAxAC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AA"&"prod=90"&"ver=9.0.872
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-21-507921405-573735546-725345543-1004\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-507921405-573735546-725345543-1004\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk . (.TOSHIBA CORPORATION..) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Démarrage\Secunia PSI Tray.lnk . (.Secunia.) -- C:\Program Files\Secunia\PSI\psi_tray.exe
O4 - Global Startup: C:\Documents And Settings\Terri\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk . (...) -- C:\Documents and Settings\Terri\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe (.not file.)
O4 - Global Startup: C:\Documents And Settings\Terri\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.3.lnk . (...) -- C:\Program Files\OpenOffice.org 3\program\quickstart.exe


---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe Reader 8.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A82000000003}\SC_Reader.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Apple Software Update.lnk . (...) -- C:\WINDOWS\Installer\{C41300B9-185D-475E-BFEC-39EF732F19B1}\AppleSoftwareUpdateIco.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\MSN Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\MSN\MSNCoreFiles\msn6.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Secunia PSI.lnk . (.Secunia.) -- C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Vuze.lnk . (.Vuze Inc..) -- C:\Program Files\Vuze\Azureus.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Messenger.lnk . (.Microsoft Corporation.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - Global Startup: C:\Documents And Settings\Terri\Menu Démarrer\Programmes\Assistance à distance.lnk . (.Microsoft Corporation.) -- C:\WINDOWS\system32\rcimlby.exe
O4 - Global Startup: C:\Documents And Settings\Terri\Menu Démarrer\Programmes\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Documents And Settings\Terri\Menu Démarrer\Programmes\Lecteur Windows Media.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Documents And Settings\Terri\Menu Démarrer\Programmes\Outlook Express.lnk . (.Microsoft Corporation.) -- C:\Program Files\Outlook Express\msimn.exe


---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (.not file.) - (.not file.)
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe


---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files\Bonjour\mdnsNSP.dll


---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3666291156


---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{07632219-9E70-479F-A943-3CBC4BDEC5B2}: NameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{07632219-9E70-479F-A943-3CBC4BDEC5B2}: NameServer = 192.168.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{07632219-9E70-479F-A943-3CBC4BDEC5B2}: NameServer = 192.168.0.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{07632219-9E70-479F-A943-3CBC4BDEC5B2}: NameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A485F82-D1A8-47E5-A936-891E7397EA44}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{3A485F82-D1A8-47E5-A936-891E7397EA44}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS2\Services\Tcpip\..\{3A485F82-D1A8-47E5-A936-891E7397EA44}: DhcpNameServer = 212.27.40.241 212.27.40.240


---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\Windows\System32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\Windows\System32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\Windows\System32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\Windows\System32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll


---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.Discordia, LTD - Data Manager.) - c:\progra~1\window~4\datamngr\datamngr.dll


---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\System32\stobject.dll


---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\System32\browseui.dll


---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: (Apple Mobile Device) . (.Apple Inc. - MobileDeviceService.) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: (dmadmin) . (.Microsoft Corp., Veritas Software - Processus du service Gestionnaire de disque.) - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: (iPod Service) . (.Apple Inc. - iPodService Module (32-bit).) - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: (MacDriveService) . (.Mediafour Corporation - MacDrive service.) - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
O23 - Service: (NishService) . (.Pas de propriétaire - Pas de description.) - C:\Program Files\System Control Manager\edd.exe
O23 - Service: (Secunia PSI Agent) . (.Secunia - Secunia PSI Agent.) - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: (Secunia Update Agent) . (.Secunia - Secunia Update Agent.) - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: (SQLAgent$SONY_MEDIAMGR) - Clé orpheline
O23 - Service: (TermService) - Clé orpheline
O23 - Service: (TOSHIBA Bluetooth Service) . (.TOSHIBA CORPORATION - TOSHIBA Bluetooth Service.) - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: (Windows Internet Name Service) . (.Pas de propriétaire - Provides Internet Name Service.) - C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe


---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Pas de propriétaire - Pas de description.) - (.not file.)


---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys
O41 - Driver: (avgio) . (.Avira GmbH - Avira AntiVir Support for Minifilter.) - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for Security Enhancement.) - C:\Windows\System32\DRIVERS\avipbb.sys
O41 - Driver: (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\Windows\System32\DRIVERS\i8042prt.sys
O41 - Driver: (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\Windows\System32\DRIVERS\imapi.sys
O41 - Driver: (intelppm) . (.Microsoft Corporation - Pilote de périphérique processeur.) - C:\Windows\System32\DRIVERS\intelppm.sys
O41 - Driver: (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\Windows\System32\DRIVERS\ipsec.sys
O41 - Driver: (Kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\Windows\System32\DRIVERS\kbdclass.sys
O41 - Driver: (Mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\Windows\System32\DRIVERS\mouclass.sys
O41 - Driver: (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\Windows\System32\DRIVERS\mrxsmb.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: (Processor) . (.Microsoft Corporation - Pilote de périphérique processeur.) - C:\Windows\System32\DRIVERS\processr.sys
O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\System32\DRIVERS\rasacd.sys
O41 - Driver: (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: (redbook) . (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) - C:\Windows\System32\DRIVERS\redbook.sys
O41 - Driver: (Serial) . (.Microsoft Corporation - Pilote de périphérique série.) - C:\Windows\System32\DRIVERS\serial.sys
O41 - Driver: (ssmdrv) . (.Avira GmbH - AVIRA SnapShot Driver.) - C:\Windows\System32\DRIVERS\ssmdrv.sys
O41 - Driver: (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\Windows\System32\DRIVERS\tcpip.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
O41 - Driver: (Tosrfcom) . (.TOSHIBA Corporation - Bluetooth RFCOMM Driver.) - C:\Windows\System32\Drivers\tosrfcom.sys
O41 - Driver: Carte vidéo VGA. (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys


---\\ Logiciels installés (O42)
O42 - Logiciel: ASIO4ALL - (.Pas de propriétaire.) [HKLM] -- ASIO4ALL
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader 8.2.6 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A82000000003}
O42 - Logiciel: Apple Application Support - (.Apple Inc..) [HKLM] -- {EE6097DD-05F4-4178-9719-D3170BF098E8}
O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM] -- {5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] -- {C41300B9-185D-475E-BFEC-39EF732F19B1}
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM] -- Avira AntiVir Desktop
O42 - Logiciel: Bluetooth Stack for Windows by Toshiba - (.Pas de propriétaire.) [HKLM] -- {CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM] -- {FF1C31AE-0CDC-40CE-AB85-406F8B70D643}
O42 - Logiciel: CSR - (.IK Multimedia.) [HKLM] -- {648C1BFD-6A70-46D8-B855-F84D95C2DC34}
O42 - Logiciel: Canon MG5100 series MP Drivers - (.Pas de propriétaire.) [HKLM] -- {1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series
O42 - Logiciel: DAEMON Tools Toolbar - (.DT Soft Ltd.) [HKLM] -- DAEMON Tools Toolbar
O42 - Logiciel: Devine Machine Pro VSTi v1.1 - (.Pas de propriétaire.) [HKLM] -- Devine Machine Pro VSTi v1.1
O42 - Logiciel: Effectrix - (.Sugar Bytes.) [HKLM] -- Effectrix
O42 - Logiciel: Elemental Audio Systems Inspector XL VST RTAS 1.0.1 - (.Pas de propriétaire.) [HKLM] -- Elemental Audio Systems Inspector XL VST RTAS 1.0.1
O42 - Logiciel: FileZilla Client 3.3.3 - (.Pas de propriétaire.) [HKLM] -- FileZilla Client
O42 - Logiciel: Free Mp3 Wma Converter V 1.81 - (.Pas de propriétaire.) [HKLM] -- Free Mp3 Wma Converter_is1
O42 - Logiciel: GForce - impOSCar - (.Pas de propriétaire.) [HKLM] -- impOSCar
O42 - Logiciel: GRM Tools Classic VST v1.6.52 - (.Pas de propriétaire.) [HKLM] -- GRM Tools Classic VST v1.6.52
O42 - Logiciel: High Definition Audio Driver Package - KB888111 - (.Microsoft Corporation.) [HKLM] -- KB888111WXPSP2
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5
O42 - Logiciel: Hotfix for Windows XP (KB976002-v5) - (.Microsoft Corporation.) [HKLM] -- KB976002-v5
O42 - Logiciel: IL Gross Beat - (.Image-Line.) [HKLM] -- IL Gross Beat
O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM] -- HDMI
O42 - Logiciel: Intel(R) Network Connections 14.3.0.0 - (.Intel.) [HKLM] -- {AAA8CA88-8A22-43D1-867F-ABD7944C9815}
O42 - Logiciel: Java(TM) 6 Update 20 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216020F0}
O42 - Logiciel: Java(TM) 6 Update 22 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216022F0}
O42 - Logiciel: Java(TM) 6 Update 24 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216024FF}
O42 - Logiciel: KB408682 - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A81300000003}_814
O42 - Logiciel: Live 6.0.10 - (.Pas de propriétaire.) [HKLM] -- Live 6.0.10
O42 - Logiciel: Logiciel d'archivage WinRAR - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver
O42 - Logiciel: MIDI Yoke - (.JOConnell.) [HKLM] -- {CCB3F587-BAD0-4F32-99FC-301E6F9ABAB4}
O42 - Logiciel: MIDI-OX - (.MIDIOX Computing.) [HKLM] -- {ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}
O42 - Logiciel: MacDrive 7 - (.Mediafour Corporation.) [HKLM] -- {33F09ED5-3355-470A-AD79-6DFA8FC553E3}
O42 - Logiciel: MacDrive7.0.4TimeOutPatch (remove only) - (.Pas de propriétaire.) [HKLM] -- TimeOutPatch
O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {72AD53CC-CCC0-3757-8480-9EE176866A7C}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {0BD83598-C2EF-3343-847B-7D2E84599128}
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra - (.Microsoft Corporation.) [HKLM] -- {3E31821C-7917-367E-938E-E65FC413EA31}
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
O42 - Logiciel: Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) - (.Microsoft Corporation.) [HKLM] -- {E09B48B5-E141-427A-AB0C-D3605127224A}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {837b34e3-7c30-493c-8f6a-2b0f04e2912c}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: MixMeister BPM Analyzer 1.0 - (.MixMeister Technology LLC.) [HKLM] -- MixMeister BPM Analyzer_is1
O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - fra
O42 - Logiciel: Mozilla Firefox (3.6.13) - (.Mozilla.) [HKLM] -- Mozilla Firefox (3.6.13)
O42 - Logiciel: Native Instruments Absynth 4 - (.Pas de propriétaire.) [HKLM] -- Native Instruments Absynth 4
O42 - Logiciel: Native Instruments B4 II - (.Pas de propriétaire.) [HKLM] -- Native Instruments B4 II
O42 - Logiciel: Native Instruments Battery 3 - (.Native Instruments.) [HKLM] -- Native Instruments Battery 3
O42 - Logiciel: Native Instruments Battery 3 - (.Native Instruments.) [HKLM] -- {6BED4DFE-C527-463E-B93A-6F6848B74DD0}
O42 - Logiciel: Native Instruments Elektrik Piano 1.5 - (.Pas de propriétaire.) [HKLM] -- Native Instruments Elektrik Piano 1.5
O42 - Logiciel: Native Instruments FM8 - (.Native Instruments.) [HKLM] -- Native Instruments FM8
O42 - Logiciel: Native Instruments FM8 - (.Native Instruments.) [HKLM] -- {B2552FA6-86E3-410D-84AD-265C2242D410}
O42 - Logiciel: Native Instruments Guitar Rig 2 - (.Pas de propriétaire.) [HKLM] -- Native Instruments Guitar Rig 2
O42 - Logiciel: Native Instruments Komplete 4 - (.Native Instruments.) [HKLM] -- Native Instruments Komplete 4
O42 - Logiciel: Native Instruments Massive - (.Pas de propriétaire.) [HKLM] -- Native Instruments Massive
O42 - Logiciel: Native Instruments Pro-53 - (.Pas de propriétaire.) [HKLM] -- Native Instruments Pro-53
O42 - Logiciel: Native Instruments Reaktor 5 - (.Native Instruments.) [HKLM] -- Native Instruments Reaktor 5
O42 - Logiciel: Native Instruments Reaktor 5 - (.Native Instruments.) [HKLM] -- {E9EA5F38-6299-45A1-9D23-F21729A19357}
O42 - Logiciel: Native Instruments Service Center - (.Native Instruments.) [HKLM] -- Native Instruments Service Center
O42 - Logiciel: Native Instruments Service Center - (.Native Instruments.) [HKLM] -- {0B8565BA-BAD5-4732-B122-5FD78EFC50A9}
O42 - Logiciel: Native Instruments Spektral Delay - (.Pas de propriétaire.) [HKLM] -- Native Instruments Spektral Delay
O42 - Logiciel: Native Instruments Vokator - (.Pas de propriétaire.) [HKLM] -- Native Instruments Vokator
O42 - Logiciel: NomadFactory Essential Studio Suite VST RTAS v1.5 - (.Pas de propriétaire.) [HKLM] -- NomadFactory Essential Studio Suite VST RTAS_is1
O42 - Logiciel: Notification de cadeaux MSN - (.Microsoft.) [HKCU] -- Notification de cadeaux MSN
O42 - Logiciel: Ohm Force - Mobilohm VST2 - (.Pas de propriétaire.) [HKLM] -- Mobilohm VST2
O42 - Logiciel: Ohm Force - Quad Frohmage VST2 - (.Pas de propriétaire.) [HKLM] -- Quad Frohmage VST2
O42 - Logiciel: OhmForce Hematohm VST2 - (.Pas de propriétaire.) [HKLM] -- Hematohm VST2
O42 - Logiciel: OhmForce Ohmboyz VST2 - (.Pas de propriétaire.) [HKLM] -- Ohmboyz VST2
O42 - Logiciel: OhmForce Ohmygod VST2 - (.Pas de propriétaire.) [HKLM] -- Ohmygod VST2
O42 - Logiciel: OhmForce Predatohm VST2 - (.Pas de propriétaire.) [HKLM] -- Predatohm VST2
O42 - Logiciel: OpenOffice.org 3.3 - (.OpenOffice.org.) [HKLM] -- {05653DE1-6567-40C6-B930-39D399B64369}
O42 - Logiciel: PDFCreator - (.Frank Heindörfer, Philip Chinery.) [HKLM] -- {0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}
O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM] -- {57752979-A1C9-4C02-856B-FBB27AC4E02C}
O42 - Logiciel: RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 - (.Pas de propriétaire.) [HKLM] -- {59F6A514-9813-47A3-948C-8A155460CC2A}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: Registry First Aid - (.RoseCitySoftware.) [HKLM] -- Registry First Aid_is1
O42 - Logiciel: Rob Papen Albino 3 - (.Pas de propriétaire.) [HKLM] -- Rob Papen Albino 3
O42 - Logiciel: Secunia PSI (2.0.0.1003) - (.Pas de propriétaire.) [HKLM] -- Secunia PSI
O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473
O42 - Logiciel: Skype™ 4.2 - (.Skype Technologies S.A..) [HKLM] -- {5C474A83-A45F-470C-9AC8-2BD1C251BF9A}
O42 - Logiciel: Sony ACID Pro 6.0 - (.Sony.) [HKLM] -- {B50D2BAB-C9C0-48E6-9184-982C71A0BB4D}
O42 - Logiciel: Sony Media Manager 2.2 - (.Sony.) [HKLM] -- {2B5A75F0-FD85-4094-AB00-94902398D192}
O42 - Logiciel: Sony Sound Forge 7.0 - (.Sony.) [HKLM] -- {4B0A96C1-2C2D-4C84-81B0-B87EB2522837}
O42 - Logiciel: SoulSeek 157 NS 13e - (.Pas de propriétaire.) [HKLM] -- Soulseek2
O42 - Logiciel: Spelling Dictionaries Support For Adobe Reader 8 - (.Adobe Systems.) [HKLM] -- {AC76BA86-7AD7-5464-3428-800000000003}
O42 - Logiciel: System Control Manager - (.Pas de propriétaire.) [HKLM] -- {ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}
O42 - Logiciel: TC Native Bundle v3.1 - (.Pas de propriétaire.) [HKLM] -- TC Native Bundle v3.1
O42 - Logiciel: USB2.0 PC Camera (SN9C201&202) - (.Sonix.) [HKLM] -- {75438C0E-9925-412E-AD85-D0E71C6CE2ED}
O42 - Logiciel: Unlocker 1.8.7 - (.Cedrick Collomb.) [HKLM] -- Unlocker
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
O42 - Logiciel: VLC media player 1.1.7 - (.VideoLAN.) [HKLM] -- VLC media player
O42 - Logiciel: Vuze - (.Vuze Inc..) [HKLM] -- 8461-7759-5462-8226
O42 - Logiciel: Vuze_Remote Toolbar - (.Pas de propriétaire.) [HKLM] -- Vuze_Remote Toolbar
O42 - Logiciel: Waves API Collection - (.Team AiR.) [HKLM] -- Waves API Collection
O42 - Logiciel: Waves L3 Multimaximizer v1.0 - (.Pas de propriétaire.) [HKLM] -- Waves L3 Multimaximizer v1.0
O42 - Logiciel: Waves Mercury Bundle - (.Team AiR.) [HKLM] -- Waves Mercury Bundle
O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130) - (.Microsoft Corporation.) [HKLM] -- KB892130
O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] -- ie8
O42 - Logiciel: Windows Searchqu Toolbar - (.Bandoo Media Inc.) [HKLM] -- Searchqu MediaBar
O42 - Logiciel: Windows XP Service Pack 3 - (.Microsoft Corporation.) [HKLM] -- Windows XP Service
O42 - Logiciel: XML Paper Specification Shared Components Language Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- XPSEPSCLP
O42 - Logiciel: e-Carte Bleue Banque Populaire - (.Pas de propriétaire.) [HKLM] -- {B0900CB5-8EC0-43B4-9DAC-A32FE52DC864}
O42 - Logiciel: eMule - (.Pas de propriétaire.) [HKLM] -- eMule
O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM] -- {AAD47011-8518-4608-9656-951DA35B587B}
O42 - Logiciel: iZotope Ozone 4 - (.iZotope, Inc..) [HKLM] -- iZotope Ozone 4_is1
O42 - Logiciel: nLite 1.4.9.1 - (.Dino Nuhagic (nuhi).) [HKLM] -- nLite_is1

---\\ HKCU & HKLM Software Keys
[HKCU\Software\ASIO4ALL v2 by Wuschel]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\Apple Inc.]
[HKCU\Software\Astonsoft]
[HKCU\Software\Avg]
[HKCU\Software\Avira]
[HKCU\Software\Azureus]
[HKCU\Software\BMH]
[HKCU\Software\Blizzard Entertainment]
[HKCU\Software\CDDB]
[HKCU\Software\Canon]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Conduit]
[HKCU\Software\DT Soft]
[HKCU\Software\DataMngr]
[HKCU\Software\Devine Machine]
[HKCU\Software\DirectShow]
[HKCU\Software\Elektron]
[HKCU\Software\GForce]
[HKCU\Software\GNU]
[HKCU\Software\HookNetwork]
[HKCU\Software\Image-Line]
[HKCU\Software\Intel]
[HKCU\Software\JavaSoft]
[HKCU\Software\KarmaFX]
[HKCU\Software\KsL Software]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\MIDI-OX]
[HKCU\Software\Macromedia]
[HKCU\Software\MainConcept]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\Monitored]
[HKCU\Software\Mozilla]
[HKCU\Software\Native Instruments]
[HKCU\Software\Netscape]
[HKCU\Software\Ohm Force]
[HKCU\Software\OpenOffice.org]
[HKCU\Software\PC SOFT]
[HKCU\Software\PDFCreator]
[HKCU\Software\Policies]
[HKCU\Software\Realtek]
[HKCU\Software\Safer Networking Limited]
[HKCU\Software\Secunia]
[HKCU\Software\Skype]
[HKCU\Software\SoftVoice]
[HKCU\Software\Sony Media Software]
[HKCU\Software\SoulSeek]
[HKCU\Software\Soulseek2]
[HKCU\Software\Sugar Bytes]
[HKCU\Software\TC Works]
[HKCU\Software\Toshiba]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\Vuze_Remote]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\Xobni]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\eMule]
[HKCU\Software\ej-technologies]
[HKCU\Software\iZotope]
[HKCU\Software\reFX]
[HKCU\Software\searchqutb]
[HKCU\Software\settings]
[HKLM\Software\14919ea49a8f3b4aa3cf1058d9a64cec]
[HKLM\Software\ASIO]
[HKLM\Software\AVG]
[HKLM\Software\Adobe]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\Avira]
[HKLM\Software\Azureus]
[HKLM\Software\Bandoo]
[HKLM\Software\Blizzard Entertainment]
[HKLM\Software\BrowserChoice]
[HKLM\Software\C07ft5Y]
[HKLM\Software\CDDB]
[HKLM\Software\Cakewalk Music Software]
[HKLM\Software\Canon]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Conduit]
[HKLM\Software\DT Soft]
[HKLM\Software\DataMngr]
[HKLM\Software\Elemental Audio Systems]
[HKLM\Software\FileZilla 3]
[HKLM\Software\GEAR Software]
[HKLM\Software\GNU]
[HKLM\Software\Gemplus]
[HKLM\Software\Google]
[HKLM\Software\HighCriteria]
[HKLM\Software\Image-Line]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\MIDIOX Computing]
[HKLM\Software\MSI]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\McAfee.com]
[HKLM\Software\Mediafour]
[HKLM\Software\MimarSinan]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\Native Instruments]
[HKLM\Software\ODBC]
[HKLM\Software\OpenOffice.org]
[HKLM\Software\Outsim]
[HKLM\Software\PDFCreator]
[HKLM\Software\Policies]
[HKLM\Software\Program Groups]
[HKLM\Software\Propellerhead Software]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SONIX]
[HKLM\Software\Safer Networking Limited]
[HKLM\Software\Schlumberger]
[HKLM\Software\SearchquMediabarTb]
[HKLM\Software\Secunia]
[HKLM\Software\Secure]
[HKLM\Software\Skype]
[HKLM\Software\Sony Corporation]
[HKLM\Software\Sony Media Software]
[HKLM\Software\THe UDS]
[HKLM\Software\Toshiba]
[HKLM\Software\TrendMicro]
[HKLM\Software\VPA]
[HKLM\Software\VST]
[HKLM\Software\VideoLAN]
[HKLM\Software\Vuze_Remote]
[HKLM\Software\Waves]
[HKLM\Software\WhiteNoiseAudio]
[HKLM\Software\WinRAR]
[HKLM\Software\Windows 3.1 Migration Status]
[HKLM\Software\Windows]
[HKLM\Software\Wise Solutions]
[HKLM\Software\X-AVCSD]
[HKLM\Software\e-Carte Bleue Banque Populaire]
[HKLM\Software\ej-technologies]
[HKLM\Software\linplug]
[HKLM\Software\magnet]
[HKLM\Software\mozilla.org]
terrificolor
 
