infecté par TR/Crypt.CFI.Gen et WORM/VB.NPM2

Section d'analyse de rapports et de désinfection : malwares en tous genre et autres indésirables. Demandes de nettoyage uniquement. Prise en charge restreinte : équipe spécialisée.

Modérateur: Modérateurs

Règles du forum :arrow: Les désinfections sont prises en charge par un groupe spécifique, tout le monde ne peut pas intervenir pour désinfecter les machines (règles).
:arrow: Les procédures sont sur-mesure, ne faites pas la même chose chez vous (explications).
:arrow: Un topic par machine, chacun crée le sien. ;)

infecté par TR/Crypt.CFI.Gen et WORM/VB.NPM2

Messagepar aspir560 » 20 Mar 2010 19:55

bonjour
le sujet été traité dans le forum mais je le renouvelle pour déposer l'analyse de mon pc sans quoi je ne peut m'en sortir.Mon disque dur interne et externe sont infectés:
par ailleurs en supprimant avec Antivir le fichier infecté F:\Recycled\info.exe je ne peut plus ouvrir la partition.Et si je coche acces refuser avec antivir du meme fichier... Recycled\info.exe avec autre partition je ne peut acceder à la partition.je doit cocher ignorer pour ouvrir la partition.
je voudrais désinfecter et récuperer le fichier supprimer pour ouvrir la partition
merci de votre aide
aspir560
 
Messages: 9
Inscription: 20 Mar 2010 19:23

Re: infecté par TR/Crypt.CFI.Gen et WORM/VB.NPM2

Messagepar Florinator » 20 Mar 2010 21:51

Bonsoir Aspir,

Ok, surment de l'infection se transmettant par voie USB.
Evites d'accéder au disque externe pour l'instant, sous risque de réactiver l'autorun à chaque accés délivrant l'infection, branches tout tes supports amovibles pour ces 2 scans.
On s'occupe de ça:

1)
Télécharge MBAM

  • Installe le
  • Lance l'outil
  • Coche "Executer un examen complet"
  • Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
  • Clique sur Supprimer la sélection
  • Pour poster le rapport clique sur l'onglet Rapports/Log et
  • Sélectionne celui t'intéresse et clique sur Ouvrir
  • Fait copier coller et poste le rapport stp

2)
Télécharge ZHPDiag crée par Nicolas Coolman

  • Enregistre le sur ton bureau
  • Double clique sur l'icône
  • Suis les instructions à l'ecran
  • Clique sur Image pour lancer l'analyse
  • Clique sur Image pour copier le rapport
  • Puis colle le dans ta prochaine réponses
  • Le rapport se situe aussi sous C:\Program Files\ZebHelpProcess\ZHPDiag.txt

A++
Le savoir n'est utile que si il est transmis.
Avatar de l’utilisateur
Florinator
Maître Libellulien
Maître Libellulien
 
Messages: 661
Inscription: 28 Déc 2009 16:19

Re: infecté par TR/Crypt.CFI.Gen et WORM/VB.NPM2

Messagepar aspir560 » 20 Mar 2010 23:12

merci pour l'aide.
il ya antivir qui réagit en meme temps que la recherche de mbam pour les infections trouvés.Faut-il mettre ignorer ou supprimer ou quarantaine ?
aspir560
 
Messages: 9
Inscription: 20 Mar 2010 19:23

Re: infecté par TR/Crypt.CFI.Gen et WORM/VB.NPM2

Messagepar Florinator » 21 Mar 2010 11:20

Bonjour Aspir,

Déconnectes toi du net, desactives Antivir.
Lance le scan de MBAM, il travaillera tranquillement et réactive Antivir.

A++
Le savoir n'est utile que si il est transmis.
Avatar de l’utilisateur
Florinator
Maître Libellulien
Maître Libellulien
 
Messages: 661
Inscription: 28 Déc 2009 16:19

Re: infecté par TR/Crypt.CFI.Gen et WORM/VB.NPM2

Messagepar aspir560 » 21 Mar 2010 15:26

voila le rapport mbam
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3888
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21/03/2010 00:48:50
mbam-log-2010-03-21 (00-48-50).txt

Type de recherche: Examen complet (C:\|D:\|F:\|G:\|J:\|)
Eléments examinés: 369394
Temps écoulé: 1 hour(s), 32 minute(s), 40 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 56

Processus mémoire infecté(s):
C:\WINDOWS\System.exe (Worm.AutoRun) -> Not selected for removal.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\System.exe (Worm.AutoRun) -> Delete on reboot.
C:\WINDOWS\Config\Svchost.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\Config\System.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sebastien\Local Settings\Temp\Rar$EX01.547\keyfinder.exe (Application.FindKey) -> Not selected for removal.
C:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP301\A0196853.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP301\A0196854.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP301\A0196857.EXE (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0197853.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0197854.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0197857.EXE (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0198852.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0198853.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0198857.EXE (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0198868.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0198869.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0198873.EXE (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0198898.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0198899.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0198902.EXE (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0198914.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0198915.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0198918.EXE (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0198930.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0198931.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0198934.EXE (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0198946.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0198947.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0198950.EXE (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0199945.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0199946.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0199950.EXE (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0199961.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0199963.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0199966.EXE (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Autorun.inf (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Recycled\INFO.EXE (Worm.AutoRun) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP301\A0196860.EXE (Worm.AutoRun) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0197860.EXE (Worm.AutoRun) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0198860.EXE (Worm.AutoRun) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0198876.EXE (Worm.AutoRun) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0198905.EXE (Worm.AutoRun) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0198921.EXE (Worm.AutoRun) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0198937.EXE (Worm.AutoRun) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0198953.EXE (Worm.AutoRun) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0199953.EXE (Worm.AutoRun) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0199969.EXE (Worm.AutoRun) -> Quarantined and deleted successfully.
D:\Recycled\INFO.EXE (Worm.AutoRun) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP301\A0196840.EXE (Worm.AutoRun) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0200202.EXE (Worm.AutoRun) -> Quarantined and deleted successfully..
G:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0199999.EXE (Worm.AutoRun) -> Quarantined and deleted successfully.
J:\[KEY FINDER] Windows XP Product Key Viewer.exe (Hacktool.KeySteal) -> Not selected for removal.
J:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP301\A0196845.EXE (Worm.AutoRun) -> Quarantined and deleted successfully.
J:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP302\A0200205.EXE (Worm.AutoRun) -> Quarantined and deleted successfully.
aspir560
 
Messages: 9
Inscription: 20 Mar 2010 19:23

Re: infecté par TR/Crypt.CFI.Gen et WORM/VB.NPM2

Messagepar aspir560 » 21 Mar 2010 15:42

voici le rapport ZHPDIAG
aspir560
 
Messages: 9
Inscription: 20 Mar 2010 19:23

Re: infecté par TR/Crypt.CFI.Gen et WORM/VB.NPM2

Messagepar aspir560 » 21 Mar 2010 15:51

Rapport de ZHPDiag v1.24.44 par Nicolas Coolman
Run by Sebastien at 21/03/2010 15:30:15
Web site : http://www.premiumorange.com/zeb-help-p ... pdiag.html
Platform : Microsoft Windows XP (5.1.2600) Service Pack 3
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox (3.6)

Boot mode: Normal (Normal boot)
Total RAM: 1022 MB (38% free)
System drive C: has 8 GB (15%) free of 53 GB

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 8 Go of 53 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 25 Go of 54 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ Hard drive, Flash drive, Thumb drive (Free 14 Go of 95 Go)
G:\ Hard drive, Flash drive, Thumb drive (Free 9 Go of 48 Go)
H:\ Floppy drive, Flash card reader, USB Key (Inserted)
I:\ CD-ROM drive (Not Inserted)
J:\ Hard drive, Flash drive, Thumb drive (Free 11 Go of 47 Go)

---\\ Processus lancés
[MD5.402541819CA99CD10E730E80F73CD7ED] - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[MD5.6F0AA1F6467793B7651AF71C8508D69A] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[MD5.FC1205A5BB8EB328158D004BBACDF309] - C:\Program Files\Acer\Acer Arcade\PCMService.exe
[MD5.27ECDC43B2E41A865092CC31263358F2] - C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
[MD5.1B17E09C1223F6D17336D2DD7A1AF4F4] - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
[MD5.72D78BD9AB1F457502F01832B07133CF] - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
[MD5.F2DB3672A8D4BA1A1FA2E02B47B5A240] - C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
[MD5.58D794455A6CEA851D13274224E42730] - C:\WINDOWS\system32\igfxtray.exe
[MD5.E822BA2DB5811E6C8491E24C710D3455] - C:\WINDOWS\system32\hkcmd.exe
[MD5.2738657127E7C3D08399D3943D0C5C0E] - C:\WINDOWS\system32\igfxpers.exe
[MD5.F10BDF46582351A9EC48882927C0818F] - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
[MD5.8E9FD12B8BF5DAA502CE78CDEC6F5516] - C:\Acer\Empowering Technology\ePower\Boot.exe
[MD5.2B9DFD899AD00DD1D1F5B23CF7E21527] - C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
[MD5.F502978012E90D851ABF4E9AC4BAA91E] - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
[MD5.A2A1F31E044BB41620141ED87E350516] - C:\WINDOWS\system32\ImageItEncrypt.exe
[MD5.478FEF5411B5D211698B98886639E1F0] - C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
[MD5.C265E8D31C7BC3A59458A49C6E5CED4B] - C:\Program Files\Logitech\iTouch\iTouch.exe
[MD5.621E303C3D83AD5AC6072F446E5232B3] - C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
[MD5.443600328805E799EB050CF3027231B6] - C:\Program Files\Windows Live\Family Safety\fsui.exe
[MD5.64C4C17BF6A40FF1CD21205E6FD415B8] - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
[MD5.6448BF2FEF484EF8B7787AE9EB2D5B5C] - C:\Program Files\Athan\Athan.exe
[MD5.56B4E7BC40BCAF9C4F410E06BE437662] - C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe
[MD5.3A0647BDED81DBE0BCBB51D70B22C9E0] - C:\Program Files\Java\jre6\bin\jusched.exe
[MD5.33E5A8FC8EB0EE42478F8538D0215D8F] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
[MD5.3103FE27C967675B019E880AA6DA3D6D] - C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
[MD5.29680A793F690EEF4AAA68479D2A6DF8] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
[MD5.2CCDAF62E2C2B9E3B7915665B1E335B5] - C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
[MD5.EF5871D86ADCE5BDF551411CE484478B] - C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
[MD5.AB698C58A17812A34D239E021AA4A163] - C:\Program Files\Acer\OrbiCam\InstallHelper.exe
[MD5.35CADFC53E7D7E4336E7C9C04D66C82B] - C:\WINDOWS\system32\ElkCtrl.exe
[MD5.C33EE8245897AEF45B7F0C70FDE0F78F] - C:\Program Files\Unlocker\UnlockerAssistant.exe
[MD5.59DC5BB82E4C8E0B3EADCFDBC44BA6E4] - C:\WINDOWS\system32\ctfmon.exe
[MD5.18B4B12358EFCF68D76812058A26181F] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[MD5.390679F7A217A5E73D756276C40AE887] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[MD5.DB06B12E8DE572AB8B8C482E3EE574F5] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[MD5.3CAABC2D0F87413EB1E0C7E0B3245E67] - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
[MD5.9015BC03F62940527EC92D45EE89E46F] - C:\Program Files\Avira\AntiVir Desktop\sched.exe
[MD5.B8720A787C1223492E6F319465E996CE] - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
[MD5.BBA22521D24625C7A7B8D57FB20A812E] - C:\WINDOWS\system32\Ati2evxx.exe
[MD5.E4BDF223CD75478BF44567B4D5C2634D] - C:\WINDOWS\System32\svchost.exe
[MD5.D5C2B2085086C2B594502E23913D1CB8] - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
[MD5.2303219FA3D03DF12636DBB7AD8B6801] - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
[MD5.5B417ED5B49D5A65355A81A2A5FBC1E0] - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
[MD5.C3FB1D70CB88722267949694BA51759E] - C:\WINDOWS\system32\services.exe
[MD5.56DED3ADE453272E6A0AD582D945D1A4] - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
[MD5.305687EB8C8E0A12A0B2BAE387B6E466] - C:\WINDOWS\system32\fxssvc.exe
[MD5.39133291CB607BDD87CFC565A4A1E7A5] - C:\Program Files\Java\jre6\bin\jqs.exe
[MD5.AB8134127F786C9603817B5318DCEEAA] - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
[MD5.084C131F7060C3A6477B53E2043163F9] - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
[MD5.FA6CF68258F288068EE712ECBDD2563B] - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
[MD5.91E6024D6D4DCDECDB36C43ECF9BBECB] - C:\WINDOWS\system32\lsass.exe
[MD5.1B2857EF12D79A9F9ADBA14B0637CBF8] - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
[MD5.B216B03852DF788C7E2AFDF6C6E8A9B0] - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
[MD5.6C5155CC0E805C7BE6028BFF7AC14524] - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
[MD5.56C92289535834AA26144B4368932DCB] - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
[MD5.B3C9D712962DB83C280D0C4AAC8963A8] - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
[MD5.460E4CE148BD07218DA0B6A3D31885A9] - C:\WINDOWS\system32\spoolsv.exe
[MD5.2B92880EA4C1F48AAF9D6E09A2749BC1] - C:\Program Files/Thomson/ST330/service/st330service.exe
[MD5.7778BDFA3F6F6FBA0E75B9594098F737] - C:\WINDOWS\system32\SearchIndexer.exe

---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,System,

---\\ Création d'une valeur Ini (Created inifile value, mapped to Registry) (F3)
F3 - REG:win.ini: load=System

---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

---\\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll
R3 - URLSearchHook: Microsoft Url Search Hook - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll

---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\YTSingleInstance.dll

---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {1E796980-9CC5-11D1-A83F-00C04FC99D61} -

---\\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] C:\Program Files\Acer\Acer Arcade\PCMService.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [EverioService] C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU C:\WINDOWS\TEMP\E_S90.tmp /EF HKLM
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [fssui] C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 EPSON Stylus Photo RX420 Series /O5 LPT1: /M Stylus Photo RX420
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P41 EPSON Stylus Photo RX420 Series (Copie 1) /O6 USB002 /M Stylus Photo RX420
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [diagnostics] C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe" /icon -l:fr
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data=1
O4 - HKCU\..\policies\Explorer: [NoDriveTypeAutoRun] Data=0
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - Global Startup: Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O4 - Global Startup: Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\favicon.ico
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFBARH.ICO
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe,302

---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File - C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File - C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File - C:\WINDOWS\system32\mswsock.dll

---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/Messenger ... E_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4246234718
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} () -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

---\\ Protocole additionnel et piratage de protocole (O18)
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll
O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Handler: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\FICHIE~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Handler: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\FICHIE~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\system32\mshtml.dll
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\System32\Ati2evxx.dll
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\System32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\System32\igfxdev.dll

---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll

---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: (Ati HotKey Poller) - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service (CyberLink Media Library Service) - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Fax (Fax) - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher (LVSrvLauncher) - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SbPF.Launcher (SbPF.Launcher) - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Spouleur d'impression (Spooler) - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: SpeedTouch 330 Manager (st330service) - C:\Program Files/Thomson/ST330/service/st330service.exe -service
O23 - Service: Windows Search (WSearch) - C:\WINDOWS\system32\SearchIndexer.exe /Embedding

---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{1C841997-7E47-4C4B-84FF-2CEF55232D26}.job

