TR/Spy.Gen [Résolu]

Section d'analyse de rapports et de désinfection : malwares en tous genre et autres indésirables. Demandes de nettoyage uniquement. Prise en charge restreinte : équipe spécialisée.

Modérateur: Modérateurs

Règles du forum :arrow: Les désinfections sont prises en charge par un groupe spécifique, tout le monde ne peut pas intervenir pour désinfecter les machines (règles).
:arrow: Les procédures sont sur-mesure, ne faites pas la même chose chez vous (explications).
:arrow: Un topic par machine, chacun crée le sien. ;)

TR/Spy.Gen [Résolu]

Messagepar mddee » 23 Jan 2011 08:36

Bonjour,
j'aurais besoin d'aide, Mon Avira me signale.. TR/Spy.Gen

qui revient sans cesse.. ne 'efface pas ni se met en quarantaine..


voila le rapport hijack ..

merci d'avance.. :wink:

---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:26:47, on 23.01.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\mswinext.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe
C:\Users\GroOgie\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~2\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\GroOgie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=GRfox000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CH/a-U ... E_UNO1.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fich ... _0_4_0.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Service d'état ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Service Google Update (gupdate1c9c2acc7a12a0) (gupdate1c9c2acc7a12a0) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12661 bytes
Dernière édition par mddee le 25 Jan 2011 19:27, édité 2 fois.
Avatar de l’utilisateur
mddee
Maître Libellulien
Maître Libellulien
 
Messages: 571
Inscription: 29 Mar 2003 16:12

Re: TR/Spy.Gen

Messagepar Florinator » 23 Jan 2011 14:18

Bonjour :wink:

Oui, effectivement, il y a de l'espionage dans l'air!

Télécharge Ad-Remover

!Déconnectes toi et fermes toutes applications en cours !

  • Relance Ad-remover : au menu principal choisi l'option "Nettoyer" .
  • Poste le rapport qui apparait à la fin.

Le rapport est sauvegardé sous C:\Ad-report CLEAN.log

Si ton Bureau ne réapparaît pas:

    - Fais CTRL+ALT+SUPP pour ouvrir le Gestionnaire de tâches.
    - Clique en haut à gauche sur "Fichier"
    - Choisi "Nouvelle tâche" (Exécuter ...)
    - Tape "explorer" et valide.
    - Cela fera apparaître ton Bureau.


A++
Le savoir n'est utile que si il est transmis.
Avatar de l’utilisateur
Florinator
Maître Libellulien
Maître Libellulien
 
Messages: 661
Inscription: 28 Déc 2009 16:19

Re: TR/Spy.Gen

Messagepar mddee » 23 Jan 2011 14:36

hello.. merci..
voila nettoyage fait..
voila le rapport

--

======= RAPPORT D'AD-REMOVER 2.0.0.2,D | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 20/01/11 à 19:00
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files (x86)\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 14:31:18 le 23/01/2011, Mode normal

Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 (X64)
GroOgie@GROOGIE-PC (System manufacturer P5E Deluxe)

============== ACTION(S) ==============

Service: "MyWebSearchService" Stoppé et supprimé

Fichier supprimé: C:\Program Files (x86)\Mozilla FireFox\chrome\m3ffxtbr.jar
Fichier supprimé: C:\Program Files (x86)\Mozilla FireFox\chrome\m3ffxtbr.manifest
Fichier supprimé: C:\Program Files (x86)\Mozilla FireFox\Plugins\NPMyWebS.dll
Fichier supprimé: C:\Windows\SysWOW64\f3PSSavr.scr
Dossier supprimé: C:\Program Files (x86)\AutocompletePro
Dossier supprimé: C:\Users\GroOgie\AppData\Roaming\DesktopIcon
Dossier supprimé: C:\Users\GroOgie\AppData\LocalLow\FunWebProducts
Dossier supprimé: C:\Program Files (x86)\FunWebProducts
Dossier supprimé: C:\Users\GroOgie\AppData\LocalLow\MyWebSearch
Dossier supprimé: C:\Program Files (x86)\MyWebSearch
Fichier supprimé: C:\Program Files (x86)\Windows Live\Messenger\Riched20.dll
Fichier supprimé: C:\Program Files (x86)\Windows Live\Messenger\Msimg32.dll
Fichier supprimé: C:\Users\GroOgie\Downloads\youtube-downloader-suite.exe

(!) -- Fichiers temporaires supprimés.


Clé supprimée: HKLM\Software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44cf-8957-5838F569A31D}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44cf-8957-5838F569A31D}
Clé supprimée: HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
Clé supprimée: HKLM\Software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Clé supprimée: HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Clé supprimée: HKLM\Software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Clé supprimée: HKLM\Software\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
Clé supprimée: HKLM\Software\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Clé supprimée: HKLM\Software\Classes\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}
Clé supprimée: HKLM\Software\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}
Clé supprimée: HKLM\Software\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Clé supprimée: HKLM\Software\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}
Clé supprimée: HKLM\Software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
Clé supprimée: HKLM\Software\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
Clé supprimée: HKLM\Software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}
Clé supprimée: HKLM\Software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}
Clé supprimée: HKLM\Software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}
Clé supprimée: HKLM\Software\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}
Clé supprimée: HKLM\Software\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
Clé supprimée: HKLM\Software\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
Clé supprimée: HKLM\Software\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
Clé supprimée: HKLM\Software\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Clé supprimée: HKLM\Software\Classes\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}
Clé supprimée: HKLM\Software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
Clé supprimée: HKLM\Software\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}
Clé supprimée: HKLM\Software\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
Clé supprimée: HKLM\Software\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
Clé supprimée: HKLM\Software\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}
Clé supprimée: HKLM\Software\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}
Clé supprimée: HKLM\Software\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
Clé supprimée: HKLM\Software\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Clé supprimée: HKLM\Software\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Clé supprimée: HKLM\Software\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Clé supprimée: HKLM\Software\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Clé supprimée: HKLM\Software\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Clé supprimée: HKLM\Software\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Clé supprimée: HKLM\Software\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Clé supprimée: HKLM\Software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Clé supprimée: HKLM\Software\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Clé supprimée: HKLM\Software\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Clé supprimée: HKLM\Software\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Clé supprimée: HKLM\Software\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Clé supprimée: HKLM\Software\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Clé supprimée: HKLM\Software\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Clé supprimée: HKLM\Software\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Clé supprimée: HKLM\Software\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Clé supprimée: HKLM\Software\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Clé supprimée: HKLM\Software\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Clé supprimée: HKLM\Software\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Clé supprimée: HKLM\Software\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Clé supprimée: HKLM\Software\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Clé supprimée: HKLM\Software\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Clé supprimée: HKLM\Software\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Clé supprimée: HKLM\Software\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Clé supprimée: HKLM\Software\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Clé supprimée: HKLM\Software\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Clé supprimée: HKLM\Software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Clé supprimée: HKLM\Software\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Clé supprimée: HKLM\Software\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Clé supprimée: HKLM\Software\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Clé supprimée: HKLM\Software\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Clé supprimée: HKLM\Software\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Clé supprimée: HKLM\Software\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Clé supprimée: HKLM\Software\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Clé supprimée: HKLM\Software\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Clé supprimée: HKLM\Software\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Clé supprimée: HKLM\Software\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}
Clé supprimée: HKLM\Software\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}
Clé supprimée: HKLM\Software\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}
Clé supprimée: HKLM\Software\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}
Clé supprimée: HKLM\Software\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
Clé supprimée: HKLM\Software\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
Clé supprimée: HKLM\Software\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}
Clé supprimée: HKLM\Software\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}
Clé supprimée: HKLM\Software\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Clé supprimée: HKLM\Software\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
Clé supprimée: HKLM\Software\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}
Clé supprimée: HKLM\Software\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
Clé supprimée: HKLM\Software\Classes\FunWebProducts.DataControl
Clé supprimée: HKLM\Software\Classes\FunWebProducts.DataControl.1
Clé supprimée: HKLM\Software\Classes\FunWebProducts.HistoryKillerScheduler
Clé supprimée: HKLM\Software\Classes\FunWebProducts.HistoryKillerScheduler.1
Clé supprimée: HKLM\Software\Classes\FunWebProducts.HistorySwatterControlBar
Clé supprimée: HKLM\Software\Classes\FunWebProducts.HistorySwatterControlBar.1
Clé supprimée: HKLM\Software\Classes\FunWebProducts.HTMLMenu
Clé supprimée: HKLM\Software\Classes\FunWebProducts.HTMLMenu.1
Clé supprimée: HKLM\Software\Classes\FunWebProducts.HTMLMenu.2
Clé supprimée: HKLM\Software\Classes\FunWebProducts.IECookiesManager
Clé supprimée: HKLM\Software\Classes\FunWebProducts.IECookiesManager.1
Clé supprimée: HKLM\Software\Classes\FunWebProducts.KillerObjManager
Clé supprimée: HKLM\Software\Classes\FunWebProducts.KillerObjManager.1
Clé supprimée: HKLM\Software\Classes\FunWebProducts.PopSwatterBarButton
Clé supprimée: HKLM\Software\Classes\FunWebProducts.PopSwatterBarButton.1
Clé supprimée: HKLM\Software\Classes\FunWebProducts.PopSwatterSettingsControl
Clé supprimée: HKLM\Software\Classes\FunWebProducts.PopSwatterSettingsControl.1
Clé supprimée: HKLM\Software\Classes\MyWebSearch.ChatSessionPlugin
Clé supprimée: HKLM\Software\Classes\MyWebSearch.ChatSessionPlugin.1
Clé supprimée: HKLM\Software\Classes\MyWebSearch.HTMLPanel
Clé supprimée: HKLM\Software\Classes\MyWebSearch.HTMLPanel.1
Clé supprimée: HKLM\Software\Classes\MyWebSearch.OutlookAddin
Clé supprimée: HKLM\Software\Classes\MyWebSearch.OutlookAddin.1
Clé supprimée: HKLM\Software\Classes\MyWebSearch.PseudoTransparentPlugin
Clé supprimée: HKLM\Software\Classes\MyWebSearch.PseudoTransparentPlugin.1
Clé supprimée: HKLM\Software\Classes\MyWebSearchToolBar.SettingsPlugin
Clé supprimée: HKLM\Software\Classes\MyWebSearchToolBar.SettingsPlugin.1
Clé supprimée: HKLM\Software\Classes\MyWebSearchToolBar.ToolbarPlugin
Clé supprimée: HKLM\Software\Classes\MyWebSearchToolBar.ToolbarPlugin.1
Clé supprimée: HKLM\Software\Classes\ScreenSaverControl.ScreenSaverInstaller
Clé supprimée: HKLM\Software\Classes\ScreenSaverControl.ScreenSaverInstaller.1
Clé supprimée: HKLM\Software\Classes\SuggestMeYes.SuggestMeYesBHO
Clé supprimée: HKLM\Software\Classes\SuggestMeYes.SuggestMeYesBHO.1
Clé supprimée: HKLM\Software\Classes\AppID\AutocompletePro.DLL
Clé supprimée: HKLM\Software\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Clé supprimée: HKLM\Software\FocusInteractive
Clé supprimée: HKLM\Software\Fun Web Products
Clé supprimée: HKLM\Software\MyWebSearch
Clé supprimée: HKCU\Software\AutocompletePro
Clé supprimée: HKCU\Software\AutocompleteProBHO
Clé supprimée: HKCU\Software\MyWebSearch
Clé supprimée: HKCU\Software\AppDataLow\Software\Fun Web Products
Clé supprimée: HKCU\Software\AppDataLow\Software\MyWebSearch
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AutocompletePro3_is1
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Clé supprimée: HKLM\Software\Classes\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Clé supprimée: HKLM\Software\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Clé supprimée: HKLM\Software\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin
Clé supprimée: HKLM\Software\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin

Valeur supprimée: HKLM\Software\Microsoft\Windows Media\Wmsdk\Sources|F3PopularScreenSavers
Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform|FunWebProducts
Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|My Web Search Bar Search Scope Monitor
Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MyWebSearch Email Plugin
Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MyWebSearch Plugin
Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Run|MyWebSearch Email Plugin
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00A6FAF6-072E-44CF-8957-5838F569A31D}
Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{07B18EA9-A523-4961-B6BB-170DE4475CCA}