Messages: 23
Inscription: 23 Mar 2010 18:11

Re: fichier csrss.exe infecté et navigation internet impossi

Messagepar terrificolor » 19 Fév 2011 17:46

---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 14/09/2009 - 15:00:30 ----D- C:\Program Files\Ableton
O43 - CFD: 04/02/2010 - 15:29:44 ----D- C:\Program Files\Adobe
O43 - CFD: 13/09/2009 - 02:56:26 ----D- C:\Program Files\Alwil Software
O43 - CFD: 31/03/2010 - 21:45:18 ----D- C:\Program Files\Apple Software Update
O43 - CFD: 14/09/2009 - 14:58:52 ----D- C:\Program Files\ASIO4ALL v2
O43 - CFD: 28/02/2010 - 15:41:56 ----D- C:\Program Files\AVG
O43 - CFD: 14/02/2011 - 21:06:20 ----D- C:\Program Files\Avira
O43 - CFD: 05/09/2010 - 11:49:26 ----D- C:\Program Files\Bonjour
O43 - CFD: 13/09/2009 - 00:29:30 ----D- C:\Program Files\ComPlus Applications
O43 - CFD: 13/04/2010 - 18:53:52 ----D- C:\Program Files\Conduit
O43 - CFD: 14/04/2010 - 19:40:44 ----D- C:\Program Files\DAEMON Tools Lite
O43 - CFD: 13/09/2009 - 18:21:44 ----D- C:\Program Files\DAEMON Tools Toolbar
O43 - CFD: 13/09/2009 - 17:02:22 ----D- C:\Program Files\e-Carte Bleue Banque Populaire
O43 - CFD: 15/09/2009 - 21:23:34 ----D- C:\Program Files\Elemental Audio Systems
O43 - CFD: 11/02/2011 - 17:46:20 ----D- C:\Program Files\eMule
O43 - CFD: 19/02/2011 - 15:08:04 ----D- C:\Program Files\Fichiers communs
O43 - CFD: 17/07/2010 - 19:44:18 ----D- C:\Program Files\FileZilla FTP Client
O43 - CFD: 22/09/2009 - 20:41:54 ----D- C:\Program Files\Free Audio Pack
O43 - CFD: 13/09/2009 - 17:51:10 ----D- C:\Program Files\FreeTime
O43 - CFD: 10/10/2010 - 22:33:18 ----D- C:\Program Files\FriendBlasterPro
O43 - CFD: 26/09/2009 - 01:29:52 ----D- C:\Program Files\GForce
O43 - CFD: 13/09/2009 - 03:01:06 ----D- C:\Program Files\Grisoft
O43 - CFD: 11/02/2011 - 17:33:08 ----D- C:\Program Files\icons
O43 - CFD: 15/09/2009 - 18:28:32 ----D- C:\Program Files\IK Multimedia
O43 - CFD: 28/02/2010 - 16:20:36 ----D- C:\Program Files\Image-Line
O43 - CFD: 15/09/2009 - 18:29:10 --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD: 13/09/2009 - 02:00:30 ----D- C:\Program Files\Intel
O43 - CFD: 09/02/2011 - 19:35:28 ----D- C:\Program Files\Internet Explorer
O43 - CFD: 01/02/2011 - 16:57:30 ----D- C:\Program Files\iPod
O43 - CFD: 01/02/2011 - 16:58:10 ----D- C:\Program Files\iTunes
O43 - CFD: 27/09/2009 - 03:13:16 ----D- C:\Program Files\iZotope
O43 - CFD: 02/02/2011 - 19:23:56 ----D- C:\Program Files\Java
O43 - CFD: 13/09/2009 - 02:50:36 ----D- C:\Program Files\ma-config.com
O43 - CFD: 05/07/2010 - 20:27:38 ----D- C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD: 25/09/2009 - 23:24:28 ----D- C:\Program Files\Mediafour
O43 - CFD: 04/05/2010 - 19:39:32 ----D- C:\Program Files\Messenger
O43 - CFD: 13/09/2009 - 00:31:54 ----D- C:\Program Files\microsoft frontpage
O43 - CFD: 27/02/2010 - 22:13:52 ----D- C:\Program Files\Microsoft SQL Server
O43 - CFD: 08/11/2010 - 19:37:40 ----D- C:\Program Files\MIDIOX
O43 - CFD: 26/10/2009 - 22:47:28 ----D- C:\Program Files\MixMeister BPM Analyzer
O43 - CFD: 13/08/2010 - 07:16:48 ----D- C:\Program Files\Movie Maker
O43 - CFD: 26/12/2010 - 16:10:16 ----D- C:\Program Files\Mozilla Firefox
O43 - CFD: 05/05/2010 - 00:43:20 ----D- C:\Program Files\MSBuild
O43 - CFD: 13/09/2009 - 00:29:12 ----D- C:\Program Files\MSN
O43 - CFD: 13/09/2009 - 00:29:04 ----D- C:\Program Files\MSN Gaming Zone
O43 - CFD: 21/09/2009 - 21:33:50 ----D- C:\Program Files\Native Instruments
O43 - CFD: 27/12/2009 - 19:18:26 ----D- C:\Program Files\NetMeeting
O43 - CFD: 13/09/2009 - 19:50:34 ----D- C:\Program Files\nLite
O43 - CFD: 15/09/2009 - 18:52:28 ----D- C:\Program Files\Nomad Factory
O43 - CFD: 02/02/2011 - 19:25:26 ----D- C:\Program Files\OpenOffice.org 3
O43 - CFD: 15/12/2010 - 22:33:16 ----D- C:\Program Files\Outlook Express
O43 - CFD: 04/01/2010 - 22:31:20 ----D- C:\Program Files\Outsim
O43 - CFD: 01/01/2010 - 17:16:32 ----D- C:\Program Files\PDFCreator
O43 - CFD: 25/12/2010 - 17:12:56 ----D- C:\Program Files\QuickTime
O43 - CFD: 13/09/2009 - 02:42:20 ----D- C:\Program Files\Realtek
O43 - CFD: 05/05/2010 - 00:43:12 ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 13/09/2009 - 16:19:24 ----D- C:\Program Files\RFA
O43 - CFD: 23/12/2010 - 21:21:16 ----D- C:\Program Files\Secunia
O43 - CFD: 13/09/2009 - 00:29:12 ----D- C:\Program Files\Services en ligne
O43 - CFD: 05/07/2010 - 20:44:40 R---D- C:\Program Files\Skype
O43 - CFD: 28/02/2010 - 17:00:18 ----D- C:\Program Files\Sony
O43 - CFD: 16/09/2009 - 20:07:48 ----D- C:\Program Files\Sony Setup
O43 - CFD: 23/06/2010 - 19:21:32 ----D- C:\Program Files\SoulseekNS
O43 - CFD: 23/03/2010 - 21:04:58 ----D- C:\Program Files\Spybot - Search & Destroy
O43 - CFD: 15/09/2009 - 18:25:14 ----D- C:\Program Files\Steinberg
O43 - CFD: 15/09/2009 - 18:56:32 ----D- C:\Program Files\Sugar Bytes
O43 - CFD: 05/08/2010 - 16:47:08 ----D- C:\Program Files\System Control Manager
O43 - CFD: 08/05/2010 - 23:01:34 ----D- C:\Program Files\TCWorks
O43 - CFD: 13/09/2009 - 01:01:12 ----D- C:\Program Files\Toshiba
O43 - CFD: 27/02/2010 - 22:14:20 --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 25/09/2009 - 21:55:40 ----D- C:\Program Files\Unlocker
O43 - CFD: 13/09/2009 - 18:10:48 ----D- C:\Program Files\VideoLAN
O43 - CFD: 23/11/2010 - 18:40:48 ----D- C:\Program Files\Vstplugins
O43 - CFD: 18/01/2011 - 21:51:54 ----D- C:\Program Files\Vuze
O43 - CFD: 05/09/2010 - 11:36:24 ----D- C:\Program Files\Vuze_Remote
O43 - CFD: 15/09/2009 - 19:13:10 ----D- C:\Program Files\Waves
O43 - CFD: 27/12/2009 - 19:21:14 ----D- C:\Program Files\Windows Media Player
O43 - CFD: 27/12/2009 - 19:18:22 ----D- C:\Program Files\Windows NT
O43 - CFD: 11/02/2011 - 17:47:14 ----D- C:\Program Files\Windows Searchqu Toolbar
O43 - CFD: 03/05/2010 - 02:05:32 --H-D- C:\Program Files\WindowsUpdate
O43 - CFD: 13/09/2009 - 00:53:00 ----D- C:\Program Files\WinRAR
O43 - CFD: 13/09/2009 - 00:31:54 ----D- C:\Program Files\xerox
O43 - CFD: 19/02/2011 - 17:34:58 ----D- C:\Program Files\ZHPDiag
O43 - CFD: 04/02/2010 - 15:30:00 ----D- C:\Program Files\Fichiers Communs\Adobe
O43 - CFD: 01/02/2011 - 16:57:28 ----D- C:\Program Files\Fichiers Communs\Apple
O43 - CFD: 13/09/2009 - 01:00:18 ----D- C:\Program Files\Fichiers Communs\InstallShield
O43 - CFD: 19/02/2011 - 15:08:04 ----D- C:\Program Files\Fichiers Communs\Java
O43 - CFD: 26/09/2009 - 00:50:52 ----D- C:\Program Files\Fichiers Communs\Mediafour
O43 - CFD: 13/09/2009 - 03:08:46 ----D- C:\Program Files\Fichiers Communs\Microsoft Shared
O43 - CFD: 13/09/2009 - 00:29:58 ----D- C:\Program Files\Fichiers Communs\MSSoap
O43 - CFD: 07/09/2010 - 00:37:46 ----D- C:\Program Files\Fichiers Communs\Native Instruments
O43 - CFD: 12/09/2009 - 21:18:52 ----D- C:\Program Files\Fichiers Communs\ODBC
O43 - CFD: 13/09/2009 - 00:30:06 ----D- C:\Program Files\Fichiers Communs\Services
O43 - CFD: 13/09/2009 - 00:59:40 ----D- C:\Program Files\Fichiers Communs\snp2std
O43 - CFD: 12/09/2009 - 21:18:48 ----D- C:\Program Files\Fichiers Communs\SpeechEngines
O43 - CFD: 27/12/2009 - 19:25:58 ----D- C:\Program Files\Fichiers Communs\System
O43 - CFD: 14/09/2009 - 15:02:22 ----D- C:\Documents and Settings\Terri\Application Data\Ableton
O43 - CFD: 16/09/2009 - 13:45:36 ----D- C:\Documents and Settings\Terri\Application Data\Adobe
O43 - CFD: 14/06/2010 - 19:55:06 ----D- C:\Documents and Settings\Terri\Application Data\Apple Computer
O43 - CFD: 14/02/2011 - 21:11:28 ----D- C:\Documents and Settings\Terri\Application Data\Avira
O43 - CFD: 19/01/2011 - 16:56:56 ----D- C:\Documents and Settings\Terri\Application Data\Azureus
O43 - CFD: 13/09/2009 - 18:22:56 ----D- C:\Documents and Settings\Terri\Application Data\DAEMON Tools Lite
O43 - CFD: 13/09/2009 - 17:10:16 ----D- C:\Documents and Settings\Terri\Application Data\DeepBurner
O43 - CFD: 09/01/2011 - 21:26:18 ----D- C:\Documents and Settings\Terri\Application Data\dvdcss
O43 - CFD: 25/10/2010 - 15:11:50 ----D- C:\Documents and Settings\Terri\Application Data\FileZilla
O43 - CFD: 13/09/2009 - 00:35:22 ----D- C:\Documents and Settings\Terri\Application Data\Identities
O43 - CFD: 13/09/2009 - 00:59:22 ----D- C:\Documents and Settings\Terri\Application Data\InstallShield
O43 - CFD: 27/09/2009 - 03:13:20 ----D- C:\Documents and Settings\Terri\Application Data\iZotope
O43 - CFD: 13/09/2009 - 04:01:38 ----D- C:\Documents and Settings\Terri\Application Data\Macromedia
O43 - CFD: 23/03/2010 - 21:25:48 ----D- C:\Documents and Settings\Terri\Application Data\Malwarebytes
O43 - CFD: 18/02/2011 - 19:19:44 -S--D- C:\Documents and Settings\Terri\Application Data\Microsoft
O43 - CFD: 11/02/2011 - 17:44:48 ----D- C:\Documents and Settings\Terri\Application Data\Mozilla
O43 - CFD: 16/09/2009 - 20:22:34 ----D- C:\Documents and Settings\Terri\Application Data\NetMedia Providers
O43 - CFD: 23/01/2011 - 18:55:36 ----D- C:\Documents and Settings\Terri\Application Data\OpenOffice.org
O43 - CFD: 16/09/2009 - 20:09:34 ----D- C:\Documents and Settings\Terri\Application Data\Publish Providers
O43 - CFD: 10/01/2010 - 03:22:46 ----D- C:\Documents and Settings\Terri\Application Data\ScummVM
O43 - CFD: 16/02/2011 - 18:38:48 ----D- C:\Documents and Settings\Terri\Application Data\searchqutb
O43 - CFD: 07/07/2010 - 21:45:52 ----D- C:\Documents and Settings\Terri\Application Data\Skype
O43 - CFD: 27/12/2009 - 16:08:50 ----D- C:\Documents and Settings\Terri\Application Data\skypePM
O43 - CFD: 28/02/2010 - 17:24:40 ----D- C:\Documents and Settings\Terri\Application Data\Sony
O43 - CFD: 13/09/2009 - 18:02:48 ----D- C:\Documents and Settings\Terri\Application Data\Sun
O43 - CFD: 04/10/2009 - 16:45:12 ----D- C:\Documents and Settings\Terri\Application Data\teamspeak2
O43 - CFD: 10/02/2011 - 12:24:44 ----D- C:\Documents and Settings\Terri\Application Data\vlc
O43 - CFD: 15/09/2009 - 19:04:00 ----D- C:\Documents and Settings\Terri\Application Data\Waves Audio
O43 - CFD: 15/09/2009 - 19:13:22 ----D- C:\Documents and Settings\Terri\Application Data\Waves Preferences
O43 - CFD: 13/09/2009 - 00:53:34 ----D- C:\Documents and Settings\Terri\Application Data\WinRAR


---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.CCED1300F915817C00FCFD7FA0EE1300] - 19/02/2011 - 15:19:53 ---A- . (...) -- C:\WINDOWS\WindowsUpdate.log [1458723]
O44 - LFC:[MD5.3FD411DF4A9999EA848615DEF336E905] - 19/02/2011 - 15:07:01 ---A- . (.Sun Microsystems, Inc. - Java(TM) Control Panel.) -- C:\WINDOWS\System32\javacpl.cpl [73728]
O44 - LFC:[MD5.F87BA06FE22C81CDE563761DDFBAB267] - 19/02/2011 - 15:07:01 ---A- . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\WINDOWS\System32\deployJava1.dll [472808]
O44 - LFC:[MD5.68288DA42BC798992A42CD59061B199D] - 19/02/2011 - 15:07:01 ---A- . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\WINDOWS\System32\java.exe [145184]
O44 - LFC:[MD5.5BF8BA1B854D7DFCE1F47E58852B3D8F] - 19/02/2011 - 15:07:01 ---A- . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\WINDOWS\System32\javaw.exe [145184]
O44 - LFC:[MD5.58DC5CBDC930AF070B177843810F2C85] - 19/02/2011 - 15:07:01 ---A- . (.Sun Microsystems, Inc. - Java(TM) Web Start Launcher.) -- C:\WINDOWS\System32\javaws.exe [157472]
O44 - LFC:[MD5.CCED1300F915817C00FCFD7FA0EE1300] - 19/02/2011 - 14:57:49 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.CCED1300F915817C00FCFD7FA0EE1300] - 19/02/2011 - 14:57:48 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 19/02/2011 - 14:57:24 ---A- . (...) -- C:\WINDOWS\0.log [0]
O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 19/02/2011 - 14:57:22 -S-A- . (...) -- C:\WINDOWS\bootstat.dat [2048]
O44 - LFC:[MD5.CCED1300F915817C00FCFD7FA0EE1300] - 18/02/2011 - 22:34:50 ---A- . (...) -- C:\WINDOWS\SchedLgU.Txt [32608]
O44 - LFC:[MD5.777F70DB021574CF94983800F587B96B] - 18/02/2011 - 19:56:28 ---A- . (...) -- C:\WINDOWS\setupapi.log [938359]
O44 - LFC:[MD5.32EFABE111B84CD5B145A4EEC76DAD87] - 18/02/2011 - 19:18:23 ---A- . (...) -- C:\WINDOWS\System32\wpa.dbl [13646]
O44 - LFC:[MD5.A36EE93698802CD899F98BFD553D8185] - 14/02/2011 - 21:06:20 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [28520]
O44 - LFC:[MD5.87451AA7CC6B6A590EBCEA05E755075A] - 14/02/2011 - 21:06:19 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver Manager.) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [22360]
O44 - LFC:[MD5.5B44C214F9CD9F590BE9125347610380] - 14/02/2011 - 21:06:19 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver.) -- C:\WINDOWS\System32\drivers\avgntdd.sys [45416]
O44 - LFC:[MD5.DA39805E2BAD99D37FCE9477DD94E7F2] - 14/02/2011 - 21:06:19 ---A- . (.Avira GmbH - Avira Driver for Security Enhancement.) -- C:\WINDOWS\System32\drivers\avipbb.sys [135096]
O44 - LFC:[MD5.47B879406246FFDCED59E18D331A0E7D] - 14/02/2011 - 21:06:19 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\WINDOWS\System32\drivers\avgntflt.sys [61960]
O44 - LFC:[MD5.6A437E8991C407728B615F4D63AF36F7] - 09/02/2011 - 19:45:23 ---A- . (.CANON INC. - IJ Language Monitor.) -- C:\WINDOWS\System32\CNMLMAD.DLL [290816]
O44 - LFC:[MD5.6FF2CE9BF75E5C28DE82119DEDCE5E89] - 09/02/2011 - 19:39:45 ---A- . (...) -- C:\WINDOWS\System32\FNTCACHE.DAT [122928]
O44 - LFC:[MD5.8154191231E902F30F660C6B86DA3EA7] - 09/02/2011 - 19:38:15 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [875798]
O44 - LFC:[MD5.FC22625437C13CA3208E2A82C38F719C] - 09/02/2011 - 19:38:15 ---A- . (...) -- C:\WINDOWS\KB2478971.log [18337]
O44 - LFC:[MD5.E96AACCE763E59F6893046C770D55F9B] - 09/02/2011 - 19:38:15 ---A- . (...) -- C:\WINDOWS\comsetup.log [300737]
O44 - LFC:[MD5.37BFE65C1B1B099C1360F53ECD89F1B5] - 09/02/2011 - 19:38:15 ---A- . (...) -- C:\WINDOWS\iis6.log [136400]
O44 - LFC:[MD5.13660137DEB33253F1FC75E5812F1B7F] - 09/02/2011 - 19:38:15 ---A- . (...) -- C:\WINDOWS\imsins.log [1355]
O44 - LFC:[MD5.C9CD4FBF4345B645F0223486F2B57802] - 09/02/2011 - 19:38:15 ---A- . (...) -- C:\WINDOWS\msgsocm.log [44233]
O44 - LFC:[MD5.0F418CAB0BEF5216C8A05B09229DAAA7] - 09/02/2011 - 19:38:15 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [180803]
O44 - LFC:[MD5.B5FA967E1607B2152BF00C80197A01F8] - 09/02/2011 - 19:38:15 ---A- . (...) -- C:\WINDOWS\ocgen.log [437674]
O44 - LFC:[MD5.35ABDBBFDBAEDE8EC1DFBE989F2EB207] - 09/02/2011 - 19:38:15 ---A- . (...) -- C:\WINDOWS\ocmsn.log [48623]
O44 - LFC:[MD5.65E648069D4C4FB14FDB382EA5832B93] - 09/02/2011 - 19:38:15 ---A- . (...) -- C:\WINDOWS\tsoc.log [339006]
O44 - LFC:[MD5.19BEDFD5AA10FB4BF1F94B11B5E5F5D2] - 09/02/2011 - 19:38:14 ---A- . (...) -- C:\WINDOWS\updspapi.log [181935]
O44 - LFC:[MD5.6CED1E52FD24E325BCF38066D4048AC1] - 09/02/2011 - 19:38:08 ---A- . (...) -- C:\WINDOWS\KB2485376.log [17827]
O44 - LFC:[MD5.F56AC121D87F27DAB2993642FA372D6F] - 09/02/2011 - 19:38:08 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1355]
O44 - LFC:[MD5.AD888A8EB6E141C38A6666B5531BD34E] - 09/02/2011 - 19:38:03 ---A- . (...) -- C:\WINDOWS\KB2479628.log [17947]
O44 - LFC:[MD5.E2EFDB6CEB6693465772F4AD42E94F52] - 09/02/2011 - 19:37:58 ---A- . (...) -- C:\WINDOWS\KB2483185.log [17191]
O44 - LFC:[MD5.CEFE84235FCC25B11F782C7C202EF423] - 09/02/2011 - 19:35:36 ---A- . (...) -- C:\WINDOWS\KB2482017-IE8.log [15829]
O44 - LFC:[MD5.4F63D9149022704AE97431442AB18105] - 09/02/2011 - 19:35:11 ---A- . (...) -- C:\WINDOWS\KB2476687.log [12615]
O44 - LFC:[MD5.AD9B1930F9FC2026968F437B5B03EAFE] - 09/02/2011 - 19:35:06 ---A- . (...) -- C:\WINDOWS\KB2478960.log [12266]
O44 - LFC:[MD5.060D4C42CD938C179093F5F7DCDF36F8] - 09/02/2011 - 19:35:00 ---A- . (...) -- C:\WINDOWS\KB2393802.log [9729]
O44 - LFC:[MD5.E407C3D149B088CFA5D66FFB8D1B41B3] - 30/01/2011 - 21:48:15 ---A- . (...) -- C:\WINDOWS\wmsetup.log [47747]


---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll


---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export SP - "C:\Program Files\AVG\AVG8\avgemc.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) -- C:\Program Files\AVG\AVG8\avgemc.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\AVG\AVG8\avgupd.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) -- C:\Program Files\AVG\AVG8\avgupd.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\AVG\AVG8\avgnsx.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) -- C:\Program Files\AVG\AVG8\avgnsx.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\eMule\emule.exe" [Enabled] .(.http://www.emule-project.net - eMule.) -- C:\Program Files\eMule\emule.exe
O47 - AAKE:Key Export SP - "C:\Program Files\FriendBlasterPro\FriendBlasterPro.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) -- C:\Program Files\FriendBlasterPro\FriendBlasterPro.exe (.not file.)
O47 - AAKE:Key Export SP - "G:\KDXServer1600-Win\KDXServer.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) -- G:\KDXServer1600-Win\KDXServer.exe (.not file.)
O47 - AAKE:Key Export SP - "G:\KDXClient1600-Win [k]'ed\KDXClient.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) -- G:\KDXClient1600-Win [k]'ed\KDXClient.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\VideoLAN\VLC\vlc.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) -- C:\Program Files\VideoLAN\VLC\vlc.exe
O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O47 - AAKE:Key Export SP - "C:\Program Files\SoulseekNS\slsk.exe" [Enabled] .(.Pas de propriétaire - SoulSeek.) -- C:\Program Files\SoulseekNS\slsk.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Skype\Phone\Skype.exe" [Enabled] .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O47 - AAKE:Key Export SP - "C:\Program Files\FileZilla FTP Client\filezilla.exe" [Enabled] .(.FileZilla Project - FileZilla FTP Client.) -- C:\Program Files\FileZilla FTP Client\filezilla.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Bonjour\mDNSResponder.exe" [Enabled] .(.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Vuze\Azureus.exe" [Enabled] .(.Vuze Inc. - Pas de description.) -- C:\Program Files\Vuze\Azureus.exe
O47 - AAKE:Key Export SP - "C:\Program Files\iTunes\iTunes.exe" [Enabled] .(.Apple Inc. - iTunes.) -- C:\Program Files\iTunes\iTunes.exe
O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe" [Enabled] .(.Pas de propriétaire.) -- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe
O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


---\\ Déni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l'Éditeur de configuration de sécurité Windows.) -- C:\WINDOWS\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\System32\msv1_0.dll


---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d


---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{e0f4a73c-2670-11e0-b4b6-001cbf3bf084}\AutoRun\command - Clé orpheline


---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech(TM) DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll
O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll
O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm
O52 - TDSD: \Drivers32\"midi1"="myokent.dll" . (.Jamie O'Connell - MIDI Yoke Junction NT.) -- C:\WINDOWS\System32\myokent.dll
O52 - TDSD: \Drivers32\"msacm.vorbis"="vorbis.acm" . (.HMS http://hp.vector.co.jp/authors/VA012897 - Ogg Vorbis CODEC for MSACM.) -- C:\WINDOWS\System32\vorbis.acm
O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm
O52 - TDSD: \drivers.desc\"C:\WINDOWS\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"tssoft32.acm"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech(TM) DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm
O52 - TDSD: \drivers.desc\"iccvid.dll"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll
O52 - TDSD: \drivers.desc\"ir32_32.dll"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll
O52 - TDSD: \drivers.desc\"myokent.dll"="myokent.dll" . (.Jamie O'Connell - MIDI Yoke Junction NT.) -- C:\WINDOWS\System32\myokent.dll
O52 - TDSD: \drivers.desc\"vorbis.acm"="Ogg Vorbis Audio CODEC" . (.HMS http://hp.vector.co.jp/authors/VA012897 - Ogg Vorbis CODEC for MSACM.) -- C:\WINDOWS\System32\vorbis.acm


---\\ Microsoft Control Security Providers (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll


---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1


---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145
O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=1