---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Mise à jour de la version d’Internet Explorer - <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
O40 - ASIC: Microsoft Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
O40 - ASIC: Personnalisation du navigateur - >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Outlook Express - >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file)
O40 - ASIC: Rendu VML (Vector Graphics Rendering) - {10072CEC-8CC1-11D1-986E-00A0C955B42F} - (not file)
O40 - ASIC: Free - Kit de connexion - {12322000-FC00-BC00-0000-123220000001} - (not file)
O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: Microsoft Windows Media Player 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: DirectAnimation - {283807B5-2C60-11D0-A31D-00AA00B92C03} - (not file)
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll
O40 - ASIC: Liaison de données Dynamic HTML pour Java - {36f8ec70-c29a-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Uniscribe - {3bf42070-b3b1-11d1-b5c5-0000f8051515} - (not file)
O40 - ASIC: .NET Framework - {3F7924B9-D148-3141-87B1-68F36043A940} - (not file)
O40 - ASIC: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) - {411EDCF7-755D-414E-A74B-3DCD6583F589} - (not file)
O40 - ASIC: Création avancée - {4278c270-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
O40 - ASIC: DirectShow - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Classes Java DirectAnimation - {4f216970-c90c-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.6 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Mise à jour de sécurité pour Windows XP (KB923789) - {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - (not file)
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: .NET Framework - {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - (not file)
O40 - ASIC: .NET Framework - {72AD53CC-CCC0-3757-8480-9EE176866A7C} - (not file)
O40 - ASIC: Dossiers Web - {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - (not file)
O40 - ASIC: Carnet d'adresses 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
O40 - ASIC: Mise à jour du Bureau Windows - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
O40 - ASIC: Fax - {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: Fax Provider - {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - (not file)
O40 - ASIC: .NET Framework - {9A394342-4A68-4EBA-85A6-55B559F4E700} - (not file)
O40 - ASIC: .NET Framework - {B508B3F1-A24A-32C0-B310-85786919EF28} - (not file)
O40 - ASIC: .NET Framework - {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - (not file)
O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: .NET Framework - {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - (not file)
O40 - ASIC: Planificateur de tâches - {CC2A9BA0-3BDD-11D0-821E-444553540000} - (not file)
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx
O40 - ASIC: Microsoft .NET Framework 1.1 Security Update (KB953297) - {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - (not file)
O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Messenger Class - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)
O40 - ASIC: Hotfix for Microsoft .NET Framework 3.0 (KB932471) - {ECD292A0-0347-4244-8C24-5DBCE990FB40} - (not file)
O40 - ASIC: RootsUpdate - {EF289A85-8E57-408d-BE47-73B55609861A} - (not file)
O40 - ASIC: .NET Framework - {F196AC50-7C95-42E1-9947-BDAB18BF3C8C} - (not file)

---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: AFD (AFD) - C:\WINDOWS\System32\drivers\afd.sys
O41 - Driver: avgio (avgio) - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
O41 - Driver: avipbb (avipbb) - C:\WINDOWS\system32\DRIVERS\avipbb.sys
O41 - Driver: Pilote de CD-ROM (Cdrom) - C:\WINDOWS\system32\DRIVERS\cdrom.sys
O41 - Driver: Pilote pour clavier i8042 et souris sur port PS/2 (i8042prt) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
O41 - Driver: Pilote de filtre de gravure CD (Imapi) - C:\WINDOWS\system32\DRIVERS\imapi.sys
O41 - Driver: Pilote de processeur Intel (intelppm) - C:\WINDOWS\system32\DRIVERS\intelppm.sys
O41 - Driver: Pilote IPSEC (IPSec) - C:\WINDOWS\system32\DRIVERS\ipsec.sys
O41 - Driver: ISO DVD/CD-ROM Device Driver (ISODrive) - C:\Program Files\UltraISO\drivers\ISODrive.sys
O41 - Driver: Pilote de la classe Clavier (Kbdclass) - C:\WINDOWS\system32\DRIVERS\kbdclass.sys
O41 - Driver: Pilote HID de clavier (kbdhid) - C:\WINDOWS\system32\DRIVERS\kbdhid.sys
O41 - Driver: Pilote de la classe Souris (Mouclass) - C:\WINDOWS\system32\DRIVERS\mouclass.sys
O41 - Driver: MRXSMB (MRxSmb) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
O41 - Driver: Interface NetBIOS (NetBIOS) - C:\WINDOWS\system32\DRIVERS\netbios.sys
O41 - Driver: NetBIOS sur TCP/IP (NetBT) - C:\WINDOWS\system32\DRIVERS\netbt.sys
O41 - Driver: Pilote de connexion automatique d'accès distant (RasAcd) - C:\WINDOWS\system32\DRIVERS\rasacd.sys
O41 - Driver: Rdbss (Rdbss) - C:\WINDOWS\system32\DRIVERS\rdbss.sys
O41 - Driver: (no object) (RDPCDD) - C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
O41 - Driver: Pilote de filtre de lecture digitale de CD audio (redbook) - C:\WINDOWS\system32\DRIVERS\redbook.sys
O41 - Driver: SbFw (SbFw) - C:\WINDOWS\system32\drivers\SbFw.sys
O41 - Driver: Sunbelt HIPS Driver (sbhips) - C:\WINDOWS\system32\drivers\sbhips.sys
O41 - Driver: ssmdrv (ssmdrv) - C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
O41 - Driver: Pilote du protocole TCP/IP (Tcpip) - C:\WINDOWS\system32\DRIVERS\tcpip.sys
O41 - Driver: Pilote de périphérique terminal (TermDD) - C:\WINDOWS\system32\DRIVERS\termdd.sys
O41 - Driver: Carte vidéo VGA. (VgaSave) - C:\WINDOWS\System32\drivers\vga.sys
O41 - Driver: Interface de gestion Microsoft Windows pour ACPI (WmiAcpi) - C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

---\\ Logiciels installés (O42)
O42 - Logiciel: ABBYY FineReader 6.0 Sprint
O42 - Logiciel: ATI - Utilitaire de désinstallation du logiciel
O42 - Logiciel: ATI Catalyst Control Center
O42 - Logiciel: ATI Display Driver
O42 - Logiciel: Acer Arcade
O42 - Logiciel: Acer Empowering Technology
O42 - Logiciel: Acer GridVista
O42 - Logiciel: Acer Screensaver
O42 - Logiciel: Acer eDataSecurity Management
O42 - Logiciel: Acer eDataSecurity Management 2.0.3076
O42 - Logiciel: Acer eNet Management
O42 - Logiciel: Acer ePerformance Management
O42 - Logiciel: Acer ePower Management
O42 - Logiciel: Acer ePresentation Management
O42 - Logiciel: Acer eSettings Management
O42 - Logiciel: Adobe Flash Player 10 ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin
O42 - Logiciel: Adobe Reader 9.2 - Français
O42 - Logiciel: Agere Systems HDA Modem
O42 - Logiciel: Assistant de connexion Windows Live
O42 - Logiciel: Athan Basic 3.8
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus
O42 - Logiciel: BayGenie eBay Auction Sniper Free Edition 3.1.3.0
O42 - Logiciel: Data Lifeguard Diagnostic for Windows
O42 - Logiciel: Digital Photo Navigator 1.5
O42 - Logiciel: EPSON Attach To Email
O42 - Logiciel: EPSON CardMonitor
O42 - Logiciel: EPSON Copy Utility 3
O42 - Logiciel: EPSON Easy Photo Print
O42 - Logiciel: EPSON File Manager
O42 - Logiciel: EPSON Logiciel imprimante
O42 - Logiciel: EPSON PRINT Image Framer Tool2.1
O42 - Logiciel: EPSON PhotoQuicker3.5
O42 - Logiciel: EPSON PhotoStarter3.1
O42 - Logiciel: EPSON Scan
O42 - Logiciel: EPSON Scan Assistant
O42 - Logiciel: EPSON Smart Panel
O42 - Logiciel: EPSON Web-To-Page
O42 - Logiciel: ESDX5000_CX4900 Guide d’utilisation
O42 - Logiciel: ESPRX420 Guide de réf.
O42 - Logiciel: ESPRX420 Guide des logiciels
O42 - Logiciel: Free - Kit de connexion
O42 - Logiciel: FreeDial
O42 - Logiciel: Galerie de photos Windows Live
O42 - Logiciel: High Definition Audio Driver Package - KB888111
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.0 (KB932471)
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399)
O42 - Logiciel: Hotfix for Windows XP (KB915800-v4)
O42 - Logiciel: Hotfix for Windows XP (KB954550-v5)
O42 - Logiciel: Hotfix for Windows XP (KB976002-v5)
O42 - Logiciel: Installation Windows Live
O42 - Logiciel: Java(TM) 6 Update 17
O42 - Logiciel: Junk Mail filter update
O42 - Logiciel: Launch Manager
O42 - Logiciel: Lecteur Windows Media 11
O42 - Logiciel: Logiciel Acer OrbiCam
O42 - Logiciel: Logiciel Intel(R) PROSet/Wireless
O42 - Logiciel: Logiciel iTouch de Logitech
O42 - Logiciel: Logitech Audio Echo Cancellation Component
O42 - Logiciel: Logitech Desktop Messenger
O42 - Logiciel: Logitech MouseWare 9.61
O42 - Logiciel: Logitech Resource Center
O42 - Logiciel: Logitech Video Enumerator
O42 - Logiciel: MSRuntime Libraries
O42 - Logiciel: MSVCRT
O42 - Logiciel: MSXML 4.0 SP2 (KB936181)
O42 - Logiciel: MSXML 4.0 SP2 (KB954430)
O42 - Logiciel: MSXML 4.0 SP2 (KB973688)
O42 - Logiciel: MSXML 6.0 Parser (KB933579)
O42 - Logiciel: Malwarebytes' Anti-Malware
O42 - Logiciel: Microsoft .NET Framework 1.1
O42 - Logiciel: Microsoft .NET Framework 1.1 French Language Pack
O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB953297)
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft Choice Guard
O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP
O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs
O42 - Logiciel: Microsoft National Language Support Downlevel APIs
O42 - Logiciel: Microsoft Office Live Add-in 1.3
O42 - Logiciel: Microsoft Office Outlook Connector
O42 - Logiciel: Microsoft Office Professional Edition 2003
O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU]
O42 - Logiciel: Microsoft Silverlight
O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable
O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra
O42 - Logiciel: Mozilla Firefox (3.6)
O42 - Logiciel: NTI Backup NOW! 4
O42 - Logiciel: NTI CD & DVD-Maker
O42 - Logiciel: Outil de téléchargement Windows Live
O42 - Logiciel: PIF DESIGNER
O42 - Logiciel: Package de base Microsoft de service de chiffrement pour cartes à puce
O42 - Logiciel: PhotoImpression 5
O42 - Logiciel: PowerCinema NE for Everio
O42 - Logiciel: PowerDirector Express
O42 - Logiciel: PowerProducer
O42 - Logiciel: PowerQuest PartitionMagic 8.0
O42 - Logiciel: Programme de gestion Acer OrbiCam
O42 - Logiciel: Programme de gestion Camera de Acer®
O42 - Logiciel: Quick Zip 4.60.019
O42 - Logiciel: Realtek High Definition Audio Driver
O42 - Logiciel: Recuva
O42 - Logiciel: SAGEM F@st 908-948
O42 - Logiciel: ScanToWeb
O42 - Logiciel: Security Update for CAPICOM (KB931906)
O42 - Logiciel: Security Update for Windows Search 4 - KB963093
O42 - Logiciel: Segoe UI
O42 - Logiciel: SiSoftware Sandra Lite 2009.SP2
O42 - Logiciel: Skype web features
O42 - Logiciel: Skype™ 4.1
O42 - Logiciel: SpeedTouch 330
O42 - Logiciel: Spelling Dictionaries Support For Adobe Reader 9
O42 - Logiciel: Spybot - Search & Destroy
O42 - Logiciel: Sunbelt Personal Firewall
O42 - Logiciel: Synaptics Pointing Device Driver
O42 - Logiciel: Texas Instruments PCIxx21/x515/xx12 drivers.
O42 - Logiciel: UMVPLStandalone
O42 - Logiciel: UltraISO Premium V9.3
O42 - Logiciel: Unlocker 1.8.9
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
O42 - Logiciel: VLC media player 0.9.9
O42 - Logiciel: WinRAR archiver
O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130)
O42 - Logiciel: Windows Imaging Component
O42 - Logiciel: Windows Internet Explorer 7
O42 - Logiciel: Windows Internet Explorer 8
O42 - Logiciel: Windows Live Call
O42 - Logiciel: Windows Live Communications Platform
O42 - Logiciel: Windows Live Contrôle parental
O42 - Logiciel: Windows Live FolderShare
O42 - Logiciel: Windows Live Mail
O42 - Logiciel: Windows Live Messenger
O42 - Logiciel: Windows Media Format 11 runtime
O42 - Logiciel: Windows Media Format SDK Hotfix - KB891122
O42 - Logiciel: Windows Media Player 11
O42 - Logiciel: Windows Presentation Foundation
O42 - Logiciel: Windows Search 4.0
O42 - Logiciel: Windows XP Service Pack 3
O42 - Logiciel: XML Paper Specification Shared Components Language Pack 1.0
O42 - Logiciel: XML Paper Specification Shared Components Pack 1.0
O42 - Logiciel: Yahoo! Messenger
O42 - Logiciel: Yahoo! Toolbar
O42 - Logiciel: iDeal Designer
O42 - Logiciel: mCore
O42 - Logiciel: mMHouse
O42 - Logiciel: mPfMgr
O42 - Logiciel: mProSafe
O42 - Logiciel: mWlsSafe
O42 - Logiciel: mXML

---\\ Contenu des dossiers Fichiers Communs (O43)
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers communs
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT
O43 - CFD:Common File Directory ----D- C:\Program Files\MSN
O43 - CFD:Common File Directory ----D- C:\Program Files\MSN Gaming Zone
O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player
O43 - CFD:Common File Directory ----D- C:\Program Files\Online Services
O43 - CFD:Common File Directory ----D- C:\Program Files\ComPlus Applications
O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer
O43 - CFD:Common File Directory ----D- C:\Program Files\Outlook Express
O43 - CFD:Common File Directory ----D- C:\Program Files\NetMeeting
O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker
O43 - CFD:Common File Directory ----D- C:\Program Files\Services en ligne
O43 - CFD:Common File Directory --H-D- C:\Program Files\WindowsUpdate
O43 - CFD:Common File Directory ----D- C:\Program Files\microsoft frontpage
O43 - CFD:Common File Directory ----D- C:\Program Files\xerox
O43 - CFD:Common File Directory ----D- C:\Program Files\Intel
O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information
O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD:Common File Directory ----D- C:\Program Files\Realtek
O43 - CFD:Common File Directory ----D- C:\Program Files\Synaptics
O43 - CFD:Common File Directory ----D- C:\Program Files\Acer Inc
O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\Acer
O43 - CFD:Common File Directory ----D- C:\Program Files\CyberLink
O43 - CFD:Common File Directory ----D- C:\Program Files\NewTech Infosystems
O43 - CFD:Common File Directory ----D- C:\Program Files\ATI Technologies
O43 - CFD:Common File Directory ----D- C:\Program Files\WinPCap
O43 - CFD:Common File Directory ----D- C:\Program Files\Launch Manager
O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 4.0
O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 6.0
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Connect 2
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Desktop Search
O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft CAPICOM 2.1.0.2
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD:Common File Directory ----D- C:\Program Files\Digital Photo Navigator 1.5
O43 - CFD:Common File Directory ----D- C:\Program Files\epson
O43 - CFD:Common File Directory ----D- C:\Program Files\ABBYY FineReader 6.0 Sprint
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft.NET
O43 - CFD:Common File Directory ----D- C:\Program Files\Logitech
O43 - CFD:Common File Directory ----D- C:\Program Files\Free.fr
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live SkyDrive
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft SQL Server Compact Edition
O43 - CFD:Common File Directory ----D- C:\Program Files\VideoLAN
O43 - CFD:Common File Directory ----D- C:\Program Files\Sunbelt Software
O43 - CFD:Common File Directory ----D- C:\Program Files\Spybot - Search & Destroy
O43 - CFD:Common File Directory ----D- C:\Program Files\NOS
O43 - CFD:Common File Directory ----D- C:\Program Files\QuickZip4
O43 - CFD:Common File Directory ----D- C:\Program Files\UltraISO
O43 - CFD:Common File Directory ----D- C:\Program Files\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\SiSoftware
O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild
O43 - CFD:Common File Directory ----D- C:\Program Files\BayGenie
O43 - CFD:Common File Directory ----D- C:\Program Files\Yahoo!
O43 - CFD:Common File Directory ----D- C:\Program Files\eMule
O43 - CFD:Common File Directory ----D- C:\Program Files\Smart Panel
O43 - CFD:Common File Directory ----D- C:\Program Files\ArcSoft
O43 - CFD:Common File Directory ----D- C:\Program Files\Athan
O43 - CFD:Common File Directory ----D- C:\Program Files\But iDeal Designer
O43 - CFD:Common File Directory --H-D- C:\Program Files\Zero G Registry
O43 - CFD:Common File Directory ----D- C:\Program Files\SAGEM
O43 - CFD:Common File Directory ----D- C:\Program Files\FreeDial
O43 - CFD:Common File Directory ----D- C:\Program Files\WinRAR
O43 - CFD:Common File Directory R---D- C:\Program Files\Skype
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office Outlook Connector
O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Firefox
O43 - CFD:Common File Directory ----D- C:\Program Files\PowerQuest
O43 - CFD:Common File Directory ----D- C:\Program Files\Thomson
O43 - CFD:Common File Directory ----D- C:\Program Files\Western Digital Corporation
O43 - CFD:Common File Directory ----D- C:\Program Files\Avira
O43 - CFD:Common File Directory ----D- C:\Program Files\Unlocker
O43 - CFD:Common File Directory ----D- C:\Program Files\Recuva
O43 - CFD:Common File Directory ----D- C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD:Common File Directory ----D- C:\Program Files\ZHPDiag
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Microsoft Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\SpeechEngines
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\ODBC
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\System
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\MSSoap
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Services
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\InstallShield
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\NewTech Infosystems
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\muvee Technologies
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\LightScribe
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Symantec Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Acer
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Logitech
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\DESIGNER
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Windows Live
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\EZB Systems
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Skype