============== SCAN ADDITIONNEL ==============

** Mozilla Firefox Version [3.6.13 (fr)] **

-- C:\Users\GroOgie\AppData\Roaming\Mozilla\FireFox\Profiles\pya8fna3.default\Prefs.js --
browser.download.dir, C:\\Users\\GroOgie\\Downloads
browser.download.lastDir, C:\\Users\\GroOgie\\Documents\\Tpg
browser.startup.homepage, hxxp://www.google.fr
browser.startup.homepage_override.mstone, rv:1.9.2.13
privacy.popups.showBrowserMessage, false

========================================

** Internet Explorer Version [8.0.6001.18999] **

[HKCU\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\Windows\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\Windows\SysWOW64\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files (x86)\Ad-Remover\Quarantine: 102 Fichier(s)
C:\Program Files (x86)\Ad-Remover\Backup: 15 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 23/01/2011 (17874 Octet(s))

Fin à: 14:32:13, 23/01/2011

============== E.O.F ==============


---


Mercii ++
Avatar de l’utilisateur
mddee
Maître Libellulien
Maître Libellulien
 
Messages: 571
Inscription: 29 Mar 2003 16:12

Re: TR/Spy.Gen

Messagepar Florinator » 23 Jan 2011 17:29

Ok, vide la quarantaine d'Antivir.
Puis fais ceci:

Télécharge MBAM

  • Installe le
  • Lance l'outil
  • Coche "Executer un examen complet"
  • Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
  • Clique sur Supprimer la sélection
  • Pour poster le rapport clique sur l'onglet Rapports/Log et
  • Sélectionne celui t'intéresse et clique sur Ouvrir
  • Fait copier coller et poste le rapport stp

A++
Le savoir n'est utile que si il est transmis.
Avatar de l’utilisateur
Florinator
Maître Libellulien
Maître Libellulien
 
Messages: 661
Inscription: 28 Déc 2009 16:19

Re: TR/Spy.Gen

Messagepar mddee » 23 Jan 2011 20:06

merci vla le rapport

--

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 5577

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

23.01.2011 20:01:56
mbam-log-2011-01-23 (20-01-56).txt

Type d'examen: Examen complet (C:\|E:\|L:\|)
Elément(s) analysé(s): 496031
Temps écoulé: 48 minute(s), 44 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 50

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
c:\Windows\SysWOW64\dwil.dll (Malware.Packer.Gen) -> Delete on reboot.

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\Windows\SysWOW64\dwil.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\program files (x86)\Abdio\abdio avi video converter\abdioconverter\myutil.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\program files (x86)\mozilla firefox\Plugins\npmywebs.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\program files (x86)\mywebsearch\bar\1.bin\f3cjpeg.dll.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\program files (x86)\mywebsearch\bar\1.bin\f3dtactl.dll.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\program files (x86)\mywebsearch\bar\1.bin\f3histsw.dll.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\program files (x86)\mywebsearch\bar\1.bin\f3hkstub.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\program files (x86)\mywebsearch\bar\1.bin\f3htmlmu.dll.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\program files (x86)\mywebsearch\bar\1.bin\f3httpct.dll.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\program files (x86)\mywebsearch\bar\1.bin\f3popswt.dll.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\program files (x86)\mywebsearch\bar\1.bin\f3pssavr.scr.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\program files (x86)\mywebsearch\bar\1.bin\f3reghk.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\program files (x86)\mywebsearch\bar\1.bin\f3reprox.dll.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\program files (x86)\mywebsearch\bar\1.bin\f3restub.dll.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\program files (x86)\mywebsearch\bar\1.bin\f3schmon.exe.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\program files (x86)\mywebsearch\bar\1.bin\f3scrctr.dll.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\program files (x86)\mywebsearch\bar\1.bin\f3wphook.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\program files (x86)\mywebsearch\bar\1.bin\m3auxstb.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\program files (x86)\mywebsearch\bar\1.bin\m3dlghk.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\program files (x86)\mywebsearch\bar\1.bin\m3highin.exe.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\program files (x86)\mywebsearch\bar\1.bin\m3html.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\program files (x86)\mywebsearch\bar\1.bin\m3idle.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\program files (x86)\mywebsearch\bar\1.bin\m3impipe.exe.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\program files (x86)\mywebsearch\bar\1.bin\m3medint.exe.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\program files (x86)\mywebsearch\bar\1.bin\m3msg.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\program files (x86)\mywebsearch\bar\1.bin\m3outlcn.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\program files (x86)\mywebsearch\bar\1.bin\m3plugin.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\program files (x86)\mywebsearch\bar\1.bin\m3skin.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\program files (x86)\mywebsearch\bar\1.bin\m3skplay.exe.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\program files (x86)\mywebsearch\bar\1.bin\m3slsrch.exe.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\program files (x86)\mywebsearch\bar\1.bin\m3srchmn.exe.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\program files (x86)\mywebsearch\bar\1.bin\mwsbar.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\program files (x86)\mywebsearch\bar\1.bin\mwsoemon.exe.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\program files (x86)\mywebsearch\bar\1.bin\mwsoeplg.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\program files (x86)\mywebsearch\bar\1.bin\mwsoestb.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\program files (x86)\mywebsearch\bar\1.bin\mwssrcas.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\program files (x86)\mywebsearch\bar\1.bin\mwssvc.exe.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\program files (x86)\mywebsearch\bar\1.bin\npmywebs.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\program files (x86)\windows live\messenger\msimg32.dll.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\program files (x86)\windows live\messenger\riched20.dll.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\Users\GroOgie\AppData\Roaming\desktopicon\ebayshortcuts.exe.vir (Adware.ADON) -> Quarantined and deleted successfully.
c:\program files (x86)\ad-remover\quarantine\C\Windows\SysWOW64\f3pssavr.scr.vir (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files (x86)\image-line\fl studio 8\Plugins\VST\vstplugins\toxic biohazard.dll (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\program files (x86)\vstplugins\toxic biohazard.dll (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\Users\GroOgie\downloads\eMule\Incoming\nero burning rom 6.6.0.8\nero burning rom 6.6.0.8\KeyGen\multikeygen.exe (Backdoor.Sdbot) -> Quarantined and deleted successfully.
c:\Windows\System32\dwil.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
e:\tri\groogie site\cuteftp6final.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
e:\tri\zero-g nostalgia vsti keygen\zero-g.nostalgia.vsti. keygen\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
e:\tri\zero-g.nostalgia.vsti. keygen\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
l:\fun.xls.exe (Worm.SillyShare) -> Quarantined and deleted successfully.

--
Avatar de l’utilisateur
mddee
Maître Libellulien
Maître Libellulien
 
Messages: 571
Inscription: 29 Mar 2003 16:12

Re: TR/Spy.Gen

Messagepar Florinator » 23 Jan 2011 22:39

Ok, on va vérifier le reste:

Télécharge ZHPDiag crée par Nicolas Coolman

  • Enregistre le sur ton bureau
  • Double clique sur l'icône (Sous vista ou 7, clique droit puis "éxécuter en administrateur)
  • Suis les instructions à l'ecran
  • Clique sur Image pour lancer l'analyse
  • Clique sur Image pour copier le rapport
  • Puis colle le dans ta prochaine réponses
  • Le rapport se situe aussi sous C:\Program Files\ZebHelpProcess\ZHPDiag.txt

A++
Le savoir n'est utile que si il est transmis.
Avatar de l’utilisateur
Florinator
Maître Libellulien
Maître Libellulien
 
Messages: 661
Inscription: 28 Déc 2009 16:19

Re: TR/Spy.Gen

Messagepar mddee » 24 Jan 2011 05:45

:-D :-D
--
Rapport de ZHPDiag v1.27.151 par Nicolas Coolman, Update du 22/01/2011
Run by GroOgie at 24.01.2011 05:41:19
Web site : http://www.premiumorange.com/zeb-help-p ... pdiag.html
Contact : nicolascoolman@yahoo.fr

---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18999
GCIE: Google Chrome v8.0.552.237

---\\ System Information
Windows Vista Home Premium Edition, 64-bit Service Pack 2 (Build 6002)
Processor: Intel64 Family 6 Model 23 Stepping 7, GenuineIntel
Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8190.2 MB (77% free)
System Restore: Activé (Enable)
System drive C: has 32 GB (11%) free of 279 GB

---\\ Logged in mode
Computer Name: GROOGIE-PC
User Name: GroOgie
All Users Names: GroOgie, ASPNET, Administrateur,
Unselected Option: O45,O61,O62,O65,O66,O82
Logged in as Administrator

---\\ Environnement Variables
%AppData%=%USERPROFILE%\AppData\Roaming
%LocalAppData%=%USERPROFILE%\AppData\Local
%StartMenu%=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu

---\\ DOS/Devices
A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
C:\ Hard drive, Flash drive, Thumb drive (Free 32 Go of 279 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ Hard drive, Flash drive, Thumb drive (Free 147 Go of 932 Go)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Free 2 Go of 2 Go)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
J:\ CD-ROM drive (Not Inserted)


---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK


---\\ Recherche particulière de fichiers génériques
[MD5.6B08E54A451B3F95E4109DBA7E594270] - (.Microsoft Corporation - Explorateur Windows.) (.11.04.2009 08:10:17.) -- C:\Windows\Explorer.exe [3079168]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.19.01.2008 08:33:37.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11.04.2009 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]


---\\ Processus lancés
[MD5.C1BFAA9AF96B48E1959F8FBD952CF62B] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files (x86)\ASUS\AASP\1.00.59\aaCenter.exe [613376]
[MD5.BF26D9CF26D7E915EB152631847A9E0B] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [16200]
[MD5.9D5E8B45BD348DF0882C69EED0E83111] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768]
[MD5.93DB1FF92B03D24738A71E6E4992DFD3] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552]
[MD5.A58E05767687E1E636D160ECEA9BC8ED] - (.Pas de propriétaire - DivX Update.) -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1226608]
[MD5.57D8C4ED26DFD7EF0E2CB196FB8BFB54] - (.DivX, LLC - DivX Download Manager Service.) -- C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe [63360]
[MD5.5CF0DB946153DDBCD76359F77AB492F5] - (.Lavasoft - Ad-Aware Tray Application.) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe [864112]
[MD5.4C82939331997FF620EB4C377D861309] - (.Microsoft Corp. - Barre d'outils Bing.) -- C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\mswinext.exe [273672]
[MD5.B9E350C3EEE748E332251274DEC33829] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IELowutil.exe [115712]
[MD5.0E20A3213ED010FC4997D1EF48082ABC] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [912344]
[MD5.41C493C4B92F7EDA46EBA74D90C9A78F] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [624128]


---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2)
P2 - FPN: [HKCU] [@facebook.com/FBPlugin,version=1.0.3] - (.Pas de propriétaire - Provides additional functionality on Facebook. See <a href="http://www.) -- C:\Users\GroOgie\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=8] - (.Google Inc. - Google Update.) -- C:\Users\GroOgie\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll


---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
G1 - GCS: Preference [User Data\Default] None
G2 - GCE: Preference [User Data\Default] [defdhglnppeioeflggkmglipcecffkhk] AutocompletePro plugin for chrome v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [fnjbmmemklcjgepojigaapkoodmkgbae] DivX HiQ v.2.1.0.900 (Activé)
G2 - GCE: Preference [User Data\Default] [nneajnkjbffgblleaoojgaacokifdkhm] \u003Cvideo\u003E HTML5 DivX Plus Web Player v.2.1.0.900 (Activé)


---\\ Internet Explorer, Démarrage,Recherche,URSearchHook (R0,R1,R3)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)) -- C:\Windows\system32\ieframe.dll


---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"


---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll


---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [IntelliPoint] . (.Microsoft Corporation - IPoint.exe.) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (.not file.)
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\GroOgie\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Wow6432Node\Run: [IntelliPoint] . (.Microsoft Corporation - IPoint.exe.) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-3617200559-1845489161-3153413402-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-3617200559-1845489161-3153413402-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-21-3617200559-1845489161-3153413402-1000\..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (.not file.)
O4 - HKUS\S-1-5-21-3617200559-1845489161-3153413402-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\GroOgie\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-3617200559-1845489161-3153413402-1000\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe (.not file.)
O4 - Global Startup: C:\Users\GroOgie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk . (.Adobe Systems, Inc..) -- C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe


---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Documents And Settings\GroOgie\Desktop\10 ONEX.pdf - Raccourci.lnk . (.Pas de propriétaire.) -- C:\Users\GroOgie\Documents\Tpg\10 ONEX.pdf
O4 - Global Startup: C:\Documents And Settings\GroOgie\Desktop\AD-R.lnk . (.Pas de propriétaire.) -- C:\Program Files (x86)\Ad-Remover\main.exe
O4 - Global Startup: C:\Documents And Settings\GroOgie\Desktop\BEBE - Raccourci.lnk . (.Pas de propriétaire.) -- E:\MES IMAGES\BEBE
O4 - Global Startup: C:\Documents And Settings\GroOgie\Desktop\Bee.Movie.avi - Raccourci.lnk . (.Pas de propriétaire.) -- E:\dessins animés\Bee.Movie.avi
O4 - Global Startup: C:\Documents And Settings\GroOgie\Desktop\daemon.exe - Raccourci.lnk . (.DT Soft Ltd.) -- C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
O4 - Global Startup: C:\Documents And Settings\GroOgie\Desktop\Documents - Raccourci.lnk . (.Pas de propriétaire.) -- C:\Users\GroOgie\Documents
O4 - Global Startup: C:\Documents And Settings\GroOgie\Desktop\Incoming - Raccourci.lnk . (.Pas de propriétaire.) -- C:\Users\GroOgie\Downloads\eMule\Incoming
O4 - Global Startup: C:\Documents And Settings\GroOgie\Desktop\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Documents And Settings\GroOgie\Desktop\Ma musique - Raccourci.lnk . (.Pas de propriétaire.) -- E:\Ma musique
O4 - Global Startup: C:\Documents And Settings\GroOgie\Desktop\Messenger.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - Global Startup: C:\Documents And Settings\GroOgie\Desktop\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - Global Startup: C:\Documents And Settings\GroOgie\Desktop\Steam.lnk . (.Pas de propriétaire.) -- C:\Windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe
O4 - Global Startup: C:\Users\GroOgie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\GroOgie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Windows Mail\WinMail.exe
O4 - Global Startup: C:\Users\GroOgie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\GroOgie\Desktop\10 ONEX.pdf - Raccourci.lnk . (.Pas de propriétaire.) -- C:\Users\GroOgie\Documents\Tpg\10 ONEX.pdf
O4 - Global Startup: C:\Users\GroOgie\Desktop\AD-R.lnk . (.Pas de propriétaire.) -- C:\Program Files (x86)\Ad-Remover\main.exe
O4 - Global Startup: C:\Users\GroOgie\Desktop\BEBE - Raccourci.lnk . (.Pas de propriétaire.) -- E:\MES IMAGES\BEBE
O4 - Global Startup: C:\Users\GroOgie\Desktop\Bee.Movie.avi - Raccourci.lnk . (.Pas de propriétaire.) -- E:\dessins animés\Bee.Movie.avi
O4 - Global Startup: C:\Users\GroOgie\Desktop\daemon.exe - Raccourci.lnk . (.DT Soft Ltd.) -- C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
O4 - Global Startup: C:\Users\GroOgie\Desktop\Documents - Raccourci.lnk . (.Pas de propriétaire.) -- C:\Users\GroOgie\Documents
O4 - Global Startup: C:\Users\GroOgie\Desktop\Incoming - Raccourci.lnk . (.Pas de propriétaire.) -- C:\Users\GroOgie\Downloads\eMule\Incoming
O4 - Global Startup: C:\Users\GroOgie\Desktop\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\GroOgie\Desktop\Ma musique - Raccourci.lnk . (.Pas de propriétaire.) -- E:\Ma musique
O4 - Global Startup: C:\Users\GroOgie\Desktop\Messenger.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - Global Startup: C:\Users\GroOgie\Desktop\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - Global Startup: C:\Users\GroOgie\Desktop\Steam.lnk . (.Pas de propriétaire.) -- C:\Windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe
O4 - Global Startup: C:\Users\GroOgie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk . (.Lavasoft.) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe
O4 - Global Startup: C:\Users\GroOgie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDvd.lnk . (.VSO Software SARL.) -- C:\Program Files (x86)\VSO\ConvertX\3\ConvertXtoDvd.exe
O4 - Global Startup: C:\Users\GroOgie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Corel MediaOne.lnk . (.Corel, Inc..) -- C:\Program Files (x86)\Corel\Corel MediaOne\Corel MediaOne.exe
O4 - Global Startup: C:\Users\GroOgie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Corel Paint Shop Pro Photo X2.lnk . (.Corel, Inc..) -- C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe
O4 - Global Startup: C:\Users\GroOgie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Easy MP3 Cutter.lnk . (.ManiacTools.) -- C:\Program Files (x86)\Easy MP3 Cutter\mp3_cutter.exe
O4 - Global Startup: C:\Users\GroOgie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.lnk . (.Pas de propriétaire.) -- C:\Users\GroOgie\AppData\Roaming\Desktopicon\eBayShortcuts.exe (.not file.)
O4 - Global Startup: C:\Users\GroOgie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\GroOgie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - Global Startup: C:\Users\GroOgie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - Clé orpheline
O4 - Global Startup: C:\Users\GroOgie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk . (.Vuze Inc..) -- C:\Program Files (x86)\Vuze\Azureus.exe
O4 - Global Startup: C:\Users\GroOgie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - Clé orpheline
O4 - Global Startup: C:\Users\GroOgie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe


---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~2\MICROS~3\Office12\EXCEL.exe


---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll


---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0306B408-B9CB-4BD7-AC40-83A6ED507D13}: DhcpNameServer = 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158
O17 - HKLM\System\CS1\Services\Tcpip\..\{0306B408-B9CB-4BD7-AC40-83A6ED507D13}: DhcpNameServer = 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158
O17 - HKLM\System\CS3\Services\Tcpip\..\{0306B408-B9CB-4BD7-AC40-83A6ED507D13}: DhcpNameServer = 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158


---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\Windows\System32\webcheck.dll


---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\system32\browseui.dll


---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (AMD External Events Utility) - Clé orpheline
O23 - Service: (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: (dwil) - Clé orpheline
O23 - Service: (gupdate1c9c2acc7a12a0) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: (gusvc) . (.Google - gusvc.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: (Lavasoft Ad-Aware Service) . (.Lavasoft - Ad-Aware Service Application.) - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 (Nero BackItUp Scheduler 4.0) . (.Nero AG - Nero BackItUp.) - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: (OMSI download service) . (.Pas de propriétaire - Pas de description.) - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: (PnkBstrA) . (.Pas de propriétaire - Pas de description.) - C:\Windows\system32\PnkBstrA.exe
O23 - Service: (ProtexisLicensing) . (.Pas de propriétaire - nTitles PSIService.) - C:\Windows\SysWOW64\PSIService.exe


---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Pas de propriétaire - Pas de description.) - (.not file.)


---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Google Software Updater.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3617200559-1845489161-3153413402-1000Core.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3617200559-1845489161-3153413402-1000UA.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\User_Feed_Synchronization-{05F4B327-2C27-4D2C-A0B6-62740C9DAAE1}.job
[MD5.D6814B567D8C7884DCC342C20F87FB70] [APT] [Ad-Aware Update (Weekly)] (.Lavasoft.) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
[MD5.5467F1FF0AF264566740F67E8B810735] [APT] [Google Software Updater] (.Google.) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
[MD5.626A24ED1228580B9518C01930936DF9] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.626A24ED1228580B9518C01930936DF9] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.626A24ED1228580B9518C01930936DF9] [APT] [GoogleUpdateTaskUserS-1-5-21-3617200559-1845489161-3153413402-1000Core] (.Google Inc..) -- C:\Users\GroOgie\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.626A24ED1228580B9518C01930936DF9] [APT] [GoogleUpdateTaskUserS-1-5-21-3617200559-1845489161-3153413402-1000UA] (.Google Inc..) -- C:\Users\GroOgie\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.00000000000000000000000000000000] [APT] [{099CC5E9-AC5D-486F-9D10-14A50FB5469D}] (.Pas de propriétaire.) -- C:\Users\GroOgie\Downloads\eMule\Incoming\ImageLine.Toxic.Biohazard.VSTi.FLi.v1.0-TSRh\ImageLine.Toxic.Biohazard.VSTi.FLi.v1.0-TSRh\toxicbiohazard_install.exe (.not file.)
[MD5.DC10EB942C6995D137788ECB087D304B] [APT] [{92D7E701-F88D-48A2-B93B-10ED4339EF40}] (.DT Soft Ltd..) -- E:\MOM GAMES\daemon-tools_daemon_tools_4.30.2_francais_10729.exe
[MD5.7B43567B4C32AD7ADED537CD3B1342B9] [APT] [AppleSoftwareUpdate] (.Apple Inc..) -- C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
[MD5.C1BFAA9AF96B48E1959F8FBD952CF62B] [APT] [ASUS ACPI Service Provider] (.Pas de propriétaire.) -- C:\Program Files (x86)\ASUS\AASP\1.00.59\aaCenter.exe
[MD5.2E5039A6599CAF0C4A406ED9460F80A1] [APT] [ASUS RegRun Loader] (.Pas de propriétaire.) -- C:\Program Files (x86)\ASUS\AASP\1.00.59\AsLoader.exe


---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (AsIO) . (.Pas de propriétaire - Pas de description.) - C:\Windows\Syswow64\drivers\AsIO.sys
O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for Security Enhancement.) - C:\Windows\System32\DRIVERS\avipbb.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\Windows\System32\DRIVERS\i8042prt.sys
O41 - Driver: (kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\Windows\System32\DRIVERS\kbdclass.sys
O41 - Driver: (kbdhid) . (.Microsoft Corporation - Pilote de filtre clavier HID.) - C:\Windows\System32\DRIVERS\kbdhid.sys
O41 - Driver: (mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\Windows\System32\DRIVERS\mouclass.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: (netbt) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (PSched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\System32\DRIVERS\rasacd.sys
O41 - Driver: (rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: (RDPENCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (Smb) . (.Microsoft Corporation - SMB Transport driver.) - C:\Windows\System32\DRIVERS\smb.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys


---\\ Logiciels installés (O42)
O42 - Logiciel: ATI AVIVO64 Codecs - (.ATI Technologies Inc..) [HKLM] -- {9C208A4D-D4A8-6E6E-BF66-02665EEF994C}
O42 - Logiciel: ATI Catalyst Install Manager - (.ATI Technologies, Inc..) [HKLM] -- {5DDB098A-2B70-94B2-CC92-3D39008E17EC}
O42 - Logiciel: ATI Problem Report Wizard - (.ATI Technologies.) [HKLM] -- {B308C317-A8DE-9DD4-C260-B2BBDB5133D9}
O42 - Logiciel: Dell Driver Download Manager - (.Dell Inc..) [HKCU] -- 309a46b1dc89b774
O42 - Logiciel: Dell Driver Download Manager - 1 - (.Dell Inc..) [HKCU] -- f031ef6ac137efc5
O42 - Logiciel: Facebook Plug-In - (.Facebook, Inc..) [HKCU] -- Facebook Plug-In
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKCU] -- Google Chrome
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra - (.Microsoft Corporation.) [HKLM] -- {3E31821C-7917-367E-938E-E65FC413EA31}
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
O42 - Logiciel: Microsoft Corporation - (.Microsoft Corporation.) [HKLM] -- {9C5A08BF-BB99-4998-81BD-F6CC32483B34}
O42 - Logiciel: Microsoft LifeCam - (.Microsoft Corporation.) [HKLM] -- {6965A8D2-465D-4F98-9FAA-0E9E2348F329}
O42 - Logiciel: Microsoft Office Office 64-bit Components 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002A-0000-1000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Shared 64-bit MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002A-040C-1000-0000000FF1CE}
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {B6E3757B-5E77-3915-866A-CCFC4B8D194C}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable (x64) - (.Microsoft Corporation.) [HKLM] -- {071c9b48-7c32-4621-a0ac-3f809523288f}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable (x64) - (.Microsoft Corporation.) [HKLM] -- {6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {8220EEFE-38CD-377E-8595-13398D740ACE}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - fra
O42 - Logiciel: Octoshape add-in for Adobe Flash Player - (.Pas de propriétaire.) [HKCU] -- Octoshape add-in for Adobe Flash Player
O42 - Logiciel: Windows Live Family Safety - (.Microsoft Corporation.) [HKLM] -- {46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}
O42 - Logiciel: Windows Live Family Safety - (.Microsoft Corporation.) [HKLM] -- {FE4BE0BD-1EDB-4D24-9614-847B3C472887}
O42 - Logiciel: Windows Live ID Sign-in Assistant - (.Microsoft Corporation.) [HKLM] -- {1B8ABA62-74F0-47ED-B18C-A43128E591B8}
O42 - Logiciel: Windows Live Language Selector - (.Microsoft Corporation.) [HKLM] -- {5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}
O42 - Logiciel: Windows Live MIME IFilter - (.Microsoft Corporation.) [HKLM] -- {DA54F80E-261C-41A2-A855-549A144F2F59}
O42 - Logiciel: Windows Live Remote Client - (.Microsoft Corporation.) [HKLM] -- {DF6D988A-EEA0-4277-AAB8-158E086E439B}
O42 - Logiciel: Windows Live Remote Client Resources - (.Microsoft Corporation.) [HKLM] -- {B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}
O42 - Logiciel: Windows Live Remote Service - (.Microsoft Corporation.) [HKLM] -- {E02A6548-6FDE-40E2-8ED9-119D7D7E641F}
O42 - Logiciel: Windows Live Remote Service Resources - (.Microsoft Corporation.) [HKLM] -- {5E2CD4FB-4538-4831-8176-05D653C3E6D4}