---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.5B44C214F9CD9F590BE9125347610380] - 17/06/2010 - 14:27:24 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver.) -- C:\WINDOWS\system32\drivers\avgntdd.sys [45416]
O58 - SDL:[MD5.47B879406246FFDCED59E18D331A0E7D] - 10/01/2011 - 14:23:53 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\WINDOWS\system32\drivers\avgntflt.sys [61960]
O58 - SDL:[MD5.87451AA7CC6B6A590EBCEA05E755075A] - 17/06/2010 - 14:27:24 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver Manager.) -- C:\WINDOWS\system32\drivers\avgntmgr.sys [22360]
O58 - SDL:[MD5.DA39805E2BAD99D37FCE9477DD94E7F2] - 10/01/2011 - 14:23:53 ---A- . (.Avira GmbH - Avira Driver for Security Enhancement.) -- C:\WINDOWS\system32\drivers\avipbb.sys [135096]
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 24/04/2003 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 24/04/2003 - 13:00:00 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys [11776]
O58 - SDL:[MD5.8942419786970ADB32B05BB7950AEE72] - 04/12/2008 - 22:58:48 ---A- . (.Intel Corporation - Intel(R) PRO/1000 Adapter NDIS 5.2 deserialized driver.) -- C:\WINDOWS\system32\drivers\e1e5132.sys [241296]
O58 - SDL:[MD5.8182FF89C65E4D38B2DE4BB0FB18564E] - 18/05/2009 - 12:17:00 ---A- . (.GEAR Software Inc. - CD DVD Filter.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys [26600]
O58 - SDL:[MD5.899078EC90E8A286F5FD6A7F48E920C6] - 20/05/2009 - 06:56:20 ---A- . (.Intel Corporation - NDIS 5.1 Advanced Networking Services..) -- C:\WINDOWS\system32\drivers\ianswxp.sys [116360]
O58 - SDL:[MD5.2358C53F30CB9DCD1D3843C4E2F299B2] - 12/09/2009 - 17:58:38 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\WINDOWS\system32\drivers\iaStor.sys [305176]
O58 - SDL:[MD5.3B743262B6456167888D15F1121B3BF7] - 21/01/2009 - 10:42:56 ---A- . (.Intel Corporation - Intel Graphics Miniport Driver.) -- C:\WINDOWS\system32\drivers\igxpmp32.sys [6278560]
O58 - SDL:[MD5.8C48260FD6C281DA171BDCC7B7396379] - 23/06/2009 - 23:54:16 ---A- . (.Intel Corporation - Intel(R) Network Adapter Diagnostic Driver.) -- C:\WINDOWS\system32\drivers\iqvw32.sys [30880]
O58 - SDL:[MD5.67B48A903430C6D4FB58CBACA1866601] - 29/04/2010 - 14:39:26 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbam.sys [20952]
O58 - SDL:[MD5.C7DD7D9739785BD3A6B8499EEC1DEE7E] - 29/04/2010 - 14:39:38 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys [38224]
O58 - SDL:[MD5.07D6A1839473C9B5432F034EE18CDD04] - 22/07/2008 - 13:29:46 ---A- . (.Mediafour Corporation - MacDrive file system driver.) -- C:\WINDOWS\system32\drivers\MDFSYSNT.SYS [288768]
O58 - SDL:[MD5.71C3F8FA39C7409BCA9099E44C19DD78] - 28/02/2007 - 10:15:08 ---A- . (.Mediafour Corporation - MacDrive partition driver.) -- C:\WINDOWS\system32\drivers\MDPMGRNT.SYS [19072]
O58 - SDL:[MD5.25A4177B8ABF458691138F0C9684E70F] - 03/07/2006 - 09:31:26 ---A- . (.Windows (R) 2000 DDK provider - Trace Kernel Mode Driver.) -- C:\WINDOWS\system32\drivers\MGHwCtrl.sys [9088]
O58 - SDL:[MD5.12B0D99865434387F784268B70E23360] - 11/10/2007 - 12:21:50 ---A- . (.Intel Corporation - Intel® Wireless WiFi Link Driver.) -- C:\WINDOWS\system32\drivers\NETw4x32.sys [2203520]
O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 24/04/2003 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\nikedrv.sys [12032]
O58 - SDL:[MD5.2ADC0CA9945C65284B3D19BC18765974] - 13/04/2008 - 11:54:38 ---A- . (.National Semiconductor Corporation - NSC Fast Infrared Driver..) -- C:\WINDOWS\system32\drivers\nscirda.sys [28672]
O58 - SDL:[MD5.D24DFD16A1E2A76034DF5AA18125C35D] - 01/09/2010 - 09:30:58 ---A- . (.Secunia - Secunia PSI Driver.) -- C:\WINDOWS\system32\drivers\psi_mf.sys [15544]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 24/04/2003 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys [17792]
O58 - SDL:[MD5.355AAC141B214BEF1DBC1483AFD9BD50] - 24/02/2007 - 13:42:22 ---A- . (.REDC - RICOH SD Driver.) -- C:\WINDOWS\system32\drivers\rimmptsk.sys [39936]
O58 - SDL:[MD5.A4216C71DD4F60B26418CCFD99CD0815] - 23/01/2007 - 15:40:20 ---A- . (.REDC - RICOH MS Driver.) -- C:\WINDOWS\system32\drivers\rimsptsk.sys [42496]
O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 24/04/2003 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers\rio8drv.sys [12032]
O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 24/04/2003 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\riodrv.sys [12032]
O58 - SDL:[MD5.D231B577024AA324AF13A42F3A807D10] - 21/03/2007 - 21:02:04 ---A- . (.REDC - RICOH XD SM Driver.) -- C:\WINDOWS\system32\drivers\rixdptsk.sys [37376]
O58 - SDL:[MD5.915CE2A58C6917E3C53BE1E91FA66BA8] - 14/06/2007 - 15:41:58 ---A- . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function Driver.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys [4429312]
O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/04/2008 - 09:39:16 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\secdrv.sys [20480]
O58 - SDL:[MD5.9F66C4BD06334BB772317C438644EF74] - 25/01/2007 - 17:48:34 ---A- . (.Pas de propriétaire - USB2.0 PC Camera driver.) -- C:\WINDOWS\system32\drivers\sncamd.sys [25472]
O58 - SDL:[MD5.B64C7DC23A9C173E5766120BECAA01D9] - 30/03/2007 - 13:41:54 ---A- . (.Pas de propriétaire - USB2.0 PC Camera driver.) -- C:\WINDOWS\system32\drivers\snp2sxp.sys [12033024]
O58 - SDL:[MD5.CCED1300F915817C00FCFD7FA0EE1300] - 22/12/2009 - 00:00:00 ---A- . (...) -- C:\WINDOWS\system32\drivers\sptd.sys [691696]
O58 - SDL:[MD5.A36EE93698802CD899F98BFD553D8185] - 17/06/2010 - 14:27:22 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\system32\drivers\ssmdrv.sys [28520]
O58 - SDL:[MD5.8D624D3BD1F2D78BD1C01A2D4E954B4E] - 10/10/2006 - 18:33:00 ---A- . (.TOSHIBA Corporation - TOSHIBA Bluetooth Port Emulation Driver.) -- C:\WINDOWS\system32\drivers\tosporte.sys [41600]
O58 - SDL:[MD5.266DF087A8C24DA34FF40CF3DF86CCFB] - 22/02/2007 - 18:56:24 ---A- . (.TOSHIBA CORPORATION - Bluetooth RF Bus Driver.) -- C:\WINDOWS\system32\drivers\tosrfbd.sys [113920]
O58 - SDL:[MD5.90C8525BC578AAFFE87C2D0ED4379E9E] - 20/11/2006 - 16:55:16 ---A- . (.TOSHIBA Corporation - Bluetooth RFBNEP Driver.) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys [36480]
O58 - SDL:[MD5.5BA1CA3B3CDDB1DDC67DF473F05D1EC2] - 01/08/2005 - 15:45:00 ---A- . (.TOSHIBA Corporation - Bluetooth RFCOMM Driver.) -- C:\WINDOWS\system32\drivers\tosrfcom.sys [64896]
O58 - SDL:[MD5.7C807BA9660E2995CC0217A14A24094C] - 01/03/2007 - 15:53:12 ---A- . (.TOSHIBA Corporation. - Bluetooth HID Driver from TOSHIBA.) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys [73728]
O58 - SDL:[MD5.C52FD27B9ADF3A1F22CB90E6BCF9B0CB] - 06/01/2005 - 12:42:00 ---A- . (.TOSHIBA Corporation. - Bluetooth BNEP Driver.) -- C:\WINDOWS\system32\drivers\tosrfnds.sys [18612]
O58 - SDL:[MD5.A4CE9572BC4AC8D329455059B43C5BEA] - 22/01/2007 - 09:43:26 ---A- . (.TOSHIBA Corporation - Bluetooth Audio Driver (WDM).) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys [53376]
O58 - SDL:[MD5.CDDA265C7617A2745B48E0DE572012A6] - 28/02/2007 - 21:27:06 ---A- . (.TOSHIBA CORPORATION - Bluetooth USB Miniport Driver.) -- C:\WINDOWS\system32\drivers\tosrfusb.sys [41344]
O58 - SDL:[MD5.D74A8EC75305F1D3CFDE7C7FC1BD62A9] - 24/04/2003 - 13:00:00 ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\drivers\tsbvcap.sys [21376]
O58 - SDL:[MD5.E8C1B9EBAC65288E1B51E8A987D98AF6] - 16/10/2009 - 01:33:06 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\WINDOWS\system32\drivers\usbaapl.sys [41472]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 24/04/2003 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 24/04/2003 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 24/04/2003 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 24/04/2003 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 24/04/2003 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 24/04/2003 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 24/04/2003 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 24/04/2003 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 24/04/2003 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 24/04/2003 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 24/04/2003 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 03/08/2004 - 21:45:26 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 03/08/2004 - 21:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 03/08/2004 - 21:45:12 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 03/08/2004 - 21:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 03/08/2004 - 21:45:14 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
terrificolor
 
Messages: 23
Inscription: 23 Mar 2010 18:11

Re: fichier csrss.exe infecté et navigation internet impossi

Messagepar terrificolor » 19 Fév 2011 17:47

---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: HijackThis 2.0.2 - (.TrendMicro.) [HKLM] -- HijackThis
O63 - Logiciel: ZHPDiag 1.27 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1


---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - C:\WINDOWS\system32\drivers\afd.sys - Environnement de prise en charge de réseau AFD (AFD) .(.Microsoft Corporation - Ancillary Function Driver for WinSock.) - LEGACY_AFD
O64 - Services: CurCS - C:\WINDOWS\System32\alg.exe - Service de la passerelle de la couche Application (ALG) .(.Microsoft Corporation - Application Layer Gateway Service.) - LEGACY_ALG
O64 - Services: CurCS - C:\Program Files\Avira\AntiVir Desktop\sched.exe - Avira AntiVir Scheduler (AntiVirSchedulerService) .(.Avira GmbH - Antivirus Scheduler.) - LEGACY_ANTIVIRSCHEDULERSERVICE
O64 - Services: CurCS - C:\Program Files\Avira\AntiVir Desktop\avguard.exe - Avira AntiVir Guard (AntiVirService) .(.Avira GmbH - Antivirus On-Access Service.) - LEGACY_ANTIVIRSERVICE
O64 - Services: CurCS - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe - Apple Mobile Device (Apple Mobile Device) .(.Apple Inc. - MobileDeviceService.) - LEGACY_APPLE_MOBILE_DEVICE
O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Gestion d'applications (AppMgmt) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_APPMGMT
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\arp1394.sys - Protocole client ARP 1394 (Arp1394) .(.Microsoft Corporation - IP/1394 Arp Client.) - LEGACY_ARP1394
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Audio Windows (AudioSrv) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_AUDIOSRV
O64 - Services: CurCS - (.not file.) - AVG7 Alert Manager Server (Avg7Alrt) .(...) - LEGACY_AVG7ALRT
O64 - Services: CurCS - (.not file.) - AVG7 Kernel (Avg7Core) .(...) - LEGACY_AVG7CORE
O64 - Services: CurCS - (.not file.) - AVG7 Wrap Driver (Avg7RsW) .(...) - LEGACY_AVG7RSW
O64 - Services: CurCS - (.not file.) - AVG7 Resident Driver XP (Avg7RsXP) .(...) - LEGACY_AVG7RSXP
O64 - Services: CurCS - (.not file.) - AVG7 Update Service (Avg7UpdSvc) .(...) - LEGACY_AVG7UPDSVC
O64 - Services: CurCS - (.not file.) - AVG Clean Driver (AvgClean) .(...) - LEGACY_AVGCLEAN
O64 - Services: CurCS - (.not file.) - AVG E-mail Scanner (AVGEMS) .(...) - LEGACY_AVGEMS
O64 - Services: CurCS - C:\Program Files\Avira\AntiVir Desktop\avgio.sys - avgio (avgio) .(.Avira GmbH - Avira AntiVir Support for Minifilter.) - LEGACY_AVGIO
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\avgntflt.sys - avgntflt (avgntflt) .(.Avira GmbH - Avira Minifilter Driver.) - LEGACY_AVGNTFLT
O64 - Services: CurCS - (.not file.) - AVG Network Redirector (AvgTdi) .(...) - LEGACY_AVGTDI
O64 - Services: CurCS - (.not file.) - AVG Free8 Network Redirector (AvgTdiX) .(...) - LEGACY_AVGTDIX
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\avipbb.sys - avipbb (avipbb) .(.Avira GmbH - Avira Driver for Security Enhancement.) - LEGACY_AVIPBB
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\BEEP.sys - Beep (Beep) .(...) - LEGACY_BEEP
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Service de transfert intelligent en arrière-plan (BITS) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_BITS
O64 - Services: CurCS - C:\Program Files\Bonjour\mDNSResponder.exe - Service Bonjour (Bonjour Service) .(.Apple Inc. - Bonjour Service.) - LEGACY_BONJOUR_SERVICE
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Explorateur d'ordinateur (Browser) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_BROWSER
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\CDFS.sys - cdfs (cdfs) .(...) - LEGACY_CDFS
O64 - Services: CurCS - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe - .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) .(.Microsoft Corporation - .NET Runtime Optimization Service.) - LEGACY_CLR_OPTIMIZATION_V2.0.50727_32
O64 - Services: CurCS - (.not file.) - (.not file.) - Application système COM+ (COMSysApp) .(...) - LEGACY_COMSYSAPP
O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Services de cryptographie (CryptSvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_CRYPTSVC
O64 - Services: CurCS - (.not file.) - (.not file.) - Lanceur de processus serveur DCOM (DcomLaunch) .(...) - LEGACY_DCOMLAUNCH
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Client DHCP (Dhcp) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_DHCP
O64 - Services: CurCS - C:\Windows\System32\drivers\dmboot.sys - dmboot (dmboot) .(.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disq.) - LEGACY_DMBOOT
O64 - Services: CurCS - C:\Windows\System32\drivers\dmload.sys - dmload (dmload) .(.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) - LEGACY_DMLOAD
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Client DNS (Dnscache) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_DNSCACHE
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Service de rapport d'erreurs (ERSvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_ERSVC
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Système d'événements de COM+ (EventSystem) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_EVENTSYSTEM
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\FASTFAT.sys - fastfat (fastfat) .(...) - LEGACY_FASTFAT
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Compatibilité avec le Changement rapide d'utilisateur (FastUserSwitchingCompatibility) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_FASTUSERSWITCHINGCOMPATIBILITY
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\FIPS.sys - Fips (Fips) .(...) - LEGACY_FIPS
O64 - Services: CurCS - C:\Windows\System32\drivers\fltmgr.sys - FltMgr (FltMgr) .(.Microsoft Corporation - Microsoft Filesystem Filter Manager.) - LEGACY_FLTMGR
O64 - Services: CurCS - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe - Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) .(.Microsoft Corporation - PresentationFontCache.exe.) - LEGACY_FONTCACHE3.0.0.0
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\FS_REC.sys - Fs_Rec (Fs_Rec) .(...) - LEGACY_FS_REC
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\msgpc.sys - Classificateur de paquets générique (Gpc) .(.Microsoft Corporation - MS General Packet Classifier.) - LEGACY_GPC
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Aide et support (helpsvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_HELPSVC
O64 - Services: CurCS - C:\Windows\System32\Drivers\HTTP.sys - HTTP (HTTP) .(.Microsoft Corporation - HTTP Protocol Stack.) - LEGACY_HTTP
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - HTTP SSL (HTTPFilter) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_HTTPFILTER
O64 - Services: CurCS - C:\WINDOWS\System32\imapi.exe - Service COM de gravage de CD IMAPI (ImapiService) .(.Microsoft Corporation - API Image Mastering.) - LEGACY_IMAPISERVICE
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\ipnat.sys - Traducteur d'adresses réseau IP (IpNat) .(.Microsoft Corporation - IP Network Address Translator.) - LEGACY_IPNAT
O64 - Services: CurCS - C:\Program Files\iPod\bin\iPodService.exe - Service de l’iPod (iPod Service) .(.Apple Inc. - iPodService Module (32-bit).) - LEGACY_IPOD_SERVICE
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\ipsec.sys - Pilote IPSEC (IPSec) .(.Microsoft Corporation - IPSec Driver.) - LEGACY_IPSEC
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\irda.sys - Protocole IrDA (irda) .(.Microsoft Corporation - IRDA Protocol Driver.) - LEGACY_IRDA
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Moniteur infrarouge (Irmon) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_IRMON
O64 - Services: CurCS - C:\Program Files\Java\jre6\bin\jqs.exe - Java Quick Starter (JavaQuickStarterService) .(.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) - LEGACY_JAVAQUICKSTARTERSERVICE
O64 - Services: CurCS - (.not file.) - klmd25 (klmd25) .(...) - LEGACY_KLMD25
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\KSECDD.sys - ksecdd (ksecdd) .(...) - LEGACY_KSECDD
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Serveur (lanmanserver) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_LANMANSERVER
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Station de travail (LanmanWorkstation) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_LANMANWORKSTATION
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Assistance TCP/IP NetBIOS (LmHosts) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_LMHOSTS
O64 - Services: CurCS - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe - MacDrive service (MacDriveService) .(.Mediafour Corporation - MacDrive service.) - LEGACY_MACDRIVESERVICE
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MDFSYSNT.sys - (.not file.) - MacDrive file system driver (MDFSYSNT) .(...) - LEGACY_MDFSYSNT
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MDPMGRNT.sys - (.not file.) - MacDrive partition driver (MDPMGRNT) .(...) - LEGACY_MDPMGRNT
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Affichage des messages (Messenger) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_MESSENGER
O64 - Services: CurCS - C:\WINDOWS\system32\drivers\MGHwCtrl.sys - MGHwCtrl (MGHwCtrl) .(.Windows (R) 2000 DDK provider - Trace Kernel Mode Driver.) - LEGACY_MGHWCTRL
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MNMDD.sys - mnmdd (mnmdd) .(...) - LEGACY_MNMDD
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MOUNTMGR.sys - (.not file.) - mountmgr (mountmgr) .(...) - LEGACY_MOUNTMGR
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\mrxdav.sys - Redirecteur client WebDav (MRxDAV) .(.Microsoft Corporation - Windows NT WebDav Minirdr.) - LEGACY_MRXDAV
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\mrxsmb.sys - MRXSMB (MRxSmb) .(.Microsoft Corporation - Windows NT SMB Minirdr.) - LEGACY_MRXSMB
O64 - Services: CurCS - C:\WINDOWS\System32\msdtc.exe - Distributed Transaction Coordinator (MSDTC) .(.Microsoft Corporation - MS DTC console program.) - LEGACY_MSDTC
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MSFS.sys - Msfs (Msfs) .(...) - LEGACY_MSFS
O64 - Services: CurCS - C:\WINDOWS\System32\msiexec.exe - Windows Installer (MSIServer) .(.Microsoft Corporation - Windows® installer.) - LEGACY_MSISERVER
O64 - Services: CurCS - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe - MSSQL$SONY_MEDIAMGR (MSSQL$SONY_MEDIAMGR) .(.Microsoft Corporation - SQL Server Windows NT.) - LEGACY_MSSQL$SONY_MEDIAMGR
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MUP.sys - (.not file.) - Mup (Mup) .(...) - LEGACY_MUP
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\iqvw32.sys - Nal Service (NAL) .(.Intel Corporation - Intel(R) Network Adapter Diagnostic Driver.) - LEGACY_NAL
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NDIS.sys - (.not file.) - Pilote système NDIS (NDIS) .(...) - LEGACY_NDIS
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\ndistapi.sys - Pilote TAPI NDIS d'accès distant (NdisTapi) .(.Microsoft Corporation - NDIS 3.0 connection wrapper driver.) - LEGACY_NDISTAPI
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\ndisuio.sys - NDIS mode utilisateur E/S Protocole (Ndisuio) .(.Microsoft Corporation - NDIS User mode I/O Driver.) - LEGACY_NDISUIO
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NDPROXY.sys - NDProxy (NDProxy) .(...) - LEGACY_NDPROXY
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\netbios.sys - Interface NetBIOS (NetBIOS) .(.Microsoft Corporation - NetBIOS interface driver.) - LEGACY_NETBIOS
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\netbt.sys - NetBIOS sur TCP/IP (NetBT) .(.Microsoft Corporation - MBT Transport driver.) - LEGACY_NETBT
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Connexions réseau (Netman) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_NETMAN
O64 - Services: CurCS - C:\Program Files\System Control Manager\edd.exe - SCM Driver Daemon (NishService) .(...) - LEGACY_NISHSERVICE
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - NLA (Network Location Awareness) (Nla) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_NLA
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NPFS.sys - Npfs (Npfs) .(...) - LEGACY_NPFS
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NTFS.sys - ntfs (ntfs) .(...) - LEGACY_NTFS
O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Stockage amovible (NtmsSvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_NTMSSVC
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NULL.sys - Null (Null) .(...) - LEGACY_NULL
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\PARTMGR.sys - (.not file.) - PartMgr (PartMgr) .(...) - LEGACY_PARTMGR
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\PARVDM.sys - ParVdm (ParVdm) .(...) - LEGACY_PARVDM
O64 - Services: CurCS - C:\WINDOWS\System32\lsass.exe - Services IPSEC (PolicyAgent) .(.Microsoft Corporation - LSA Shell (Export Version).) - LEGACY_POLICYAGENT
O64 - Services: CurCS - C:\WINDOWS\system32\lsass.exe - Emplacement protégé (ProtectedStorage) .(.Microsoft Corporation - LSA Shell (Export Version).) - LEGACY_PROTECTEDSTORAGE
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\psi_mf.sys - PSI (PSI) .(.Secunia - Secunia PSI Driver.) - LEGACY_PSI
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\rasacd.sys - Pilote de connexion automatique d'accès distant (RasAcd) .(.Microsoft Corporation - RAS Automatic Connection Driver.) - LEGACY_RASACD
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Gestionnaire de connexions d'accès distant (RasMan) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_RASMAN
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\rdbss.sys - Rdbss (Rdbss) .(.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - LEGACY_RDBSS
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\RDPCDD.sys - RDPCDD (RDPCDD) .(.Microsoft Corporation - RDP Miniport.) - LEGACY_RDPCDD
O64 - Services: CurCS - (.not file.) - RDPNP (RDPNP) .(...) - LEGACY_RDPNP
O64 - Services: CurCS - (.not file.) - (.not file.) - Appel de procédure distante (RPC) (RpcSs) .(...) - LEGACY_RPCSS
O64 - Services: CurCS - C:\WINDOWS\system32\lsass.exe - Gestionnaire de comptes de sécurité (SamSs) .(.Microsoft Corporation - LSA Shell (Export Version).) - LEGACY_SAMSS
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Planificateur de tâches (Schedule) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SCHEDULE
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Connexion secondaire (seclogon) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SECLOGON
O64 - Services: CurCS - C:\Program Files\Secunia\PSI\PSIA.exe - Secunia PSI Agent (Secunia PSI Agent) .(.Secunia - Secunia PSI Agent.) - LEGACY_SECUNIA_PSI_AGENT
O64 - Services: CurCS - C:\Program Files\Secunia\PSI\sua.exe - Secunia Update Agent (Secunia Update Agent) .(.Secunia - Secunia Update Agent.) - LEGACY_SECUNIA_UPDATE_AGENT
O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Notification d'événement système (SENS) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SENS
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Pare-feu Windows / Partage de connexion Internet (SharedAccess) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SHAREDACCESS
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Détection matériel noyau (ShellHWDetection) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SHELLHWDETECTION
O64 - Services: CurCS - C:\WINDOWS\system32\spoolsv.exe - Spouleur d'impression (Spooler) .(.Microsoft Corporation - Spooler SubSystem App.) - LEGACY_SPOOLER
O64 - Services: CurCS - C:\Windows\System32\Drivers\sptd.sys - sptd (sptd) .(...) - LEGACY_SPTD
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\sr.sys - Pilote de filtre de restauration système (sr) .(.Microsoft Corporation - Pilote de filtre de système de fichiers pou.) - LEGACY_SR
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Service de restauration système (srservice) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SRSERVICE
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\srv.sys - Srv (Srv) .(.Microsoft Corporation - Server driver.) - LEGACY_SRV
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Service de découvertes SSDP (SSDPSRV) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SSDPSRV
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\ssmdrv.sys - ssmdrv (ssmdrv) .(.Avira GmbH - AVIRA SnapShot Driver.) - LEGACY_SSMDRV
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Acquisition d'image Windows (WIA) (stisvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_STISVC
O64 - Services: CurCS - (.not file.) - (.not file.) - MS Software Shadow Copy Provider (SwPrv) .(...) - LEGACY_SWPRV
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Téléphonie (TapiSrv) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_TAPISRV
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\tcpip.sys - Pilote du protocole TCP/IP (Tcpip) .(.Microsoft Corporation - TCP/IP Protocol Driver.) - LEGACY_TCPIP
O64 - Services: CurCS - (.not file.) - (.not file.) - Services Terminal Server (TermService) .(...) - LEGACY_TERMSERVICE
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Thèmes (Themes) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_THEMES
O64 - Services: CurCS - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe - TOSHIBA Bluetooth Service (TOSHIBA Bluetooth Service) .(.TOSHIBA CORPORATION - TOSHIBA Bluetooth Service.) - LEGACY_TOSHIBA_BLUETOOTH_SERVICE
O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Client de suivi de lien distribué (TrkWks) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_TRKWKS
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\UDFS.sys - Udfs (Udfs) .(...) - LEGACY_UDFS
O64 - Services: CurCS - C:\Program Files\Unlocker\UnlockerDriver5.sys - UnlockerDriver5 (UnlockerDriver5) .(...) - LEGACY_UNLOCKERDRIVER5
O64 - Services: CurCS - (.not file.) - Gestionnaire de téléchargement (uploadmgr) .(...) - LEGACY_UPLOADMGR
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\VGA.sys - vga (vga) .(...) - LEGACY_VGA
O64 - Services: CurCS - C:\WINDOWS\system32\drivers\vga.sys - VgaSave (VgaSave) .(.Microsoft Corporation - VGA/Super VGA Video Driver.) - LEGACY_VGASAVE
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\VOLSNAP.sys - VolSnap (VolSnap) .(...) - LEGACY_VOLSNAP
O64 - Services: CurCS - C:\WINDOWS\System32\vssvc.exe - Cliché instantané de volume (VSS) .(.Microsoft Corporation - Service de cliché instantané de volumes Mic.) - LEGACY_VSS
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Horloge Windows (W32Time) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_W32TIME
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\wanarp.sys - Pilote ARP IP d'accès distant (Wanarp) .(.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - LEGACY_WANARP
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - WebClient (WebClient) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WEBCLIENT
O64 - Services: CurCS - C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe - Windows Internet Name Service (Windows Internet Name Service) .(.Pas de propriétaire - Provides Internet Name Service.) - LEGACY_WINDOWS_INTERNET_NAME_SERVICE
O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Infrastructure de gestion Windows (winmgmt) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WINMGMT
O64 - Services: CurCS - C:\WINDOWS\System32\wbem\wmiapsrv.exe - Carte de performance WMI (WmiApSrv) .(.Microsoft Corporation - Service de la carte de performance WMI.) - LEGACY_WMIAPSRV
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Centre de sécurité (wscsvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WSCSVC
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Mises à jour automatiques (wuauserv) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WUAUSERV
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Configuration automatique sans fil (WZCSVC) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WZCSVC