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.916C30DCD227D7747BCF1015230302AF] - 21/03/2010 - 13:42:12 ---A- C:\WINDOWS\win.ini
O44 - LFC:[MD5.77ED98FFFC0F9E16BAA2BD93C29A8950] - 21/03/2010 - 13:41:42 ---A- C:\WINDOWS\System32\wpa.dbl
O44 - LFC:[MD5.646BDDE266A4841BD3213380D33067BC] - 21/03/2010 - 13:41:06 ---A- C:\WINDOWS\ModemLog_Agere Systems HDA Modem.txt
O44 - LFC:[MD5.00000000000000000000000000000000] - 21/03/2010 - 13:41:00 ---A- C:\WINDOWS\wiadebug.log
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 21/03/2010 - 13:40:58 ---A- C:\WINDOWS\0.log
O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 21/03/2010 - 13:40:26 -S-A- C:\WINDOWS\bootstat.dat
O44 - LFC:[MD5.00000000000000000000000000000000] - 21/03/2010 - 10:30:12 ---A- C:\WINDOWS\WindowsUpdate.log
O44 - LFC:[MD5.00000000000000000000000000000000] - 21/03/2010 - 10:30:08 ---A- C:\WINDOWS\SchedLgU.Txt
O44 - LFC:[MD5.00000000000000000000000000000000] - 21/03/2010 - 10:30:06 ---A- C:\WINDOWS\wiaservc.log
O44 - LFC:[MD5.E77283BB2F3C2D707F07CED76EF82FF3] - 21/03/2010 - 09:37:18 ---A- C:\WINDOWS\KB978207-IE8.log
O44 - LFC:[MD5.26F9C1EEDEABEF1922234885B2DEFDDF] - 21/03/2010 - 09:37:10 ---A- C:\WINDOWS\KB976662-IE8.log
O44 - LFC:[MD5.3A1509A03FEB62107408735D5C5ADF2D] - 21/03/2010 - 09:37:02 ---A- C:\WINDOWS\KB971961-IE8.log
O44 - LFC:[MD5.908C7C99FBAAF730B5C06BE733ED7AD8] - 20/03/2010 - 10:13:04 ---A- C:\WINDOWS\setupapi.log
O44 - LFC:[MD5.682AE0FFA6A865A8D137C43139BB4BCD] - 14/03/2010 - 11:52:18 ---A- C:\WINDOWS\diagerr.xml
O44 - LFC:[MD5.682AE0FFA6A865A8D137C43139BB4BCD] - 14/03/2010 - 11:52:18 ---A- C:\WINDOWS\diagwrn.xml
O44 - LFC:[MD5.2CA3E24743287D637B4E9529FE996722] - 14/03/2010 - 11:52:18 ---A- C:\WINDOWS\setupact.log
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 14/03/2010 - 11:51:36 ---A- C:\WINDOWS\setuperr.log
O44 - LFC:[MD5.30A55ACB26E0E7EC7B433D3F1226AF58] - 13/03/2010 - 22:
aspir560
 
Messages: 9
Inscription: 20 Mar 2010 19:23

Re: infecté par TR/Crypt.CFI.Gen et WORM/VB.NPM2

Messagepar aspir560 » 21 Mar 2010 15:52

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 14/03/2010 - 11:51:36 ---A- C:\WINDOWS\setuperr.log
O44 - LFC:[MD5.30A55ACB26E0E7EC7B433D3F1226AF58] - 13/03/2010 - 22:25:52 ---A- C:\WINDOWS\System32\d3d9caps.dat
O44 - LFC:[MD5.BF1F0CF59DE1C17C953EAB844F9C9BEE] - 12/03/2010 - 23:26:14 ---A- C:\WINDOWS\KB975561.log
O44 - LFC:[MD5.86E2C8013A1852D5D546EF6A1A69CB0C] - 12/03/2010 - 23:26:12 ---A- C:\WINDOWS\FaxSetup.log
O44 - LFC:[MD5.D2B841FB59B7BA78A742D33F98B5A3A8] - 12/03/2010 - 23:26:12 ---A- C:\WINDOWS\comsetup.log
O44 - LFC:[MD5.0E1E43A3F5AC0963129A4D8E77AB49D4] - 12/03/2010 - 23:26:12 ---A- C:\WINDOWS\iis6.log
O44 - LFC:[MD5.04AF0D7380736FBFF9E39FD3140C5152] - 12/03/2010 - 23:26:12 ---A- C:\WINDOWS\imsins.log
O44 - LFC:[MD5.43CD81FC04525CA501297AB3E43E81C3] - 12/03/2010 - 23:26:12 ---A- C:\WINDOWS\msgsocm.log
O44 - LFC:[MD5.0B2EA281E4139AAB628324FE31BA15E8] - 12/03/2010 - 23:26:12 ---A- C:\WINDOWS\ntdtcsetup.log
O44 - LFC:[MD5.1BD55F64F9CF317993A73E290FBE7E55] - 12/03/2010 - 23:26:12 ---A- C:\WINDOWS\ocgen.log
O44 - LFC:[MD5.4C9ED486E90EA106D9575872176EDB72] - 12/03/2010 - 23:26:12 ---A- C:\WINDOWS\ocmsn.log
O44 - LFC:[MD5.A0F67DE15F8EF6DC3007F5057DD8EAA4] - 12/03/2010 - 23:26:12 ---A- C:\WINDOWS\tsoc.log
O44 - LFC:[MD5.395B22A836F8FD8D8E32CD1B355D51D4] - 02/03/2010 - 06:30:12 ---A- C:\WINDOWS\System32\MRT.exe
O44 - LFC:[MD5.4BD3D744DF2163E51A4C6DBBFE25A93C] - 28/02/2010 - 09:25:46 ---A- C:\WINDOWS\KB976002-v5.log
O44 - LFC:[MD5.4C889F5A8A35752FAC5B6CE0A8BBF1B4] - 26/02/2010 - 23:26:48 ---A- C:\WINDOWS\KB979306.log
O44 - LFC:[MD5.D3338A15015EFFABA209D32C41106B38] - 26/02/2010 - 23:26:48 ---A- C:\WINDOWS\imsins.BAK
O44 - LFC:[MD5.2BB85E5745F2E317A188943B174BEB54] - 26/02/2010 - 23:26:46 ---A- C:\WINDOWS\System32\TZLog.log
O44 - LFC:[MD5.EC68EB785C4D753FF3881D9CCC989161] - 25/02/2010 - 23:08:42 ---A- C:\WINDOWS\KB977165.log
O44 - LFC:[MD5.55ABE56724F5685907E9D324EDB47D08] - 22/02/2010 - 22:21:14 ---A- C:\WINDOWS\MEMORY.DMP
O44 - LFC:[MD5.117AEB2E6CC90F312287450A9D59036C] - 20/02/2010 - 09:22:54 ---A- C:\WINDOWS\KB978262.log
O44 - LFC:[MD5.AC256F2554FB37149F64FB1C7390827F] - 20/02/2010 - 09:22:20 ---A- C:\WINDOWS\KB971468.log
O44 - LFC:[MD5.14DB937F6CAF1003AFE144DEBD68A62E] - 20/02/2010 - 09:20:10 ---A- C:\WINDOWS\KB978037.log
O44 - LFC:[MD5.9A50CF97336EEBD18585507BFB9D7C9C] - 20/02/2010 - 09:20:04 ---A- C:\WINDOWS\KB975713.log
O44 - LFC:[MD5.C7EC96AB8D0EEB4E243172175429E212] - 20/02/2010 - 09:20:04 ---A- C:\WINDOWS\updspapi.log
O44 - LFC:[MD5.6CA34A6A927757312C84991F15A72723] - 20/02/2010 - 09:20:00 ---A- C:\WINDOWS\KB978251.log
O44 - LFC:[MD5.0C3D1AED60F32C5E46FEF4AFDDE3900A] - 20/02/2010 - 09:19:54 ---A- C:\WINDOWS\KB975560.log
O44 - LFC:[MD5.EE677184317382C64D87EA0E5EE6032E] - 20/02/2010 - 09:19:46 ---A- C:\WINDOWS\KB977914.log
O44 - LFC:[MD5.886761B598EE2C6261AB8CAE9834BE09] - 20/02/2010 - 09:18:54 ---A- C:\WINDOWS\KB978706.log

---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll

---\\ Export de clé d'application autorisée (ECAA)(O47)
O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export SP - "C:\Program Files\Acer\Acer Arcade\PCMService.exe"="C:\Program Files\Acer\Acer Arcade\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
O47 - AAKE:Key Export SP - "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service"
O47 - AAKE:Key Export SP - "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"
O47 - AAKE:Key Export SP - "C:\Program Files\Thomson\ST330\service\st330service.exe"="C:\Program Files\Thomson\ST330\service\st330service.exe:*:Enabled:ST330 service"
O47 - AAKE:Key Export SP - "C:\Documents and Settings\Sebastien\Local Settings\Temp\stInstall.exe"="C:\Documents and Settings\Sebastien\Local Settings\Temp\stInstall.exe:*:Enabled:SpeedTouch Home Install Wizard"
O47 - AAKE:Key Export SP - "C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
O47 - AAKE:Key Export SP - "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
O47 - AAKE:Key Export SP - "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

---\\ Déni du service (Local Security Authority) (LSA) (O48)
O48 - LSA:Local Security Authority Authentication Packages - C:\WINDOWS\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages - C:\WINDOWS\System32\scecli.dll

---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\vgasave.sys

---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d

---\\ MountPoints2 Shell Key (MPSK) (O51)
O51 - MPSK:{3c905dc2-0a83-11de-9ada-00163657ff66}\Shell\AutoRun\command - H:\
O51 - MPSK:{3c905dc2-0a83-11de-9ada-00163657ff66}\Shell\explore\command - RECYCLED\INFO.exe
O51 - MPSK:{3c905dc2-0a83-11de-9ada-00163657ff66}\Shell\open\command - RECYCLED\INFO.exe
O51 - MPSK:{61b49b53-99dd-11dd-91c5-806d6172696f}\Shell\AutoRun\command - D:\
O51 - MPSK:{61b49b53-99dd-11dd-91c5-806d6172696f}\Shell\explore\command - RECYCLED\INFO.exe
O51 - MPSK:{61b49b53-99dd-11dd-91c5-806d6172696f}\Shell\open\command - RECYCLED\INFO.exe
O51 - MPSK:{70657752-dc1c-11de-9d86-00163657ff66}\Shell\AutoRun\command - F:\Launch.exe
O51 - MPSK:{8e8dbe30-0c04-11de-9ae4-00163657ff66}\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

---\\ Trojan Driver Search Data (TDSD) (O52)
O52 - TDSD:HKLM\...\Drivers\"timer"="timer.drv"
O52 - TDSD:HKLM\...\Drivers32\"midimapper"="midimap.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.imaadpcm"="imaadp32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msadpcm"="msadp32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msg711"="msg711.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msgsm610"="msgsm32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.trspch"="tssoft32.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.cvid"="iccvid.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.I420"="lvcodec2.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv31"="ir32_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv32"="ir32_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv41"="ir41_32.ax"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.IYUV"="iyuv_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.mrle"="msrle32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.msvc"="msvidc32.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.UYVY"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YUY2"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YVU9"="tsbyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YVYU"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"wavemapper"="msacm32.drv"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msg723"="msg723.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.M263"="msh263.drv"
O52 - TDSD:HKLM\...\Drivers32\"vidc.M261"="msh261.drv"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msaudio1"="msaud32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.sl_anet"="sl_anet.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv50"="ir50_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.l3codecp"=""
O52 - TDSD:HKLM\...\Drivers32\"msacm.mkdmp3enc"="C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM"
O52 - TDSD:HKLM\...\Drivers32\"MSVideo"="vfwwdm32.dll"
O52 - TDSD:HKLM\...\Drivers32\"MSVideo8"="VfWWDM32.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.siren"="sirenacm.dll"
O52 - TDSD:HKLM\...\Drivers32\"wave1"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"midi1"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"mixer1"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"aux1"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"wave"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"midi"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"mixer"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"aux"="wdmaud.drv"
O52 - TDSD:HKLM\...\drivers.desc\"msaud32.acm"="Windows Media Audio Codec"
O52 - TDSD:HKLM\...\drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec"
O52 - TDSD:HKLM\...\drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software"
O52 - TDSD:HKLM\...\drivers.desc\"ir50_32.dll"="Indeo® video 5.10"
O52 - TDSD:HKLM\...\drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec"
O52 - TDSD:HKLM\...\drivers.desc\"wdmaud.drv"="Realtek High Definition Audio"
O52 - TDSD:HKLM\...\drivers.desc\"l3codecp.acm"=""
O52 - TDSD:HKLM\...\drivers.desc\"C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM"="MP3 PowerEncoder"
O52 - TDSD:HKLM\...\drivers.desc\"vfwwdm32.dll"="Vidéo WDM pour le pilote de capture Windows (Win32)"
O52 - TDSD:HKLM\...\drivers.desc\"ir32_32.dll"="Indeo® video R3.2 by Intel"
O52 - TDSD:HKLM\...\drivers.desc\"ir41_32.ax"="Indeo® video interactive R4.3 by Intel"
O52 - TDSD:HKLM\...\drivers.desc\"iyvu9_32.dll"="Indeo® video Raw YVU9 by Intel"
O52 - TDSD:HKLM\...\drivers.desc\"sirenacm.dll"="Messenger Audio Codec"
O52 - TDSD:HKLM\...\drivers.desc\"mciavi32.dll"="mciavi32.dll"
O52 - TDSD:HKLM\...\drivers.desc\"mcicda.dll"="mcicda.dll"
O52 - TDSD:HKLM\...\drivers.desc\"mciseq.dll"="mciseq.dll"
O52 - TDSD:HKLM\...\drivers.desc\"mciwave.dll"="mciwave.dll"
O52 - TDSD:HKLM\...\drivers.desc\"mciqtz32.dll"="mciqtz32.dll"
O52 - TDSD:HKLM\...\drivers.desc\"midimap.dll"="midimap.dll"
O52 - TDSD:HKLM\...\drivers.desc\"imaadp32.acm"="imaadp32.acm"
O52 - TDSD:HKLM\...\drivers.desc\"msadp32.acm"="msadp32.acm"
O52 - TDSD:HKLM\...\drivers.desc\"msg711.acm"="msg711.acm"
O52 - TDSD:HKLM\...\drivers.desc\"msgsm32.acm"="msgsm32.acm"
O52 - TDSD:HKLM\...\drivers.desc\"tssoft32.acm"="tssoft32.acm"
O52 - TDSD:HKLM\...\drivers.desc\"iccvid.dll"="iccvid.dll"
O52 - TDSD:HKLM\...\drivers.desc\"lvcodec2.dll"="lvcodec2.dll"
O52 - TDSD:HKLM\...\drivers.desc\"iyuv_32.dll"="iyuv_32.dll"
O52 - TDSD:HKLM\...\drivers.desc\"msrle32.dll"="msrle32.dll"
O52 - TDSD:HKLM\...\drivers.desc\"msvidc32.dll"="msvidc32.dll"
O52 - TDSD:HKLM\...\drivers.desc\"msyuv.dll"="msyuv.dll"
O52 - TDSD:HKLM\...\drivers.desc\"tsbyuv.dll"="tsbyuv.dll"
O52 - TDSD:HKLM\...\drivers.desc\"msacm32.drv"="msacm32.drv"
O52 - TDSD:HKLM\...\drivers.desc\"msg723.acm"="msg723.acm"
O52 - TDSD:HKLM\...\drivers.desc\"msh263.drv"="msh263.drv"
O52 - TDSD:HKLM\...\drivers.desc\"msh261.drv"="msh261.drv"