---\\ HKCU & HKLM Software Keys
[HKCU\Software\ASIO4ALL v2 by Wuschel]
[HKCU\Software\ASIO]
[HKCU\Software\ASProtect]
[HKCU\Software\ASUS]
[HKCU\Software\ATI Technologies Inc.]
[HKCU\Software\ATI]
[HKCU\Software\Ad-Remover]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow\Aurigma]
[HKCU\Software\AppDataLow\Software\DivX]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\Avira]
[HKCU\Software\Azureus]
[HKCU\Software\CDDB]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Corel]
[HKCU\Software\Crystal Dynamics]
[HKCU\Software\DT Soft]
[HKCU\Software\DVD Decrypter]
[HKCU\Software\Digital River]
[HKCU\Software\DivXNetworks]
[HKCU\Software\DivX]
[HKCU\Software\E-lab.Obsession]
[HKCU\Software\Electronic Arts]
[HKCU\Software\Freeware]
[HKCU\Software\GNU]
[HKCU\Software\Gabest]
[HKCU\Software\GameSpy]
[HKCU\Software\GeoVid]
[HKCU\Software\Google]
[HKCU\Software\Haali]
[HKCU\Software\IGA]
[HKCU\Software\IM Providers]
[HKCU\Software\Image-Line]
[HKCU\Software\JEDI-VCL]
[HKCU\Software\JaboSoft]
[HKCU\Software\JavaSoft]
[HKCU\Software\Lavalys]
[HKCU\Software\Lavasoft]
[HKCU\Software\MONOGRAM]
[HKCU\Software\Macromedia]
[HKCU\Software\MainConcept]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\ManiacTools]
[HKCU\Software\MediaInfo]
[HKCU\Software\Minnetonka Audio Software]
[HKCU\Software\Monolith Productions]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\N64 Emulation]
[HKCU\Software\Namida]
[HKCU\Software\Nero]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\OpenAutomate]
[HKCU\Software\Orange]
[HKCU\Software\Outsim]
[HKCU\Software\Policies]
[HKCU\Software\ProgSense]
[HKCU\Software\Rockstar Games]
[HKCU\Software\SOUNDGRAPH]
[HKCU\Software\SecuROM]
[HKCU\Software\SoftVoice]
[HKCU\Software\Sony Ericsson]
[HKCU\Software\SoulSeek]
[HKCU\Software\Steam]
[HKCU\Software\TouchStone Software]
[HKCU\Software\Trolltech]
[HKCU\Software\Ubisoft]
[HKCU\Software\Unlimited Possibilities]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\VSO]
[HKCU\Software\Valve]
[HKCU\Software\VirtualDJ]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\Winamp]
[HKCU\Software\Wow6432Node]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\Zattoo Inc.]
[HKCU\Software\Zattoo]
[HKCU\Software\Zylom]
[HKCU\Software\eMule]
[HKCU\Software\ej-technologies]
[HKCU\Software\flv2avi]
[HKCU\Software\flv2mp3]
[HKCU\Software\keyhole.com]
[HKCU\Software\madFlac]
[HKCU\Software\mquadr.at]
[HKCU\Software\nik multimedia]
[HKLM\Software\<company>]
[HKLM\Software\AMD]
[HKLM\Software\ASUS]
[HKLM\Software\ATI Technologies]
[HKLM\Software\ATI]
[HKLM\Software\Analog Devices]
[HKLM\Software\Audible]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\DivX]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\ODBC]
[HKLM\Software\Policies]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SonicFocus]
[HKLM\Software\Sonic]
[HKLM\Software\Wow6432Node]
Avatar de l’utilisateur
mddee
Maître Libellulien
Maître Libellulien
 