---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe


---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <MSN Explorer> <>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - msn.) -- C:\Program Files\MSN\MSNCoreFiles\MSN6.exe


---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {8A96AF9E-4074-43b7-BEA3-87217BDA7403} [DefaultScope] - (Web Search) - http://www.searchqu.com
O69 - SBI: SearchScopes [HKCU] {C52A27E8-9049-4A09-A181-91357823962A} - (Bing) - http://www.bing.com


---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.00000000000000000000000000000000] [SPRF] (.Pas de propriétaire - Pas de description.) -- C:\Documents and Settings\Terri\Application Data\dwm.exe [201728]


---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 10/01/2011 135336 | (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 10/01/2011 267944 | (AntiVirService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 05/01/2011 37664 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 27/07/2010 345376 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\System32\dmadmin.exe
SR - | Demand 25/01/2011 820008 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 19/02/2011 153376 | (JavaQuickStarterService) . (.Sun Microsystems, Inc..) - C:\Program Files\Java\jre6\bin\jqs.exe
SR - | Auto 02/05/2008 150528 | (MacDriveService) . (.Mediafour Corporation.) - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
SR - | Auto 05/08/2010 40960 | (NishService) . (.Pas de propriétaire.) - C:\Program Files\System Control Manager\edd.exe
SR - | Auto 21/12/2010 987704 | (Secunia PSI Agent) . (.Secunia.) - C:\Program Files\Secunia\PSI\PSIA.exe
SS - | Auto 21/12/2010 399416 | (Secunia Update Agent) . (.Secunia.) - C:\Program Files\Secunia\PSI\sua.exe
SR - | Auto 25/02/2007 125048 | (TOSHIBA Bluetooth Service) . (.TOSHIBA CORPORATION.) - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
SR - | Auto 11/02/2011 4931584 | (Windows Internet Name Service) . (.Pas de propriétaire.) - C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe


---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net
Run by Terri at 19/02/2011 17:35:55

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spdu.sys hal.dll >>UNKNOWN [0x8A6B6938]<<
C:\WINDOWS\system32\drivers\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
spdu.sys
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A606030]
3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IAAStorageDevice-0[0x8A061030]
kernel: MBR read successfully
user & kernel MBR OK


---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Terri at 19/02/2011 17:35:55
Use the desktop link 'MBRCheck' to have full report



---\\ Liste des émulateurs de CD/DVD (Hook du MBR)
O42 - Logiciel: DAEMON Tools Toolbar - (.DT Soft Ltd.) [HKLM] -- DAEMON Tools Toolbar
O58 - SDL:[MD5.CCED1300F915817C00FCFD7FA0EE1300] - 22/12/2009 - 00:00:00 ---A- . (...) -- C:\WINDOWS\system32\drivers\sptd.sys [691696]



End of the scan (1124 lines in 01mn 04s)(0)


Merci encore pour votre aide et pour le temps que vous me consacrez.
à bientôt.
terrificolor
 
Messages: 23
Inscription: 23 Mar 2010 18:11

Re: fichier csrss.exe infecté et navigation internet impossi

Messagepar Florinator » 20 Fév 2011 11:55

Bonjour,

Ok, les problèmes sont identifiés et on va arranger tout ça, suis bien ceci dans l'ordre demandé et n'hesite pas à me demander si tu as un doute, prends bien le temps de faire tout les scans:



Il reste des traces d'installation d'AVG que nous devons supprimer:

  • Télécharge AVGRemover
  • Exécute le, laisse le faire.
  • Redémarre la machine une fois finie





Il y a des toolbars espionnes, prend le temps de lire ceci pour les éviter à l'avenir.
On va les supprimer:

Télécharge Ad-Remover

!Déconnectes toi et fermes toutes applications en cours !

  • Lance Ad-remover : au menu principal choisi l'option "Nettoyer" .
  • Poste le rapport qui apparait à la fin.

Le rapport est sauvegardé sous C:\Ad-report CLEAN.log

Si ton Bureau ne réapparaît pas:

    - Fais CTRL+ALT+SUPP pour ouvrir le Gestionnaire de tâches.
    - Clique en haut à gauche sur "Fichier"
    - Choisi "Nouvelle tâche" (Exécuter ...)
    - Tape "explorer" et valide.
    - Cela fera apparaître ton Bureau.





Le processus malsaint csrss.exe (malsaint à cause de son lieu d'installation, ne le supprimez pas bêtement) se lance à chaque démarrage, ton antivirus doit bloqué le fichier appelé mais pas la ligne de registre qui l'apelle, d'où les messages d'erreur, on va le corriger:

  • Copie ces lignes ci dessous:

Code: Tout sélectionner
[MD5.CCED1300F915817C00FCFD7FA0EE1300] - (.Pas de propriétaire - Pas de description.) -- C:\Documents and Settings\Terri\Application Data\dwm.exe [201728] 
[MD5.CCED1300F915817C00FCFD7FA0EE1300] - (.Pas de propriétaire - Pas de description.) -- C:\DOCUME~1\Terri\LOCALS~1\Temp\csrss.exe [198144]   
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:61273 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1



  • Ouvre ZHPDiag, puis clique sur l'icône Image
    Si l'icône n'apparait pas, relance un scan avec ZHPDiag, à la fin du scan elle apparaitra
  • Clique successivement sur l'icône Image,pour effacer le rapport qui s'est affiché
  • Clique ensuite sur Image pour coller la sélection
  • Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre
  • Clique sur "OK", ce qui fait apparaître un carré à gauche de chaque ligne.
  • Clique sur "Tous" puis sur "Nettoyer".
    Si on te demande de redémarrer l'ordi pour achever le nettoyage, fais le immmédiatement.
  • Copie/colle le rapport dans ton prochain post.

Remarque:Le rapport se situe aussi sous C:\Program Files\ZebHelpProcess\ZHPFixReport.txt





Puis pour finir ensuite:

Télécharge MBAM

  • Installe le
  • Lance l'outil
  • Coche "Executer un examen complet"
  • Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
  • Clique sur Supprimer la sélection
  • Pour poster le rapport clique sur l'onglet Rapports/Log et
  • Sélectionne celui t'intéresse et clique sur Ouvrir
  • Fait copier coller et poste le rapport stp

A++
Le savoir n'est utile que si il est transmis.
Avatar de l’utilisateur
Florinator
Maître Libellulien
Maître Libellulien
 
Messages: 661
Inscription: 28 Déc 2009 16:19

Re: fichier csrss.exe infecté et navigation internet impossi

Messagepar terrificolor » 24 Fév 2011 00:20

Bonjour,
Désolé pour cette réponse tardive mais j'ai rencontré quelques problèmes
J'ai exécuté AVG remover je l'ai laissé faire et j'ai redémarrer mon ordinateur
depuis je ne peux plus me connecter à internet, quand je lance mon navigateur ce message apparaît:
La connexion a été refusée par le serveur proxy

voilà, j'ai donc besoin d'aide pour pouvoir poursuivre.
(Si vous voulez AVG remover m'a généré un rapport que je peux vous envoyer dans mon prochain post si c'est nécessaire)
Merci
terrificolor
 
Messages: 23
Inscription: 23 Mar 2010 18:11

Re: fichier csrss.exe infecté et navigation internet impossi

Messagepar terrificolor » 27 Fév 2011 15:59

Bonjour,
désolé pour le contretemps j'ai réglé (provisoiremement) mes problémes de connection,
j'ai donc bien téléchargé et éxécuté AVGRemover j'ai ensuite redémarrer.

Aprés ça j'ai fait un nettoyage avec AD Remover voici le rapport:

======= RAPPORT D'AD-REMOVER 2.0.0.2,F | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 26/02/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 01:58:18 le 27/02/2011, Mode normal

Microsoft Windows XP Édition familiale Service Pack 3 (X86)
Terri@PCNECFAB ( )

============== ACTION(S) ==============


Fichier supprimé: C:\Program Files\Mozilla FireFox\searchplugins\SearchquWebSearch.xml
Dossier supprimé: C:\Program Files\Windows Searchqu Toolbar
Dossier supprimé: C:\Documents and Settings\Terri\Application Data\Mozilla\FireFox\Profiles\tztlbguf.default\searchqutb
Fichier supprimé: C:\Documents and Settings\Terri\Application Data\Mozilla\FireFox\Profiles\tztlbguf.default\searchplugins\SearchquWebSearch.xml
Dossier supprimé: C:\Documents and Settings\Terri\Application Data\SearchquTB
Dossier supprimé: C:\Documents and Settings\Terri\Local Settings\Application Data\Conduit
Dossier supprimé: C:\Program Files\Conduit

(!) -- Fichiers temporaires supprimés.


-- Fichier ouvert: C:\Documents and Settings\Terri\Application Data\Mozilla\FireFox\Profiles\tztlbguf.default\Prefs.js --
Ligne supprimée: user_pref("keyword.URL", "hxxp://www.searchqu.com/web?src=ffb&systemid=403&q=");
-- Fichier Fermé --


Clé supprimée: HKLM\Software\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Clé supprimée: HKLM\Software\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Clé supprimée: HKLM\Software\Classes\CLSID\{7FF99715-3016-4381-84CE-E4E4C9673020}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7FF99715-3016-4381-84CE-E4E4C9673020}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FF99715-3016-4381-84CE-E4E4C9673020}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FF99715-3016-4381-84CE-E4E4C9673020}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FF99715-3016-4381-84CE-E4E4C9673020}
Clé supprimée: HKLM\Software\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Clé supprimée: HKLM\Software\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Clé supprimée: HKLM\Software\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Clé supprimée: HKLM\Software\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Clé supprimée: HKLM\Software\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Clé supprimée: HKLM\Software\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Clé supprimée: HKLM\Software\Classes\BandooCore.BandooCore
Clé supprimée: HKLM\Software\Classes\BandooCore.BandooCore.1
Clé supprimée: HKLM\Software\Classes\BandooCore.ResourcesMngr
Clé supprimée: HKLM\Software\Classes\BandooCore.ResourcesMngr.1
Clé supprimée: HKLM\Software\Classes\BandooCore.SettingsMngr
Clé supprimée: HKLM\Software\Classes\BandooCore.SettingsMngr.1
Clé supprimée: HKLM\Software\Classes\BandooCore.StatisticMngr
Clé supprimée: HKLM\Software\Classes\BandooCore.StatisticMngr.1
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2504091
Clé supprimée: HKLM\Software\Classes\AppID\BandooCore.EXE
Clé supprimée: HKLM\Software\SearchquMediabarTb
Clé supprimée: HKLM\Software\bandoo
Clé supprimée: HKLM\Software\Conduit
Clé supprimée: HKLM\Software\DataMngr
Clé supprimée: HKCU\Software\searchqutb
Clé supprimée: HKCU\Software\Conduit
Clé supprimée: HKCU\Software\DataMngr
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Fun4IM
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7403}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7403}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu MediaBar

Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DataMngr
Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{7FF99715-3016-4381-84CE-E4E4C9673020}


============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [3.6.13 (fr)] ****


-- C:\Documents and Settings\Terri\Application Data\Mozilla\FireFox\Profiles\tztlbguf.default --
Extensions\illimitux@illimitux.net (Illimitux)
Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Terri\\Bureau
Prefs.js - browser.search.defaultenginename, Web Search
Prefs.js - browser.search.selectedEngine, Google
Prefs.js - browser.startup.homepage, hxxp://www.google.com/
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.13

========================================

**** Internet Explorer Version [8.0.6001.18702] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{ba14329e-9550-4989-b3f2-9732e92d17cc} - "Vuze Remote Toolbar" (C:\Program Files\Vuze_Remote\tbVuz1.dll)
HKCU_Toolbar\WebBrowser|{BA14329E-9550-4989-B3F2-9732E92D17CC} (C:\Program Files\Vuze_Remote\tbVuz1.dll)
HKLM_Toolbar|{ba14329e-9550-4989-b3f2-9732e92d17cc} (C:\Program Files\Vuze_Remote\tbVuz1.dll)
HKLM_ElevationPolicy\2b20a7ff-3081-4a8d-9fc8-5ae7b59f959b - C:\Program Files\Vuze_Remote\Vuze_RemoteToolbarHelper.exe (?)
HKLM_ElevationPolicy\75fa07d4-3777-4c44-928d-56cef0efce23 - C:\Program Files\Vuze_Remote\Vuze_RemoteToolbarHelper.exe (?)
HKLM_ElevationPolicy\86fcc4ae-e585-408e-aa28-07411977bf45 - C:\Program Files\Vuze_Remote\Vuze_RemoteToolbarHelper.exe (?)
HKLM_ElevationPolicy\adb7e4fd-b7d2-4133-94e6-ac91548668bb - C:\Program Files\Vuze_Remote\Vuze_RemoteToolbarHelper.exe (?)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (?)
BHO\{ba14329e-9550-4989-b3f2-9732e92d17cc} - "Vuze Remote Toolbar" (C:\Program Files\Vuze_Remote\tbVuz1.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 492 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 14 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 27/02/2011 01:58:57 (7017 Octet(s))

Fin à: 02:00:21, 27/02/2011

============== E.O.F ==============


J'ai ensuite copié les lignes de codes dans ZHPDiag puis j'ai "nettoyé"
Voilà le rapport de ZHPDiag:

Rapport de ZHPFix 1.12.3256 par Nicolas Coolman, Update du 23/02/2011
Fichier d'export Registre :
Run by Terri at 27/02/2011 02:18:09
Windows XP Home Edition Service Pack 3 (Build 2600)
Web site : http://www.premiumorange.com/zeb-help-p ... hpfix.html
Contact : nicolascoolman@yahoo.fr

========== Processus mémoire ==========
C:\DOCUME~1\Terri\LOCALS~1\Temp\csrss.exe [198144] => Supprimé et mis en quarantaine

========== Elément(s) de donnée du Registre ==========
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:61273 => Donnée supprimée avec succès
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1 => Donnée supprimée avec succès


========== Récapitulatif ==========
1 : Processus mémoire
2 : Elément(s) de donnée du Registre


End of the scan

Enfin voici le rapport de MBAM:

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Version de la base de données: 5889

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

27/02/2011 11:32:15
mbam-log-2011-02-27 (11-32-15).txt

Type d'examen: Examen complet (C:\|D:\|G:\|I:\|)
Elément(s) analysé(s): 446372
Temps écoulé: 2 heure(s), 40 minute(s), 28 seconde(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
c:\documents and settings\Terri\application data\microsoft\conhost.exe (Spyware.Passwords.XGen) -> 572 -> Unloaded process successfully.
c:\documents and settings\Terri\application data\dwm.exe (Spyware.Passwords.XGen) -> 2160 -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Spyware.Passwords.XGen) -> Value: conhost -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Spyware.Passwords.XGen) -> Bad: (C:\DOCUME~1\Terri\LOCALS~1\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\documents and settings\Terri\application data\microsoft\conhost.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\Terri\application data\dwm.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Documents and Settings\Terri\Local Settings\Temp\csrss.exe (Spyware.Passwords.XGen) -> Delete on reboot.
c:\documents and settings\Terri\local settings\Temp\7.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

Malgré les codes que j'ai copié dans ZHPDiag en suivant vos conseils à la lettre je dois vous dire qu'au démarrage de windows j'ai toujours deux fenêtres de dialogue qui apparaissent:
la première disant:
Windows ne trouve pas 'C:\DOCUME~1\Terri\LOCALS~1\Temp\csrss.exe'. Vérifiez que vous avez entré le nom correctement et essayez à nouveau.
Pour rechercher un fichier, cliquez sur le bouton Démarrer, puis sur Rechercher.

La seconde:
Impossible de charger ou d'exécuter 'C:\DOCUME~1\Terri\LOCALS~1\Temp\csrss.exe' spécifié dans le Registre. Vérifiez que le fichier existe sur votre
ordinateur ou supprimez la référence dans le Registre.

Je dois rajouter que je suis un peu inquiet, car mon antivirus (avira antivir) détecte des centaines de fichiers infectés, j'ai l'impression que la situation empire de jours en jours.
Merci
terrificolor
 
Messages: 23
Inscription: 23 Mar 2010 18:11

Re: fichier csrss.exe infecté et navigation internet impossi

Messagepar Florinator » 27 Fév 2011 19:52

Bonsoir,

Cette erreure provient d'une clé qui apelle un fichier qui existe plus, ça ,ça va se régler.
Ce qui me préoccupe est sont les fichiers trouvés par Antivir, peux tu lancer un scan complet du système et me poster le rapport obtenu stp?

A++
Le savoir n'est utile que si il est transmis.
Avatar de l’utilisateur
Florinator
Maître Libellulien
Maître Libellulien
 
Messages: 661
Inscription: 28 Déc 2009 16:19

Re: fichier csrss.exe infecté et navigation internet impossi

Messagepar terrificolor » 28 Fév 2011 20:19

Bonsoir,
voilà le rapport d'Antivir:


Avira AntiVir Personal
Report file date: lundi 28 février 2011 00:14

Scanning for 2437318 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : Terri
Computer name : PCNECFAB

Version information:
BUILD.DAT : 10.0.0.611 31824 Bytes 14/01/2011 13:42:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 10/01/2011 13:23:31
AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2010 11:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 10/01/2011 13:23:40
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 22:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 13:23:50
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09/02/2011 20:07:21
VBASE003.VDF : 7.11.3.1 2048 Bytes 09/02/2011 20:07:21
VBASE004.VDF : 7.11.3.2 2048 Bytes 09/02/2011 20:07:21
VBASE005.VDF : 7.11.3.3 2048 Bytes 09/02/2011 20:07:21
VBASE006.VDF : 7.11.3.4 2048 Bytes 09/02/2011 20:07:21
VBASE007.VDF : 7.11.3.5 2048 Bytes 09/02/2011 20:07:22
VBASE008.VDF : 7.11.3.6 2048 Bytes 09/02/2011 20:07:22
VBASE009.VDF : 7.11.3.7 2048 Bytes 09/02/2011 20:07:22
VBASE010.VDF : 7.11.3.8 2048 Bytes 09/02/2011 20:07:22
VBASE011.VDF : 7.11.3.9 2048 Bytes 09/02/2011 20:07:23
VBASE012.VDF : 7.11.3.10 2048 Bytes 09/02/2011 20:07:23
VBASE013.VDF : 7.11.3.59 157184 Bytes 14/02/2011 20:07:24
VBASE014.VDF : 7.11.3.97 120320 Bytes 16/02/2011 13:12:59
VBASE015.VDF : 7.11.3.148 128000 Bytes 19/02/2011 11:53:23
VBASE016.VDF : 7.11.3.183 140288 Bytes 22/02/2011 23:34:04
VBASE017.VDF : 7.11.3.216 124416 Bytes 24/02/2011 16:03:29
VBASE018.VDF : 7.11.3.217 2048 Bytes 24/02/2011 16:03:29
VBASE019.VDF : 7.11.3.218 2048 Bytes 24/02/2011 16:03:29
VBASE020.VDF : 7.11.3.219 2048 Bytes 24/02/2011 16:03:29
VBASE021.VDF : 7.11.3.220 2048 Bytes 24/02/2011 16:03:30
VBASE022.VDF : 7.11.3.221 2048 Bytes 24/02/2011 16:03:31
VBASE023.VDF : 7.11.3.222 2048 Bytes 24/02/2011 16:03:31
VBASE024.VDF : 7.11.3.223 2048 Bytes 24/02/2011 16:03:31
VBASE025.VDF : 7.11.3.224 2048 Bytes 24/02/2011 16:03:31
VBASE026.VDF : 7.11.3.225 2048 Bytes 24/02/2011 16:03:31
VBASE027.VDF : 7.11.3.226 2048 Bytes 24/02/2011 16:03:32
VBASE028.VDF : 7.11.3.227 2048 Bytes 24/02/2011 16:03:32
VBASE029.VDF : 7.11.3.228 2048 Bytes 24/02/2011 16:03:32
VBASE030.VDF : 7.11.3.229 2048 Bytes 24/02/2011 16:03:32
VBASE031.VDF : 7.11.3.240 62976 Bytes 25/02/2011 16:03:33
Engineversion : 8.2.4.176
AEVDF.DLL : 8.1.2.1 106868 Bytes 10/01/2011 13:23:26
AESCRIPT.DLL : 8.1.3.55 1282426 Bytes 26/02/2011 16:03:45
AESCN.DLL : 8.1.7.2 127349 Bytes 10/01/2011 13:23:26
AESBX.DLL : 8.1.3.2 254324 Bytes 10/01/2011 13:23:26
AERDL.DLL : 8.1.9.2 635252 Bytes 10/01/2011 13:23:25
AEPACK.DLL : 8.2.4.10 520567 Bytes 26/02/2011 16:03:42
AEOFFICE.DLL : 8.1.1.16 205179 Bytes 14/02/2011 20:07:41
AEHEUR.DLL : 8.1.2.81 3314038 Bytes 26/02/2011 16:03:41
AEHELP.DLL : 8.1.16.1 246134 Bytes 14/02/2011 20:07:35
AEGEN.DLL : 8.1.5.2 397683 Bytes 14/02/2011 20:07:34
AEEMU.DLL : 8.1.3.0 393589 Bytes 10/01/2011 13:23:18
AECORE.DLL : 8.1.19.2 196983 Bytes 14/02/2011 20:07:32
AEBB.DLL : 8.1.1.0 53618 Bytes 10/01/2011 13:23:18
AVWINLL.DLL : 10.0.0.0 19304 Bytes 10/01/2011 13:23:32
AVPREF.DLL : 10.0.0.0 44904 Bytes 10/01/2011 13:23:30
AVREP.DLL : 10.0.0.8 62209 Bytes 17/06/2010 13:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 10/01/2011 13:23:31
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 10/01/2011 13:23:31
AVARKT.DLL : 10.0.22.6 231784 Bytes 10/01/2011 13:23:27
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 10/01/2011 13:23:28
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 13:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 10/01/2011 13:23:31
NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 13:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 12:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 10/01/2011 13:23:52

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, G:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: lundi 28 février 2011 00:14

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'dllhost.exe' - '46' Module(s) have been scanned
Scan process 'vssvc.exe' - '49' Module(s) have been scanned
Scan process 'avscan.exe' - '69' Module(s) have been scanned
Scan process 'msdtc.exe' - '41' Module(s) have been scanned
Scan process 'dllhost.exe' - '62' Module(s) have been scanned
Scan process 'avcenter.exe' - '91' Module(s) have been scanned
Scan process 'TosBtHsp.exe' - '32' Module(s) have been scanned
Scan process 'TosBtHid.exe' - '19' Module(s) have been scanned
Scan process 'iPodService.exe' - '28' Module(s) have been scanned
Scan process 'soffice.bin' - '83' Module(s) have been scanned
Scan process 'soffice.exe' - '16' Module(s) have been scanned
Scan process 'TosA2dp.exe' - '29' Module(s) have been scanned
Scan process 'psi_tray.exe' - '23' Module(s) have been scanned
Scan process 'TosBtMng.exe' - '47' Module(s) have been scanned
Scan process 'DTLite.exe' - '32' Module(s) have been scanned
Scan process 'ctfmon.exe' - '27' Module(s) have been scanned
Scan process 'jusched.exe' - '21' Module(s) have been scanned
Scan process 'avgnt.exe' - '52' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '71' Module(s) have been scanned
Scan process 'QTTask.exe' - '20' Module(s) have been scanned
Scan process 'MacDrive.exe' - '49' Module(s) have been scanned
Scan process 'UnlockerAssistant.exe' - '19' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '39' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '22' Module(s) have been scanned
Scan process 'igfxpers.exe' - '27' Module(s) have been scanned
Scan process 'hkcmd.exe' - '26' Module(s) have been scanned
Scan process 'igfxtray.exe' - '26' Module(s) have been scanned
Scan process 'vsnp2std.exe' - '25' Module(s) have been scanned
Scan process 'MGSysCtrl.exe' - '53' Module(s) have been scanned
Scan process 'Explorer.EXE' - '95' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'alg.exe' - '34' Module(s) have been scanned
Scan process 'wins.exe' - '59' Module(s) have been scanned
Scan process 'TosBtSrv.exe' - '22' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'avshadow.exe' - '25' Module(s) have been scanned
Scan process 'PSIA.exe' - '64' Module(s) have been scanned
Scan process 'edd.exe' - '6' Module(s) have been scanned
Scan process 'MacDriveService.exe' - '41' Module(s) have been scanned
Scan process 'jqs.exe' - '84' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '33' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '49' Module(s) have been scanned
Scan process 'avguard.exe' - '55' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'sched.exe' - '46' Module(s) have been scanned
Scan process 'spoolsv.exe' - '65' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '165' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'lsass.exe' - '59' Module(s) have been scanned
Scan process 'services.exe' - '37' Module(s) have been scanned
Scan process 'winlogon.exe' - '75' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1773' files ).