---\\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1

---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoDriveTypeAutoRun"=0
O56 - MWPE:[HKLM\...\Policies\Explorer] - "HonorAutoRunSetting"=1

---\\ Liste des Drivers Système (SDL) (O58)
O58 - SDL:[MD5.2F31B7F954BED437F2C75026C65CAF7B] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\wmilib.sys
O58 - SDL:[MD5.E9317282A63CA4D188C0DF5E09C6AC5F] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\dmload.sys
O58 - SDL:[MD5.38D332A6D56AF32635675F132548343E] - 13/04/2008 - 21:14:30 ---A- C:\WINDOWS\system32\drivers\fastfat.sys
O58 - SDL:[MD5.AC7280566A7BB85CB3291F04DDC1198E] - 13/04/2008 - 20:38:30 ---A- C:\WINDOWS\system32\drivers\dxg.sys
O58 - SDL:[MD5.8F5FCFF8E8848AFAC920905FBD9D33C8] - 13/04/2008 - 20:45:14 ---A- C:\WINDOWS\system32\drivers\drmkaud.sys
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\ptilink.sys
O58 - SDL:[MD5.FDBB1D60066FCFBB7452FD8F9829B242] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\raspti.sys
O58 - SDL:[MD5.9919E66D8E7B0C77B07A0852E1B38834] - 22/11/2006 - 11:20:18 ---A- C:\WINDOWS\system32\drivers\lv321av.sys
O58 - SDL:[MD5.C1B486A7658353D33A10CC15211A873B] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\cdaudio.sys
O58 - SDL:[MD5.3E1E2BD4F39B0E2B7DC4F4D2BCC2779A] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\fs_rec.sys
O58 - SDL:[MD5.73C1E1F395918BC2C6DD67AF7591A3AD] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\null.sys
O58 - SDL:[MD5.DA1F27D85E0D1525F6621372E7B685E9] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\beep.sys
O58 - SDL:[MD5.4912D5B403614CE99C28420F75353332] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\rdpcdd.sys
O58 - SDL:[MD5.FE0D99D6F31E4FAD8159F690D68DED9C] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\rasacd.sys
O58 - SDL:[MD5.5A7C47C9B3F9FB92A66410A7509F0C71] - 14/04/2008 - 04:05:12 ---A- C:\WINDOWS\system32\drivers\dmio.sys
O58 - SDL:[MD5.A73F5D6705B1D820C19B18782E176EFD] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\dxgthk.sys
O58 - SDL:[MD5.9575C5630DB8FB804649A6959737154C] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\parvdm.sys
O58 - SDL:[MD5.39A0A59180F19946374275745B21AEBA] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\atmepvc.sys
O58 - SDL:[MD5.E7EF69B38D17BA01F914AE8F66216A38] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\atmuni.sys
O58 - SDL:[MD5.F5DEADD42335FB33EDCA74ECB2F36CBA] - 14/04/2008 - 04:05:08 ---A- C:\WINDOWS\system32\drivers\dmboot.sys
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\cinemst2.sys
O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\cpqdap01.sys
O58 - SDL:[MD5.FE97D0343ACFDEBDD578FC67CC91FA87] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\dxapi.sys
O58 - SDL:[MD5.731F22BA402EE4B62748ADAF6363C182] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\ipfltdrv.sys
O58 - SDL:[MD5.D1F8BE91ED4DDB671D42E473E3FE71AB] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\mcd.sys
O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\nikedrv.sys
O58 - SDL:[MD5.B305F3FAD35083837EF46A0BBCE2FC57] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\nwlnkflt.sys
O58 - SDL:[MD5.C99B3415198D1AAB7227F2C88FD664B9] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\nwlnkfwd.sys
O58 - SDL:[MD5.56D34A67C05E94E16377C60609741FF8] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\nwlnknb.sys
O58 - SDL:[MD5.C0BB7D1615E1ACBDC99757F6CEAF8CF0] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\nwlnkspx.sys
O58 - SDL:[MD5.01524CD237223B18ADBB48F70083F101] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\rawwan.sys
O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\rio8drv.sys
O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\riodrv.sys
O58 - SDL:[MD5.C41A5740468D0B9CB46E6390A0E15CE3] - 16/03/2006 - 17:24:00 ---A- C:\WINDOWS\system32\drivers\AGRSM.sys
O58 - SDL:[MD5.8A208DFCF89792A484E76C40E5F50B45] - 13/04/2008 - 20:45:02 ---A- C:\WINDOWS\system32\drivers\DMusic.sys
O58 - SDL:[MD5.D8B0B4ADE32574B2D9C5CC34DC0DBBE7] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\rootmdm.sys
O58 - SDL:[MD5.017DAECF0ED3AA731313433601EC40FA] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\smclib.sys
O58 - SDL:[MD5.699450901C5CCFD82357CBC531CEDD23] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\tosdvd.sys
O58 - SDL:[MD5.D74A8EC75305F1D3CFDE7C7FC1BD62A9] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\tsbvcap.sys
O58 - SDL:[MD5.E65E2353A5D74EA89971CB918EEEB2F6] - 13/04/2008 - 20:40:44 ---A- C:\WINDOWS\system32\drivers\diskdump.sys
O58 - SDL:[MD5.044452051F3E02E7963599FC8F4F3E25] - 13/04/2008 - 20:40:48 ---A- C:\WINDOWS\system32\drivers\disk.sys
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\vdmindvd.sys
O58 - SDL:[MD5.6ABE6E225ADB5A751622A9CC3BC19CE8] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\ws2ifsl.sys
O58 - SDL:[MD5.4AE068242760A1FB6E1A44BF4E16AFA6] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\mnmdd.sys
O58 - SDL:[MD5.B71A69BB9CC88803F455341BD3992E0C] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\fsvga.sys
O58 - SDL:[MD5.D68AE021109A74E491B83F3F69FB92CD] - 14/04/2008 - 04:02:48 ---A- C:\WINDOWS\system32\drivers\crusoe.sys
O58 - SDL:[MD5.E4ABC1212B70BB03D35E60681C447210] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\acpiec.sys
O58 - SDL:[MD5.4BB30DDC53EBC76895E38694580CDFE9] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\oprghdlr.sys
O58 - SDL:[MD5.6E4C9F21F0FAE8940661144F41B13203] - 13/04/2008 - 20:36:38 ---A- C:\WINDOWS\system32\drivers\compbatt.sys
O58 - SDL:[MD5.596EB39B50D6EBD9B734DC4AE0544693] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\usbd.sys
O58 - SDL:[MD5.FE47DD8FE6D7768FF94EBEC6C74B2719] - 13/04/2008 - 21:16:22 ---A- C:\WINDOWS\system32\drivers\classpnp.sys
O58 - SDL:[MD5.1F4260CC5B42272D71F79E570A27A4FE] - 13/04/2008 - 20:40:46 ---A- C:\WINDOWS\system32\drivers\cdrom.sys
O58 - SDL:[MD5.C885B02847F5D2FD45A24E219ED93B32] - 13/04/2008 - 21:14:22 ---A- C:\WINDOWS\system32\drivers\cdfs.sys
O58 - SDL:[MD5.6CD7B22193718F1D17A47A1CD6D37E75] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\USBSTOR.SYS
O58 - SDL:[MD5.B467646C54CC746128904E1654C750C1] - 24/06/2009 - 13:18:42 ---A- C:\WINDOWS\system32\drivers\ksecdd.sys
O58 - SDL:[MD5.A0B8CF9DEB1184FBDD20784A58FA75D4] - 13/04/2008 - 20:45:34 ---A- C:\WINDOWS\system32\drivers\usbscan.sys
O58 - SDL:[MD5.0F6C187D38D98F8DF904589A5F94D411] - 13/04/2008 - 20:36:38 ---A- C:\WINDOWS\system32\drivers\CmBatt.sys
O58 - SDL:[MD5.0BE5AEF125BE881C4F854C554F2B025C] - 13/04/2008 - 20:46:24 ---A- C:\WINDOWS\system32\drivers\ccdecode.sys
O58 - SDL:[MD5.F934D1B230F84E1D19DD00AC5A7A83ED] - 13/04/2008 - 20:53:24 ---A- C:\WINDOWS\system32\drivers\bridge.sys
O58 - SDL:[MD5.0D93976F7801B7FCD8135CC77257BBD0] - 13/04/2008 - 20:36:32 ---A- C:\WINDOWS\system32\drivers\battc.sys
O58 - SDL:[MD5.AE76348A2605FB197FA8FF1D6F547836] - 13/04/2008 - 20:51:30 ---A- C:\WINDOWS\system32\drivers\atmlane.sys
O58 - SDL:[MD5.9916C1225104BA14794209CFA8012159] - 13/04/2008 - 20:51:26 ---A- C:\WINDOWS\system32\drivers\atmarpc.sys
O58 - SDL:[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - 13/04/2008 - 20:40:30 ---A- C:\WINDOWS\system32\drivers\atapi.sys
O58 - SDL:[MD5.B153AFFAC761E7F5FCFA822B9C4E97BC] - 13/04/2008 - 20:57:28 ---A- C:\WINDOWS\system32\drivers\asyncmac.sys
O58 - SDL:[MD5.B5B8A80875C1DEDEDA8B02765642C32F] - 13/04/2008 - 20:51:26 ---A- C:\WINDOWS\system32\drivers\arp1394.sys
O58 - SDL:[MD5.C6C0F974AB7E825813F8E6B4E5581750] - 14/04/2008 - 03:54:28 ---A- C:\WINDOWS\system32\drivers\amdk6.sys
O58 - SDL:[MD5.8BED39E3C35D6A489438B8141717A557] - 13/04/2008 - 18:39:24 ---A- C:\WINDOWS\system32\drivers\aec.sys
O58 - SDL:[MD5.E5E6DBFC41EA8AAD005CB9A57A96B43B] - 14/04/2008 - 03:52:42 ---A- C:\WINDOWS\system32\drivers\acpi.sys
O58 - SDL:[MD5.754292CE5848B3738281B4F3607EAEF4] - 13/04/2008 - 20:36:40 ---A- C:\WINDOWS\system32\drivers\viaagp.sys
O58 - SDL:[MD5.65DCF09D0E37D4C6B11B5B0B76D470A7] - 13/04/2008 - 20:45:36 ---A- C:\WINDOWS\system32\drivers\usbehci.sys
O58 - SDL:[MD5.402DDC88356B1BAC0EE3DD1580C76A31] - 13/04/2008 - 20:39:46 ---A- C:\WINDOWS\system32\drivers\update.sys
O58 - SDL:[MD5.8F861EDA21C05857EB8197300A92501C] - 13/04/2008 - 20:56:02 ---A- C:\WINDOWS\system32\drivers\tunmp.sys
O58 - SDL:[MD5.6B33D0EBD30DB32E27D1D78FE946A754] - 13/04/2008 - 20:36:40 ---A- C:\WINDOWS\system32\drivers\sisagp.sys
O58 - SDL:[MD5.C17C331E435ED8737525C86A7557B3AC] - 13/04/2008 - 20:40:48 ---A- C:\WINDOWS\system32\drivers\sffp_sd.sys
O58 - SDL:[MD5.0FA803C64DF0914B41F807EA276BF2A6] - 13/04/2008 - 20:40:48 ---A- C:\WINDOWS\system32\drivers\sffdisk.sys
O58 - SDL:[MD5.8D04819A3CE51B9EB47E5689B44D43C4] - 13/04/2008 - 20:36:44 ---A- C:\WINDOWS\system32\drivers\sdbus.sys
O58 - SDL:[MD5.95B4FB835E28AA1336CEEB07FD5B9398] - 13/04/2008 - 20:36:40 ---A- C:\WINDOWS\system32\drivers\amdagp.sys
O58 - SDL:[MD5.0753515F78DF7F271A5E61C20BCD36A1] - 13/04/2008 - 21:16:36 ---A- C:\WINDOWS\system32\drivers\ks.sys
O58 - SDL:[MD5.AD340800C35A42D4DE1641A37FEEA34C] - 14/04/2008 - 04:03:26 ---A- C:\WINDOWS\system32\drivers\intelppm.sys
O58 - SDL:[MD5.AF5F4F3F14A8EA2C26DE30F7A1E17136] - 13/04/2008 - 20:36:46 ---A- C:\WINDOWS\system32\drivers\mssmbios.sys
O58 - SDL:[MD5.3BB22519A194418D5FEC05D800A19AD0] - 13/04/2008 - 20:53:34 ---A- C:\WINDOWS\system32\drivers\ip6fw.sys
O58 - SDL:[MD5.B2CF4B0786F8212CB92ED2B50C6DB6B0] - 13/04/2008 - 20:33:00 ---A- C:\WINDOWS\system32\drivers\fltMgr.sys
O58 - SDL:[MD5.7E775010EF291DA96AD17CA4B17137D7] - 14/08/2008 - 12:04:36 ---A- C:\WINDOWS\system32\drivers\afd.sys
O58 - SDL:[MD5.9179E07503630D6FB2E4162FF0196191] - 20/09/2005 - 10:30:00 ---A- C:\WINDOWS\system32\drivers\tifm21.sys
O58 - SDL:[MD5.E9A60343CB7C39090638B1DD574F26EB] - 08/03/2006 - 17:10:52 ---A- C:\WINDOWS\system32\drivers\psdvdisk.sys
O58 - SDL:[MD5.07AC9A98EA70B5A6655A5797174BD282] - 22/02/2006 - 11:46:26 ---A- C:\WINDOWS\system32\drivers\ati2mtag.sys
O58 - SDL:[MD5.D3DABC57BE6D456DFD4BC026CFA582FF] - 14/04/2008 - 03:54:30 ---A- C:\WINDOWS\system32\drivers\amdk7.sys
O58 - SDL:[MD5.CB08AED0DE2DD889A8A820CD8082D83C] - 13/04/2008 - 20:36:38 ---A- C:\WINDOWS\system32\drivers\alim1541.sys
O58 - SDL:[MD5.03A7E0922ACFE1B07D5DB2EEB0773063] - 13/04/2008 - 20:36:40 ---A- C:\WINDOWS\system32\drivers\agpcpq.sys
O58 - SDL:[MD5.97C3B0E7B7174D6658220862269DDC8D] - 10/11/2005 - 11:27:42 ---A- C:\WINDOWS\system32\drivers\WINIO.sys
O58 - SDL:[MD5.08FD04AA961BDC77FB983F328334E3D7] - 13/04/2008 - 20:36:38 ---A- C:\WINDOWS\system32\drivers\agp440.sys
O58 - SDL:[MD5.7988BFE882BCD94199225B5C3482F1BD] - 18/01/2006 - 18:41:58 ---A- C:\WINDOWS\system32\drivers\Rtnicxp.sys
O58 - SDL:[MD5.73395A19FC86461A151D3C330604E8B3] - 27/11/2005 - 07:36:08 ---A- C:\WINDOWS\system32\drivers\w39n51.sys
O58 - SDL:[MD5.A63401D180863A2CEFCE51798542AE5F] - 08/01/2005 - 07:03:42 ---A- C:\WINDOWS\system32\drivers\SynTP.sys
O58 - SDL:[MD5.D9F724AA26C010A217C97606B160ED68] - 17/08/2001 - 21:59:44 ---A- C:\WINDOWS\system32\drivers\audstub.sys
O58 - SDL:[MD5.7F1C1F78D709C4A54CBB46EDE7E0B48D] - 15/04/2006 - 16:10:28 ---A- C:\WINDOWS\system32\drivers\NTIDrvr.sys
O58 - SDL:[MD5.FB9F32ACC1D3AD523F7EC900B66FC1BB] - 20/06/2008 - 13:08:28 ---A- C:\WINDOWS\system32\drivers\tcpip6.sys