Messages: 571
Inscription: 29 Mar 2003 16:12

Re: TR/Spy.Gen

Messagepar mddee » 24 Jan 2011 05:46

---\\ Contenu des dossiers ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 17.05.2010 - 16:09:02 ----D- C:\Program Files\ATI
O43 - CFD: 17.05.2010 - 16:23:58 ----D- C:\Program Files\ATI Technologies
O43 - CFD: 17.05.2010 - 16:23:14 ----D- C:\Program Files\Common Files
O43 - CFD: 22.12.2010 - 10:57:04 ----D- C:\Program Files\DivX
O43 - CFD: 26.11.2008 - 21:32:26 -SH-D- C:\Program Files\Fichiers communs
O43 - CFD: 17.12.2010 - 03:20:00 ----D- C:\Program Files\Internet Explorer
O43 - CFD: 02.11.2006 - 16:07:28 ----D- C:\Program Files\Microsoft Games
O43 - CFD: 17.05.2010 - 17:16:52 ----D- C:\Program Files\Microsoft IntelliPoint
O43 - CFD: 20.11.2010 - 16:29:58 ----D- C:\Program Files\Microsoft LifeCam
O43 - CFD: 23.12.2008 - 08:34:34 ----D- C:\Program Files\Microsoft Office
O43 - CFD: 12.08.2010 - 02:20:10 ----D- C:\Program Files\Movie Maker
O43 - CFD: 02.11.2006 - 16:07:28 ----D- C:\Program Files\MSBuild
O43 - CFD: 02.11.2006 - 16:07:28 ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 02.11.2006 - 16:44:56 --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 27.11.2008 - 00:51:58 ----D- C:\Program Files\Windows Calendar
O43 - CFD: 24.09.2009 - 21:29:12 ----D- C:\Program Files\Windows Collaboration
O43 - CFD: 24.09.2009 - 21:29:10 ----D- C:\Program Files\Windows Defender
O43 - CFD: 24.09.2009 - 21:29:12 ----D- C:\Program Files\Windows Journal
O43 - CFD: 22.10.2010 - 20:25:00 ----D- C:\Program Files\Windows Live
O43 - CFD: 17.12.2010 - 03:20:00 ----D- C:\Program Files\Windows Mail
O43 - CFD: 14.10.2010 - 02:20:52 ----D- C:\Program Files\Windows Media Player
O43 - CFD: 26.11.2008 - 21:32:26 ----D- C:\Program Files\Windows NT
O43 - CFD: 24.09.2009 - 21:29:12 ----D- C:\Program Files\Windows Photo Gallery
O43 - CFD: 17.11.2009 - 18:45:24 ----D- C:\Program Files\Windows Portable Devices
O43 - CFD: 24.09.2009 - 21:29:12 ----D- C:\Program Files\Windows Sidebar
O43 - CFD: 17.05.2010 - 16:23:14 ----D- C:\Program Files\Common Files\ATI Technologies
O43 - CFD: 22.10.2010 - 20:24:28 ----D- C:\Program Files\Common Files\Microsoft Shared
O43 - CFD: 02.11.2006 - 14:33:54 ----D- C:\Program Files\Common Files\Services
O43 - CFD: 02.11.2006 - 14:33:54 ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 27.11.2008 - 00:51:56 ----D- C:\Program Files\Common Files\System
O43 - CFD: 06.10.2010 - 17:09:18 ----D- C:\ProgramData\Adobe
O43 - CFD: 21.06.2009 - 20:25:56 ----D- C:\ProgramData\Adobe Systems
O43 - CFD: 07.02.2009 - 05:41:22 ----D- C:\ProgramData\Apple
O43 - CFD: 05.09.2010 - 07:47:24 ----D- C:\ProgramData\Apple Computer
O43 - CFD: 02.11.2006 - 16:42:18 -SH-D- C:\ProgramData\Application Data
O43 - CFD: 17.05.2010 - 16:28:18 ----D- C:\ProgramData\ATI
O43 - CFD: 03.06.2009 - 03:36:38 ----D- C:\ProgramData\Avira
O43 - CFD: 12.12.2008 - 09:26:38 ----D- C:\ProgramData\Azureus
O43 - CFD: 26.11.2008 - 21:32:26 -SH-D- C:\ProgramData\Bureau
O43 - CFD: 28.10.2009 - 21:00:12 ----D- C:\ProgramData\BVRP Software
O43 - CFD: 11.12.2008 - 07:56:04 ----D- C:\ProgramData\Corel
O43 - CFD: 22.12.2008 - 15:20:12 ----D- C:\ProgramData\DAEMON Tools Lite
O43 - CFD: 02.11.2006 - 16:42:18 -SH-D- C:\ProgramData\Desktop
O43 - CFD: 22.12.2010 - 10:57:50 ----D- C:\ProgramData\DivX
O43 - CFD: 02.11.2006 - 16:42:18 -SH-D- C:\ProgramData\Documents
O43 - CFD: 24.03.2009 - 13:42:32 ----D- C:\ProgramData\Electronic Arts
O43 - CFD: 06.12.2008 - 17:15:36 ----D- C:\ProgramData\eMule
O43 - CFD: 26.11.2008 - 21:32:26 -SH-D- C:\ProgramData\Favoris
O43 - CFD: 02.11.2006 - 16:42:18 -SH-D- C:\ProgramData\Favorites
O43 - CFD: 23.01.2011 - 12:25:12 ----D- C:\ProgramData\Google Updater
O43 - CFD: 19.05.2010 - 07:24:16 ----D- C:\ProgramData\Lavasoft
O43 - CFD: 27.11.2008 - 13:19:52 ----D- C:\ProgramData\ma-config.com
O43 - CFD: 23.01.2011 - 19:01:24 ----D- C:\ProgramData\Malwarebytes
O43 - CFD: 19.02.2009 - 07:31:52 ----D- C:\ProgramData\Media Center Programs
O43 - CFD: 26.11.2008 - 21:32:26 -SH-D- C:\ProgramData\Menu Démarrer
O43 - CFD: 22.10.2010 - 20:25:36 -S--D- C:\ProgramData\Microsoft
O43 - CFD: 12.01.2011 - 22:02:20 ----D- C:\ProgramData\Microsoft Help
O43 - CFD: 26.11.2008 - 21:32:26 -SH-D- C:\ProgramData\Modèles
O43 - CFD: 12.12.2008 - 09:59:24 ----D- C:\ProgramData\Nero
O43 - CFD: 13.12.2008 - 06:58:54 ----D- C:\ProgramData\PopCap Games
O43 - CFD: 27.05.2010 - 20:48:10 -SH-D- C:\ProgramData\SecuROM
O43 - CFD: 28.10.2009 - 20:55:46 ----D- C:\ProgramData\Sony Ericsson
O43 - CFD: 09.01.2009 - 13:52:08 ----D- C:\ProgramData\Soulseek
O43 - CFD: 27.11.2008 - 13:43:04 ----D- C:\ProgramData\SOUNDGRAPH
O43 - CFD: 02.11.2006 - 16:42:18 -SH-D- C:\ProgramData\Start Menu
O43 - CFD: 13.12.2008 - 06:58:24 ----D- C:\ProgramData\Steam
O43 - CFD: 30.03.2010 - 18:20:50 ----D- C:\ProgramData\Sun
O43 - CFD: 02.11.2006 - 16:42:18 -SH-D- C:\ProgramData\Templates
O43 - CFD: 20.12.2008 - 09:42:38 ----D- C:\ProgramData\TrackMania
O43 - CFD: 01.05.2010 - 09:51:28 ----D- C:\ProgramData\Ubisoft
O43 - CFD: 28.02.2009 - 18:42:20 ----D- C:\ProgramData\vsosdk
O43 - CFD: 26.11.2008 - 23:58:44 ----D- C:\ProgramData\WLInstaller
O43 - CFD: 22.12.2008 - 16:36:18 ----D- C:\ProgramData\Zylom
O43 - CFD: 23.12.2008 - 18:20:10 ----D- C:\Users\GroOgie\AppData\Roaming\Ace
O43 - CFD: 22.06.2009 - 10:43:46 ----D- C:\Users\GroOgie\AppData\Roaming\Adobe
O43 - CFD: 06.09.2010 - 17:43:02 ----D- C:\Users\GroOgie\AppData\Roaming\Apowersoft
O43 - CFD: 26.11.2008 - 22:16:26 ----D- C:\Users\GroOgie\AppData\Roaming\ATI
O43 - CFD: 22.12.2010 - 11:50:56 ----D- C:\Users\GroOgie\AppData\Roaming\Avira
O43 - CFD: 07.03.2009 - 14:14:36 ----D- C:\Users\GroOgie\AppData\Roaming\Azureus
O43 - CFD: 08.01.2009 - 09:01:06 ----D- C:\Users\GroOgie\AppData\Roaming\Corel
O43 - CFD: 22.12.2008 - 15:20:50 ----D- C:\Users\GroOgie\AppData\Roaming\DAEMON Tools
O43 - CFD: 22.12.2008 - 15:21:24 ----D- C:\Users\GroOgie\AppData\Roaming\DAEMON Tools Lite
O43 - CFD: 22.12.2008 - 15:20:50 ----D- C:\Users\GroOgie\AppData\Roaming\DAEMON Tools Pro
O43 - CFD: 30.01.2009 - 05:56:32 ----D- C:\Users\GroOgie\AppData\Roaming\Deckadance
O43 - CFD: 27.07.2010 - 20:01:58 ----D- C:\Users\GroOgie\AppData\Roaming\Dell
O43 - CFD: 22.12.2010 - 12:24:22 ----D- C:\Users\GroOgie\AppData\Roaming\DivX
O43 - CFD: 21.08.2010 - 00:46:52 ----D- C:\Users\GroOgie\AppData\Roaming\dvdcss
O43 - CFD: 11.04.2010 - 08:58:26 ----D- C:\Users\GroOgie\AppData\Roaming\Facebook
O43 - CFD: 30.03.2009 - 09:09:08 ----D- C:\Users\GroOgie\AppData\Roaming\GeoVid
O43 - CFD: 25.08.2010 - 08:03:50 ----D- C:\Users\GroOgie\AppData\Roaming\GrabPro
O43 - CFD: 22.12.2008 - 16:36:20 ----D- C:\Users\GroOgie\AppData\Roaming\Identities
O43 - CFD: 22.12.2010 - 10:57:46 ----D- C:\Users\GroOgie\AppData\Roaming\Local
O43 - CFD: 26.11.2008 - 23:09:38 ----D- C:\Users\GroOgie\AppData\Roaming\Macromedia
O43 - CFD: 23.01.2011 - 19:01:36 ----D- C:\Users\GroOgie\AppData\Roaming\Malwarebytes
O43 - CFD: 02.11.2006 - 16:07:26 ----D- C:\Users\GroOgie\AppData\Roaming\Media Center Programs
O43 - CFD: 07.04.2009 - 16:17:22 ----D- C:\Users\GroOgie\AppData\Roaming\Media Player Classic
O43 - CFD: 21.09.2010 - 09:36:40 -S--D- C:\Users\GroOgie\AppData\Roaming\Microsoft
O43 - CFD: 20.12.2008 - 22:49:12 ----D- C:\Users\GroOgie\AppData\Roaming\Mozilla
O43 - CFD: 14.12.2008 - 12:31:10 ----D- C:\Users\GroOgie\AppData\Roaming\Nero
O43 - CFD: 01.12.2008 - 22:52:48 ----D- C:\Users\GroOgie\AppData\Roaming\OpenOffice.org
O43 - CFD: 25.08.2010 - 08:19:40 ----D- C:\Users\GroOgie\AppData\Roaming\Orbit
O43 - CFD: 25.08.2010 - 08:04:16 ----D- C:\Users\GroOgie\AppData\Roaming\ProgSense
O43 - CFD: 27.11.2008 - 01:54:26 R-H-D- C:\Users\GroOgie\AppData\Roaming\SecuROM
O43 - CFD: 26.08.2009 - 17:48:36 ----D- C:\Users\GroOgie\AppData\Roaming\SOUNDGRAPH
O43 - CFD: 26.11.2008 - 21:56:18 ----D- C:\Users\GroOgie\AppData\Roaming\TMP
O43 - CFD: 07.01.2011 - 09:30:28 ----D- C:\Users\GroOgie\AppData\Roaming\vlc
O43 - CFD: 14.01.2010 - 15:35:28 ----D- C:\Users\GroOgie\AppData\Roaming\Vso
O43 - CFD: 03.12.2008 - 16:25:42 ----D- C:\Users\GroOgie\AppData\Roaming\WinRAR
O43 - CFD: 22.12.2008 - 16:36:20 ----D- C:\Users\GroOgie\AppData\Roaming\Zylom
O43 - CFD: 28.04.2009 - 12:23:36 ----D- C:\Program Files (x86)\A Vampyre Story
O43 - CFD: 01.04.2009 - 16:15:58 ----D- C:\Program Files (x86)\Abdio
O43 - CFD: 29.12.2008 - 20:46:58 ----D- C:\Program Files (x86)\Activision
O43 - CFD: 23.01.2011 - 14:31:16 ----D- C:\Program Files (x86)\Ad-Remover
O43 - CFD: 21.06.2009 - 20:26:58 ----D- C:\Program Files (x86)\Adobe
O43 - CFD: 07.02.2009 - 05:41:22 ----D- C:\Program Files (x86)\Apple Software Update
O43 - CFD: 21.01.2009 - 13:39:38 ----D- C:\Program Files (x86)\ASIO4ALL v2
O43 - CFD: 26.11.2008 - 21:59:38 ----D- C:\Program Files (x86)\ASUS
O43 - CFD: 17.05.2010 - 16:12:58 ----D- C:\Program Files (x86)\ATI
O43 - CFD: 17.05.2010 - 16:24:24 ----D- C:\Program Files (x86)\ATI Technologies
O43 - CFD: 03.06.2009 - 03:36:38 ----D- C:\Program Files (x86)\Avira
O43 - CFD: 13.01.2009 - 11:48:02 ----D- C:\Program Files (x86)\AviSynth 2.5
O43 - CFD: 17.05.2009 - 11:54:00 ----D- C:\Program Files (x86)\AxBx
O43 - CFD: 22.10.2010 - 20:24:22 ----D- C:\Program Files (x86)\Bing Bar Installer
O43 - CFD: 21.09.2010 - 09:36:32 ----D- C:\Program Files (x86)\cablecom
O43 - CFD: 22.06.2009 - 10:35:38 ----D- C:\Program Files (x86)\Canon
O43 - CFD: 21.02.2009 - 09:21:22 ----D- C:\Program Files (x86)\CDex_150
O43 - CFD: 01.04.2009 - 16:13:14 ----D- C:\Program Files (x86)\Ciuly
O43 - CFD: 22.12.2010 - 10:56:52 ----D- C:\Program Files (x86)\Common Files
O43 - CFD: 08.01.2009 - 09:00:34 ----D- C:\Program Files (x86)\Corel
O43 - CFD: 26.11.2008 - 21:51:38 ----D- C:\Program Files (x86)\Creative
O43 - CFD: 14.03.2010 - 16:04:02 ----D- C:\Program Files (x86)\Custom-Strike
O43 - CFD: 22.12.2008 - 15:20:10 ----D- C:\Program Files (x86)\DAEMON Tools Lite
O43 - CFD: 22.12.2010 - 10:57:46 ----D- C:\Program Files (x86)\DivX
O43 - CFD: 02.04.2009 - 13:54:08 ----D- C:\Program Files (x86)\Easy MP3 Cutter
O43 - CFD: 20.03.2009 - 18:03:16 ----D- C:\Program Files (x86)\Electronic Arts
O43 - CFD: 06.12.2008 - 17:15:24 ----D- C:\Program Files (x86)\eMule
O43 - CFD: 20.03.2009 - 07:26:14 ----D- C:\Program Files (x86)\Enlight
O43 - CFD: 28.11.2008 - 23:12:44 ----D- C:\Program Files (x86)\GameSpy
O43 - CFD: 28.09.2010 - 11:56:20 ----D- C:\Program Files (x86)\Google
O43 - CFD: 07.02.2009 - 05:39:42 ----D- C:\Program Files (x86)\IK Multimedia
O43 - CFD: 18.02.2009 - 06:18:30 ----D- C:\Program Files (x86)\Image-Line
O43 - CFD: 01.05.2010 - 09:50:54 --H-D- C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD: 26.11.2008 - 23:14:28 ----D- C:\Program Files (x86)\Intel
O43 - CFD: 17.12.2010 - 03:20:00 ----D- C:\Program Files (x86)\Internet Explorer
O43 - CFD: 11.01.2011 - 16:41:26 ----D- C:\Program Files (x86)\Java
O43 - CFD: 05.09.2010 - 21:32:46 ----D- C:\Program Files (x86)\K-Lite Codec Pack
O43 - CFD: 22.12.2008 - 17:18:20 ----D- C:\Program Files (x86)\Kyodai Mahjongg
O43 - CFD: 28.11.2008 - 07:08:12 ----D- C:\Program Files (x86)\Lavalys
O43 - CFD: 19.05.2010 - 07:24:24 ----D- C:\Program Files (x86)\Lavasoft
O43 - CFD: 23.01.2011 - 19:01:24 ----D- C:\Program Files (x86)\Malwarebytes' Anti-Malware
O43 - CFD: 26.11.2008 - 21:55:56 ----D- C:\Program Files (x86)\Marvell
O43 - CFD: 06.10.2009 - 06:44:10 ----D- C:\Program Files (x86)\Microsoft
O43 - CFD: 03.12.2008 - 11:40:10 ----D- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
O43 - CFD: 20.11.2010 - 16:29:58 ----D- C:\Program Files (x86)\Microsoft LifeCam
O43 - CFD: 23.12.2008 - 08:36:58 ----D- C:\Program Files (x86)\Microsoft Office
O43 - CFD: 07.01.2011 - 11:10:28 ----D- C:\Program Files (x86)\Microsoft Silverlight
O43 - CFD: 22.10.2010 - 20:26:58 ----D- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
O43 - CFD: 23.12.2008 - 08:36:56 ----D- C:\Program Files (x86)\Microsoft Visual Studio
O43 - CFD: 23.12.2008 - 08:34:28 ----D- C:\Program Files (x86)\Microsoft Visual Studio 8
O43 - CFD: 01.05.2009 - 15:36:12 ----D- C:\Program Files (x86)\Microsoft Works
O43 - CFD: 30.06.2010 - 10:12:24 ----D- C:\Program Files (x86)\Microsoft.NET
O43 - CFD: 18.02.2009 - 06:34:34 ----D- C:\Program Files (x86)\Morphine
O43 - CFD: 10.12.2010 - 07:58:08 ----D- C:\Program Files (x86)\Mozilla Firefox
O43 - CFD: 23.12.2008 - 08:37:08 ----D- C:\Program Files (x86)\MSBuild
O43 - CFD: 22.10.2010 - 20:21:38 ----D- C:\Program Files (x86)\MSN Toolbar
O43 - CFD: 28.11.2008 - 19:35:34 ----D- C:\Program Files (x86)\MSXML 4.0
O43 - CFD: 12.12.2008 - 10:07:38 ----D- C:\Program Files (x86)\Nero
O43 - CFD: 20.12.2008 - 22:45:22 ----D- C:\Program Files (x86)\OpenAL
O43 - CFD: 23.12.2008 - 08:29:04 ----D- C:\Program Files (x86)\OpenOffice.org 3
O43 - CFD: 21.01.2009 - 13:38:58 ----D- C:\Program Files (x86)\Outsim
O43 - CFD: 06.11.2009 - 18:52:00 ----D- C:\Program Files (x86)\Project64 1.6
O43 - CFD: 05.09.2010 - 07:47:44 ----D- C:\Program Files (x86)\QuickTime
O43 - CFD: 02.11.2006 - 16:07:28 ----D- C:\Program Files (x86)\Reference Assemblies
O43 - CFD: 13.01.2009 - 11:48:36 ----D- C:\Program Files (x86)\Ripp-it_AM
O43 - CFD: 08.04.2009 - 15:04:18 ----D- C:\Program Files (x86)\Sagasoft
O43 - CFD: 28.11.2008 - 07:00:26 ----D- C:\Program Files (x86)\SIW
O43 - CFD: 30.03.2009 - 09:27:06 ----D- C:\Program Files (x86)\Smallvideosoft
O43 - CFD: 28.10.2009 - 20:55:46 ----D- C:\Program Files (x86)\Sony Ericsson
O43 - CFD: 26.08.2009 - 18:10:02 ----D- C:\Program Files (x86)\SOUNDGRAPH
O43 - CFD: 23.01.2011 - 05:18:04 ----D- C:\Program Files (x86)\Steam
O43 - CFD: 23.12.2008 - 18:18:24 ----D- C:\Program Files (x86)\THQ
O43 - CFD: 01.05.2010 - 09:50:54 ----D- C:\Program Files (x86)\UBISOFT
O43 - CFD: 02.11.2006 - 16:36:08 --H-D- C:\Program Files (x86)\Uninstall Information
O43 - CFD: 28.11.2008 - 07:53:40 ----D- C:\Program Files (x86)\VideoLAN
O43 - CFD: 02.06.2009 - 05:56:44 ----D- C:\Program Files (x86)\VirtualDJ
O43 - CFD: 15.01.2009 - 10:24:52 ----D- C:\Program Files (x86)\VSO
O43 - CFD: 23.01.2011 - 20:01:58 ----D- C:\Program Files (x86)\VstPlugins
O43 - CFD: 07.03.2009 - 09:43:48 ----D- C:\Program Files (x86)\Vuze
O43 - CFD: 24.09.2009 - 21:29:10 ----D- C:\Program Files (x86)\Windows Calendar
O43 - CFD: 27.11.2008 - 00:51:58 ----D- C:\Program Files (x86)\Windows Collaboration
O43 - CFD: 27.11.2008 - 00:51:58 ----D- C:\Program Files (x86)\Windows Defender
O43 - CFD: 22.10.2010 - 20:28:58 ----D- C:\Program Files (x86)\Windows Live
O43 - CFD: 21.01.2009 - 13:42:52 ----D- C:\Program Files (x86)\Windows Live Safety Center
O43 - CFD: 17.12.2010 - 03:20:00 ----D- C:\Program Files (x86)\Windows Mail
O43 - CFD: 14.10.2010 - 02:20:52 ----D- C:\Program Files (x86)\Windows Media Player
O43 - CFD: 02.11.2006 - 16:07:28 ----D- C:\Program Files (x86)\Windows NT
O43 - CFD: 24.09.2009 - 21:29:10 ----D- C:\Program Files (x86)\Windows Photo Gallery
O43 - CFD: 17.11.2009 - 18:45:24 ----D- C:\Program Files (x86)\Windows Portable Devices
O43 - CFD: 24.09.2009 - 21:29:10 ----D- C:\Program Files (x86)\Windows Sidebar
O43 - CFD: 27.11.2008 - 08:32:34 ----D- C:\Program Files (x86)\WinRAR
O43 - CFD: 27.11.2008 - 14:19:16 ----D- C:\Program Files (x86)\Zattoo
O43 - CFD: 18.05.2010 - 14:23:52 ----D- C:\Program Files (x86)\Zattoo4
O43 - CFD: 24.01.2011 - 05:41:30 ----D- C:\Program Files (x86)\ZHPDiag
O43 - CFD: 22.12.2008 - 17:18:12 ----D- C:\Program Files (x86)\Zylom Games
O43 - CFD: 17.05.2010 - 16:23:14 ----D- C:\Program Files\Common Files\ATI Technologies
O43 - CFD: 22.10.2010 - 20:24:28 ----D- C:\Program Files\Common Files\Microsoft Shared
O43 - CFD: 02.11.2006 - 14:33:54 ----D- C:\Program Files\Common Files\Services
O43 - CFD: 02.11.2006 - 14:33:54 ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 27.11.2008 - 00:51:56 ----D- C:\Program Files\Common Files\System