Starting the file scan:

Begin scan in 'C:\'
Begin scan in 'D:\'
Begin scan in 'G:\' <SilverDrive 750 Go Quattro>


End of the scan: lundi 28 février 2011 19:51
Used time: 19:37:08 Hour(s)

The scan has been done completely.

17798 Scanned directories
994618 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
994618 Files not concerned
5333 Archives were scanned
0 Warnings
0 Notes
451352 Objects were scanned with rootkit scan
0 Hidden objects were found

Merci
terrificolor
 
Messages: 23
Inscription: 23 Mar 2010 18:11

Re: fichier csrss.exe infecté et navigation internet impossi

Messagepar Florinator » 01 Mar 2011 10:56

Bonjour,

Peux tu me dire où tu vois des centaines d'infection?

The scan has been done completely.

17798 Scanned directories
994618 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
994618 Files not concerned
5333 Archives were scanned
0 Warnings
0 Notes
451352 Objects were scanned with rootkit scan
0 Hidden objects were found
Le savoir n'est utile que si il est transmis.
Avatar de l’utilisateur
Florinator
Maître Libellulien
Maître Libellulien
 
Messages: 661
Inscription: 28 Déc 2009 16:19

Re: fichier csrss.exe infecté et navigation internet impossi

Messagepar terrificolor » 02 Mar 2011 18:22

Bonjour,
Je sais que le rapport ne révèle rien cependant j'ai régulièrement des alertes d'antivir par rapport à des fichiers infectés
ça va de 2 ou 3 à 130 parfois.
Je t'enverrai une capture d'écran pour me justifier puisque ça parait nécessaire.
De plus mon ordinateur présente tous les signes d'un pc infecté, je ne peux d'ailleurs plus me connecter au net, quand j'essaie j'ai ce message: "La connexion a été refusée par le serveur proxy".
Je t'écris actuellement d'un autre poste.
Où en est on au niveau de la désinfection? reste il des logiciels à télécharger? des rapports à envoyer?

A+
terrificolor
 
Messages: 23
Inscription: 23 Mar 2010 18:11

Re: fichier csrss.exe infecté et navigation internet impossi

Messagepar Florinator » 03 Mar 2011 10:16

Bonjour,

Peux tu me refaire un ZHPDiag stp.
Pour le screen je veux bien que tu en fasses un quand t'as une alerte.

A++
Le savoir n'est utile que si il est transmis.
Avatar de l’utilisateur
Florinator
Maître Libellulien
Maître Libellulien
 
Messages: 661
Inscription: 28 Déc 2009 16:19

Re: fichier csrss.exe infecté et navigation internet impossi

Messagepar terrificolor » 05 Mar 2011 02:20

Bonsoir,
Voici quelques exemples:
Image
Image
Image

et le rapport ZHPDiag

Rapport de ZHPDiag v1.27.1624 par Nicolas Coolman, Update du 25/02/2011
Run by Terri at 05/03/2011 01:58:02
Web site : http://www.premiumorange.com/zeb-help-p ... pdiag.html
Contact : nicolascoolman@yahoo.fr

---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox v3.6.13 (fr) (Defaut)

---\\ System Information
Windows XP Home Edition Service Pack 3 (Build 2600)
Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2039 MB (70% free)
System Restore: ActivÈ (Enable)
System drive C: has 35 GB (39%) free of 88 GB

---\\ Logged in mode
Computer Name: PCNECFAB
User Name: Terri
All Users Names: Terri, SUPPORT_388945a0, HelpAssistant, Administrateur,
Unselected Option: O45,O61,O62,O65,O66,O82
Logged in as Administrator

---\\ Environnement Variables
%AppData%=C:\Documents and Settings\Terri\Application Data
%LocalAppData%=C:\Documents and Settings\Terri\Local Settings\Application Data
%StartMenu%=C:\Documents and Settings\Terri\Menu DÈmarrer

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 35 Go of 88 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 19 Go of 61 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ CD-ROM drive (Not Inserted)
G:\ Hard drive, Flash drive, Thumb drive (Free 484 Go of 699 Go)


---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK


---\\ Recherche particuliËre de fichiers gÈnÈriques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 19:34:04.) -- C:\Windows\Explorer.exe [1037824]
[MD5.AF4EAA3B35A2D206E1902D7CA61B958A] - (.Microsoft Corporation - Internet Extensions for Win32.) (.21/12/2010 00:53:04.) -- C:\Windows\System32\wininet.dll [916480]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 19:34:30.) -- C:\Windows\System32\Winlogon.exe [512000]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 11:40:32.) -- C:\Windows\System32\drivers\atapi.sys [96512]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 12:15:54.) -- C:\Windows\System32\drivers\ntfs.sys [574976]


---\\ Processus lancÈs
[MD5.CA8A0E78C3BBBAD05A9A132BC468DF9C] - (.Avira GmbH - Antivirus Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [135336]
[MD5.A400804BA8FB3F80261D2166A6FE8A02] - (.MSI - System Control Manager.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe [180736]
[MD5.B5C0AEB9DBB6E424936B2288F50BC79B] - (.Sonix - CameraMonitor Application.) -- C:\WINDOWS\vsnp2std.exe [675840]
[MD5.11D1ECF3257258DF1D6D2DF424C2D92B] - (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe [134656]
[MD5.651335DF54C9D07DAEE5D34A976EB401] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [166912]
[MD5.38E9341BAF93C9125BB338DCE840E1F8] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [134656]
[MD5.3A57538B12DE39F723BEE00E4A72FC4A] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.EXE [16377344]
[MD5.27DC0F903C1556C28ED444372E811092] - (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.exe [243712]
[MD5.403E928BA217E38485009636C793F3C9] - (.Pas de propriÈtaire - Pas de description.) -- C:\Program Files\Unlocker\UnlockerAssistant.exe [15872]
[MD5.5886EF28D51B69AD40072965D70AD651] - (.Mediafour Corporation - MacDrive application.) -- C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe [201304]
[MD5.0AEE5668EB59912F32FF245BFA72465F] - (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe [421888]
[MD5.F3DEAA1F2FCF70FAF6DE3757CA343FA5] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [421160]
[MD5.C983E62B6FB74457D173BA93F66F6068] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [281768]
[MD5.2E5212A0BFB98FE0167C92C76C87AFE3] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [249064]
[MD5.F34E7705751BB413283434697BF8E55D] - (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe [357696]
[MD5.4C9521159A1236466CB2365AE02C3B88] - (.TOSHIBA CORPORATION. - TosBtMng.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2756608]
[MD5.9BC3ED045690E616936B50A40FB8D0DA] - (.Secunia - Secunia PSI Tray.) -- C:\Program Files\Secunia\PSI\psi_tray.exe [291896]
[MD5.48BE1FCFF1C929C899F29BCDC8659D9F] - (.Avira GmbH - Antivirus On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [267944]
[MD5.5AA788D5A2C6737BB9C45933985BC1B8] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [37664]
[MD5.673CF4F6BB1FBE09331B526802FBB892] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [345376]
[MD5.5E06A9D23727DAF96FAA796F1135FDCD] - (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376]
[MD5.C31842EB63C7005256A486901FBCD77B] - (.Mediafour Corporation - MacDrive service.) -- C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe [150528]
[MD5.AFF24206FFC1081787155B03C99BA716] - (.Pas de propriÈtaire - Pas de description.) -- C:\Program Files\System Control Manager\edd.exe [40960]
[MD5.1CE8490E8919EF5C72275952C202E749] - (.Secunia - Secunia PSI Agent.) -- C:\Program Files\Secunia\PSI\PSIA.exe [987704]
[MD5.8C91BD35AE9AA8B628EEC5E637BB1D0F] - (.Avira GmbH - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [76968]
[MD5.75407DBFC47A6AC6243F557861EEB596] - (.TOSHIBA CORPORATION. - TosA2dp.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe [278528]
[MD5.2C92B17E820094F37037B6CE114BEB69] - (.TOSHIBA CORPORATION. - Pas de description.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe [69632]
[MD5.6A9D25A55FDA74E8F121323E13A4CEAB] - (.TOSHIBA CORPORATION. - TosBtHSP.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe [274432]
[MD5.11E8D8272FDBE213ADE3DAD91427CE35] - (.OpenOffice.org - OpenOffice.org 3.3.) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe [11322880]
[MD5.2337EC951C4AF6E1AF65D10BD9615BEB] - (.OpenOffice.org - OpenOffice.org 3.3.) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin [11314688]
[MD5.87843B2DA99051BC66E2D6C211E3D6A4] - (.TOSHIBA CORPORATION - TOSHIBA Bluetooth Service.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [125048]
[MD5.2254CA97C7625D720032551E3235AE80] - (.Pas de propriÈtaire - Provides Internet Name Service.) -- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe [4928000]
[MD5.8E5E5A8CC84DA3F683E3BBC045138D52] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [820008]
[MD5.488F497576D1076E9C9698D3F91A98C9] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [631808]


---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M3 - MFPP: Plugins - [Terri] -- C:\Documents and Settings\Terri\Application Data\Mozilla\Firefox\Profiles\tztlbguf.default\searchplugins\bing.xml
M3 - MFPP: Plugins - [Terri] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml
M3 - MFPP: Plugins - [Terri] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
M3 - MFPP: Plugins - [Terri] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml
M3 - MFPP: Plugins - [Terri] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [Terri] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml
M3 - MFPP: Plugins - [Terri] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml
P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll
P2 - FPN:Firefox Plugin Navigator . (.mozilla.org - Default Plug-in.) -- C:\Program Files\Mozilla Firefox\Plugins\npnul32.dll
P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 8.2.6.) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin2.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin3.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin4.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin5.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin6.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin7.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Pas de propriÈtaire - Pas de description.) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@Apple.com/iTunes,version=1.0] - (.Pas de propriÈtaire - Pas de description.) -- C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_24 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
M0 - MFSP: prefs.js [Terri - tztlbguf.default] http://www.google.com/
M2 - MFEP: prefs.js [Terri - tztlbguf.default\illimitux@illimitux.net] [illimitux] Illimitux v (.Illimitux.net.)
M2 - MFEP: prefs.js [Terri - tztlbguf.default\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}] [adblockplus] Adblock Plus v1.3.3 (.Wladimir Palant.)


---\\ Internet Explorer, DÈmarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R0 - HKUS\S-1-5-21-507921405-573735546-725345543-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.19019 (longhorn_ie8_gdr.101217-1700)) -- C:\WINDOWS\system32\ieframe.dll
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} . (.Conduit Ltd. - Conduit Toolbar.) (5, 7, 3, 1) -- C:\Program Files\Vuze_Remote\tbVuz1.dll


---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:61273
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll


---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"


---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ClÈ orpheline
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Vuze_Remote\tbVuz1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java(TM) Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll


---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Vuze_Remote\tbVuz1.dll


---\\ Applications dÈmarrÈes par registre & par dossier (O4)
O4 - HKLM\..\Run: [MGSysCtrl] . (.MSI - System Control Manager.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [snp2std] . (.Sonix - CameraMonitor Application.) -- C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\Windows\RTHDCPL.exe
O4 - HKLM\..\Run: [Alcmtr] . (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) -- C:\Windows\ALCMTR.exe
O4 - HKLM\..\Run: [UnlockerAssistant] . (...) -- C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [Getting started with MacDrive] . (.Mediafour Corporation - Get Started with MacDrive.) -- C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe
O4 - HKLM\..\Run: [MacDrive application] . (.Mediafour Corporation - MacDrive application.) -- C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-21-507921405-573735546-725345543-1004\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-507921405-573735546-725345543-1004\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu DÈmarrer\Programmes\DÈmarrage\Bluetooth Manager.lnk . (.TOSHIBA CORPORATION..) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu DÈmarrer\Programmes\DÈmarrage\Secunia PSI Tray.lnk . (.Secunia.) -- C:\Program Files\Secunia\PSI\psi_tray.exe
O4 - Global Startup: C:\Documents And Settings\Terri\Menu DÈmarrer\Programmes\DÈmarrage\Notification de cadeaux MSN.lnk . (...) -- C:\Documents and Settings\Terri\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe (.not file.)
O4 - Global Startup: C:\Documents And Settings\Terri\Menu DÈmarrer\Programmes\DÈmarrage\OpenOffice.org 3.3.lnk . (...) -- C:\Program Files\OpenOffice.org 3\program\quickstart.exe


---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Documents And Settings\All Users\Menu DÈmarrer\Programmes\Adobe Reader 8.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A82000000003}\SC_Reader.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu DÈmarrer\Programmes\Apple Software Update.lnk . (...) -- C:\WINDOWS\Installer\{C41300B9-185D-475E-BFEC-39EF732F19B1}\AppleSoftwareUpdateIco.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu DÈmarrer\Programmes\MSN Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\MSN\MSNCoreFiles\msn6.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu DÈmarrer\Programmes\Secunia PSI.lnk . (.Secunia.) -- C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu DÈmarrer\Programmes\Vuze.lnk . (.Vuze Inc..) -- C:\Program Files\Vuze\Azureus.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu DÈmarrer\Programmes\Windows Messenger.lnk . (.Microsoft Corporation.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - Global Startup: C:\Documents And Settings\Terri\Menu DÈmarrer\Programmes\Assistance ‡ distance.lnk . (.Microsoft Corporation.) -- C:\WINDOWS\system32\rcimlby.exe
O4 - Global Startup: C:\Documents And Settings\Terri\Menu DÈmarrer\Programmes\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Documents And Settings\Terri\Menu DÈmarrer\Programmes\Lecteur Windows Media.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Documents And Settings\Terri\Menu DÈmarrer\Programmes\Outlook Express.lnk . (.Microsoft Corporation.) -- C:\Program Files\Outlook Express\msimn.exe


---\\ Boutons situÈs sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (.not file.) - (.not file.)
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe


---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files\Bonjour\mdnsNSP.dll


---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3666291156


---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{07632219-9E70-479F-A943-3CBC4BDEC5B2}: NameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{07632219-9E70-479F-A943-3CBC4BDEC5B2}: NameServer = 192.168.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{07632219-9E70-479F-A943-3CBC4BDEC5B2}: NameServer = 192.168.0.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{07632219-9E70-479F-A943-3CBC4BDEC5B2}: NameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A485F82-D1A8-47E5-A936-891E7397EA44}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{3A485F82-D1A8-47E5-A936-891E7397EA44}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS2\Services\Tcpip\..\{3A485F82-D1A8-47E5-A936-891E7397EA44}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240


---\\ Valeur de Registre AppInit_DLLs et sous-clÈs Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\Windows\System32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\Windows\System32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent rÈseau hors connexion.) -- C:\Windows\System32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de rÈception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de rÈception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\Windows\System32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de rÈception des notifications.) -- C:\Windows\System32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de rÈception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de rÈception des notifications.) -- C:\Windows\System32\wlnotify.dll


---\\ ClÈ de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\System32\stobject.dll


---\\ ClÈ de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - BibliothËque de l'interface utilisateur du.) -- C:\WINDOWS\System32\browseui.dll


---\\ Liste des services NT non Microsoft et non dÈsactivÈs (O23)
O23 - Service: (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: (Apple Mobile Device) . (.Apple Inc. - MobileDeviceService.) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: (dmadmin) . (.Microsoft Corp., Veritas Software - Processus du service Gestionnaire de disque.) - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: (iPod Service) . (.Apple Inc. - iPodService Module (32-bit).) - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: (MacDriveService) . (.Mediafour Corporation - MacDrive service.) - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
O23 - Service: (NishService) . (.Pas de propriÈtaire - Pas de description.) - C:\Program Files\System Control Manager\edd.exe
O23 - Service: (Secunia PSI Agent) . (.Secunia - Secunia PSI Agent.) - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: (Secunia Update Agent) . (.Secunia - Secunia Update Agent.) - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: (SQLAgent$SONY_MEDIAMGR) - ClÈ orpheline
O23 - Service: (TOSHIBA Bluetooth Service) . (.TOSHIBA CORPORATION - TOSHIBA Bluetooth Service.) - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: (Windows Internet Name Service) . (.Pas de propriÈtaire - Provides Internet Name Service.) - C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe


---\\ EnumÈration Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Pas de propriÈtaire - Pas de description.) - (.not file.)


---\\ T‚ches planifiÈes en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


---\\ Pilotes lancÈs au dÈmarrage (O41)
O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys
O41 - Driver: (avgio) . (.Avira GmbH - Avira AntiVir Support for Minifilter.) - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for Security Enhancement.) - C:\Windows\System32\DRIVERS\avipbb.sys
O41 - Driver: (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\Windows\System32\DRIVERS\i8042prt.sys
O41 - Driver: (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\Windows\System32\DRIVERS\imapi.sys
O41 - Driver: (intelppm) . (.Microsoft Corporation - Pilote de pÈriphÈrique processeur.) - C:\Windows\System32\DRIVERS\intelppm.sys
O41 - Driver: (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\Windows\System32\DRIVERS\ipsec.sys
O41 - Driver: (Kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\Windows\System32\DRIVERS\kbdclass.sys
O41 - Driver: (Mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\Windows\System32\DRIVERS\mouclass.sys
O41 - Driver: (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\Windows\System32\DRIVERS\mrxsmb.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: (Processor) . (.Microsoft Corporation - Pilote de pÈriphÈrique processeur.) - C:\Windows\System32\DRIVERS\processr.sys
O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\System32\DRIVERS\rasacd.sys
O41 - Driver: (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: (redbook) . (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) - C:\Windows\System32\DRIVERS\redbook.sys
O41 - Driver: (Serial) . (.Microsoft Corporation - Pilote de pÈriphÈrique sÈrie.) - C:\Windows\System32\DRIVERS\serial.sys
O41 - Driver: (ssmdrv) . (.Avira GmbH - AVIRA SnapShot Driver.) - C:\Windows\System32\DRIVERS\ssmdrv.sys
O41 - Driver: (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\Windows\System32\DRIVERS\tcpip.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
O41 - Driver: (Tosrfcom) . (.TOSHIBA Corporation - Bluetooth RFCOMM Driver.) - C:\Windows\System32\Drivers\tosrfcom.sys
O41 - Driver: Carte vidÈo VGA. (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys


---\\ Logiciels installÈs (O42)
O42 - Logiciel: ASIO4ALL - (.Pas de propriÈtaire.) [HKLM] -- ASIO4ALL
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader 8.2.6 - FranÁais - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A82000000003}
O42 - Logiciel: Apple Application Support - (.Apple Inc..) [HKLM] -- {EE6097DD-05F4-4178-9719-D3170BF098E8}
O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM] -- {5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] -- {C41300B9-185D-475E-BFEC-39EF732F19B1}
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM] -- Avira AntiVir Desktop
O42 - Logiciel: Bluetooth Stack for Windows by Toshiba - (.Pas de propriÈtaire.) [HKLM] -- {CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM] -- {FF1C31AE-0CDC-40CE-AB85-406F8B70D643}
O42 - Logiciel: CSR - (.IK Multimedia.) [HKLM] -- {648C1BFD-6A70-46D8-B855-F84D95C2DC34}
O42 - Logiciel: Canon MG5100 series MP Drivers - (.Pas de propriÈtaire.) [HKLM] -- {1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series
O42 - Logiciel: DAEMON Tools Toolbar - (.DT Soft Ltd.) [HKLM] -- DAEMON Tools Toolbar
O42 - Logiciel: Devine Machine Pro VSTi v1.1 - (.Pas de propriÈtaire.) [HKLM] -- Devine Machine Pro VSTi v1.1
O42 - Logiciel: Effectrix - (.Sugar Bytes.) [HKLM] -- Effectrix
O42 - Logiciel: Elemental Audio Systems Inspector XL VST RTAS 1.0.1 - (.Pas de propriÈtaire.) [HKLM] -- Elemental Audio Systems Inspector XL VST RTAS 1.0.1
O42 - Logiciel: FileZilla Client 3.3.3 - (.Pas de propriÈtaire.) [HKLM] -- FileZilla Client
O42 - Logiciel: Free Mp3 Wma Converter V 1.81 - (.Pas de propriÈtaire.) [HKLM] -- Free Mp3 Wma Converter_is1
O42 - Logiciel: GForce - impOSCar - (.Pas de propriÈtaire.) [HKLM] -- impOSCar
O42 - Logiciel: GRM Tools Classic VST v1.6.52 - (.Pas de propriÈtaire.) [HKLM] -- GRM Tools Classic VST v1.6.52
O42 - Logiciel: High Definition Audio Driver Package - KB888111 - (.Microsoft Corporation.) [HKLM] -- KB888111WXPSP2
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5
O42 - Logiciel: Hotfix for Windows XP (KB976002-v5) - (.Microsoft Corporation.) [HKLM] -- KB976002-v5
O42 - Logiciel: IL Gross Beat - (.Image-Line.) [HKLM] -- IL Gross Beat
O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM] -- HDMI
O42 - Logiciel: Intel(R) Network Connections 14.3.0.0 - (.Intel.) [HKLM] -- {AAA8CA88-8A22-43D1-867F-ABD7944C9815}
O42 - Logiciel: Java(TM) 6 Update 20 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216020F0}
O42 - Logiciel: Java(TM) 6 Update 22 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216022F0}
O42 - Logiciel: Java(TM) 6 Update 24 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216024FF}
O42 - Logiciel: KB408682 - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A81300000003}_814
O42 - Logiciel: Live 6.0.10 - (.Pas de propriÈtaire.) [HKLM] -- Live 6.0.10
O42 - Logiciel: Logiciel d'archivage WinRAR - (.Pas de propriÈtaire.) [HKLM] -- WinRAR archiver
O42 - Logiciel: MIDI Yoke - (.JOConnell.) [HKLM] -- {CCB3F587-BAD0-4F32-99FC-301E6F9ABAB4}
O42 - Logiciel: MIDI-OX - (.MIDIOX Computing.) [HKLM] -- {ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}
O42 - Logiciel: MacDrive 7 - (.Mediafour Corporation.) [HKLM] -- {33F09ED5-3355-470A-AD79-6DFA8FC553E3}
O42 - Logiciel: MacDrive7.0.4TimeOutPatch (remove only) - (.Pas de propriÈtaire.) [HKLM] -- TimeOutPatch
O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {72AD53CC-CCC0-3757-8480-9EE176866A7C}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {0BD83598-C2EF-3343-847B-7D2E84599128}
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra - (.Microsoft Corporation.) [HKLM] -- {3E31821C-7917-367E-938E-E65FC413EA31}
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
O42 - Logiciel: Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) - (.Microsoft Corporation.) [HKLM] -- {E09B48B5-E141-427A-AB0C-D3605127224A}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {837b34e3-7c30-493c-8f6a-2b0f04e2912c}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: MixMeister BPM Analyzer 1.0 - (.MixMeister Technology LLC.) [HKLM] -- MixMeister BPM Analyzer_is1
O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - fra
O42 - Logiciel: Mozilla Firefox (3.6.13) - (.Mozilla.) [HKLM] -- Mozilla Firefox (3.6.13)
O42 - Logiciel: Native Instruments Absynth 4 - (.Pas de propriÈtaire.) [HKLM] -- Native Instruments Absynth 4
O42 - Logiciel: Native Instruments B4 II - (.Pas de propriÈtaire.) [HKLM] -- Native Instruments B4 II
O42 - Logiciel: Native Instruments Battery 3 - (.Native Instruments.) [HKLM] -- Native Instruments Battery 3
O42 - Logiciel: Native Instruments Battery 3 - (.Native Instruments.) [HKLM] -- {6BED4DFE-C527-463E-B93A-6F6848B74DD0}
O42 - Logiciel: Native Instruments Elektrik Piano 1.5 - (.Pas de propriÈtaire.) [HKLM] -- Native Instruments Elektrik Piano 1.5
O42 - Logiciel: Native Instruments FM8 - (.Native Instruments.) [HKLM] -- Native Instruments FM8
O42 - Logiciel: Native Instruments FM8 - (.Native Instruments.) [HKLM] -- {B2552FA6-86E3-410D-84AD-265C2242D410}
O42 - Logiciel: Native Instruments Guitar Rig 2 - (.Pas de propriÈtaire.) [HKLM] -- Native Instruments Guitar Rig 2
O42 - Logiciel: Native Instruments Komplete 4 - (.Native Instruments.) [HKLM] -- Native Instruments Komplete 4
O42 - Logiciel: Native Instruments Massive - (.Pas de propriÈtaire.) [HKLM] -- Native Instruments Massive
O42 - Logiciel: Native Instruments Pro-53 - (.Pas de propriÈtaire.) [HKLM] -- Native Instruments Pro-53
O42 - Logiciel: Native Instruments Reaktor 5 - (.Native Instruments.) [HKLM] -- Native Instruments Reaktor 5
O42 - Logiciel: Native Instruments Reaktor 5 - (.Native Instruments.) [HKLM] -- {E9EA5F38-6299-45A1-9D23-F21729A19357}
O42 - Logiciel: Native Instruments Service Center - (.Native Instruments.) [HKLM] -- Native Instruments Service Center
O42 - Logiciel: Native Instruments Service Center - (.Native Instruments.) [HKLM] -- {0B8565BA-BAD5-4732-B122-5FD78EFC50A9}
O42 - Logiciel: Native Instruments Spektral Delay - (.Pas de propriÈtaire.) [HKLM] -- Native Instruments Spektral Delay
O42 - Logiciel: Native Instruments Vokator - (.Pas de propriÈtaire.) [HKLM] -- Native Instruments Vokator
O42 - Logiciel: NomadFactory Essential Studio Suite VST RTAS v1.5 - (.Pas de propriÈtaire.) [HKLM] -- NomadFactory Essential Studio Suite VST RTAS_is1
O42 - Logiciel: Notification de cadeaux MSN - (.Microsoft.) [HKCU] -- Notification de cadeaux MSN
O42 - Logiciel: Ohm Force - Mobilohm VST2 - (.Pas de propriÈtaire.) [HKLM] -- Mobilohm VST2
O42 - Logiciel: Ohm Force - Quad Frohmage VST2 - (.Pas de propriÈtaire.) [HKLM] -- Quad Frohmage VST2
O42 - Logiciel: OhmForce Hematohm VST2 - (.Pas de propriÈtaire.) [HKLM] -- Hematohm VST2
O42 - Logiciel: OhmForce Ohmboyz VST2 - (.Pas de propriÈtaire.) [HKLM] -- Ohmboyz VST2
O42 - Logiciel: OhmForce Ohmygod VST2 - (.Pas de propriÈtaire.) [HKLM] -- Ohmygod VST2
O42 - Logiciel: OhmForce Predatohm VST2 - (.Pas de propriÈtaire.) [HKLM] -- Predatohm VST2
O42 - Logiciel: OpenOffice.org 3.3 - (.OpenOffice.org.) [HKLM] -- {05653DE1-6567-40C6-B930-39D399B64369}
O42 - Logiciel: PDFCreator - (.Frank Heindˆrfer, Philip Chinery.) [HKLM] -- {0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}
O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM] -- {57752979-A1C9-4C02-856B-FBB27AC4E02C}
O42 - Logiciel: RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 - (.Pas de propriÈtaire.) [HKLM] -- {59F6A514-9813-47A3-948C-8A155460CC2A}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: Registry First Aid - (.RoseCitySoftware.) [HKLM] -- Registry First Aid_is1
O42 - Logiciel: Rob Papen Albino 3 - (.Pas de propriÈtaire.) [HKLM] -- Rob Papen Albino 3
O42 - Logiciel: Secunia PSI (2.0.0.1003) - (.Pas de propriÈtaire.) [HKLM] -- Secunia PSI
O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473
O42 - Logiciel: Skypeô 4.2 - (.Skype Technologies S.A..) [HKLM] -- {5C474A83-A45F-470C-9AC8-2BD1C251BF9A}
O42 - Logiciel: Sony ACID Pro 6.0 - (.Sony.) [HKLM] -- {B50D2BAB-C9C0-48E6-9184-982C71A0BB4D}
O42 - Logiciel: Sony Media Manager 2.2 - (.Sony.) [HKLM] -- {2B5A75F0-FD85-4094-AB00-94902398D192}
O42 - Logiciel: Sony Sound Forge 7.0 - (.Sony.) [HKLM] -- {4B0A96C1-2C2D-4C84-81B0-B87EB2522837}
O42 - Logiciel: SoulSeek 157 NS 13e - (.Pas de propriÈtaire.) [HKLM] -- Soulseek2
O42 - Logiciel: Spelling Dictionaries Support For Adobe Reader 8 - (.Adobe Systems.) [HKLM] -- {AC76BA86-7AD7-5464-3428-800000000003}
O42 - Logiciel: System Control Manager - (.Pas de propriÈtaire.) [HKLM] -- {ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}
O42 - Logiciel: TC Native Bundle v3.1 - (.Pas de propriÈtaire.) [HKLM] -- TC Native Bundle v3.1
O42 - Logiciel: USB2.0 PC Camera (SN9C201&202) - (.Sonix.) [HKLM] -- {75438C0E-9925-412E-AD85-D0E71C6CE2ED}
O42 - Logiciel: Unlocker 1.8.7 - (.Cedrick Collomb.) [HKLM] -- Unlocker
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
O42 - Logiciel: VLC media player 1.1.7 - (.VideoLAN.) [HKLM] -- VLC media player
O42 - Logiciel: Vuze - (.Vuze Inc..) [HKLM] -- 8461-7759-5462-8226
O42 - Logiciel: Vuze_Remote Toolbar - (.Pas de propriÈtaire.) [HKLM] -- Vuze_Remote Toolbar
O42 - Logiciel: Waves API Collection - (.Team AiR.) [HKLM] -- Waves API Collection
O42 - Logiciel: Waves L3 Multimaximizer v1.0 - (.Pas de propriÈtaire.) [HKLM] -- Waves L3 Multimaximizer v1.0
O42 - Logiciel: Waves Mercury Bundle - (.Team AiR.) [HKLM] -- Waves Mercury Bundle
O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130) - (.Microsoft Corporation.) [HKLM] -- KB892130
O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] -- ie8
O42 - Logiciel: Windows XP Service Pack†3 - (.Microsoft Corporation.) [HKLM] -- Windows XP Service
O42 - Logiciel: XML Paper Specification Shared Components Language Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- XPSEPSCLP
O42 - Logiciel: e-Carte Bleue Banque Populaire - (.Pas de propriÈtaire.) [HKLM] -- {B0900CB5-8EC0-43B4-9DAC-A32FE52DC864}
O42 - Logiciel: eMule - (.Pas de propriÈtaire.) [HKLM] -- eMule
O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM] -- {AAD47011-8518-4608-9656-951DA35B587B}
O42 - Logiciel: iZotope Ozone 4 - (.iZotope, Inc..) [HKLM] -- iZotope Ozone 4_is1
O42 - Logiciel: nLite 1.4.9.1 - (.Dino Nuhagic (nuhi).) [HKLM] -- nLite_is1
terrificolor
 
Messages: 23
Inscription: 23 Mar 2010 18:11

Re: fichier csrss.exe infecté et navigation internet impossi

Messagepar terrificolor » 05 Mar 2011 02:22

---\\ HKCU & HKLM Software Keys
[HKCU\Software\ASIO4ALL v2 by Wuschel]
[HKCU\Software\Ad-Remover]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\Apple Inc.]
[HKCU\Software\Astonsoft]
[HKCU\Software\Avira]
[HKCU\Software\Azureus]
[HKCU\Software\BMH]
[HKCU\Software\Blizzard Entertainment]
[HKCU\Software\CDDB]
[HKCU\Software\Canon]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Conduit]
[HKCU\Software\DT Soft]
[HKCU\Software\Devine Machine]
[HKCU\Software\DirectShow]
[HKCU\Software\Elektron]
[HKCU\Software\GForce]
[HKCU\Software\GNU]
[HKCU\Software\HookNetwork]
[HKCU\Software\Image-Line]
[HKCU\Software\Intel]
[HKCU\Software\JavaSoft]
[HKCU\Software\KarmaFX]
[HKCU\Software\KsL Software]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\MIDI-OX]
[HKCU\Software\Macromedia]
[HKCU\Software\MainConcept]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\Monitored]
[HKCU\Software\Mozilla]
[HKCU\Software\Native Instruments]
[HKCU\Software\Netscape]
[HKCU\Software\Ohm Force]
[HKCU\Software\OpenOffice.org]
[HKCU\Software\PC SOFT]
[HKCU\Software\PDFCreator]
[HKCU\Software\Policies]
[HKCU\Software\Realtek]
[HKCU\Software\Safer Networking Limited]
[HKCU\Software\Secunia]
[HKCU\Software\Skype]
[HKCU\Software\SoftVoice]
[HKCU\Software\Sony Media Software]
[HKCU\Software\SoulSeek]
[HKCU\Software\Soulseek2]
[HKCU\Software\Sugar Bytes]
[HKCU\Software\TC Works]
[HKCU\Software\Toshiba]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\Vuze_Remote]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\Xobni]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\eMule]
[HKCU\Software\ej-technologies]
[HKCU\Software\iZotope]
[HKCU\Software\reFX]
[HKCU\Software\settings]
[HKLM\Software\14919ea49a8f3b4aa3cf1058d9a64cec]
[HKLM\Software\ASIO]
[HKLM\Software\Adobe]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\Avira]
[HKLM\Software\Azureus]
[HKLM\Software\Blizzard Entertainment]
[HKLM\Software\BrowserChoice]
[HKLM\Software\C07ft5Y]
[HKLM\Software\CDDB]
[HKLM\Software\Cakewalk Music Software]
[HKLM\Software\Canon]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\DT Soft]
[HKLM\Software\Elemental Audio Systems]
[HKLM\Software\FileZilla 3]
[HKLM\Software\GEAR Software]
[HKLM\Software\GNU]
[HKLM\Software\Gemplus]
[HKLM\Software\Google]
[HKLM\Software\HighCriteria]
[HKLM\Software\Image-Line]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\MIDIOX Computing]
[HKLM\Software\MSI]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\McAfee.com]
[HKLM\Software\Mediafour]
[HKLM\Software\MimarSinan]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\Native Instruments]
[HKLM\Software\ODBC]
[HKLM\Software\OpenOffice.org]
[HKLM\Software\Outsim]
[HKLM\Software\PDFCreator]
[HKLM\Software\Policies]
[HKLM\Software\Program Groups]
[HKLM\Software\Propellerhead Software]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SONIX]
[HKLM\Software\Safer Networking Limited]
[HKLM\Software\Schlumberger]
[HKLM\Software\Secunia]
[HKLM\Software\Secure]
[HKLM\Software\Skype]
[HKLM\Software\Sony Corporation]
[HKLM\Software\Sony Media Software]
[HKLM\Software\THe UDS]
[HKLM\Software\Toshiba]
[HKLM\Software\TrendMicro]
[HKLM\Software\VPA]
[HKLM\Software\VST]
[HKLM\Software\VideoLAN]
[HKLM\Software\Vuze_Remote]
[HKLM\Software\Waves]
[HKLM\Software\WhiteNoiseAudio]
[HKLM\Software\WinRAR]
[HKLM\Software\Windows 3.1 Migration Status]
[HKLM\Software\Windows]
[HKLM\Software\Wise Solutions]
[HKLM\Software\X-AVCSD]
[HKLM\Software\e-Carte Bleue Banque Populaire]
[HKLM\Software\ej-technologies]
[HKLM\Software\linplug]
[HKLM\Software\magnet]
[HKLM\Software\mozilla.org]


---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 14/09/2009 - 15:00:30 - [133827912] ----D- C:\Program Files\Ableton
O43 - CFD: 27/02/2011 - 01:58:20 - [51759494] ----D- C:\Program Files\Ad-Remover
O43 - CFD: 04/02/2010 - 15:29:44 - [176046327] ----D- C:\Program Files\Adobe
O43 - CFD: 13/09/2009 - 02:56:26 - [0] ----D- C:\Program Files\Alwil Software
O43 - CFD: 31/03/2010 - 21:45:18 - [2306366] ----D- C:\Program Files\Apple Software Update
O43 - CFD: 14/09/2009 - 14:58:52 - [348395] ----D- C:\Program Files\ASIO4ALL v2
O43 - CFD: 28/02/2010 - 15:41:56 - [866] ----D- C:\Program Files\AVG
O43 - CFD: 14/02/2011 - 21:06:20 - [109309211] ----D- C:\Program Files\Avira
O43 - CFD: 05/09/2010 - 11:49:26 - [599827] ----D- C:\Program Files\Bonjour
O43 - CFD: 13/09/2009 - 00:29:30 - [0] ----D- C:\Program Files\ComPlus Applications
O43 - CFD: 14/04/2010 - 19:40:44 - [10308220] ----D- C:\Program Files\DAEMON Tools Lite
O43 - CFD: 13/09/2009 - 18:21:44 - [0] ----D- C:\Program Files\DAEMON Tools Toolbar
O43 - CFD: 13/09/2009 - 17:02:22 - [490638] ----D- C:\Program Files\e-Carte Bleue Banque Populaire
O43 - CFD: 15/09/2009 - 21:23:34 - [10536316] ----D- C:\Program Files\Elemental Audio Systems
O43 - CFD: 11/02/2011 - 17:46:20 - [49233055] ----D- C:\Program Files\eMule
O43 - CFD: 19/02/2011 - 15:08:04 - [793880372] ----D- C:\Program Files\Fichiers communs
O43 - CFD: 17/07/2010 - 19:44:18 - [15896122] ----D- C:\Program Files\FileZilla FTP Client
O43 - CFD: 22/09/2009 - 20:41:54 - [10158475] ----D- C:\Program Files\Free Audio Pack
O43 - CFD: 13/09/2009 - 17:51:10 - [70] ----D- C:\Program Files\FreeTime
O43 - CFD: 10/10/2010 - 22:33:18 - [325634] ----D- C:\Program Files\FriendBlasterPro
O43 - CFD: 26/09/2009 - 01:29:52 - [8014803] ----D- C:\Program Files\GForce
O43 - CFD: 13/09/2009 - 03:01:06 - [0] ----D- C:\Program Files\Grisoft
O43 - CFD: 11/02/2011 - 17:33:08 - [68993] ----D- C:\Program Files\icons
O43 - CFD: 15/09/2009 - 18:28:32 - [11332558] ----D- C:\Program Files\IK Multimedia
O43 - CFD: 28/02/2010 - 16:20:36 - [26538643] ----D- C:\Program Files\Image-Line
O43 - CFD: 15/09/2009 - 18:29:10 - [16273218] --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD: 13/09/2009 - 02:00:30 - [7003336] ----D- C:\Program Files\Intel
O43 - CFD: 09/02/2011 - 19:35:28 - [9330904] ----D- C:\Program Files\Internet Explorer
O43 - CFD: 01/02/2011 - 16:57:30 - [1856115] ----D- C:\Program Files\iPod
O43 - CFD: 01/02/2011 - 16:58:10 - [128361708] ----D- C:\Program Files\iTunes
O43 - CFD: 27/09/2009 - 03:13:16 - [10477656] ----D- C:\Program Files\iZotope
O43 - CFD: 02/02/2011 - 19:23:56 - [273587246] ----D- C:\Program Files\Java
O43 - CFD: 13/09/2009 - 02:50:36 - [1109] ----D- C:\Program Files\ma-config.com
O43 - CFD: 27/02/2011 - 02:32:32 - [4921825] ----D- C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD: 25/09/2009 - 23:24:28 - [45363383] ----D- C:\Program Files\Mediafour
O43 - CFD: 04/05/2010 - 19:39:32 - [2223207] ----D- C:\Program Files\Messenger
O43 - CFD: 13/09/2009 - 00:31:54 - [0] ----D- C:\Program Files\microsoft frontpage
O43 - CFD: 27/02/2010 - 22:13:52 - [24230488] ----D- C:\Program Files\Microsoft SQL Server
O43 - CFD: 08/11/2010 - 19:37:40 - [1920307] ----D- C:\Program Files\MIDIOX
O43 - CFD: 26/10/2009 - 22:47:28 - [1944345] ----D- C:\Program Files\MixMeister BPM Analyzer
O43 - CFD: 13/08/2010 - 07:16:48 - [11350823] ----D- C:\Program Files\Movie Maker
O43 - CFD: 26/12/2010 - 16:10:16 - [32066596] ----D- C:\Program Files\Mozilla Firefox
O43 - CFD: 05/05/2010 - 00:43:20 - [25757] ----D- C:\Program Files\MSBuild
O43 - CFD: 13/09/2009 - 00:29:12 - [32853033] ----D- C:\Program Files\MSN
O43 - CFD: 13/09/2009 - 00:29:04 - [8745735] ----D- C:\Program Files\MSN Gaming Zone
O43 - CFD: 21/09/2009 - 21:33:50 - [6121347178] ----D- C:\Program Files\Native Instruments
O43 - CFD: 27/12/2009 - 19:18:26 - [3285523] ----D- C:\Program Files\NetMeeting
O43 - CFD: 13/09/2009 - 19:50:34 - [9739396] ----D- C:\Program Files\nLite
O43 - CFD: 15/09/2009 - 18:52:28 - [5794797] ----D- C:\Program Files\Nomad Factory
O43 - CFD: 02/02/2011 - 19:25:26 - [364783796] ----D- C:\Program Files\OpenOffice.org 3
O43 - CFD: 15/12/2010 - 22:33:16 - [4379321] ----D- C:\Program Files\Outlook Express
O43 - CFD: 04/01/2010 - 22:31:20 - [3445732] ----D- C:\Program Files\Outsim
O43 - CFD: 01/01/2010 - 17:16:32 - [21624857] ----D- C:\Program Files\PDFCreator
O43 - CFD: 25/12/2010 - 17:12:56 - [76322555] ----D- C:\Program Files\QuickTime
O43 - CFD: 13/09/2009 - 02:42:20 - [50162113] ----D- C:\Program Files\Realtek
O43 - CFD: 05/05/2010 - 00:43:12 - [37949185] ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 13/09/2009 - 16:19:24 - [2937281] ----D- C:\Program Files\RFA
O43 - CFD: 23/12/2010 - 21:21:16 - [6942263] ----D- C:\Program Files\Secunia
O43 - CFD: 13/09/2009 - 00:29:12 - [2679] ----D- C:\Program Files\Services en ligne
O43 - CFD: 05/07/2010 - 20:44:40 - [26194812] R---D- C:\Program Files\Skype
O43 - CFD: 28/02/2010 - 17:00:18 - [222862324] ----D- C:\Program Files\Sony
O43 - CFD: 16/09/2009 - 20:07:48 - [37166926] ----D- C:\Program Files\Sony Setup
O43 - CFD: 23/06/2010 - 19:21:32 - [3765625] ----D- C:\Program Files\SoulseekNS
O43 - CFD: 23/03/2010 - 21:04:58 - [3991891] ----D- C:\Program Files\Spybot - Search & Destroy
O43 - CFD: 15/09/2009 - 18:25:14 - [644867815] ----D- C:\Program Files\Steinberg
O43 - CFD: 15/09/2009 - 18:56:32 - [4567911] ----D- C:\Program Files\Sugar Bytes
O43 - CFD: 05/08/2010 - 16:47:08 - [8214252] ----D- C:\Program Files\System Control Manager
O43 - CFD: 08/05/2010 - 23:01:34 - [361463] ----D- C:\Program Files\TCWorks
O43 - CFD: 13/09/2009 - 01:01:12 - [47627180] ----D- C:\Program Files\Toshiba
O43 - CFD: 27/02/2010 - 22:14:20 - [24] --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 25/09/2009 - 21:55:40 - [278166] ----D- C:\Program Files\Unlocker
O43 - CFD: 13/09/2009 - 18:10:48 - [93332967] ----D- C:\Program Files\VideoLAN
O43 - CFD: 23/11/2010 - 18:40:48 - [372986372] ----D- C:\Program Files\Vstplugins
O43 - CFD: 18/01/2011 - 21:51:54 - [78818728] ----D- C:\Program Files\Vuze
O43 - CFD: 05/09/2010 - 11:36:24 - [8685787] ----D- C:\Program Files\Vuze_Remote
O43 - CFD: 15/09/2009 - 19:13:10 - [576522792] ----D- C:\Program Files\Waves
O43 - CFD: 27/12/2009 - 19:21:14 - [6563765] ----D- C:\Program Files\Windows Media Player
O43 - CFD: 27/12/2009 - 19:18:22 - [3942655] ----D- C:\Program Files\Windows NT
O43 - CFD: 03/05/2010 - 02:05:32 - [0] --H-D- C:\Program Files\WindowsUpdate
O43 - CFD: 13/09/2009 - 00:53:00 - [3921490] ----D- C:\Program Files\WinRAR
O43 - CFD: 13/09/2009 - 00:31:54 - [0] ----D- C:\Program Files\xerox
O43 - CFD: 05/03/2011 - 01:58:10 - [3570452] ----D- C:\Program Files\ZHPDiag
O43 - CFD: 04/02/2010 - 15:30:00 - [12568275] ----D- C:\Program Files\Fichiers Communs\Adobe
O43 - CFD: 01/02/2011 - 16:57:28 - [94753968] ----D- C:\Program Files\Fichiers Communs\Apple
O43 - CFD: 13/09/2009 - 01:00:18 - [5363141] ----D- C:\Program Files\Fichiers Communs\InstallShield
O43 - CFD: 19/02/2011 - 15:08:04 - [1247175] ----D- C:\Program Files\Fichiers Communs\Java
O43 - CFD: 26/09/2009 - 00:50:52 - [1646592] ----D- C:\Program Files\Fichiers Communs\Mediafour
O43 - CFD: 13/09/2009 - 03:08:46 - [8914211] ----D- C:\Program Files\Fichiers Communs\Microsoft Shared
O43 - CFD: 13/09/2009 - 00:29:58 - [284160] ----D- C:\Program Files\Fichiers Communs\MSSoap
O43 - CFD: 07/09/2010 - 00:37:46 - [631703955] ----D- C:\Program Files\Fichiers Communs\Native Instruments
O43 - CFD: 12/09/2009 - 21:18:52 - [0] ----D- C:\Program Files\Fichiers Communs\ODBC
O43 - CFD: 13/09/2009 - 00:30:06 - [8106] ----D- C:\Program Files\Fichiers Communs\Services
O43 - CFD: 13/09/2009 - 00:59:40 - [26528502] ----D- C:\Program Files\Fichiers Communs\snp2std
O43 - CFD: 12/09/2009 - 21:18:48 - [3787229] ----D- C:\Program Files\Fichiers Communs\SpeechEngines
O43 - CFD: 27/12/2009 - 19:25:58 - [7075058] ----D- C:\Program Files\Fichiers Communs\System
O43 - CFD: 14/09/2009 - 15:02:22 - [22096132] ----D- C:\Documents and Settings\Terri\Application Data\Ableton
O43 - CFD: 16/09/2009 - 13:45:36 - [5499135] ----D- C:\Documents and Settings\Terri\Application Data\Adobe
O43 - CFD: 14/06/2010 - 19:55:06 - [757184] ----D- C:\Documents and Settings\Terri\Application Data\Apple Computer
O43 - CFD: 14/02/2011 - 21:11:28 - [0] ----D- C:\Documents and Settings\Terri\Application Data\Avira
O43 - CFD: 19/01/2011 - 16:56:56 - [9190253] ----D- C:\Documents and Settings\Terri\Application Data\Azureus
O43 - CFD: 13/09/2009 - 18:22:56 - [3003] ----D- C:\Documents and Settings\Terri\Application Data\DAEMON Tools Lite
O43 - CFD: 13/09/2009 - 17:10:16 - [609] ----D- C:\Documents and Settings\Terri\Application Data\DeepBurner
O43 - CFD: 09/01/2011 - 21:26:18 - [199] ----D- C:\Documents and Settings\Terri\Application Data\dvdcss
O43 - CFD: 25/10/2010 - 15:11:50 - [16337] ----D- C:\Documents and Settings\Terri\Application Data\FileZilla
O43 - CFD: 13/09/2009 - 00:35:22 - [0] ----D- C:\Documents and Settings\Terri\Application Data\Identities
O43 - CFD: 13/09/2009 - 00:59:22 - [0] ----D- C:\Documents and Settings\Terri\Application Data\InstallShield
O43 - CFD: 27/09/2009 - 03:13:20 - [8044] ----D- C:\Documents and Settings\Terri\Application Data\iZotope
O43 - CFD: 13/09/2009 - 04:01:38 - [2062197] ----D- C:\Documents and Settings\Terri\Application Data\Macromedia
O43 - CFD: 23/03/2010 - 21:25:48 - [4192616] ----D- C:\Documents and Settings\Terri\Application Data\Malwarebytes
O43 - CFD: 27/02/2011 - 11:35:40 - [5905940] -S--D- C:\Documents and Settings\Terri\Application Data\Microsoft
O43 - CFD: 11/02/2011 - 17:44:48 - [29881257] ----D- C:\Documents and Settings\Terri\Application Data\Mozilla
O43 - CFD: 16/09/2009 - 20:22:34 - [0] ----D- C:\Documents and Settings\Terri\Application Data\NetMedia Providers
O43 - CFD: 23/01/2011 - 18:55:36 - [2427722] ----D- C:\Documents and Settings\Terri\Application Data\OpenOffice.org
O43 - CFD: 16/09/2009 - 20:09:34 - [0] ----D- C:\Documents and Settings\Terri\Application Data\Publish Providers
O43 - CFD: 10/01/2010 - 03:22:46 - [647] ----D- C:\Documents and Settings\Terri\Application Data\ScummVM
O43 - CFD: 07/07/2010 - 21:45:52 - [3298590] ----D- C:\Documents and Settings\Terri\Application Data\Skype
O43 - CFD: 27/12/2009 - 16:08:50 - [52224] ----D- C:\Documents and Settings\Terri\Application Data\skypePM
O43 - CFD: 28/02/2010 - 17:24:40 - [19073] ----D- C:\Documents and Settings\Terri\Application Data\Sony
O43 - CFD: 13/09/2009 - 18:02:48 - [151964410] ----D- C:\Documents and Settings\Terri\Application Data\Sun
O43 - CFD: 04/10/2009 - 16:45:12 - [22456] ----D- C:\Documents and Settings\Terri\Application Data\teamspeak2
O43 - CFD: 10/02/2011 - 12:24:44 - [845534] ----D- C:\Documents and Settings\Terri\Application Data\vlc
O43 - CFD: 15/09/2009 - 19:04:00 - [606] ----D- C:\Documents and Settings\Terri\Application Data\Waves Audio
O43 - CFD: 15/09/2009 - 19:13:22 - [105] ----D- C:\Documents and Settings\Terri\Application Data\Waves Preferences
O43 - CFD: 13/09/2009 - 00:53:34 - [12] ----D- C:\Documents and Settings\Terri\Application Data\WinRAR
O43 - CFD: 16/09/2009 - 13:46:06 - [844438] ----D- C:\Documents and Settings\Terri\Local Settings\Application Data\Adobe
O43 - CFD: 31/03/2010 - 21:45:20 - [0] ----D- C:\Documents and Settings\Terri\Local Settings\Application Data\Apple
O43 - CFD: 31/03/2010 - 21:44:08 - [39832862] ----D- C:\Documents and Settings\Terri\Local Settings\Application Data\Apple Computer
O43 - CFD: 07/10/2010 - 15:34:20 - [1170] ----D- C:\Documents and Settings\Terri\Local Settings\Application Data\FriendBlasterPro
O43 - CFD: 14/09/2009 - 14:43:14 - [226896] ----D- C:\Documents and Settings\Terri\Local Settings\Application Data\Identities
O43 - CFD: 14/02/2011 - 20:45:30 - [1770018] ----D- C:\Documents and Settings\Terri\Local Settings\Application Data\Microsoft
O43 - CFD: 13/09/2009 - 01:33:16 - [65681914] ----D- C:\Documents and Settings\Terri\Local Settings\Application Data\Mozilla
O43 - CFD: 18/09/2009 - 15:11:22 - [4969477] ----D- C:\Documents and Settings\Terri\Local Settings\Application Data\Native Instruments
O43 - CFD: 23/12/2010 - 21:21:26 - [0] ----D- C:\Documents and Settings\Terri\Local Settings\Application Data\Secunia PSI
O43 - CFD: 16/09/2009 - 20:22:26 - [5732306544] ----D- C:\Documents and Settings\Terri\Local Settings\Application Data\Sony
O43 - CFD: 13/09/2009 - 01:04:08 - [3631] ----D- C:\Documents and Settings\Terri\Local Settings\Application Data\Toshiba
O43 - CFD: 22/06/2010 - 12:45:28 - [303705] ----D- C:\Documents and Settings\Terri\Local Settings\Application Data\Vuze_Remote