O58 - SDL:[MD5.9AEFA14BD6B182D61E3119FA5F436D3D] - 20/06/2008 - 13:51:12 ---A- C:\WINDOWS\system32\drivers\tcpip.sys
O58 - SDL:[MD5.89220B427890AA1DFFD1A02648AE51C3] - 31/12/2009 - 17:50:04 ---A- C:\WINDOWS\system32\drivers\srv.sys
O58 - SDL:[MD5.96F7A9A7BF0C9C0440A967440065D33C] - 08/05/2008 - 16:02:52 ---A- C:\WINDOWS\system32\drivers\RMCast.sys
O58 - SDL:[MD5.A717C8721046828520C9EDF31288FC00] - 13/04/2008 - 20:47:38 ---A- C:\WINDOWS\system32\drivers\usbprint.sys
O58 - SDL:[MD5.87D211BA1E9759E26B6296E625A31CE8] - 16/09/2002 - 18:07:24 ---A- C:\WINDOWS\system32\drivers\PQNTDRV.sys
O58 - SDL:[MD5.00B670D8A36C7134CFC66B446A18CC92] - 07/04/2006 - 20:17:34 ---A- C:\WINDOWS\system32\drivers\psdfilter.sys
O58 - SDL:[MD5.C9FA6A70C051FC59D22C2E4CD211AD9B] - 16/10/2009 - 23:55:42 ---A- C:\WINDOWS\system32\drivers\st330.sys
O58 - SDL:[MD5.77BDE7B7060D063702F3AF3482895536] - 16/10/2009 - 23:55:42 ---A- C:\WINDOWS\system32\drivers\lpwdm.sys
O58 - SDL:[MD5.C6EE3A87FE609D3E1DB9DBD072A248DE] - 05/08/2009 - 22:48:42 ---A- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys
O58 - SDL:[MD5.0017202EB0224F82706F04ED35AB23C2] - 16/10/2009 - 23:55:42 ---A- C:\WINDOWS\system32\drivers\stbus.sys
O58 - SDL:[MD5.FC2F19D742F84D2CFF728F20529CBB30] - 16/10/2009 - 23:55:42 ---A- C:\WINDOWS\system32\drivers\steth.sys
O58 - SDL:[MD5.3AD0362CF68DE3AC500E981700242CCA] - 21/11/2009 - 13:25:00 ---A- C:\WINDOWS\system32\drivers\ssmdrv.sys
O58 - SDL:[MD5.5B44C214F9CD9F590BE9125347610380] - 13/02/2009 - 12:17:50 ---A- C:\WINDOWS\system32\drivers\avgntdd.sys
O58 - SDL:[MD5.2DAA8CC2670720DEDDCC74A20EDE2EE9] - 13/02/2009 - 12:28:40 ---A- C:\WINDOWS\system32\drivers\avgntmgr.sys
O58 - SDL:[MD5.A86859B77B908C18C2657F284AA29FE3] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\ftdisk.sys
O58 - SDL:[MD5.AD9BD66A862116E79CB45BB6BE46055F] - 30/03/2009 - 10:32:48 ---A- C:\WINDOWS\system32\drivers\avipbb.sys
O58 - SDL:[MD5.14FE36D8F2C6A2435275338D061A0B66] - 10/12/2009 - 23:18:58 ---A- C:\WINDOWS\system32\drivers\avgntflt.sys
O58 - SDL:[MD5.F80A415EF82CD06FFAF0D971528EAD38] - 20/10/2009 - 17:20:16 ---A- C:\WINDOWS\system32\drivers\http.sys
O58 - SDL:[MD5.6CB08593487F5701D2D2254E693EAFCE] - 13/04/2008 - 20:45:14 ---A- C:\WINDOWS\system32\drivers\drmk.sys
O58 - SDL:[MD5.E82A496C3961EFC6828B508C310CE98F] - 13/04/2008 - 21:19:42 ---A- C:\WINDOWS\system32\drivers\portcls.sys
O58 - SDL:[MD5.3E5D89099DED9E86E5639F411693218F] - 13/04/2008 - 20:45:16 ---A- C:\WINDOWS\system32\drivers\stream.sys
O58 - SDL:[MD5.19EEDB7E20D269D547CE74AF90FEAE2D] - 27/02/2006 - 18:47:00 ---A- C:\WINDOWS\system32\drivers\RtkHDAud.Sys
O58 - SDL:[MD5.421F7B922CEC5A5F340E7574A98F7B7C] - 04/12/2009 - 19:22:22 ---A- C:\WINDOWS\system32\drivers\mrxsmb.sys
O58 - SDL:[MD5.1140AB9938809700B46BB88E46D72A96] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\aliide.sys
O58 - SDL:[MD5.B411668322C3BF4E690888706B999679] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\toside.sys
O58 - SDL:[MD5.99B2F2D42631AFAF14269A92AB68390F] - 31/12/2003 - 11:35:16 R--A- C:\WINDOWS\system32\drivers\fbxusb.sys
O58 - SDL:[MD5.83C0F71F86D3BDAF915685F3D568B20E] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\sparrow.sys
O58 - SDL:[MD5.30D20FC98BCFD52E1DA778CF19B223D4] - 02/11/2005 - 13:24:24 ---A- C:\WINDOWS\system32\drivers\BCMWL5.SYS
O58 - SDL:[MD5.654A3F014903DC62CAF5E037F3D316D2] - 07/01/2010 - 16:07:04 ---A- C:\WINDOWS\system32\drivers\mbam.sys
O58 - SDL:[MD5.BC1F1FF8D5800398937966CDB0A97FDC] - 28/11/2005 - 14:20:20 ---A- C:\WINDOWS\system32\drivers\ialmnt5.sys
O58 - SDL:[MD5.9A11864873DA202C996558B2106B0BBC] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\adpu160m.sys
O58 - SDL:[MD5.F50F7C27F131AFE7BEBA13E14A3B9416] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\perc2hib.sys
O58 - SDL:[MD5.B7FE594A7468AA0132DEB03FB8E34326] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\aic78xx.sys
O58 - SDL:[MD5.C23EA9B5F46C7F7910DB3EAB648FF013] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\aha154x.sys
O58 - SDL:[MD5.40F3B93B4E5B0126F2F5C0A7A5E22660] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\dpti2o.sys
O58 - SDL:[MD5.19DD0FB48B0C18892F70E2E7D61A1529] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\aic78u2.sys
O58 - SDL:[MD5.3EE529119EED34CD212A215E8C40D4B6] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\cpqarray.sys
O58 - SDL:[MD5.F4BFDE7209C14A07AAA61E4D6AE69EAC] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\pciide.sys
O58 - SDL:[MD5.B028377DEA0546A5FCFBA928A8AEFAE0] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\hpn.sys
O58 - SDL:[MD5.6C14B9C19BA84F73D3A86DBA11133101] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\perc2.sys
O58 - SDL:[MD5.E3726AD522D0BDAE090671048C991AB3] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\cmdide.sys
O58 - SDL:[MD5.80AC1C4ABBE2DF3B738BF15517A51F2C] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\sym_hi.sys
O58 - SDL:[MD5.1FF3217614018630D0A6758630FC698C] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\symc810.sys
O58 - SDL:[MD5.070E001D95CF725186EF8B20335F933C] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\symc8xx.sys
O58 - SDL:[MD5.6503449E1D43A0FF0201AD5CB1B8C706] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\ql10wnt.sys
O58 - SDL:[MD5.0A63FB54039EB5662433CABA3B26DBA7] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\ql1080.sys
O58 - SDL:[MD5.70F016BEBDE6D29E864C1230A07CC5E6] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\ql1240.sys
O58 - SDL:[MD5.907F0AEEA6BC451011611E732BD31FCF] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\ql1280.sys
O58 - SDL:[MD5.156ED0EF20C15114CA097A34A30D8A01] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\ql12160.sys
O58 - SDL:[MD5.551636D491603CCBC74D35D62AD90674] - 20/07/2006 - 23:27:46 ---A- C:\WINDOWS\system32\drivers\LVMVdrv.sys
O58 - SDL:[MD5.BF4FAB949A382A8E105F46EBB4937058] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\sym_u3.sys
O58 - SDL:[MD5.3F4BB95E5A44F3BE34824E8E7CAF0737] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\mraid35x.sys
O58 - SDL:[MD5.F3EC03299634490E97BBCE94CD2954C7] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\cd20xrnt.sys
O58 - SDL:[MD5.90A673FC8E12A79AFBED2576F6A7AAF9] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\cbidf2k.sys
O58 - SDL:[MD5.E550E7418984B65A78299D248F0A7F36] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\dac2w2k.sys
O58 - SDL:[MD5.683789CAA3864EB46125AE86FF677D34] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\dac960nt.sys
O58 - SDL:[MD5.5D8DE112AA0254B907861E9E9C31D597] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\asc3550.sys
O58 - SDL:[MD5.62D318E9A0C8FC9B780008E724283707] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\asc.sys
O58 - SDL:[MD5.69EB0CC7714B32896CCBFD5EDCBEA447] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\asc3350p.sys
O58 - SDL:[MD5.6ABB91494FE6C59089B9336452AB2EA3] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\ABP480N5.SYS
O58 - SDL:[MD5.79F5ADD8D24BD6893F2903A3E2F3FAD6] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\amsint.sys
O58 - SDL:[MD5.4A40E045FAEE58631FD8D91AFC620719] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\ini910u.sys
O58 - SDL:[MD5.1B698A51CD528D8DA4FFAED66DFC51B9] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\ultra.sys
O58 - SDL:[MD5.DCC4677C583FB9563E31B565FC28EAA2] - 22/11/2006 - 11:21:00 ---A- C:\WINDOWS\system32\drivers\LVUSBSta.sys
O58 - SDL:[MD5.4D2F9A0F7E6E1B12D4E4F2B5492C300C] - 20/07/2006 - 23:40:48 ---A- C:\WINDOWS\system32\drivers\LVPr2Mon.sys
O58 - SDL:[MD5.5B993C4063B1F53FD4895F09CDCD33FC] - 20/07/2006 - 23:38:48 ---A- C:\WINDOWS\system32\drivers\Lvckap.sys
O58 - SDL:[MD5.C0D40BEAA6DFC05602FC8F484696F7F5] - 07/01/2010 - 16:07:14 ---A- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
O58 - SDL:[MD5.E798705E8DC7FAB596EF6BFDF167E007] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\kbdclass.sys
O58 - SDL:[MD5.E5339F531E0D12EE3632C2CC4C1DCE00] - 23/05/2002 - 17:59:00 ---A- C:\WINDOWS\system32\drivers\itchfltr.sys
O58 - SDL:[MD5.BBC297EA4FC97FC7B85F70915345C80A] - 21/05/2002 - 10:50:00 ---A- C:\WINDOWS\system32\drivers\LKbdFlt2.sys
O58 - SDL:[MD5.D1EFCBD693B5BA21314D06368C471070] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\drivers\i8042prt.sys
O58 - SDL:[MD5.027C01BD7EF3349AAEBC883D8A799EFB] - 14/04/2008 - 03:53:18 ---A- C:\WINDOWS\system32\drivers\mouclass.sys
O58 - SDL:[MD5.124D6846040C79B9C997F78EF4B2A4E5] - 23/08/2001 - 17:04:42 ---A- C:\WINDOWS\system32\drivers\mouhid.sys
O58 - SDL:[MD5.1CC074E0D48383D4E9BFFC6A26C2A58A] - 28/11/2005 - 12:09:26 ---A- C:\WINDOWS\system32\drivers\s24trans.sys
O58 - SDL:[MD5.12DAFD934641DCF61E446313BC261EC2] - 16/10/2008 - 14:29:20 ---A- C:\WINDOWS\system32\drivers\AegisP.sys
O58 - SDL:[MD5.D68564FCFBDFC04280CDBBB37CF7EF7F] - 22/04/2005 - 16:57:06 ---A- C:\WINDOWS\system32\drivers\epm-psd.sys
O58 - SDL:[MD5.50425CBD80468BF53BA90F0D7CC61805] - 22/04/2005 - 16:57:06 ---A- C:\WINDOWS\system32\drivers\epm-shd.sys
O58 - SDL:[MD5.D21FEE8DB254BA762656878168AC1DB6] - 02/11/2005 - 14:32:02 ---A- C:\WINDOWS\system32\drivers\npf.sys
O58 - SDL:[MD5.956E6D0D0994491BCF62C3BCD4D05CE4] - 21/05/2002 - 10:50:00 ---A- C:\WINDOWS\system32\drivers\L8042Pr2.sys
O58 - SDL:[MD5.1AC766CF4DFB8CD6A526BCDCED1286E7] - 06/04/2006 - 19:30:46 ---A- C:\WINDOWS\system32\drivers\LVPrcMon.sys
O58 - SDL:[MD5.45DF10F44F6A140A4F3DD377676603F2] - 21/05/2002 - 10:50:00 ---A- C:\WINDOWS\system32\drivers\LMouFlt2.sys
O58 - SDL:[MD5.EE2241501D513352C1A704C48D9A149D] - 04/09/2008 - 22:03:04 ---A- C:\WINDOWS\system32\drivers\fssfltr.sys
O58 - SDL:[MD5.31CA701F26EA66468AD3C3C6498755CE] - 21/06/2008 - 04:54:54 R--A- C:\WINDOWS\system32\drivers\sbhips.sys
O58 - SDL:[MD5.419883201CA9AD697CCFB8FC46DD6F78] - 31/10/2008 - 07:09:06 R--A- C:\WINDOWS\system32\drivers\SbFw.sys
O58 - SDL:[MD5.F01B8409A11C319E3C5B9DD418676D2C] - 21/06/2008 - 04:54:54 ---A- C:\WINDOWS\system32\drivers\SbFwIm.sys
O58 - SDL:[MD5.08D30AF92C270F2E76787C81589DBAD6] - 08/12/2004 - 14:10:00 ---A- C:\WINDOWS\system32\drivers\DKbFltr.SYS
O58 - SDL:[MD5.4D8D5B1C895EA0F2A721B98A7CE198F1] - 20/04/2006 - 20:03:42 ---A- C:\WINDOWS\system32\drivers\int15.sys
O58 - SDL:[MD5.658B1557468F3AD0BF7A79C5F0D30DA1] - 20/04/2006 - 20:03:42 ---A- C:\WINDOWS\system32\drivers\int15_64.sys
O58 - SDL:[MD5.40AC8590CC9006DBB99FFCB37879D4C6] - 20/04/2006 - 20:03:44 ---A- C:\WINDOWS\system32\drivers\zntport.sys
O58 - SDL:[MD5.F2F291F29B4ECE0394F9A28F8E829AFA] - 20/04/2006 - 20:03:44 ---A- C:\WINDOWS\system32\drivers\zntport64.sys
O58 - SDL:[MD5.97DD70FECA64FB4F63DE7BB7E66A80B1] - 20/04/2006 - 20:03:44 ---A- C:\WINDOWS\system32\drivers\TVicPort.sys
O58 - SDL:[MD5.4E104EBC164231D2272CC9BDD1EF5C40] - 20/04/2006 - 20:03:44 ---A- C:\WINDOWS\system32\drivers\TVicPort64.sys
O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/11/2007 - 12:25:54 ---A- C:\WINDOWS\system32\drivers\secdrv.sys
O58 - SDL:[MD5.CF4DEF1BF66F06964DC0D91844239104] - 18/10/2006 - 20:00:00 ---A- C:\WINDOWS\system32\drivers\wpdusb.sys
O58 - SDL:[MD5.C98B39829C2BBD34E454150633C62C78] - 13/04/2008 - 20:46:24 ---A- C:\WINDOWS\system32\drivers\wstcodec.sys