---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.9CED1700D64D6E7500DCFD7E70EE1700] - 24.01.2011 - 05:38:13 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\WindowsUpdate.log [1566355]
O44 - LFC:[MD5.4956663F62788023FEAA63E86F8DCAAD] - 24.01.2011 - 05:37:42 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.16BC05E7889B3F60D8921B1F93673538] - 23.01.2011 - 20:09:35 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysNative\PerfStringBackup.INI [1697616]
O44 - LFC:[MD5.8F40FCD4678B1393D9A9E1D577DC1FFD] - 23.01.2011 - 20:09:35 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysNative\perfc009.dat [130758]
O44 - LFC:[MD5.93EF171562C8DEB99E53B32AEEFC8FE9] - 23.01.2011 - 20:09:35 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysNative\perfc00C.dat [160540]
O44 - LFC:[MD5.DB759955785F51C3CDF5CF129BBFCF76] - 23.01.2011 - 20:09:35 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysNative\perfh009.dat [659162]
O44 - LFC:[MD5.675D095E19E3AB257C5E2DC1A7D3120E] - 23.01.2011 - 20:09:35 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysNative\perfh00C.dat [751800]
O44 - LFC:[MD5.A76760D1C5C441FBF98CB79848E0988E] - 23.01.2011 - 20:03:53 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\aaw7boot.log [24887]
O44 - LFC:[MD5.A7926751E073B5E9930442A1DE7C5FDC] - 23.01.2011 - 14:32:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Ad-Report-CLEAN[1].txt [18005]
O44 - LFC:[MD5.0F13F5CC136FDEA92D0DA81CF172236D] - 22.01.2011 - 18:36:41 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\PFRO.log [25380]
O44 - LFC:[MD5.4547E1627547BB7C0103D0969FC08188] - 14.01.2011 - 08:35:13 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\DirectX.log [280244]


---\\ MountPoints2 Shell Key (MPSK) (O51)
O51 - MPSK:{0ad02165-8867-11de-b9a9-001fc6e51485}\Shell\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- L:\setup.exe (.not file.)


---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm


---\\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TS Single Sign On Security Package.) -- C:\Windows\system32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TS Single Sign On Security Package.) -- C:\Windows\system32\credssp.dll


---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=2
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0


---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "BindDirectlyToPropertySetStorage"=0