---\\ Derniers fichiers modifiÈs ou crÈes sous Windows et System32 (O44)
O44 - LFC:[MD5.BCED1300F915817C00FCFD7F90EE1300] - 05/03/2011 - 01:32:50 ---A- . (...) -- C:\WINDOWS\WindowsUpdate.log [1765753]
O44 - LFC:[MD5.7FF4708D17B33D9F922561A8DD4FA6EA] - 04/03/2011 - 23:51:40 ---A- . (...) -- C:\WINDOWS\setupapi.log [955150]
O44 - LFC:[MD5.BCED1300F915817C00FCFD7F90EE1300] - 04/03/2011 - 22:32:12 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.BCED1300F915817C00FCFD7F90EE1300] - 04/03/2011 - 22:32:12 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 04/03/2011 - 22:31:55 ---A- . (...) -- C:\WINDOWS\0.log [0]
O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 04/03/2011 - 22:31:53 -S-A- . (...) -- C:\WINDOWS\bootstat.dat [2048]
O44 - LFC:[MD5.BCED1300F915817C00FCFD7F90EE1300] - 04/03/2011 - 22:30:44 ---A- . (...) -- C:\WINDOWS\SchedLgU.Txt [32608]
O44 - LFC:[MD5.08EE3C471717DBA8C74765E9DD8C1ABC] - 02/03/2011 - 12:52:04 ---A- . (...) -- C:\WINDOWS\System32\wpa.dbl [13646]
O44 - LFC:[MD5.57FCD9E1BCB933989566762233B0AB8B] - 27/02/2011 - 02:18:09 ---A- . (...) -- C:\ZHPExportRegistry-27-02-2011-02-18-09.txt [161820]
O44 - LFC:[MD5.B6D6936698919ABADFFD47B0632DAA10] - 27/02/2011 - 02:00:33 ---A- . (...) -- C:\WINDOWS\System32\queries-02.cache [200]
O44 - LFC:[MD5.3FD411DF4A9999EA848615DEF336E905] - 19/02/2011 - 15:07:01 ---A- . (.Sun Microsystems, Inc. - Java(TM) Control Panel.) -- C:\WINDOWS\System32\javacpl.cpl [73728]
O44 - LFC:[MD5.F87BA06FE22C81CDE563761DDFBAB267] - 19/02/2011 - 15:07:01 ---A- . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\WINDOWS\System32\deployJava1.dll [472808]
O44 - LFC:[MD5.68288DA42BC798992A42CD59061B199D] - 19/02/2011 - 15:07:01 ---A- . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\WINDOWS\System32\java.exe [145184]
O44 - LFC:[MD5.5BF8BA1B854D7DFCE1F47E58852B3D8F] - 19/02/2011 - 15:07:01 ---A- . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\WINDOWS\System32\javaw.exe [145184]
O44 - LFC:[MD5.58DC5CBDC930AF070B177843810F2C85] - 19/02/2011 - 15:07:01 ---A- . (.Sun Microsystems, Inc. - Java(TM) Web Start Launcher.) -- C:\WINDOWS\System32\javaws.exe [157472]
O44 - LFC:[MD5.A36EE93698802CD899F98BFD553D8185] - 14/02/2011 - 21:06:20 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [28520]
O44 - LFC:[MD5.87451AA7CC6B6A590EBCEA05E755075A] - 14/02/2011 - 21:06:19 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver Manager.) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [22360]
O44 - LFC:[MD5.5B44C214F9CD9F590BE9125347610380] - 14/02/2011 - 21:06:19 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver.) -- C:\WINDOWS\System32\drivers\avgntdd.sys [45416]
O44 - LFC:[MD5.DA39805E2BAD99D37FCE9477DD94E7F2] - 14/02/2011 - 21:06:19 ---A- . (.Avira GmbH - Avira Driver for Security Enhancement.) -- C:\WINDOWS\System32\drivers\avipbb.sys [135096]
O44 - LFC:[MD5.47B879406246FFDCED59E18D331A0E7D] - 14/02/2011 - 21:06:19 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\WINDOWS\System32\drivers\avgntflt.sys [61960]
O44 - LFC:[MD5.6A437E8991C407728B615F4D63AF36F7] - 09/02/2011 - 19:45:23 ---A- . (.CANON INC. - IJ Language Monitor.) -- C:\WINDOWS\System32\CNMLMAD.DLL [290816]
O44 - LFC:[MD5.6FF2CE9BF75E5C28DE82119DEDCE5E89] - 09/02/2011 - 19:39:45 ---A- . (...) -- C:\WINDOWS\System32\FNTCACHE.DAT [122928]
O44 - LFC:[MD5.8154191231E902F30F660C6B86DA3EA7] - 09/02/2011 - 19:38:15 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [875798]
O44 - LFC:[MD5.FC22625437C13CA3208E2A82C38F719C] - 09/02/2011 - 19:38:15 ---A- . (...) -- C:\WINDOWS\KB2478971.log [18337]
O44 - LFC:[MD5.E96AACCE763E59F6893046C770D55F9B] - 09/02/2011 - 19:38:15 ---A- . (...) -- C:\WINDOWS\comsetup.log [300737]
O44 - LFC:[MD5.37BFE65C1B1B099C1360F53ECD89F1B5] - 09/02/2011 - 19:38:15 ---A- . (...) -- C:\WINDOWS\iis6.log [136400]
O44 - LFC:[MD5.13660137DEB33253F1FC75E5812F1B7F] - 09/02/2011 - 19:38:15 ---A- . (...) -- C:\WINDOWS\imsins.log [1355]
O44 - LFC:[MD5.C9CD4FBF4345B645F0223486F2B57802] - 09/02/2011 - 19:38:15 ---A- . (...) -- C:\WINDOWS\msgsocm.log [44233]
O44 - LFC:[MD5.0F418CAB0BEF5216C8A05B09229DAAA7] - 09/02/2011 - 19:38:15 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [180803]
O44 - LFC:[MD5.B5FA967E1607B2152BF00C80197A01F8] - 09/02/2011 - 19:38:15 ---A- . (...) -- C:\WINDOWS\ocgen.log [437674]
O44 - LFC:[MD5.35ABDBBFDBAEDE8EC1DFBE989F2EB207] - 09/02/2011 - 19:38:15 ---A- . (...) -- C:\WINDOWS\ocmsn.log [48623]
O44 - LFC:[MD5.65E648069D4C4FB14FDB382EA5832B93] - 09/02/2011 - 19:38:15 ---A- . (...) -- C:\WINDOWS\tsoc.log [339006]
O44 - LFC:[MD5.19BEDFD5AA10FB4BF1F94B11B5E5F5D2] - 09/02/2011 - 19:38:14 ---A- . (...) -- C:\WINDOWS\updspapi.log [181935]
O44 - LFC:[MD5.6CED1E52FD24E325BCF38066D4048AC1] - 09/02/2011 - 19:38:08 ---A- . (...) -- C:\WINDOWS\KB2485376.log [17827]
O44 - LFC:[MD5.F56AC121D87F27DAB2993642FA372D6F] - 09/02/2011 - 19:38:08 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1355]
O44 - LFC:[MD5.AD888A8EB6E141C38A6666B5531BD34E] - 09/02/2011 - 19:38:03 ---A- . (...) -- C:\WINDOWS\KB2479628.log [17947]
O44 - LFC:[MD5.E2EFDB6CEB6693465772F4AD42E94F52] - 09/02/2011 - 19:37:58 ---A- . (...) -- C:\WINDOWS\KB2483185.log [17191]
O44 - LFC:[MD5.CEFE84235FCC25B11F782C7C202EF423] - 09/02/2011 - 19:35:36 ---A- . (...) -- C:\WINDOWS\KB2482017-IE8.log [15829]
O44 - LFC:[MD5.4F63D9149022704AE97431442AB18105] - 09/02/2011 - 19:35:11 ---A- . (...) -- C:\WINDOWS\KB2476687.log [12615]
O44 - LFC:[MD5.AD9B1930F9FC2026968F437B5B03EAFE] - 09/02/2011 - 19:35:06 ---A- . (...) -- C:\WINDOWS\KB2478960.log [12266]
O44 - LFC:[MD5.060D4C42CD938C179093F5F7DCDF36F8] - 09/02/2011 - 19:35:00 ---A- . (...) -- C:\WINDOWS\KB2393802.log [9729]


---\\ OpÈrations et fonctions au dÈmarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll


---\\ Export de clÈ d'application autorisÈe (O47)
O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau ‡ distance de MicrosoftÆ.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export SP - "C:\Program Files\eMule\emule.exe" [Enabled] .(.http://www.emule-project.net - eMule.) -- C:\Program Files\eMule\emule.exe
O47 - AAKE:Key Export SP - "G:\KDXServer1600-Win\KDXServer.exe" [Enabled] .(.Pas de propriÈtaire - Pas de description.) -- G:\KDXServer1600-Win\KDXServer.exe
O47 - AAKE:Key Export SP - "G:\KDXClient1600-Win [k]'ed\KDXClient.exe" [Enabled] .(.Pas de propriÈtaire - Pas de description.) -- G:\KDXClient1600-Win [k]'ed\KDXClient.exe
O47 - AAKE:Key Export SP - "C:\Program Files\VideoLAN\VLC\vlc.exe" [Enabled] .(.Pas de propriÈtaire - Pas de description.) -- C:\Program Files\VideoLAN\VLC\vlc.exe
O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O47 - AAKE:Key Export SP - "C:\Program Files\SoulseekNS\slsk.exe" [Enabled] .(.Pas de propriÈtaire - SoulSeek.) -- C:\Program Files\SoulseekNS\slsk.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Skype\Phone\Skype.exe" [Enabled] .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O47 - AAKE:Key Export SP - "C:\Program Files\FileZilla FTP Client\filezilla.exe" [Enabled] .(.FileZilla Project - FileZilla FTP Client.) -- C:\Program Files\FileZilla FTP Client\filezilla.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Bonjour\mDNSResponder.exe" [Enabled] .(.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Vuze\Azureus.exe" [Enabled] .(.Vuze Inc. - Pas de description.) -- C:\Program Files\Vuze\Azureus.exe
O47 - AAKE:Key Export SP - "C:\Program Files\iTunes\iTunes.exe" [Enabled] .(.Apple Inc. - iTunes.) -- C:\Program Files\iTunes\iTunes.exe
O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe" [Enabled] .(.Pas de propriÈtaire.) -- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe
O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau ‡ distance de MicrosoftÆ.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


---\\ DÈni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l'…diteur de configuration de sÈcuritÈ Windows.) -- C:\WINDOWS\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\System32\msv1_0.dll


---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d


---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{e0f4a73c-2670-11e0-b4b6-001cbf3bf084}\AutoRun\command - ClÈ orpheline


---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech(TM) DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - CinepakÆ Codec.) -- C:\WINDOWS\System32\iccvid.dll
O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (.Pas de propriÈtaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (.Pas de propriÈtaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll
O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm
O52 - TDSD: \Drivers32\"midi1"="myokent.dll" . (.Jamie O'Connell - MIDI Yoke Junction NT.) -- C:\WINDOWS\System32\myokent.dll
O52 - TDSD: \Drivers32\"msacm.vorbis"="vorbis.acm" . (.HMS http://hp.vector.co.jp/authors/VA012897 - Ogg Vorbis CODEC for MSACM.) -- C:\WINDOWS\System32\vorbis.acm
O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm
O52 - TDSD: \drivers.desc\"C:\WINDOWS\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"tssoft32.acm"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech(TM) DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm
O52 - TDSD: \drivers.desc\"iccvid.dll"="iccvid.dll" . (.Radius Inc. - CinepakÆ Codec.) -- C:\WINDOWS\System32\iccvid.dll
O52 - TDSD: \drivers.desc\"ir32_32.dll"="ir32_32.dll" . (.Pas de propriÈtaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll
O52 - TDSD: \drivers.desc\"myokent.dll"="myokent.dll" . (.Jamie O'Connell - MIDI Yoke Junction NT.) -- C:\WINDOWS\System32\myokent.dll
O52 - TDSD: \drivers.desc\"vorbis.acm"="Ogg Vorbis Audio CODEC" . (.HMS http://hp.vector.co.jp/authors/VA012897 - Ogg Vorbis CODEC for MSACM.) -- C:\WINDOWS\System32\vorbis.acm


---\\ Microsoft Control Security Providers (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll


---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1


---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145
O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=1
terrificolor
 
Messages: 23
Inscription: 23 Mar 2010 18:11

Re: fichier csrss.exe infecté et navigation internet impossi

Messagepar terrificolor » 05 Mar 2011 02:23

---\\ Liste des Drivers SystËme (O58)
O58 - SDL:[MD5.5B44C214F9CD9F590BE9125347610380] - 17/06/2010 - 14:27:24 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver.) -- C:\WINDOWS\system32\drivers\avgntdd.sys [45416]
O58 - SDL:[MD5.47B879406246FFDCED59E18D331A0E7D] - 10/01/2011 - 14:23:53 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\WINDOWS\system32\drivers\avgntflt.sys [61960]
O58 - SDL:[MD5.87451AA7CC6B6A590EBCEA05E755075A] - 17/06/2010 - 14:27:24 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver Manager.) -- C:\WINDOWS\system32\drivers\avgntmgr.sys [22360]
O58 - SDL:[MD5.DA39805E2BAD99D37FCE9477DD94E7F2] - 10/01/2011 - 14:23:53 ---A- . (.Avira GmbH - Avira Driver for Security Enhancement.) -- C:\WINDOWS\system32\drivers\avipbb.sys [135096]
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 24/04/2003 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 24/04/2003 - 13:00:00 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys [11776]
O58 - SDL:[MD5.8942419786970ADB32B05BB7950AEE72] - 04/12/2008 - 22:58:48 ---A- . (.Intel Corporation - Intel(R) PRO/1000 Adapter NDIS 5.2 deserialized driver.) -- C:\WINDOWS\system32\drivers\e1e5132.sys [241296]
O58 - SDL:[MD5.8182FF89C65E4D38B2DE4BB0FB18564E] - 18/05/2009 - 12:17:00 ---A- . (.GEAR Software Inc. - CD DVD Filter.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys [26600]
O58 - SDL:[MD5.899078EC90E8A286F5FD6A7F48E920C6] - 20/05/2009 - 06:56:20 ---A- . (.Intel Corporation - NDIS 5.1 Advanced Networking Services..) -- C:\WINDOWS\system32\drivers\ianswxp.sys [116360]
O58 - SDL:[MD5.2358C53F30CB9DCD1D3843C4E2F299B2] - 12/09/2009 - 17:58:38 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\WINDOWS\system32\drivers\iaStor.sys [305176]
O58 - SDL:[MD5.3B743262B6456167888D15F1121B3BF7] - 21/01/2009 - 10:42:56 ---A- . (.Intel Corporation - Intel Graphics Miniport Driver.) -- C:\WINDOWS\system32\drivers\igxpmp32.sys [6278560]
O58 - SDL:[MD5.8C48260FD6C281DA171BDCC7B7396379] - 23/06/2009 - 23:54:16 ---A- . (.Intel Corporation - Intel(R) Network Adapter Diagnostic Driver.) -- C:\WINDOWS\system32\drivers\iqvw32.sys [30880]
O58 - SDL:[MD5.836E0E09CA9869BE7EB39EF2CF3602C7] - 20/12/2010 - 18:08:40 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbam.sys [20952]
O58 - SDL:[MD5.D68E165C3123ABA3B1282EDDB4213BD8] - 20/12/2010 - 18:09:00 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys [38224]
O58 - SDL:[MD5.07D6A1839473C9B5432F034EE18CDD04] - 22/07/2008 - 13:29:46 ---A- . (.Mediafour Corporation - MacDrive file system driver.) -- C:\WINDOWS\system32\drivers\MDFSYSNT.SYS [288768]
O58 - SDL:[MD5.71C3F8FA39C7409BCA9099E44C19DD78] - 28/02/2007 - 10:15:08 ---A- . (.Mediafour Corporation - MacDrive partition driver.) -- C:\WINDOWS\system32\drivers\MDPMGRNT.SYS [19072]
O58 - SDL:[MD5.25A4177B8ABF458691138F0C9684E70F] - 03/07/2006 - 09:31:26 ---A- . (.Windows (R) 2000 DDK provider - Trace Kernel Mode Driver.) -- C:\WINDOWS\system32\drivers\MGHwCtrl.sys [9088]
O58 - SDL:[MD5.12B0D99865434387F784268B70E23360] - 11/10/2007 - 12:21:50 ---A- . (.Intel Corporation - IntelÆ Wireless WiFi Link Driver.) -- C:\WINDOWS\system32\drivers\NETw4x32.sys [2203520]
O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 24/04/2003 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\nikedrv.sys [12032]
O58 - SDL:[MD5.2ADC0CA9945C65284B3D19BC18765974] - 13/04/2008 - 11:54:38 ---A- . (.National Semiconductor Corporation - NSC Fast Infrared Driver..) -- C:\WINDOWS\system32\drivers\nscirda.sys [28672]
O58 - SDL:[MD5.D24DFD16A1E2A76034DF5AA18125C35D] - 01/09/2010 - 09:30:58 ---A- . (.Secunia - Secunia PSI Driver.) -- C:\WINDOWS\system32\drivers\psi_mf.sys [15544]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 24/04/2003 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys [17792]
O58 - SDL:[MD5.355AAC141B214BEF1DBC1483AFD9BD50] - 24/02/2007 - 13:42:22 ---A- . (.REDC - RICOH SD Driver.) -- C:\WINDOWS\system32\drivers\rimmptsk.sys [39936]
O58 - SDL:[MD5.A4216C71DD4F60B26418CCFD99CD0815] - 23/01/2007 - 15:40:20 ---A- . (.REDC - RICOH MS Driver.) -- C:\WINDOWS\system32\drivers\rimsptsk.sys [42496]
O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 24/04/2003 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers\rio8drv.sys [12032]
O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 24/04/2003 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\riodrv.sys [12032]
O58 - SDL:[MD5.D231B577024AA324AF13A42F3A807D10] - 21/03/2007 - 21:02:04 ---A- . (.REDC - RICOH XD SM Driver.) -- C:\WINDOWS\system32\drivers\rixdptsk.sys [37376]
O58 - SDL:[MD5.915CE2A58C6917E3C53BE1E91FA66BA8] - 14/06/2007 - 15:41:58 ---A- . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function Driver.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys [4429312]
O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/04/2008 - 09:39:16 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\secdrv.sys [20480]
O58 - SDL:[MD5.9F66C4BD06334BB772317C438644EF74] - 25/01/2007 - 17:48:34 ---A- . (.Pas de propriÈtaire - USB2.0 PC Camera driver.) -- C:\WINDOWS\system32\drivers\sncamd.sys [25472]
O58 - SDL:[MD5.B64C7DC23A9C173E5766120BECAA01D9] - 30/03/2007 - 13:41:54 ---A- . (.Pas de propriÈtaire - USB2.0 PC Camera driver.) -- C:\WINDOWS\system32\drivers\snp2sxp.sys [12033024]
O58 - SDL:[MD5.BCED1300F915817C00FCFD7F90EE1300] - 22/12/2009 - 00:00:00 ---A- . (...) -- C:\WINDOWS\system32\drivers\sptd.sys [691696]
O58 - SDL:[MD5.A36EE93698802CD899F98BFD553D8185] - 17/06/2010 - 14:27:22 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\system32\drivers\ssmdrv.sys [28520]
O58 - SDL:[MD5.8D624D3BD1F2D78BD1C01A2D4E954B4E] - 10/10/2006 - 18:33:00 ---A- . (.TOSHIBA Corporation - TOSHIBA Bluetooth Port Emulation Driver.) -- C:\WINDOWS\system32\drivers\tosporte.sys [41600]
O58 - SDL:[MD5.266DF087A8C24DA34FF40CF3DF86CCFB] - 22/02/2007 - 18:56:24 ---A- . (.TOSHIBA CORPORATION - Bluetooth RF Bus Driver.) -- C:\WINDOWS\system32\drivers\tosrfbd.sys [113920]
O58 - SDL:[MD5.90C8525BC578AAFFE87C2D0ED4379E9E] - 20/11/2006 - 16:55:16 ---A- . (.TOSHIBA Corporation - Bluetooth RFBNEP Driver.) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys [36480]
O58 - SDL:[MD5.5BA1CA3B3CDDB1DDC67DF473F05D1EC2] - 01/08/2005 - 15:45:00 ---A- . (.TOSHIBA Corporation - Bluetooth RFCOMM Driver.) -- C:\WINDOWS\system32\drivers\tosrfcom.sys [64896]
O58 - SDL:[MD5.7C807BA9660E2995CC0217A14A24094C] - 01/03/2007 - 15:53:12 ---A- . (.TOSHIBA Corporation. - Bluetooth HID Driver from TOSHIBA.) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys [73728]
O58 - SDL:[MD5.C52FD27B9ADF3A1F22CB90E6BCF9B0CB] - 06/01/2005 - 12:42:00 ---A- . (.TOSHIBA Corporation. - Bluetooth BNEP Driver.) -- C:\WINDOWS\system32\drivers\tosrfnds.sys [18612]
O58 - SDL:[MD5.A4CE9572BC4AC8D329455059B43C5BEA] - 22/01/2007 - 09:43:26 ---A- . (.TOSHIBA Corporation - Bluetooth Audio Driver (WDM).) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys [53376]
O58 - SDL:[MD5.CDDA265C7617A2745B48E0DE572012A6] - 28/02/2007 - 21:27:06 ---A- . (.TOSHIBA CORPORATION - Bluetooth USB Miniport Driver.) -- C:\WINDOWS\system32\drivers\tosrfusb.sys [41344]
O58 - SDL:[MD5.D74A8EC75305F1D3CFDE7C7FC1BD62A9] - 24/04/2003 - 13:00:00 ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\drivers\tsbvcap.sys [21376]
O58 - SDL:[MD5.E8C1B9EBAC65288E1B51E8A987D98AF6] - 16/10/2009 - 01:33:06 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\WINDOWS\system32\drivers\usbaapl.sys [41472]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 24/04/2003 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 24/04/2003 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 24/04/2003 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 24/04/2003 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 24/04/2003 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 24/04/2003 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 24/04/2003 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 24/04/2003 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 24/04/2003 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 24/04/2003 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 24/04/2003 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 03/08/2004 - 21:45:26 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 03/08/2004 - 21:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 03/08/2004 - 21:45:12 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 03/08/2004 - 21:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 03/08/2004 - 21:45:14 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]