O58 - SDL:[MD5.C42584FD66CE9E17403AEBCA199F7BDB] - 13/04/2008 - 20:36:38 ---A- C:\WINDOWS\system32\drivers\wmiacpi.sys
O58 - SDL:[MD5.6768ACF64B18196494413695F0C3A00F] - 13/04/2008 - 21:17:18 ---A- C:\WINDOWS\system32\drivers\wdmaud.sys
O58 - SDL:[MD5.E20B95BAEDB550F32DD489265C1DA1F6] - 13/04/2008 - 20:57:22 ---A- C:\WINDOWS\system32\drivers\wanarp.sys
O58 - SDL:[MD5.46DE1126684369BACE4849E4FC8C43CA] - 14/04/2008 - 03:56:04 ---A- C:\WINDOWS\system32\drivers\volsnap.sys
O58 - SDL:[MD5.E28726B72C46821A28830E077D39A55B] - 13/04/2008 - 20:44:40 ---A- C:\WINDOWS\system32\drivers\videoprt.sys
O58 - SDL:[MD5.3B3EFCDA263B8AC14FDF9CBDD0791B2E] - 13/04/2008 - 20:40:32 ---A- C:\WINDOWS\system32\drivers\viaide.sys
O58 - SDL:[MD5.0D3A8FAFCEACD8B7625CD549757A7DF1] - 13/04/2008 - 20:44:40 ---A- C:\WINDOWS\system32\drivers\vga.sys
O58 - SDL:[MD5.26496F9DEE2D787FC3E61AD54821FFE6] - 13/04/2008 - 20:45:36 ---A- C:\WINDOWS\system32\drivers\usbuhci.sys
O58 - SDL:[MD5.791912E524CC2CC6F50B5F2B52D1EB71] - 13/04/2008 - 20:45:36 ---A- C:\WINDOWS\system32\drivers\usbport.sys
O58 - SDL:[MD5.290913DC4F1125E5A82DE52579A44C43] - 13/04/2008 - 20:45:44 ---A- C:\WINDOWS\system32\drivers\usbintel.sys
O58 - SDL:[MD5.1AB3CDDE553B6E064D2E754EFE20285C] - 13/04/2008 - 20:45:38 ---A- C:\WINDOWS\system32\drivers\usbhub.sys
O58 - SDL:[MD5.173F317CE0DB8E21322E71B7E60A27E8] - 13/04/2008 - 20:45:40 ---A- C:\WINDOWS\system32\drivers\usbccgp.sys
O58 - SDL:[MD5.CE97845D2E3F0D274B8BAC1ED07C6149] - 13/04/2008 - 20:45:42 ---A- C:\WINDOWS\system32\drivers\usbcamd2.sys
O58 - SDL:[MD5.1C1A47B40C23358245AA8D0443B6935E] - 13/04/2008 - 20:45:40 ---A- C:\WINDOWS\system32\drivers\usbcamd.sys
O58 - SDL:[MD5.BEE793D4A059CAEA55D6AC20E19B3A8F] - 13/04/2008 - 20:56:50 ---A- C:\WINDOWS\system32\drivers\usb8023.sys
O58 - SDL:[MD5.5787B80C2E3C5E2F56C2A233D91FA2C9] - 13/04/2008 - 20:32:36 ---A- C:\WINDOWS\system32\drivers\udfs.sys
O58 - SDL:[MD5.88155247177638048422893737429D9E] - 14/04/2008 - 04:34:52 ---A- C:\WINDOWS\system32\drivers\termdd.sys
O58 - SDL:[MD5.C56B6D0402371CF3700EB322EF3AAF61] - 14/04/2008 - 04:34:54 ---A- C:\WINDOWS\system32\drivers\tdtcp.sys
O58 - SDL:[MD5.6471A66807F5E104E4885F5B67349397] - 14/04/2008 - 04:34:52 ---A- C:\WINDOWS\system32\drivers\tdpipe.sys
O58 - SDL:[MD5.0539D5E53587F82D1B4FD74C5BE205CF] - 13/04/2008 - 21:00:06 ---A- C:\WINDOWS\system32\drivers\tdi.sys
O58 - SDL:[MD5.FD6093E3DECD925F1CFFC8A0DD539D72] - 13/04/2008 - 20:40:50 ---A- C:\WINDOWS\system32\drivers\tape.sys
O58 - SDL:[MD5.8B83F3ED0F1688B4958F77CD6D2BF290] - 13/04/2008 - 21:15:56 ---A- C:\WINDOWS\system32\drivers\sysaudio.sys
O58 - SDL:[MD5.8CE882BCC6CF8A62F2B2323D95CB3D01] - 13/04/2008 - 20:45:10 ---A- C:\WINDOWS\system32\drivers\swmidi.sys
O58 - SDL:[MD5.3941D127AEF12E93ADDF6FE6EE027E0F] - 13/04/2008 - 20:39:54 ---A- C:\WINDOWS\system32\drivers\swenum.sys
O58 - SDL:[MD5.77813007BA6265C4B6098187E6ED79D2] - 13/04/2008 - 20:46:22 ---A- C:\WINDOWS\system32\drivers\StreamIP.sys
O58 - SDL:[MD5.39626E6DC1FB39434EC40C42722B660A] - 14/04/2008 - 04:10:04 ---A- C:\WINDOWS\system32\drivers\sr.sys
O58 - SDL:[MD5.AB8B92451ECB048A4D1DE7C3FFCB4A9F] - 13/04/2008 - 20:45:08 ---A- C:\WINDOWS\system32\drivers\splitter.sys
O58 - SDL:[MD5.489703624DAC94ED943C2ABDA022A1CD] - 13/04/2008 - 20:46:08 ---A- C:\WINDOWS\system32\drivers\sonydcam.sys
O58 - SDL:[MD5.866D538EBE33709A5C9F5C62B73B7D14] - 13/04/2008 - 20:46:24 ---A- C:\WINDOWS\system32\drivers\slip.sys
O58 - SDL:[MD5.8E6B8C671615D126FDC553D1E2DE5562] - 13/04/2008 - 20:40:48 ---A- C:\WINDOWS\system32\drivers\sfloppy.sys
O58 - SDL:[MD5.93D313C31F7AD9EA2B75F26075413C7C] - 14/04/2008 - 04:00:08 ---A- C:\WINDOWS\system32\drivers\serial.sys
O58 - SDL:[MD5.0F29512CCD6BEAD730039FB4BD2C85CE] - 13/04/2008 - 20:40:12 ---A- C:\WINDOWS\system32\drivers\serenum.sys
O58 - SDL:[MD5.76C465F570E90C28942D52CCB2580A10] - 13/04/2008 - 20:40:30 ---A- C:\WINDOWS\system32\drivers\scsiport.sys
O58 - SDL:[MD5.601844CBCF617FF8C868130CA5B2039D] - 13/04/2008 - 20:56:50 ---A- C:\WINDOWS\system32\drivers\rndismp.sys
O58 - SDL:[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - 14/04/2008 - 03:57:34 ---A- C:\WINDOWS\system32\drivers\redbook.sys
O58 - SDL:[MD5.6728E45B66F93C08F11DE2E316FC70DD] - 14/04/2008 - 04:34:54 ---A- C:\WINDOWS\system32\drivers\rdpwd.sys
O58 - SDL:[MD5.15CABD0F7C00C47C70124907916AF3F1] - 13/04/2008 - 20:32:52 ---A- C:\WINDOWS\system32\drivers\rdpdr.sys
O58 - SDL:[MD5.7AD224AD1A1437FE28D89CF22B17780A] - 13/04/2008 - 21:28:40 ---A- C:\WINDOWS\system32\drivers\rdbss.sys
O58 - SDL:[MD5.EFEEC01B1D3CF84F16DDD24D9D9D8F99] - 13/04/2008 - 21:19:48 ---A- C:\WINDOWS\system32\drivers\raspptp.sys
O58 - SDL:[MD5.5BC962F2654137C9909C3D4603587DEE] - 13/04/2008 - 20:57:32 ---A- C:\WINDOWS\system32\drivers\raspppoe.sys
O58 - SDL:[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - 13/04/2008 - 21:19:44 ---A- C:\WINDOWS\system32\drivers\rasl2tp.sys
O58 - SDL:[MD5.09298EC810B07E5D582CB3A3F9255424] - 13/04/2008 - 20:56:38 ---A- C:\WINDOWS\system32\drivers\psched.sys
O58 - SDL:[MD5.E19C9632AC828F6F214391E2BDDA11CB] - 14/04/2008 - 03:55:30 ---A- C:\WINDOWS\system32\drivers\processr.sys
O58 - SDL:[MD5.F0406CBC60BDB0394A0E17FFB04CDD3D] - 14/04/2008 - 04:09:54 ---A- C:\WINDOWS\system32\drivers\pcmcia.sys
O58 - SDL:[MD5.52E60F29221D0D1AC16737E8DBF7C3E9] - 13/04/2008 - 20:40:30 ---A- C:\WINDOWS\system32\drivers\pciidex.sys
O58 - SDL:[MD5.043410877BDA580C528F45165F7125BC] - 14/04/2008 - 04:09:48 ---A- C:\WINDOWS\system32\drivers\pci.sys
O58 - SDL:[MD5.BEB3BA25197665D82EC7065B724171C6] - 13/04/2008 - 20:40:50 ---A- C:\WINDOWS\system32\drivers\partmgr.sys
O58 - SDL:[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - 14/04/2008 - 04:09:40 ---A- C:\WINDOWS\system32\drivers\parport.sys
O58 - SDL:[MD5.CECB679633523AC5EB7EB85F92DCD806] - 14/04/2008 - 04:09:38 ---A- C:\WINDOWS\system32\drivers\p3.sys
O58 - SDL:[MD5.8B8B1BE2DBA4025DA6786C645F77F123] - 13/04/2008 - 20:56:06 ---A- C:\WINDOWS\system32\drivers\nwlnkipx.sys
O58 - SDL:[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - 13/04/2008 - 21:15:54 ---A- C:\WINDOWS\system32\drivers\ntfs.sys
O58 - SDL:[MD5.3182D64AE053D6FB034F44B6DEF8034A] - 13/04/2008 - 20:32:40 ---A- C:\WINDOWS\system32\drivers\npfs.sys
O58 - SDL:[MD5.1E421A6BCF2203CC61B821ADA9DE878B] - 13/04/2008 - 20:53:10 ---A- C:\WINDOWS\system32\drivers\nmnt.sys
O58 - SDL:[MD5.E9E47CFB2D461FA0FC75B7A74C6383EA] - 13/04/2008 - 20:51:26 ---A- C:\WINDOWS\system32\drivers\nic1394.sys
O58 - SDL:[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - 13/04/2008 - 21:21:00 ---A- C:\WINDOWS\system32\drivers\netbt.sys
O58 - SDL:[MD5.5D81CF9A2F1A3A756B66CF684911CDF0] - 13/04/2008 - 20:56:02 ---A- C:\WINDOWS\system32\drivers\netbios.sys
O58 - SDL:[MD5.6215023940CFD3702B46ABC304E1D45A] - 13/04/2008 - 20:57:30 ---A- C:\WINDOWS\system32\drivers\ndproxy.sys
O58 - SDL:[MD5.EDC1531A49C80614B2CFDA43CA8659AB] - 13/04/2008 - 21:20:42 ---A- C:\WINDOWS\system32\drivers\ndiswan.sys
O58 - SDL:[MD5.F927A4434C5028758A842943EF1A3849] - 13/04/2008 - 20:55:58 ---A- C:\WINDOWS\system32\drivers\ndisuio.sys
O58 - SDL:[MD5.1AB3D00C991AB086E69DB84B6C0ED78F] - 13/04/2008 - 20:57:28 ---A- C:\WINDOWS\system32\drivers\ndistapi.sys
O58 - SDL:[MD5.7FF1F1FD8609C149AA432F95A8163D97] - 13/04/2008 - 20:46:22 ---A- C:\WINDOWS\system32\drivers\NdisIP.sys
O58 - SDL:[MD5.1DF7F42665C94B825322FAE71721130D] - 13/04/2008 - 21:20:38 ---A- C:\WINDOWS\system32\drivers\ndis.sys
O58 - SDL:[MD5.5B50F1B2A2ED47D560577B221DA734DB] - 13/04/2008 - 20:46:26 ---A- C:\WINDOWS\system32\drivers\nabtsfec.sys
O58 - SDL:[MD5.2F625D11385B1A94360BFC70AAEFDEE1] - 13/04/2008 - 21:17:06 ---A- C:\WINDOWS\system32\drivers\mup.sys
O58 - SDL:[MD5.E53736A9E30C45FA9E7B5EAC55056D1D] - 13/04/2008 - 20:39:50 ---A- C:\WINDOWS\system32\drivers\mstee.sys
O58 - SDL:[MD5.BAD59648BA099DA4A17680B39730CB3D] - 13/04/2008 - 20:39:52 ---A- C:\WINDOWS\system32\drivers\mspqm.sys
O58 - SDL:[MD5.325BB26842FC7CCC1FCCE2C457317F3E] - 13/04/2008 - 20:39:50 ---A- C:\WINDOWS\system32\drivers\mspclock.sys
O58 - SDL:[MD5.D1575E71568F4D9E14CA56B7B0453BF1] - 13/04/2008 - 20:39:52 ---A- C:\WINDOWS\system32\drivers\mskssrv.sys
O58 - SDL:[MD5.0A02C63C8B144BD8C86B103DEE7C86A2] - 13/04/2008 - 20:56:32 ---A- C:\WINDOWS\system32\drivers\msgpc.sys
O58 - SDL:[MD5.C941EA2454BA8350021D774DAF0F1027] - 13/04/2008 - 20:32:40 ---A- C:\WINDOWS\system32\drivers\msfs.sys
O58 - SDL:[MD5.11D42BB6206F33FBB3BA0288D3EF81BD] - 13/04/2008 - 20:32:44 ---A- C:\WINDOWS\system32\drivers\mrxdav.sys
O58 - SDL:[MD5.A80B9A0BAD1B73637DBCBBA7DF72D3FD] - 13/04/2008 - 20:39:46 ---A- C:\WINDOWS\system32\drivers\mountmgr.sys
O58 - SDL:[MD5.510ADE9327FE84C10254E1902697E25F] - 14/04/2008 - 03:53:06 ---A- C:\WINDOWS\system32\drivers\modem.sys
O58 - SDL:[MD5.A7DA20AB18A1BDAE28B0F349E57DA0D1] - 13/04/2008 - 20:36:42 ---A- C:\WINDOWS\system32\drivers\mf.sys
O58 - SDL:[MD5.692BCF44383D056AED41B045A323D378] - 13/04/2008 - 20:45:10 ---A- C:\WINDOWS\system32\drivers\kmixer.sys
O58 - SDL:[MD5.94C59CB884BA010C063687C3A50DCE8E] - 14/04/2008 - 04:05:16 ---A- C:\WINDOWS\system32\drivers\kbdhid.sys
O58 - SDL:[MD5.355836975A67B6554BCA60328CD6CB74] - 14/04/2008 - 04:04:36 ---A- C:\WINDOWS\system32\drivers\isapnp.sys
O58 - SDL:[MD5.C93C9FF7B04D772627A3646D89F7BF89] - 13/04/2008 - 20:54:28 ---A- C:\WINDOWS\system32\drivers\irenum.sys
O58 - SDL:[MD5.23C74D75E36E7158768DD63D92789A91] - 13/04/2008 - 21:19:42 ---A- C:\WINDOWS\system32\drivers\ipsec.sys
O58 - SDL:[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - 13/04/2008 - 20:57:16 ---A- C:\WINDOWS\system32\drivers\ipnat.sys
O58 - SDL:[MD5.B87AB476DCF76E72010632B5550955F5] - 13/04/2008 - 20:57:08 ---A- C:\WINDOWS\system32\drivers\ipinip.sys
O58 - SDL:[MD5.4B6DA2F0A4095857A9E3F3697399D575] - 14/04/2008 - 04:03:26 ---A- C:\WINDOWS\system32\drivers\intelide.sys
O58 - SDL:[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - 13/04/2008 - 20:40:58 ---A- C:\WINDOWS\system32\drivers\imapi.sys
O58 - SDL:[MD5.F10863BF1CCC290BABD1A09188AE49E0] - 13/04/2008 - 20:41:22 ---A- C:\WINDOWS\system32\drivers\i2omp.sys
O58 - SDL:[MD5.9368670BD426EBEA5E8B18A62416EC28] - 13/04/2008 - 20:41:22 ---A- C:\WINDOWS\system32\drivers\i2omgmt.sys
O58 - SDL:[MD5.CCF82C5EC8A7326C3066DE870C06DAF1] - 13/04/2008 - 20:45:28 ---A- C:\WINDOWS\system32\drivers\hidusb.sys
O58 - SDL:[MD5.96ECCF28FDBF1B2CC12725818A63628D] - 13/04/2008 - 20:45:22 ---A- C:\WINDOWS\system32\drivers\hidparse.sys
O58 - SDL:[MD5.1AF592532532A402ED7C060F6954004F] - 13/04/2008 - 20:45:26 ---A- C:\WINDOWS\system32\drivers\hidclass.sys
O58 - SDL:[MD5.9D27E7B80BFCDF1CDD9B555862D5E7F0] - 13/04/2008 - 20:40:26 ---A- C:\WINDOWS\system32\drivers\flpydisk.sys
O58 - SDL:[MD5.31F923EB2170FC172C81ABDA0045D18C] - 14/04/2008 - 03:57:38 ---A- C:\WINDOWS\system32\drivers\fips.sys
O58 - SDL:[MD5.92CDD60B6730B9F50F6A1A0C1F8CDC81] - 13/04/2008 - 20:40:26 ---A- C:\WINDOWS\system32\drivers\fdc.sys
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\ansi.sys
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\country.sys
O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\himem.sys
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\key01.sys
O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 05/08/2004 - 05:00
aspir560
 