---\\ Liste des Drivers Système (SDL) (O58)
O58 - SDL:[MD5.9137451D37BA1C325CD6C2DEF3D2D692] - 02.11.2006 - 12:52:16 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [485480]
O58 - SDL:[MD5.01F80898DF5CC7DF19B3B11351846263] - 02.11.2006 - 12:51:59 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [339560]
O58 - SDL:[MD5.DA001DB13FFF45DFE9109936E265B7CC] - 02.11.2006 - 12:51:24 ---A- . (.Adaptec, Inc. - Adaptec LH Ultra160 Driver (X64).) -- C:\Windows\system32\drivers\adpu160m.sys [184424]
O58 - SDL:[MD5.2B10C35C5B7C5C0C28F572E035319602] - 02.11.2006 - 12:51:19 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\system32\drivers\adpu320.sys [178792]
O58 - SDL:[MD5.157D0898D4B73F075CE9FA26B482DF98] - 02.11.2006 - 13:00:19 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [15976]
O58 - SDL:[MD5.2E8623F2FED998A97129A3DB919551C8] - 02.11.2006 - 13:03:49 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [76392]
O58 - SDL:[MD5.741A003C041A3EC480A2E71AF71E9654] - 02.11.2006 - 13:03:49 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [76392]
O58 - SDL:[MD5.6936198F2CC25B39CF5262436C80DF46] - 31.10.2006 - 16:23:42 ---A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\Windows\system32\drivers\ASACPI.sys [15680]
O58 - SDL:[MD5.19AAA5FA3A9804B8722F7B95649FB6C9] - 28.01.2010 - 15:33:34 ---A- . (.ATI Technologies, Inc. - ATI High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\AtiHdmi.sys [114176]
O58 - SDL:[MD5.9C0BA1E5195075D2908FDCE1B3F3B902] - 10.02.2010 - 23:47:56 ---A- . (.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) -- C:\Windows\system32\drivers\atikmdag.sys [6377472]
O58 - SDL:[MD5.1FCD6862762D74E47417FD94433EFC69] - 10.02.2010 - 22:31:26 ---A- . (.Advanced Micro Devices, Inc. - AMD multi-vendor Miniport Driver.) -- C:\Windows\system32\drivers\atikmpag.sys [186880]
O58 - SDL:[MD5.9C0BA1E5195075D2908FDCE1B3F3B902] - 10.02.2010 - 23:47:56 ---A- . (.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) -- C:\Windows\system32\drivers\atipmdag.sys [6377472]
O58 - SDL:[MD5.39C2E2870FC0C2AE0595B883CBE716B4] - 22.12.2010 - 11:51:36 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\Windows\system32\drivers\avgntflt.sys [83120]
O58 - SDL:[MD5.C98FA6E5AD0E857D22716BD2B8B1F399] - 17.08.2010 - 13:39:11 ---A- . (.Avira GmbH - Avira Driver for Security Enhancement.) -- C:\Windows\system32\drivers\avipbb.sys [116568]
O58 - SDL:[MD5.F09EEE9EDC320B5E1501F749FDE686C8] - 18.09.2006 - 22:30:15 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [18432]
O58 - SDL:[MD5.B114D3098E9BDB8BEA8B053685831BE6] - 18.09.2006 - 22:30:15 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [8704]
O58 - SDL:[MD5.F0F0BA4D815BE446AA6A4583CA3BCA9B] - 02.11.2006 - 09:43:25 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [86528]
O58 - SDL:[MD5.A6ECA2151B08A09CACECA35C07F05B42] - 18.09.2006 - 22:30:18 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [47104]
O58 - SDL:[MD5.B79968002C277E869CF38BD22CD61524] - 18.09.2006 - 22:30:18 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [14976]
O58 - SDL:[MD5.A87528880231C54E75EA7A44943B38BF] - 19.09.2006 - 12:42:33 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [14720]
O58 - SDL:[MD5.E5D5499A1C50A54B5161296B6AFE6192] - 02.11.2006 - 13:00:48 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [18024]
O58 - SDL:[MD5.222CB641B4B8A1D1126F8033F9FD6A00] - 02.11.2006 - 12:50:06 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys [88168]
O58 - SDL:[MD5.D57FE09B575545738A73A0C193D0616A] - 18.09.2006 - 22:27:18 ---A- . (.Intel Corporation - Intel(R) PRO/1000 Adapter NDIS 6 deserialized driver.) -- C:\Windows\system32\drivers\E1G6032E.sys [141824]
O58 - SDL:[MD5.3D6298AFF3FE06C0616CE5D090A3EEAA] - 02.11.2006 - 12:52:07 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [368232]
O58 - SDL:[MD5.8EDC820115DF1E04763B2923676EA5B2] - 02.11.2006 - 13:02:37 ---A- . (.Hewlett-Packard Company - Smart Array Storport Driver.) -- C:\Windows\system32\drivers\HpCISSs.sys [43112]
O58 - SDL:[MD5.72C3EE7EA3CD75A772E62AE0E5DF8B8C] - 02.11.2006 - 12:51:48 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver (base).) -- C:\Windows\system32\drivers\iaStorV.sys [280680]
O58 - SDL:[MD5.8C3951AD2FE886EF76C7B5027C3125D3] - 02.11.2006 - 13:02:39 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [44648]
O58 - SDL:[MD5.63C766CDC609FF8206CB447A65ABBA4A] - 02.11.2006 - 13:02:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\system32\drivers\iteatapi.sys [37480]
O58 - SDL:[MD5.1281FE73B17664631D12F643CBEA3F59] - 02.11.2006 - 13:02:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\system32\drivers\iteraid.sys [37480]
O58 - SDL:[MD5.3C46290F7A5D45BA6EF32C248E22AA69] - 05.06.2010 - 07:30:24 ---A- . (.Lavasoft AB - Boot Driver.) -- C:\Windows\system32\drivers\Lbd.sys [69152]
O58 - SDL:[MD5.1572F8D999C0AB4376AFDCE058A78DF9] - 02.11.2006 - 13:03:56 ---A- . (.LSI Logic - LSI Logic Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [78440]
O58 - SDL:[MD5.64470979C3E3C9FF60EDFB5230C56E0E] - 02.11.2006 - 13:03:56 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [78440]
O58 - SDL:[MD5.4CED7D3B54BFC5BBAE75C4A73C7F7428] - 02.11.2006 - 13:04:02 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [78440]
O58 - SDL:[MD5.3D3C4B63F11F63F50253E734F0ACE9F2] - 20.12.2010 - 18:08:40 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys [24152]
O58 - SDL:[MD5.2F631C2939D5F2E8958935EE701D70D7] - 02.11.2006 - 13:01:55 ---A- . (.LSI Logic Corporation - MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x.) -- C:\Windows\system32\drivers\megasas.sys [32872]
O58 - SDL:[MD5.3C200630A89EF2C0864D515B7A75802E] - 02.11.2006 - 13:02:24 ---A- . (.LSI Logic Corporation - MegaRAID RAID Controller Driver for Windows Vista/Longhorn for.) -- C:\Windows\system32\drivers\Mraid35x.sys [39016]
O58 - SDL:[MD5.4AC08BD6AF2DF42E0C3196D826C8AEA7] - 02.11.2006 - 13:03:03 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [51816]
O58 - SDL:[MD5.840EEB44DC49317A6161961F7682CD99] - 02.11.2006 - 12:50:24 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [112744]
O58 - SDL:[MD5.94C5334040A5D500897F4C5FD12AEEDE] - 02.11.2006 - 13:02:51 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [48232]
O58 - SDL:[MD5.AF7CE12C4F3DC8CB2B07685C916BBCFE] - 15.01.2009 - 10:24:54 ---A- . (.VSO Software - low level access layer for CD/DVD/BD devices.) -- C:\Windows\system32\drivers\pcouffin.sys [82816]
O58 - SDL:[MD5.E9158FA6923E80BD57CF068CE9CDDAA2] - 03.04.2007 - 09:30:14 ---A- . (.Philips Semiconductors GmbH - Ph3xIBxx.) -- C:\Windows\system32\drivers\Ph3xIB64.sys [1418112]
O58 - SDL:[MD5.4A29D25704917161BAD9B4659A248DFD] - 02.11.2006 - 12:52:27 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [990312]
O58 - SDL:[MD5.E1C80F8D4D1E39EF9595809C1369BF2A] - 02.11.2006 - 12:50:27 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [124008]
O58 - SDL:[MD5.EA268BCE30691C2DD24F02E617FD2EB5] - 16.05.2008 - 12:32:56 ---A- . (.MCCI Corporation - Sony Ericsson Device 0016 Driver.) -- C:\Windows\system32\drivers\s0016bus.sys [115240]
O58 - SDL:[MD5.41BDDE57907CA92D438E4C3C8B4C33EC] - 16.05.2008 - 12:32:58 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\Windows\system32\drivers\s0016cm.sys [14888]
O58 - SDL:[MD5.41BDDE57907CA92D438E4C3C8B4C33EC] - 16.05.2008 - 12:32:58 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\Windows\system32\drivers\s0016cmnt.sys [14888]
O58 - SDL:[MD5.4EDEAA70224D40990A9BE6091E762168] - 16.05.2008 - 12:33:02 ---A- . (.MCCI Corporation - Sony Ericsson Device 0016 USB Ethernet Emulation (WDM class reg.) -- C:\Windows\system32\drivers\s0016cr.sys [13864]
O58 - SDL:[MD5.F5F9DEB89996D333EF976624D37E24E3] - 16.05.2008 - 12:33:04 ---A- . (.MCCI Corporation - Sony Ericsson Device 0016 USB WMC Modem Filter Driver.) -- C:\Windows\system32\drivers\s0016mdfl.sys [19496]
O58 - SDL:[MD5.C17CE2AEE67480FEBCC36ECCB54C0BE8] - 16.05.2008 - 12:33:06 ---A- . (.MCCI Corporation - Sony Ericsson Device 0016 USB WMC Modem WDM Driver.) -- C:\Windows\system32\drivers\s0016mdm.sys [158760]
O58 - SDL:[MD5.CC267F04C54C5EC5B7BD658D7628469F] - 16.05.2008 - 12:33:06 ---A- . (.MCCI Corporation - Sony Ericsson Device 0016 USB WMC Device Management Driver.) -- C:\Windows\system32\drivers\s0016mgmt.sys [137256]
O58 - SDL:[MD5.30A35BBCE09D9FE67482FD62C61911FC] - 16.05.2008 - 12:33:06 ---A- . (.MCCI Corporation - Sony Ericsson Device 0016 USB Ethernet Emulation (NDIS 5 Minipo.) -- C:\Windows\system32\drivers\s0016nd5.sys [34344]
O58 - SDL:[MD5.CA394DCC38579C7AD82E83EE64D798A0] - 16.05.2008 - 12:33:06 ---A- . (.MCCI Corporation - Sony Ericsson Device 0016 USB WMC OBEX Interface Device Driver.) -- C:\Windows\system32\drivers\s0016obex.sys [136744]
O58 - SDL:[MD5.EB267CCEA84E6E8598D92F73332AC67B] - 16.05.2008 - 12:33:06 ---A- . (.MCCI Corporation - Sony Ericsson Device 0016 USB Ethernet Emulation.) -- C:\Windows\system32\drivers\s0016unic.sys [151592]
O58 - SDL:[MD5.07CACBFEF2226DEA608749439B2764E7] - 16.05.2008 - 12:33:06 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\Windows\system32\drivers\s0016wh.sys [15912]
O58 - SDL:[MD5.07CACBFEF2226DEA608749439B2764E7] - 16.05.2008 - 12:33:06 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\Windows\system32\drivers\s0016whnt.sys [15912]
O58 - SDL:[MD5.4019149E4E296072831C8855605D9FDC] - 19.05.2010 - 07:30:24 ---A- . (.Sunbelt Software - Anti-Rootkit Engine.) -- C:\Windows\system32\drivers\SBREDrv.sys [95024]
O58 - SDL:[MD5.3EA8A16169C26AFBEB544E0E48421186] - 30.09.2006 - 00:51:44 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys [23040]
O58 - SDL:[MD5.EDE7A1D2715AAC2190D51DC07AFD44E3] - 09.01.2008 - 11:28:20 ---A- . (.Sony Ericsson Mobile Communications - seehcri Driver.) -- C:\Windows\system32\drivers\seehcri.sys [34032]
O58 - SDL:[MD5.08DDA16573FA44F8B13AFE74597AD2E5] - 02.11.2006 - 13:02:33 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\system32\drivers\sisraid2.sys [42600]
O58 - SDL:[MD5.C52259E9DAAF3890D572D87FFEE0979E] - 02.11.2006 - 13:03:44 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys [74856]
O58 - SDL:[MD5.9CED1700D64D6E7500DCFD7E70EE1700] - 22.12.2008 - 00:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\drivers\sptd.sys [868848]
O58 - SDL:[MD5.2F26A2C6FC96B29BEFF5D8ED74E6625B] - 02.11.2006 - 13:02:52 ---A- . (.LSI Logic - LSI Logic 8XX SCSI Miniport Driver.) -- C:\Windows\system32\drivers\symc8xx.sys [49256]
O58 - SDL:[MD5.A909667976D3BCCD1DF813FED517D837] - 02.11.2006 - 13:02:37 ---A- . (.LSI Logic - LSI Logic Hi-Perf SCSI Miniport Driver.) -- C:\Windows\system32\drivers\sym_hi.sys [44648]
O58 - SDL:[MD5.36887B56EC2D98B9C362F6AE4DE5B7B0] - 02.11.2006 - 13:02:47 ---A- . (.LSI Logic - LSI Logic Ultra160 SCSI Miniport Driver.) -- C:\Windows\system32\drivers\sym_u3.sys [48232]
O58 - SDL:[MD5.6030B68E86A30D1B315B51C4D7778B16] - 02.11.2006 - 12:51:49 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\system32\drivers\uliahci.sys [279656]
O58 - SDL:[MD5.31707F09846056651EA2C37858F5DDB0] - 02.11.2006 - 12:50:54 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\system32\drivers\ulsata.sys [148072]
O58 - SDL:[MD5.85E5E43ED5B48C8376281BAB519271B7] - 02.11.2006 - 12:51:19 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series x64 Windows Driver.) -- C:\Windows\system32\drivers\ulsata2.sys [174696]
O58 - SDL:[MD5.8294B6C3FDB6C33F24E150DE647ECDAA] - 02.11.2006 - 13:00:41 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys [18024]
O58 - SDL:[MD5.410AE2C141142C58BC617FC2C677F8B0] - 02.11.2006 - 12:50:37 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys [128104]
O58 - SDL:[MD5.2AE06B41B36549FABF0886B2AF89A599] - 06.12.2007 - 09:51:00 ---A- . (.Marvell - Miniport Driver for Marvell Yukon Ethernet Controller..) -- C:\Windows\system32\drivers\yk60x64.sys [391680]
O58 - SDL:[MD5.8065A7659562005127673AC52898675F] - 17.12.2007 - 10:14:12 R--A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysWOW64\drivers\AsIO.sys [14392]
O58 - SDL:[MD5.B979979AB8027F7F53FB16EC4229B7DB] - 10.09.1999 - 12:06:00 ---A- . (.Adaptec - ASPI for WIN32 Kernel Driver.) -- C:\Windows\SysWOW64\drivers\aspi32.sys [25244]
O58 - SDL:[MD5.2AD78087FF299D1596F0336749F84B1F] - 01.08.2007 - 04:39:28 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysWOW64\drivers\ASUSHWIO.SYS [12536]
O58 - SDL:[MD5.D68E165C3123ABA3B1282EDDB4213BD8] - 20.12.2010 - 18:09:00 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys [38224]
O58 - SDL:[MD5.20ED5DBEE3FB56FA7A272BE2A0970E58] - 13.02.2009 - 11:49:30 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\Windows\SysWOW64\drivers\ssmdrv.sys [28376]
O58 - SDL:[MD5.1A006963644C7FDE5BE60036F3A43E68] - 27.11.2008 - 10:26:19 ---A- . (.EnTech Taiwan - TVicHW32 driver for Windows XP 64-bit edition.) -- C:\Windows\SysWOW64\drivers\TVICHW64.SYS [21200]
O58 - SDL:[MD5.62D853061D9E69586FE10B14E73436E6] - 08.01.2009 - 08:52:10 RSH-- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysWOW64\1F3D0E23C3.sys [88]
O58 - SDL:[MD5.A59A6BEE485E6D2C740CE4DA3FEF79FE] - 12.01.2011 - 17:40:13 -SHA- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysWOW64\KGyGaAvL.sys [3818]