---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: Ad-Remover By C_XX - (.C_XX.) [HKLM] -- Ad-Remover
O63 - Logiciel: HijackThis 2.0.2 - (.TrendMicro.) [HKLM] -- HijackThis
O63 - Logiciel: ZHPDiag 1.27 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1


---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - C:\WINDOWS\system32\drivers\afd.sys - Environnement de prise en charge de rÈseau AFD (AFD) .(.Microsoft Corporation - Ancillary Function Driver for WinSock.) - LEGACY_AFD
O64 - Services: CurCS - C:\WINDOWS\System32\alg.exe - Service de la passerelle de la couche Application (ALG) .(.Microsoft Corporation - Application Layer Gateway Service.) - LEGACY_ALG
O64 - Services: CurCS - C:\Program Files\Avira\AntiVir Desktop\sched.exe - Avira AntiVir Scheduler (AntiVirSchedulerService) .(.Avira GmbH - Antivirus Scheduler.) - LEGACY_ANTIVIRSCHEDULERSERVICE
O64 - Services: CurCS - C:\Program Files\Avira\AntiVir Desktop\avguard.exe - Avira AntiVir Guard (AntiVirService) .(.Avira GmbH - Antivirus On-Access Service.) - LEGACY_ANTIVIRSERVICE
O64 - Services: CurCS - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe - Apple Mobile Device (Apple Mobile Device) .(.Apple Inc. - MobileDeviceService.) - LEGACY_APPLE_MOBILE_DEVICE
O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Gestion d'applications (AppMgmt) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_APPMGMT
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\arp1394.sys - Protocole client ARP 1394 (Arp1394) .(.Microsoft Corporation - IP/1394 Arp Client.) - LEGACY_ARP1394
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Audio Windows (AudioSrv) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_AUDIOSRV
O64 - Services: CurCS - (.not file.) - AVG7 Alert Manager Server (Avg7Alrt) .(...) - LEGACY_AVG7ALRT
O64 - Services: CurCS - (.not file.) - AVG7 Kernel (Avg7Core) .(...) - LEGACY_AVG7CORE
O64 - Services: CurCS - (.not file.) - AVG7 Wrap Driver (Avg7RsW) .(...) - LEGACY_AVG7RSW
O64 - Services: CurCS - (.not file.) - AVG7 Resident Driver XP (Avg7RsXP) .(...) - LEGACY_AVG7RSXP
O64 - Services: CurCS - (.not file.) - AVG7 Update Service (Avg7UpdSvc) .(...) - LEGACY_AVG7UPDSVC
O64 - Services: CurCS - (.not file.) - AVG Clean Driver (AvgClean) .(...) - LEGACY_AVGCLEAN
O64 - Services: CurCS - (.not file.) - AVG E-mail Scanner (AVGEMS) .(...) - LEGACY_AVGEMS
O64 - Services: CurCS - C:\Program Files\Avira\AntiVir Desktop\avgio.sys - avgio (avgio) .(.Avira GmbH - Avira AntiVir Support for Minifilter.) - LEGACY_AVGIO
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\avgntflt.sys - avgntflt (avgntflt) .(.Avira GmbH - Avira Minifilter Driver.) - LEGACY_AVGNTFLT
O64 - Services: CurCS - (.not file.) - AVG Network Redirector (AvgTdi) .(...) - LEGACY_AVGTDI
O64 - Services: CurCS - (.not file.) - AVG Free8 Network Redirector (AvgTdiX) .(...) - LEGACY_AVGTDIX
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\avipbb.sys - avipbb (avipbb) .(.Avira GmbH - Avira Driver for Security Enhancement.) - LEGACY_AVIPBB
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\BEEP.sys - Beep (Beep) .(...) - LEGACY_BEEP
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Service de transfert intelligent en arriËre-plan (BITS) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_BITS
O64 - Services: CurCS - C:\Program Files\Bonjour\mDNSResponder.exe - Service Bonjour (Bonjour Service) .(.Apple Inc. - Bonjour Service.) - LEGACY_BONJOUR_SERVICE
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Explorateur d'ordinateur (Browser) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_BROWSER
O64 - Services: CurCS - C:\DOCUME~1\Terri\LOCALS~1\Temp\catchme.sys (.not file.) - catchme (catchme) .(...) - LEGACY_CATCHME
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\CDFS.sys - cdfs (cdfs) .(...) - LEGACY_CDFS
O64 - Services: CurCS - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe - .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) .(.Microsoft Corporation - .NET Runtime Optimization Service.) - LEGACY_CLR_OPTIMIZATION_V2.0.50727_32
O64 - Services: CurCS - (.not file.) - (.not file.) - Application systËme COM+ (COMSysApp) .(...) - LEGACY_COMSYSAPP
O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Services de cryptographie (CryptSvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_CRYPTSVC
O64 - Services: CurCS - (.not file.) - (.not file.) - Lanceur de processus serveur DCOM (DcomLaunch) .(...) - LEGACY_DCOMLAUNCH
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Client DHCP (Dhcp) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_DHCP
O64 - Services: CurCS - C:\Windows\System32\drivers\dmboot.sys - dmboot (dmboot) .(.Microsoft Corp., Veritas Software - Pilote de dÈmarrage du gestionnaire de disq.) - LEGACY_DMBOOT
O64 - Services: CurCS - C:\Windows\System32\drivers\dmload.sys - dmload (dmload) .(.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) - LEGACY_DMLOAD
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Client DNS (Dnscache) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_DNSCACHE
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Service de rapport d'erreurs (ERSvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_ERSVC
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - SystËme d'ÈvÈnements de COM+ (EventSystem) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_EVENTSYSTEM
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\FASTFAT.sys - fastfat (fastfat) .(...) - LEGACY_FASTFAT
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - CompatibilitÈ avec le Changement rapide d'utilisateur (FastUserSwitchingCompatibility) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_FASTUSERSWITCHINGCOMPATIBILITY
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\FIPS.sys - Fips (Fips) .(...) - LEGACY_FIPS
O64 - Services: CurCS - C:\Windows\System32\drivers\fltmgr.sys - FltMgr (FltMgr) .(.Microsoft Corporation - Microsoft Filesystem Filter Manager.) - LEGACY_FLTMGR
O64 - Services: CurCS - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe - Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) .(.Microsoft Corporation - PresentationFontCache.exe.) - LEGACY_FONTCACHE3.0.0.0
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\FS_REC.sys - Fs_Rec (Fs_Rec) .(...) - LEGACY_FS_REC
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\msgpc.sys - Classificateur de paquets gÈnÈrique (Gpc) .(.Microsoft Corporation - MS General Packet Classifier.) - LEGACY_GPC
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Aide et support (helpsvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_HELPSVC
O64 - Services: CurCS - C:\Windows\System32\Drivers\HTTP.sys - HTTP (HTTP) .(.Microsoft Corporation - HTTP Protocol Stack.) - LEGACY_HTTP
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - HTTP SSL (HTTPFilter) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_HTTPFILTER
O64 - Services: CurCS - C:\WINDOWS\System32\imapi.exe - Service COM de gravage de CD IMAPI (ImapiService) .(.Microsoft Corporation - API Image Mastering.) - LEGACY_IMAPISERVICE
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\ipnat.sys - Traducteur d'adresses rÈseau IP (IpNat) .(.Microsoft Corporation - IP Network Address Translator.) - LEGACY_IPNAT
O64 - Services: CurCS - C:\Program Files\iPod\bin\iPodService.exe - Service de líiPod (iPod Service) .(.Apple Inc. - iPodService Module (32-bit).) - LEGACY_IPOD_SERVICE
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\ipsec.sys - Pilote IPSEC (IPSec) .(.Microsoft Corporation - IPSec Driver.) - LEGACY_IPSEC
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\irda.sys - Protocole IrDA (irda) .(.Microsoft Corporation - IRDA Protocol Driver.) - LEGACY_IRDA
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Moniteur infrarouge (Irmon) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_IRMON
O64 - Services: CurCS - C:\Program Files\Java\jre6\bin\jqs.exe - Java Quick Starter (JavaQuickStarterService) .(.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) - LEGACY_JAVAQUICKSTARTERSERVICE
O64 - Services: CurCS - (.not file.) - klmd25 (klmd25) .(...) - LEGACY_KLMD25
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\KSECDD.sys - ksecdd (ksecdd) .(...) - LEGACY_KSECDD
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Serveur (lanmanserver) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_LANMANSERVER
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Station de travail (LanmanWorkstation) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_LANMANWORKSTATION
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Assistance TCP/IP NetBIOS (LmHosts) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_LMHOSTS
O64 - Services: CurCS - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe - MacDrive service (MacDriveService) .(.Mediafour Corporation - MacDrive service.) - LEGACY_MACDRIVESERVICE
O64 - Services: CurCS - (.not file.) - mbr (mbr) .(...) - LEGACY_MBR
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MDFSYSNT.sys - (.not file.) - MacDrive file system driver (MDFSYSNT) .(...) - LEGACY_MDFSYSNT
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MDPMGRNT.sys - (.not file.) - MacDrive partition driver (MDPMGRNT) .(...) - LEGACY_MDPMGRNT
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Affichage des messages (Messenger) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_MESSENGER
O64 - Services: CurCS - C:\WINDOWS\system32\drivers\MGHwCtrl.sys - MGHwCtrl (MGHwCtrl) .(.Windows (R) 2000 DDK provider - Trace Kernel Mode Driver.) - LEGACY_MGHWCTRL
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MNMDD.sys - mnmdd (mnmdd) .(...) - LEGACY_MNMDD
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MOUNTMGR.sys - (.not file.) - mountmgr (mountmgr) .(...) - LEGACY_MOUNTMGR
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\mrxdav.sys - Redirecteur client WebDav (MRxDAV) .(.Microsoft Corporation - Windows NT WebDav Minirdr.) - LEGACY_MRXDAV
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\mrxsmb.sys - MRXSMB (MRxSmb) .(.Microsoft Corporation - Windows NT SMB Minirdr.) - LEGACY_MRXSMB
O64 - Services: CurCS - C:\WINDOWS\System32\msdtc.exe - Distributed Transaction Coordinator (MSDTC) .(.Microsoft Corporation - MS DTC console program.) - LEGACY_MSDTC
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MSFS.sys - Msfs (Msfs) .(...) - LEGACY_MSFS
O64 - Services: CurCS - C:\WINDOWS\System32\msiexec.exe - Windows Installer (MSIServer) .(.Microsoft Corporation - WindowsÆ installer.) - LEGACY_MSISERVER
O64 - Services: CurCS - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe - MSSQL$SONY_MEDIAMGR (MSSQL$SONY_MEDIAMGR) .(.Microsoft Corporation - SQL Server Windows NT.) - LEGACY_MSSQL$SONY_MEDIAMGR
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MUP.sys - (.not file.) - Mup (Mup) .(...) - LEGACY_MUP
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\iqvw32.sys - Nal Service (NAL) .(.Intel Corporation - Intel(R) Network Adapter Diagnostic Driver.) - LEGACY_NAL
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NDIS.sys - (.not file.) - Pilote systËme NDIS (NDIS) .(...) - LEGACY_NDIS
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\ndistapi.sys - Pilote TAPI NDIS d'accËs distant (NdisTapi) .(.Microsoft Corporation - NDIS 3.0 connection wrapper driver.) - LEGACY_NDISTAPI
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\ndisuio.sys - NDIS mode utilisateur E/S Protocole (Ndisuio) .(.Microsoft Corporation - NDIS User mode I/O Driver.) - LEGACY_NDISUIO
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NDPROXY.sys - NDProxy (NDProxy) .(...) - LEGACY_NDPROXY
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\netbios.sys - Interface NetBIOS (NetBIOS) .(.Microsoft Corporation - NetBIOS interface driver.) - LEGACY_NETBIOS
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\netbt.sys - NetBIOS sur TCP/IP (NetBT) .(.Microsoft Corporation - MBT Transport driver.) - LEGACY_NETBT
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Connexions rÈseau (Netman) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_NETMAN
O64 - Services: CurCS - C:\Program Files\System Control Manager\edd.exe - SCM Driver Daemon (NishService) .(...) - LEGACY_NISHSERVICE
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - NLA (Network Location Awareness) (Nla) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_NLA
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NPFS.sys - Npfs (Npfs) .(...) - LEGACY_NPFS
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NTFS.sys - ntfs (ntfs) .(...) - LEGACY_NTFS
O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Stockage amovible (NtmsSvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_NTMSSVC
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NULL.sys - Null (Null) .(...) - LEGACY_NULL
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\PARTMGR.sys - (.not file.) - PartMgr (PartMgr) .(...) - LEGACY_PARTMGR
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\PARVDM.sys - ParVdm (ParVdm) .(...) - LEGACY_PARVDM
O64 - Services: CurCS - C:\WINDOWS\System32\lsass.exe - Services IPSEC (PolicyAgent) .(.Microsoft Corporation - LSA Shell (Export Version).) - LEGACY_POLICYAGENT
O64 - Services: CurCS - C:\WINDOWS\system32\lsass.exe - Emplacement protÈgÈ (ProtectedStorage) .(.Microsoft Corporation - LSA Shell (Export Version).) - LEGACY_PROTECTEDSTORAGE
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\psi_mf.sys - PSI (PSI) .(.Secunia - Secunia PSI Driver.) - LEGACY_PSI
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\rasacd.sys - Pilote de connexion automatique d'accËs distant (RasAcd) .(.Microsoft Corporation - RAS Automatic Connection Driver.) - LEGACY_RASACD
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Gestionnaire de connexions d'accËs distant (RasMan) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_RASMAN
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\rdbss.sys - Rdbss (Rdbss) .(.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - LEGACY_RDBSS
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\RDPCDD.sys - RDPCDD (RDPCDD) .(.Microsoft Corporation - RDP Miniport.) - LEGACY_RDPCDD
O64 - Services: CurCS - (.not file.) - RDPNP (RDPNP) .(...) - LEGACY_RDPNP
O64 - Services: CurCS - (.not file.) - (.not file.) - Appel de procÈdure distante (RPC) (RpcSs) .(...) - LEGACY_RPCSS
O64 - Services: CurCS - C:\WINDOWS\System32\rsvp.exe - QoS RSVP (RSVP) .(.Microsoft Corporation - Microsoft RSVP.) - LEGACY_RSVP
O64 - Services: CurCS - C:\WINDOWS\system32\lsass.exe - Gestionnaire de comptes de sÈcuritÈ (SamSs) .(.Microsoft Corporation - LSA Shell (Export Version).) - LEGACY_SAMSS
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Planificateur de t‚ches (Schedule) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SCHEDULE
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Connexion secondaire (seclogon) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SECLOGON
O64 - Services: CurCS - C:\Program Files\Secunia\PSI\PSIA.exe - Secunia PSI Agent (Secunia PSI Agent) .(.Secunia - Secunia PSI Agent.) - LEGACY_SECUNIA_PSI_AGENT
O64 - Services: CurCS - C:\Program Files\Secunia\PSI\sua.exe - Secunia Update Agent (Secunia Update Agent) .(.Secunia - Secunia Update Agent.) - LEGACY_SECUNIA_UPDATE_AGENT
O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Notification d'ÈvÈnement systËme (SENS) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SENS
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Pare-feu Windows / Partage de connexion Internet (SharedAccess) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SHAREDACCESS
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - DÈtection matÈriel noyau (ShellHWDetection) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SHELLHWDETECTION
O64 - Services: CurCS - C:\WINDOWS\system32\spoolsv.exe - Spouleur d'impression (Spooler) .(.Microsoft Corporation - Spooler SubSystem App.) - LEGACY_SPOOLER
O64 - Services: CurCS - C:\Windows\System32\Drivers\sptd.sys - sptd (sptd) .(...) - LEGACY_SPTD
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\sr.sys - Pilote de filtre de restauration systËme (sr) .(.Microsoft Corporation - Pilote de filtre de systËme de fichiers pou.) - LEGACY_SR
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Service de restauration systËme (srservice) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SRSERVICE
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\srv.sys - Srv (Srv) .(.Microsoft Corporation - Server driver.) - LEGACY_SRV
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Service de dÈcouvertes SSDP (SSDPSRV) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SSDPSRV
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\ssmdrv.sys - ssmdrv (ssmdrv) .(.Avira GmbH - AVIRA SnapShot Driver.) - LEGACY_SSMDRV
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Acquisition d'image Windows (WIA) (stisvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_STISVC
O64 - Services: CurCS - (.not file.) - (.not file.) - MS Software Shadow Copy Provider (SwPrv) .(...) - LEGACY_SWPRV
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - TÈlÈphonie (TapiSrv) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_TAPISRV
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\tcpip.sys - Pilote du protocole TCP/IP (Tcpip) .(.Microsoft Corporation - TCP/IP Protocol Driver.) - LEGACY_TCPIP
O64 - Services: CurCS - (.not file.) - (.not file.) - Services Terminal Server (TermService) .(...) - LEGACY_TERMSERVICE
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - ThËmes (Themes) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_THEMES
O64 - Services: CurCS - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe - TOSHIBA Bluetooth Service (TOSHIBA Bluetooth Service) .(.TOSHIBA CORPORATION - TOSHIBA Bluetooth Service.) - LEGACY_TOSHIBA_BLUETOOTH_SERVICE
O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Client de suivi de lien distribuÈ (TrkWks) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_TRKWKS
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\UDFS.sys - Udfs (Udfs) .(...) - LEGACY_UDFS
O64 - Services: CurCS - C:\Program Files\Unlocker\UnlockerDriver5.sys - UnlockerDriver5 (UnlockerDriver5) .(...) - LEGACY_UNLOCKERDRIVER5
O64 - Services: CurCS - (.not file.) - Gestionnaire de tÈlÈchargement (uploadmgr) .(...) - LEGACY_UPLOADMGR
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\VGA.sys - vga (vga) .(...) - LEGACY_VGA
O64 - Services: CurCS - C:\WINDOWS\system32\drivers\vga.sys - VgaSave (VgaSave) .(.Microsoft Corporation - VGA/Super VGA Video Driver.) - LEGACY_VGASAVE
O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\VOLSNAP.sys - VolSnap (VolSnap) .(...) - LEGACY_VOLSNAP
O64 - Services: CurCS - C:\WINDOWS\System32\vssvc.exe - ClichÈ instantanÈ de volume (VSS) .(.Microsoft Corporation - Service de clichÈ instantanÈ de volumes Mic.) - LEGACY_VSS
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Horloge Windows (W32Time) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_W32TIME
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\wanarp.sys - Pilote ARP IP d'accËs distant (Wanarp) .(.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - LEGACY_WANARP
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - WebClient (WebClient) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WEBCLIENT
O64 - Services: CurCS - C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe - Windows Internet Name Service (Windows Internet Name Service) .(.Pas de propriÈtaire - Provides Internet Name Service.) - LEGACY_WINDOWS_INTERNET_NAME_SERVICE
O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Infrastructure de gestion Windows (winmgmt) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WINMGMT
O64 - Services: CurCS - C:\WINDOWS\System32\wbem\wmiapsrv.exe - Carte de performance WMI (WmiApSrv) .(.Microsoft Corporation - Service de la carte de performance WMI.) - LEGACY_WMIAPSRV
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Centre de sÈcuritÈ (wscsvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WSCSVC
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Mises ‡ jour automatiques (wuauserv) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WUAUSERV
O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Configuration automatique sans fil (WZCSVC) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WZCSVC


---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - …diteur du Registre.) -- C:\WINDOWS\regedit.exe
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - …diteur du Registre.) -- C:\WINDOWS\regedit.exe


---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <MSN Explorer> <>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - msn.) -- C:\Program Files\MSN\MSNCoreFiles\MSN6.exe


---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} [DefaultScope] - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {C52A27E8-9049-4A09-A181-91357823962A} - (Bing) - http://www.bing.com


---\\ Etat gÈnÈral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 10/01/2011 135336 | (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 10/01/2011 267944 | (AntiVirService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 05/01/2011 37664 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 27/07/2010 345376 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\System32\dmadmin.exe
SR - | Demand 25/01/2011 820008 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 19/02/2011 153376 | (JavaQuickStarterService) . (.Sun Microsystems, Inc..) - C:\Program Files\Java\jre6\bin\jqs.exe
SR - | Auto 02/05/2008 150528 | (MacDriveService) . (.Mediafour Corporation.) - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
SR - | Auto 05/08/2010 40960 | (NishService) . (.Pas de propriÈtaire.) - C:\Program Files\System Control Manager\edd.exe
SR - | Auto 21/12/2010 987704 | (Secunia PSI Agent) . (.Secunia.) - C:\Program Files\Secunia\PSI\PSIA.exe
SS - | Auto 21/12/2010 399416 | (Secunia Update Agent) . (.Secunia.) - C:\Program Files\Secunia\PSI\sua.exe
SR - | Auto 25/02/2007 125048 | (TOSHIBA Bluetooth Service) . (.TOSHIBA CORPORATION.) - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
SR - | Auto 26/02/2011 4928000 | (Windows Internet Name Service) . (.Pas de propriÈtaire.) - C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe


---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net
Run by Terri at 05/03/2011 02:00:00

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spev.sys hal.dll >>UNKNOWN [0x8A6B5938]<<
C:\WINDOWS\system32\drivers\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
spev.sys
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A644030]
3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IAAStorageDevice-0[0x8A6F3030]
kernel: MBR read successfully
user & kernel MBR OK


---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Terri at 05/03/2011 02:00:00
Use the desktop link 'MBRCheck' to have full report



---\\ Liste des Èmulateurs de CD/DVD (Hook du MBR)
O42 - Logiciel: DAEMON Tools Toolbar - (.DT Soft Ltd.) [HKLM] -- DAEMON Tools Toolbar
O58 - SDL:[MD5.BCED1300F915817C00FCFD7F90EE1300] - 22/12/2009 - 00:00:00 ---A- . (...) -- C:\WINDOWS\system32\drivers\sptd.sys [691696]



End of the scan (1112 lines in 01mn 58s)(0)

Merci
terrificolor
 
Messages: 23
Inscription: 23 Mar 2010 18:11

Re: fichier csrss.exe infecté et navigation internet impossi

Messagepar Florinator » 06 Mar 2011 13:11

Bonjour,

Il y a effectivement des réinstallations etranges:

Attention:Combofix est un outil que vous ne devez utiliser seulement si une personne formée à l'outil vous demande de le passer.

Nous allons utiliser un outil puissant, rends sur cette page web pour éxécuter l'outil dans les meilleures recommandations:
http://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Penses à bien vérifier que tu as fermé/désactivé tous les programmes anti-virus, anti-malware ou anti-spyware afin qu'ils n'interfèrent pas avec le travail de ComboFix.

Poste moi le rapport C:\ComboFix.txt

A++
Le savoir n'est utile que si il est transmis.
Avatar de l’utilisateur
Florinator
Maître Libellulien
Maître Libellulien
 
Messages: 661
Inscription: 28 Déc 2009 16:19

Re: fichier csrss.exe infecté et navigation internet impossi

Messagepar terrificolor » 06 Mar 2011 18:06

bonjour,
J'ai lu dans le tuto sur combofix qu'une connexion internet est indispensable pour pouvoir l'exécuter correctement (pour la console de récupération)
Hors je ne peux plus me connecter avec mon PC infecté.
Est ce que ça ne va pas poser problème?

Merci
terrificolor
 
Messages: 23
Inscription: 23 Mar 2010 18:11

Suivante

Retourner vers Désinfections et demandes d'analyse

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 0 invités