Messages: 9
Inscription: 20 Mar 2010 19:23

Re: infecté par TR/Crypt.CFI.Gen et WORM/VB.NPM2

Messagepar aspir560 » 21 Mar 2010 15:54

O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\key01.sys
O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\ntdos.sys
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\ntdos411.sys
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\ntdos412.sys
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\ntdos404.sys
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\ntdos804.sys
O58 - SDL:[MD5.9A10AACBFDC4922715375FB4065EC930] - 13/04/2008 - 20:45:00 ---A- C:\WINDOWS\system32\watchdog.sys
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\keyboard.sys
O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\ntio.sys
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\ntio404.sys
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\ntio411.sys
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\ntio412.sys
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 05/08/2004 - 05:00:00 ---A- C:\WINDOWS\system32\ntio804.sys
O58 - SDL:[MD5.8441F8A5DC42BD5F2BEAA95297EE0E10] - 14/08/2009 - 16:14:00 ---A- C:\WINDOWS\system32\win32k.sys

---\\ Liste des outils de nettoyage (LATC) (O63)
O63 - Logiciel: HijackThis 2.0.2
O63 - Logiciel: ZHPDiag 1.24

---\\ Liste des services Legacy (LALS) (O64)
O64 - Services: CurCS - abp480n5 (abp480n5) - LEGACY_ABP480N5
O64 - Services: CurCS - Memory Check Service (AcerMemUsageCheckService) - LEGACY_ACERMEMUSAGECHECKSERVICE
O64 - Services: CurCS - adpu160m (adpu160m) - LEGACY_ADPU160M
O64 - Services: CurCS - AEGIS Protocol (IEEE 802.1x) v3.4.9.0 (AegisP) - LEGACY_AEGISP
O64 - Services: CurCS - AFD (AFD) - LEGACY_AFD
O64 - Services: CurCS - Filtre de bus AGP Intel (agp440) - LEGACY_AGP440
O64 - Services: CurCS - Filtre de bus AGP Compaq (agpCPQ) - LEGACY_AGPCPQ
O64 - Services: CurCS - Aha154x (Aha154x) - LEGACY_AHA154X
O64 - Services: CurCS - aic78u2 (aic78u2) - LEGACY_AIC78U2
O64 - Services: CurCS - aic78xx (aic78xx) - LEGACY_AIC78XX
O64 - Services: CurCS - Service de la passerelle de la couche Application (ALG) - LEGACY_ALG
O64 - Services: CurCS - AliIde (AliIde) - LEGACY_ALIIDE
O64 - Services: CurCS - Filtre de bus AGP ALI (alim1541) - LEGACY_ALIM1541
O64 - Services: CurCS - Pilote de filtre du bus AMD AGP (amdagp) - LEGACY_AMDAGP
O64 - Services: CurCS - amsint (amsint) - LEGACY_AMSINT
O64 - Services: CurCS - Avira AntiVir Planificateur (AntiVirSchedulerService) - LEGACY_ANTIVIRSCHEDULERSERVICE
O64 - Services: CurCS - Avira AntiVir Guard (AntiVirService) - LEGACY_ANTIVIRSERVICE
O64 - Services: CurCS - Gestion d'applications (AppMgmt) - LEGACY_APPMGMT
O64 - Services: CurCS - asc (asc) - LEGACY_ASC
O64 - Services: CurCS - asc3350p (asc3350p) - LEGACY_ASC3350P
O64 - Services: CurCS - asc3550 (asc3550) - LEGACY_ASC3550
O64 - Services: CurCS - Ati HotKey Poller (Ati HotKey Poller) - LEGACY_ATI_HOTKEY_POLLER
O64 - Services: CurCS - Audio Windows (AudioSrv) - LEGACY_AUDIOSRV
O64 - Services: CurCS - avgio (avgio) - LEGACY_AVGIO
O64 - Services: CurCS - avgntflt (avgntflt) - LEGACY_AVGNTFLT
O64 - Services: CurCS - avipbb (avipbb) - LEGACY_AVIPBB
O64 - Services: CurCS - Beep (Beep) - LEGACY_BEEP
O64 - Services: CurCS - Service de transfert intelligent en arrière-plan (BITS) - LEGACY_BITS
O64 - Services: CurCS - Explorateur d'ordinateur (Browser) - LEGACY_BROWSER
O64 - Services: CurCS - No object (No service) - LEGACY_C7C2
O64 - Services: CurCS - cbidf (cbidf) - LEGACY_CBIDF
O64 - Services: CurCS - cd20xrnt (cd20xrnt) - LEGACY_CD20XRNT
O64 - Services: CurCS - cdfs (cdfs) - LEGACY_CDFS
O64 - Services: CurCS - CyberLink Background Capture Service (CBCS) (CLCapSvc) - LEGACY_CLCAPSVC
O64 - Services: CurCS - .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - LEGACY_CLR_OPTIMIZATION_V2.0.50727_32
O64 - Services: CurCS - CyberLink Task Scheduler (CTS) (CLSched) - LEGACY_CLSCHED
O64 - Services: CurCS - CmdIde (CmdIde) - LEGACY_CMDIDE
O64 - Services: CurCS - Application système COM+ (COMSysApp) - LEGACY_COMSYSAPP
O64 - Services: CurCS - Cpqarray (Cpqarray) - LEGACY_CPQARRAY
O64 - Services: CurCS - Services de cryptographie (CryptSvc) - LEGACY_CRYPTSVC
O64 - Services: CurCS - CyberLink Media Library Service (CyberLink Media Library Service) - LEGACY_CYBERLINK_MEDIA_LIBRARY_SERVICE
O64 - Services: CurCS - dac2w2k (dac2w2k) - LEGACY_DAC2W2K
O64 - Services: CurCS - dac960nt (dac960nt) - LEGACY_DAC960NT
O64 - Services: CurCS - Lanceur de processus serveur DCOM (DcomLaunch) - LEGACY_DCOMLAUNCH
O64 - Services: CurCS - Client DHCP (Dhcp) - LEGACY_DHCP
O64 - Services: CurCS - Service d'administration du Gestionnaire de disque logique (dmadmin) - LEGACY_DMADMIN
O64 - Services: CurCS - dmboot (dmboot) - LEGACY_DMBOOT
O64 - Services: CurCS - dmload (dmload) - LEGACY_DMLOAD
O64 - Services: CurCS - Gestionnaire de disque logique (dmserver) - LEGACY_DMSERVER
O64 - Services: CurCS - Client DNS (Dnscache) - LEGACY_DNSCACHE
O64 - Services: CurCS - dpti2o (dpti2o) - LEGACY_DPTI2O
O64 - Services: CurCS - eLock2BurnerLockDriver (eLock2BurnerLockDriver) - LEGACY_ELOCK2BURNERLOCKDRIVER
O64 - Services: CurCS - eLock2FSCTLDriver (eLock2FSCTLDriver) - LEGACY_ELOCK2FSCTLDRIVER
O64 - Services: CurCS - Acer EPM Power Scheme Driver (EpmPsd) - LEGACY_EPMPSD
O64 - Services: CurCS - Acer EPM System Hardware Driver (EpmShd) - LEGACY_EPMSHD
O64 - Services: CurCS - Service de rapport d'erreurs (ERSvc) - LEGACY_ERSVC
O64 - Services: CurCS - Système d'événements de COM+ (EventSystem) - LEGACY_EVENTSYSTEM
O64 - Services: CurCS - Intel(R) PROSet/Wireless Event Log (EvtEng) - LEGACY_EVTENG
O64 - Services: CurCS - fastfat (fastfat) - LEGACY_FASTFAT
O64 - Services: CurCS - Compatibilité avec le Changement rapide d'utilisateur (FastUserSwitchingCompatibility) - LEGACY_FASTUSERSWITCHINGCOMPATIBILITY
O64 - Services: CurCS - Fax (Fax) - LEGACY_FAX
O64 - Services: CurCS - Fips (Fips) - LEGACY_FIPS
O64 - Services: CurCS - FltMgr (FltMgr) - LEGACY_FLTMGR
O64 - Services: CurCS - Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) - LEGACY_FONTCACHE3.0.0.0
O64 - Services: CurCS - FssFltr (fssfltr) - LEGACY_FSSFLTR
O64 - Services: CurCS - Windows Live Contrôle parental (fsssvc) - LEGACY_FSSSVC
O64 - Services: CurCS - Fs_Rec (Fs_Rec) - LEGACY_FS_REC
O64 - Services: CurCS - Classificateur de paquets générique (Gpc) - LEGACY_GPC
O64 - Services: CurCS - Aide et support (helpsvc) - LEGACY_HELPSVC
O64 - Services: CurCS - HID Input Service (HidServ) - LEGACY_HIDSERV
O64 - Services: CurCS - hpn (hpn) - LEGACY_HPN
O64 - Services: CurCS - HTTP (HTTP) - LEGACY_HTTP
O64 - Services: CurCS - HTTP SSL (HTTPFilter) - LEGACY_HTTPFILTER
O64 - Services: CurCS - i2omgmt (i2omgmt) - LEGACY_I2OMGMT
O64 - Services: CurCS - i2omp (i2omp) - LEGACY_I2OMP
O64 - Services: CurCS - InstallDriver Table Manager (IDriverT) - LEGACY_IDRIVERT
O64 - Services: CurCS - Windows CardSpace (idsvc) - LEGACY_IDSVC
O64 - Services: CurCS - Service COM de gravage de CD IMAPI (ImapiService) - LEGACY_IMAPISERVICE
O64 - Services: CurCS - ini910u (ini910u) - LEGACY_INI910U
O64 - Services: CurCS - int15 (int15) - LEGACY_INT15
O64 - Services: CurCS - IntelIde (IntelIde) - LEGACY_INTELIDE
O64 - Services: CurCS - Traducteur d'adresses réseau IP (IpNat) - LEGACY_IPNAT
O64 - Services: CurCS - Pilote IPSEC (IPSec) - LEGACY_IPSEC
O64 - Services: CurCS - ISO DVD/CD-ROM Device Driver (ISODrive) - LEGACY_ISODRIVE
O64 - Services: CurCS - Java Quick Starter (JavaQuickStarterService) - LEGACY_JAVAQUICKSTARTERSERVICE
O64 - Services: CurCS - ksecdd (ksecdd) - LEGACY_KSECDD
O64 - Services: CurCS - Serveur (lanmanserver) - LEGACY_LANMANSERVER
O64 - Services: CurCS - Station de travail (LanmanWorkstation) - LEGACY_LANMANWORKSTATION
O64 - Services: CurCS - LightScribeService Direct Disc Labeling Service (LightScribeService) - LEGACY_LIGHTSCRIBESERVICE
O64 - Services: CurCS - Assistance TCP/IP NetBIOS (LmHosts) - LEGACY_LMHOSTS
O64 - Services: CurCS - Logitech LVPr2Mon Driver (LVPr2Mon) - LEGACY_LVPR2MON
O64 - Services: CurCS - Logitech LVPrcMon Driver (LVPrcMon) - LEGACY_LVPRCMON
O64 - Services: CurCS - Logitech Process Monitor (LVPrcSrv) - LEGACY_LVPRCSRV
O64 - Services: CurCS - LVSrvLauncher (LVSrvLauncher) - LEGACY_LVSRVLAUNCHER
O64 - Services: CurCS - mnmdd (mnmdd) - LEGACY_MNMDD
O64 - Services: CurCS - mountmgr (mountmgr) - LEGACY_MOUNTMGR
O64 - Services: CurCS - mraid35x (mraid35x) - LEGACY_MRAID35X
O64 - Services: CurCS - Redirecteur client WebDav (MRxDAV) - LEGACY_MRXDAV
O64 - Services: CurCS - MRXSMB (MRxSmb) - LEGACY_MRXSMB
O64 - Services: CurCS - Msfs (Msfs) - LEGACY_MSFS
O64 - Services: CurCS - Windows Installer (MSIServer) - LEGACY_MSISERVER
O64 - Services: CurCS - Mup (Mup) - LEGACY_MUP
O64 - Services: CurCS - No object (No service) - LEGACY_NAVENG
O64 - Services: CurCS - No object (No service) - LEGACY_NAVEX15
O64 - Services: CurCS - Pilote système NDIS (NDIS) - LEGACY_NDIS
O64 - Services: CurCS - Pilote TAPI NDIS d'accès distant (NdisTapi) - LEGACY_NDISTAPI
O64 - Services: CurCS - NDIS mode utilisateur E/S Protocole (Ndisuio) - LEGACY_NDISUIO
O64 - Services: CurCS - NDProxy (NDProxy) - LEGACY_NDPROXY
O64 - Services: CurCS - Interface NetBIOS (NetBIOS) - LEGACY_NETBIOS
O64 - Services: CurCS - NetBIOS sur TCP/IP (NetBT) - LEGACY_NETBT
O64 - Services: CurCS - Connexions réseau (Netman) - LEGACY_NETMAN
O64 - Services: CurCS - NLA (Network Location Awareness) (Nla) - LEGACY_NLA
O64 - Services: CurCS - NetGroup Packet Filter Driver (NPF) - LEGACY_NPF
O64 - Services: CurCS - Npfs (Npfs) - LEGACY_NPFS
O64 - Services: CurCS - ntfs (ntfs) - LEGACY_NTFS
O64 - Services: CurCS - Null (Null) - LEGACY_NULL
O64 - Services: CurCS - Office Source Engine (ose) - LEGACY_OSE
O64 - Services: CurCS - PartMgr (PartMgr) - LEGACY_PARTMGR
O64 - Services: CurCS - ParVdm (ParVdm) - LEGACY_PARVDM
O64 - Services: CurCS - PEEK5 Protocol Driver (PEEK5) - LEGACY_PEEK5
O64 - Services: CurCS - perc2 (perc2) - LEGACY_PERC2
O64 - Services: CurCS - perc2hib (perc2hib) - LEGACY_PERC2HIB
O64 - Services: CurCS - Services IPSEC (PolicyAgent) - LEGACY_POLICYAGENT
O64 - Services: CurCS - PQNTDrv (PQNTDrv) - LEGACY_PQNTDRV
O64 - Services: CurCS - Emplacement protégé (ProtectedStorage) - LEGACY_PROTECTEDSTORAGE
O64 - Services: CurCS - psdvdisk (psdvdisk) - LEGACY_PSDVDISK
O64 - Services: CurCS - ql1080 (ql1080) - LEGACY_QL1080
O64 - Services: CurCS - Ql10wnt (Ql10wnt) - LEGACY_QL10WNT
O64 - Services: CurCS - ql12160 (ql12160) - LEGACY_QL12160
O64 - Services: CurCS - ql1240 (ql1240) - LEGACY_QL1240
O64 - Services: CurCS - ql1280 (ql1280) - LEGACY_QL1280
O64 - Services: CurCS - Pilote de connexion automatique d'accès distant (RasAcd) - LEGACY_RASACD
O64 - Services: CurCS - Gestionnaire de connexions d'accès distant (RasMan) - LEGACY_RASMAN
O64 - Services: CurCS - Rdbss (Rdbss) - LEGACY_RDBSS
O64 - Services: CurCS - RDPCDD (RDPCDD) - LEGACY_RDPCDD
O64 - Services: CurCS - RDPNP (RDPNP) - LEGACY_RDPNP
O64 - Services: CurCS - Intel(R) PROSet/Wireless Registry Service (RegSrvc) - LEGACY_REGSRVC
O64 - Services: CurCS - Cyberlink RichVideo Service(CRVS) (RichVideo) - LEGACY_RICHVIDEO
O64 - Services: CurCS - Appel de procédure distante (RPC) (RpcSs) - LEGACY_RPCSS
O64 - Services: CurCS - QoS RSVP (RSVP) - LEGACY_RSVP
O64 - Services: CurCS - Intel(R) PROSet/Wireless Service (S24EventMonitor) - LEGACY_S24EVENTMONITOR
O64 - Services: CurCS - Transport RLAN (s24trans) - LEGACY_S24TRANS
O64 - Services: CurCS - Gestionnaire de comptes de sécurité (SamSs) - LEGACY_SAMSS
O64 - Services: CurCS - SANDRA (SANDRA) - LEGACY_SANDRA
O64 - Services: CurCS - SiSoftware Deployment Agent Service (SandraAgentSrv) - LEGACY_SANDRAAGENTSRV
O64 - Services: CurCS - No object (No service) - LEGACY_SAVRT
O64 - Services: CurCS - No object (No service) - LEGACY_SAVRTPEL
O64 - Services: CurCS - SbFw (SbFw) - LEGACY_SBFW
O64 - Services: CurCS - Sunbelt HIPS Driver (sbhips) - LEGACY_SBHIPS
O64 - Services: CurCS - SbPF.Launcher (SbPF.Launcher) - LEGACY_SBPF.LAUNCHER
O64 - Services: CurCS - Planificateur de tâches (Schedule) - LEGACY_SCHEDULE
O64 - Services: CurCS - Connexion secondaire (seclogon) - LEGACY_SECLOGON
O64 - Services: CurCS - Notification d'événement système (SENS) - LEGACY_SENS
O64 - Services: CurCS - Serial (Serial) - LEGACY_SERIAL
O64 - Services: CurCS - Pare-feu Windows / Partage de connexion Internet (SharedAccess) - LEGACY_SHAREDACCESS
O64 - Services: CurCS - Détection matériel noyau (ShellHWDetection) - LEGACY_SHELLHWDETECTION
O64 - Services: CurCS - Filtre de bus AGP SIS (sisagp) - LEGACY_SISAGP
O64 - Services: CurCS - Sparrow (Sparrow) - LEGACY_SPARROW
O64 - Services: CurCS - No object (No service) - LEGACY_SPBBCDRV
O64 - Services: CurCS - Sunbelt Personal Firewall 4 (SPF4) - LEGACY_SPF4
O64 - Services: CurCS - Spouleur d'impression (Spooler) - LEGACY_SPOOLER
O64 - Services: CurCS - Pilote de filtre de restauration système (sr) - LEGACY_SR
O64 - Services: CurCS - Service de restauration système (srservice) - LEGACY_SRSERVICE
O64 - Services: CurCS - Srv (Srv) - LEGACY_SRV
O64 - Services: CurCS - Service de découvertes SSDP (SSDPSRV) - LEGACY_SSDPSRV
O64 - Services: CurCS - ssmdrv (ssmdrv) - LEGACY_SSMDRV
O64 - Services: CurCS - SpeedTouch 330 Manager (st330service) - LEGACY_ST330SERVICE
O64 - Services: CurCS - Acquisition d'image Windows (WIA) (stisvc) - LEGACY_STISVC
O64 - Services: CurCS - symc810 (symc810) - LEGACY_SYMC810
O64 - Services: CurCS - symc8xx (symc8xx) - LEGACY_SYMC8XX
O64 - Services: CurCS - SymEvent (SymEvent) - LEGACY_SYMEVENT
O64 - Services: CurCS - No object (No service) - LEGACY_SYMLCBRD
O64 - Services: CurCS - SYMREDRV (SYMREDRV) - LEGACY_SYMREDRV
O64 - Services: CurCS - SYMTDI (SYMTDI) - LEGACY_SYMTDI
O64 - Services: CurCS - sym_hi (sym_hi) - LEGACY_SYM_HI
O64 - Services: CurCS - sym_u3 (sym_u3) - LEGACY_SYM_U3
O64 - Services: CurCS - Téléphonie (TapiSrv) - LEGACY_TAPISRV
O64 - Services: CurCS - Pilote du protocole TCP/IP (Tcpip) - LEGACY_TCPIP
O64 - Services: CurCS - Services Terminal Server (TermService) - LEGACY_TERMSERVICE
O64 - Services: CurCS - Thèmes (Themes) - LEGACY_THEMES
O64 - Services: CurCS - TosIde (TosIde) - LEGACY_TOSIDE
O64 - Services: CurCS - Client de suivi de lien distribué (TrkWks) - LEGACY_TRKWKS
O64 - Services: CurCS - tvicport (tvicport) - LEGACY_TVICPORT
O64 - Services: CurCS - UBHelper (UBHelper) - LEGACY_UBHELPER
O64 - Services: CurCS - Udfs (Udfs) - LEGACY_UDFS
O64 - Services: CurCS - ultra (ultra) - LEGACY_ULTRA
O64 - Services: CurCS - UnlockerDriver5 (UnlockerDriver5) - LEGACY_UNLOCKERDRIVER5
O64 - Services: CurCS - Hôte de périphérique universel Plug-and-Play (upnphost) - LEGACY_UPNPHOST
O64 - Services: CurCS - vga (vga) - LEGACY_VGA
O64 - Services: CurCS - VgaSave (VgaSave) - LEGACY_VGASAVE
O64 - Services: CurCS - Filtre de bus AGP VIA (viaagp) - LEGACY_VIAAGP
O64 - Services: CurCS - ViaIde (ViaIde) - LEGACY_VIAIDE
O64 - Services: CurCS - VolSnap (VolSnap) - LEGACY_VOLSNAP
O64 - Services: CurCS - Horloge Windows (W32Time) - LEGACY_W32TIME
O64 - Services: CurCS - Pilote ARP IP d'accès distant (Wanarp) - LEGACY_WANARP
O64 - Services: CurCS - WebClient (WebClient) - LEGACY_WEBCLIENT
O64 - Services: CurCS - Infrastructure de gestion Windows (winmgmt) - LEGACY_WINMGMT
O64 - Services: CurCS - Carte de performance WMI (WmiApSrv) - LEGACY_WMIAPSRV
O64 - Services: CurCS - Centre de sécurité (wscsvc) - LEGACY_WSCSVC
O64 - Services: CurCS - Windows Search (WSearch) - LEGACY_WSEARCH
O64 - Services: CurCS - Mises à jour automatiques (wuauserv) - LEGACY_WUAUSERV
O64 - Services: CurCS - Configuration automatique sans fil (WZCSVC) - LEGACY_WZCSVC
O64 - Services: CurCS - zlportio (zlportio) - LEGACY_ZLPORTIO
O64 - Services: CurCS - zntport (zntport) - LEGACY_ZNTPORT


End of the scan: 1358 lines
aspir560
 
Messages: 9
Inscription: 20 Mar 2010 19:23

Re: infecté par TR/Crypt.CFI.Gen et WORM/VB.NPM2

Messagepar Florinator » 21 Mar 2010 20:20

Bonjour Aspir,

Ok, on voit l'infection usb.
Gardes bien tes supports amovibles de branché comme ils l'étaient pour le scan.

  • Copie ces lignes ci dessous:

F3 - REG:win.ini: load=System
O3 - Toolbar: (no name) - {1E796980-9CC5-11D1-A83F-00C04FC99D61} -
O51 - MPSK:{3c905dc2-0a83-11de-9ada-00163657ff66}\Shell\explore\command - RECYCLED\INFO.exe
O51 - MPSK:{3c905dc2-0a83-11de-9ada-00163657ff66}\Shell\open\command - RECYCLED\INFO.exe
O51 - MPSK:{61b49b53-99dd-11dd-91c5-806d6172696f}\Shell\explore\command - RECYCLED\INFO.exe
O51 - MPSK:{61b49b53-99dd-11dd-91c5-806d6172696f}\Shell\open\command - RECYCLED\INFO.exe
O51 - MPSK:{8e8dbe30-0c04-11de-9ae4-00163657ff66}\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
O51 - MPSK:{3c905dc2-0a83-11de-9ada-00163657ff66}\Shell\AutoRun\command - H:\
O51 - MPSK:{61b49b53-99dd-11dd-91c5-806d6172696f}\Shell\AutoRun\command - D:\


  • Ouvre ZHPDiag, puis clique sur l'icône Image
    Si l'icône n'apparait pas, relance un scan avec ZHPDiag, à la fin du scan elle apparaitra
  • Clique successivement sur l'icône Image,pour effacer le rapport qui s'est affiché
  • Clique ensuite sur Image pour coller la sélection
  • Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre
  • Clique sur "OK", ce qui fait apparaître un carré à gauche de chaque ligne.
  • Clique sur "Tous" puis sur "Nettoyer".
    Si on te demande de redémarrer l'ordi pour achever le nettoyage, fais le immmédiatement.
  • Copie/colle le rapport dans ton prochain post.

Remarque:Le rapport se situe aussi sous C:\Program Files\ZebHelpProcess\ZHPFixReport.txt

A++
Le savoir n'est utile que si il est transmis.
Avatar de l’utilisateur
Florinator
Maître Libellulien
Maître Libellulien
 
Messages: 661
Inscription: 28 Déc 2009 16:19

Re: infecté par TR/Crypt.CFI.Gen et WORM/VB.NPM2

Messagepar aspir560 » 27 Mar 2010 14:26

voila le résultat.En te remerciant d'avance.
ZHPFix v1.12.26 by Nicolas Coolman - Rapport de suppression du 27/03/2010 13:35:27
Fichier Registre :
Web site : http://www.premiumorange.com/zeb-help-p ... hpfix.html


Processus mémoire :
(Néant)

Module mémoire :
(Néant)

Clé du Registre :
O51 - MPSK:{3c905dc2-0a83-11de-9ada-00163657ff66}\Shell\explore\command - RECYCLED\INFO.exe => Clé supprimée avec succès
O51 - MPSK:{3c905dc2-0a83-11de-9ada-00163657ff66}\Shell\open\command - RECYCLED\INFO.exe => Clé absente
O51 - MPSK:{61b49b53-99dd-11dd-91c5-806d6172696f}\Shell\explore\command - RECYCLED\INFO.exe => Clé supprimée avec succès
O51 - MPSK:{61b49b53-99dd-11dd-91c5-806d6172696f}\Shell\open\command - RECYCLED\INFO.exe => Clé absente
O51 - MPSK:{8e8dbe30-0c04-11de-9ae4-00163657ff66}\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs => Clé supprimée avec succès
O51 - MPSK:{3c905dc2-0a83-11de-9ada-00163657ff66}\Shell\AutoRun\command - H:\ => Clé absente
O51 - MPSK:{61b49b53-99dd-11dd-91c5-806d6172696f}\Shell\AutoRun\command - D:\ => Clé absente

Valeur du Registre :
O3 - Toolbar: (no name) - {1E796980-9CC5-11D1-A83F-00C04FC99D61} - => Valeur supprimée avec succès

Elément de données du Registre :
F3 - REG:win.ini: load=System => Donnée supprimée avec succès

Dossier :
(Néant)

Fichier :
recycled\info.exe => Fichier absent
c:\windows\system32\rundll32.exe shell32.dll => Fichier absent
h:\ => Fichier absent
d:\ => Fichier absent

Logiciel :
(Néant)

Script Registre :
(Néant)

Autre :
(Néant)


Récapitulatif :
Processus mémoire : 0
Module mémoire : 0
Clé du Registre : 7
Valeur du Registre : 1
Elément de données du Registre : 1
Dossier : 0
Fichier : 4
Logiciel : 0
Autre : 0


End of the scan
aspir560
 
Messages: 9
Inscription: 20 Mar 2010 19:23

Re: infecté par TR/Crypt.CFI.Gen et WORM/VB.NPM2

Messagepar Florinator » 29 Mar 2010 15:43

Bonjour,

Fais un scan complet avec Antivir, et poste moi le rapport s'il te plait.
Au préalable mets le à jour.

A++
Le savoir n'est utile que si il est transmis.
Avatar de l’utilisateur
Florinator
Maître Libellulien
Maître Libellulien
 
Messages: 661
Inscription: 28 Déc 2009 16:19

Re: infecté par TR/Crypt.CFI.Gen et WORM/VB.NPM2

Messagepar aspir560 » 11 Avr 2010 09:20

Désolé pour le retard.
Depuis quelques jours j'ai rien en rescanant .Tout semble rentrer dans l'ordre.
JE TE REMERCIE .
aspir560
 
Messages: 9
Inscription: 20 Mar 2010 19:23


Retourner vers Désinfections et demandes d'analyse

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 2 invités
cron