---\\ Liste des services Legacy (LALS) (O64)
O64 - Services: CurCS - C:\Windows\system32\drivers\afd.sys - Ancilliary Function Driver for Winsock (AFD) .(.Microsoft Corporation - Ancillary Function Driver for WinSock.) - LEGACY_AFD
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\atipmdag.sys - amdkmdag (amdkmdag) .(.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) - LEGACY_AMDKMDAG
O64 - Services: CurCS - C:\Windows\Syswow64\drivers\AsIO.sys - AsIO (AsIO) .(.Pas de propriétaire - Pas de description.) - LEGACY_ASIO
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\avgntflt.sys - avgntflt (avgntflt) .(.Avira GmbH - Avira Minifilter Driver.) - LEGACY_AVGNTFLT
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\avipbb.sys - avipbb (avipbb) .(.Avira GmbH - Avira Driver for Security Enhancement.) - LEGACY_AVIPBB
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\bowser.sys - Bowser (bowser) .(.Microsoft Corporation - NT Lan Manager Datagram Receiver Driver.) - LEGACY_BOWSER
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\cdfs.sys - CD/DVD File System Reader (cdfs) .(.Microsoft Corporation - CD-ROM File System Driver.) - LEGACY_CDFS
O64 - Services: CurCS - C:\Windows\System32\CLFS.sys - Common Log (CLFS) (CLFS) .(.Microsoft Corporation - Common Log File System Driver.) - LEGACY_CLFS
O64 - Services: CurCS - C:\Windows\System32\drivers\crcdisk.sys - Crcdisk Filter Driver (crcdisk) .(.Microsoft Corporation - Disk Block Verification Filter Driver.) - LEGACY_CRCDISK
O64 - Services: CurCS - C:\Windows\System32\Drivers\dfsc.sys - Dfs Client Driver (DfsC) .(.Microsoft Corporation - DFS Namespace Client Driver.) - LEGACY_DFSC
O64 - Services: CurCS - C:\Windows\system32\drivers\dxgkrnl.sys - LDDM Graphics Subsystem (DXGKrnl) .(.Microsoft Corporation - DirectX Graphics Kernel.) - LEGACY_DXGKRNL
O64 - Services: CurCS - C:\Windows\system32\Drivers\EXFAT.sys - (.not file.) - exFAT File System Driver (exfat) .(.Pas de propriétaire - Pas de description.) - LEGACY_EXFAT
O64 - Services: CurCS - C:\Windows\system32\Drivers\FASTFAT.sys - (.not file.) - FAT12/16/32 File System Driver (fastfat) .(.Pas de propriétaire - Pas de description.) - LEGACY_FASTFAT
O64 - Services: CurCS - C:\Windows\System32\drivers\fileinfo.sys - File Information FS MiniFilter (FileInfo) .(.Microsoft Corporation - FileInfo Filter Driver.) - LEGACY_FILEINFO
O64 - Services: CurCS - C:\Windows\System32\drivers\fltmgr.sys - FltMgr (FltMgr) .(.Microsoft Corporation - Gestionnaire de filtres de système de fichi.) - LEGACY_FLTMGR
O64 - Services: CurCS - C:\Windows\system32\Drivers\FS_REC.sys - Fs_Rec (Fs_Rec) .(.Pas de propriétaire - Pas de description.) - LEGACY_FS_REC
O64 - Services: CurCS - C:\Windows\System32\drivers\HTTP.sys - HTTP (HTTP) .(.Microsoft Corporation - HTTP Pile du protocole.) - LEGACY_HTTP
O64 - Services: CurCS - C:\Windows\System32\Drivers\ksecdd.sys - KSecDD (KSecDD) .(.Microsoft Corporation - Kernel Security Support Provider Interface.) - LEGACY_KSECDD
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\Lbd.sys - Lbd (Lbd) .(.Lavasoft AB - Boot Driver.) - LEGACY_LBD
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\lltdio.sys - Link-Layer Topology Discovery Mapper I/O Driver (lltdio) .(.Microsoft Corporation - Link-Layer Topology Mapper I/O Driver.) - LEGACY_LLTDIO
O64 - Services: CurCS - C:\Windows\system32\drivers\luafv.sys - UAC File Virtualization (luafv) .(.Microsoft Corporation - Pilote de filtre de virtualisation de fichi.) - LEGACY_LUAFV
O64 - Services: CurCS - C:\Windows\System32\drivers\modem.sys - modem (modem) .(.Microsoft Corporation - Pilote de périphérique modem.) - LEGACY_MODEM
O64 - Services: CurCS - C:\Windows\System32\drivers\mountmgr.sys - Mount Point Manager (MountMgr) .(.Microsoft Corporation - Mount Point Manager.) - LEGACY_MOUNTMGR
O64 - Services: CurCS - C:\Windows\system32\FirewallAPI.dll (mpsdrv) .(.Microsoft Corporation - API du Pare-feu Windows.) - LEGACY_MPSDRV
O64 - Services: CurCS - C:\Windows\system32\drivers\mrxdav.sys - WebDav Client Redirector Driver (MRxDAV) .(.Microsoft Corporation - Windows NT WebDav Minirdr.) - LEGACY_MRXDAV
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\mrxsmb.sys - SMB MiniRedirector Wrapper and Engine (mrxsmb) .(.Microsoft Corporation - Windows NT SMB Minirdr.) - LEGACY_MRXSMB
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\mrxsmb10.sys - SMB 1.x MiniRedirector (mrxsmb10) .(.Microsoft Corporation - Longhorn SMB Downlevel SubRdr.) - LEGACY_MRXSMB10
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\mrxsmb20.sys - SMB 2.0 MiniRedirector (mrxsmb20) .(.Microsoft Corporation - Longhorn SMB 2.0 Redirector.) - LEGACY_MRXSMB20
O64 - Services: CurCS - C:\Windows\system32\Drivers\MSFS.sys - Msfs (Msfs) .(.Pas de propriétaire - Pas de description.) - LEGACY_MSFS
O64 - Services: CurCS - C:\Windows\System32\drivers\msisadrv.sys - ISA/EISA Class Driver (msisadrv) .(.Microsoft Corporation - ISA Driver.) - LEGACY_MSISADRV
O64 - Services: CurCS - C:\Windows\System32\Drivers\mup.sys - Mup (Mup) .(.Microsoft Corporation - Multiple UNC Provider driver.) - LEGACY_MUP
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\nwifi.sys - Filtre NativeWiFi (NativeWifiP) .(.Microsoft Corporation - NativeWiFi Miniport Driver.) - LEGACY_NATIVEWIFIP
O64 - Services: CurCS - C:\Windows\System32\drivers\ndis.sys - NDIS System Driver (NDIS) .(.Microsoft Corporation - NDIS 6.0 wrapper driver.) - LEGACY_NDIS
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\ndisuio.sys - NDIS mode utilisateur E/S Protocole (Ndisuio) .(.Microsoft Corporation - NDIS User mode I/O driver.) - LEGACY_NDISUIO
O64 - Services: CurCS - C:\Windows\system32\Drivers\NDPROXY.sys - NDProxy (NDProxy) .(.Pas de propriétaire - Pas de description.) - LEGACY_NDPROXY
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\netbios.sys - NetBIOS Interface (NetBIOS) .(.Microsoft Corporation - NetBIOS interface driver.) - LEGACY_NETBIOS
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\netbt.sys - NETBT (netbt) .(.Microsoft Corporation - MBT Transport driver.) - LEGACY_NETBT
O64 - Services: CurCS - C:\Windows\system32\Drivers\NPFS.sys - Npfs (Npfs) .(.Pas de propriétaire - Pas de description.) - LEGACY_NPFS
O64 - Services: CurCS - C:\Windows\System32\drivers\nsiproxy.sys - NSI proxy service (nsiproxy) .(.Microsoft Corporation - NSI Proxy.) - LEGACY_NSIPROXY
O64 - Services: CurCS - C:\Windows\system32\Drivers\NTFS.sys - Ntfs (Ntfs) .(.Pas de propriétaire - Pas de description.) - LEGACY_NTFS
O64 - Services: CurCS - C:\Windows\system32\Drivers\NULL.sys - Null (Null) .(.Pas de propriétaire - Pas de description.) - LEGACY_NULL
O64 - Services: CurCS - C:\Windows\System32\drivers\peauth.sys - PEAUTH (PEAUTH) .(.Microsoft Corporation - Protected Environment Authentication and Au.) - LEGACY_PEAUTH
O64 - Services: CurCS - C:\Windows\system32\drivers\pacer.sys (PSched) .(.Microsoft Corporation - Planificateur de paquets QoS.) - LEGACY_PSCHED
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\rasacd.sys - Remote Access Auto Connection Driver (RasAcd) .(.Microsoft Corporation - RAS Automatic Connection Driver.) - LEGACY_RASACD
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\rdbss.sys - Redirected Buffering Sub Sysytem (rdbss) .(.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - LEGACY_RDBSS
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\RDPCDD.sys - RDPCDD (RDPCDD) .(.Microsoft Corporation - RDP Miniport.) - LEGACY_RDPCDD
O64 - Services: CurCS - C:\Windows\System32\drivers\rdpencdd.sys - RDP Encoder Mirror Driver (RDPENCDD) .(.Microsoft Corporation - RDP Miniport.) - LEGACY_RDPENCDD
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\rspndr.sys - Link-Layer Topology Discovery Responder (rspndr) .(.Microsoft Corporation - Link-Layer Topology Responder Driver for ND.) - LEGACY_RSPNDR
O64 - Services: CurCS - C:\Windows\system32\Drivers\SECDRV.sys - (.not file.) - Security Driver (secdrv) .(.Pas de propriétaire - Pas de description.) - LEGACY_SECDRV
O64 - Services: CurCS - C:\Windows\system32\tcpipcfg.dll (Smb) .(.Microsoft Corporation - Objets de configuration du réseau.) - LEGACY_SMB
O64 - Services: CurCS - C:\Windows\system32\Drivers\SPLDR.sys - (.not file.) - Security Processor Loader Driver (spldr) .(.Pas de propriétaire - Pas de description.) - LEGACY_SPLDR
O64 - Services: CurCS - C:\Windows\System32\Drivers\sptd.sys - sptd (sptd) .(.Pas de propriétaire - Pas de description.) - LEGACY_SPTD
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\srv.sys - srv (srv) .(.Microsoft Corporation - Server driver.) - LEGACY_SRV
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\srv2.sys - srv2 (srv2) .(.Microsoft Corporation - Smb 2.0 Server driver.) - LEGACY_SRV2
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\srvnet.sys - srvnet (srvnet) .(.Microsoft Corporation - Server Network driver.) - LEGACY_SRVNET
O64 - Services: CurCS - C:\Windows\system32\tcpipcfg.dll (Tcpip) .(.Microsoft Corporation - Objets de configuration du réseau.) - LEGACY_TCPIP
O64 - Services: CurCS - C:\Windows\System32\drivers\tcpipreg.sys - TCP/IP Registry Compatibility (tcpipreg) .(.Microsoft Corporation - TCP/IP Registry Compatibility Driver.) - LEGACY_TCPIPREG
O64 - Services: CurCS - C:\Windows\system32\tcpipcfg.dll (tdx) .(.Microsoft Corporation - Objets de configuration du réseau.) - LEGACY_TDX
O64 - Services: CurCS - (.not file.) - TVICHW64 (TVICHW64) .(.Pas de propriétaire - Pas de description.) - LEGACY_TVICHW64
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\udfs.sys - udfs (udfs) .(.Microsoft Corporation - UDF File System Driver.) - LEGACY_UDFS
O64 - Services: CurCS - C:\Windows\system32\drivers\vga.sys - VgaSave (VgaSave) .(.Microsoft Corporation - VGA/Super VGA Video Driver.) - LEGACY_VGASAVE
O64 - Services: CurCS - C:\Windows\System32\drivers\volmgrx.sys - Dynamic Volume Manager (volmgrx) .(.Microsoft Corporation - Volume Manager Extension Driver.) - LEGACY_VOLMGRX
O64 - Services: CurCS - C:\Windows\System32\drivers\volsnap.sys - Volumes de stockage (volsnap) .(.Microsoft Corporation - Pilote de cliché instantané du volume.) - LEGACY_VOLSNAP
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\wanarp.sys - Remote Access IPv6 ARP Driver (Wanarpv6) .(.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - LEGACY_WANARPV6
O64 - Services: CurCS - C:\Windows\System32\drivers\Wdf01000.sys - Kernel Mode Driver Frameworks service (Wdf01000) .(.Microsoft Corporation - WDF dynamique.) - LEGACY_WDF01000


---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe


---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe


---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://search.live.co
O69 - SBI: SearchScopes [HKCU] {7532CAD3-78DB-4669-9198-73681ECEDEB9} [DefaultScope] - (Google) - http://www.google.fr


---\\ Recherche particuliere à la racine de certains dossiers (SPRF) (O84)
[MD5.16E53BFC96CE14021C0E07EB1C198478] [SPRF] (.Pas de propriétaire - Pas de description.) -- C:\Users\GroOgie\AppData\Roaming\inst.exe [99384]
[MD5.AF7CE12C4F3DC8CB2B07685C916BBCFE] [SPRF] (.VSO Software - low level access layer for CD/DVD/BD devices.) -- C:\Users\GroOgie\AppData\Roaming\pcouffin.sys [82816]


---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 21.06.2009 72704 | (Adobe LM Service) . (.Adobe Systems.) - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
SR - | Auto 10.02.2010 202752 | (AMD External Events Utility) . (.AMD.) - C:\Windows\system32\atiesrxx.exe
SR - | Auto 17.08.2010 135336 | (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 22.12.2010 267944 | (AntiVirService) . (.Avira GmbH.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SS - | Demand 22.12.2010 0 | Service d'état ASP.NET (aspnet_state) . (.Pas de propriétaire.) - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
SS - | Auto 22.12.2010 0 | (dwil) . (.Pas de propriétaire.) - ll32.exe
SS - | Auto 21.04.2009 133104 | (gupdate1c9c2acc7a12a0) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 21.04.2009 183280 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 04.04.2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SR - | Auto 30.06.2010 1352832 | (Lavasoft Ad-Aware Service) . (.Lavasoft.) - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
SR - | Auto 24.09.2008 935208 | Nero BackItUp Scheduler 4.0 (Nero BackItUp Scheduler 4.0) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
SR - | Auto 30.04.2009 90112 | (OMSI download service) . (.Pas de propriétaire.) - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
SR - | Auto 30.04.2009 0 | (PnkBstrA) . (.Pas de propriétaire.) - C:\Windows\system32\PnkBstrA.exe
SR - | Auto 05.06.2007 177704 | (ProtexisLicensing) . (.Pas de propriétaire.) - C:\Windows\SysWOW64\PSIService.exe
SS - | Demand 13.01.2011 407336 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SR - | Auto 19.01.2008 27648 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\system32\svchost.exe


---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net
Run by GroOgie at 24.01.2011 05:42:30

device: opened successfully
user: error reading MBR

Disk trace:
error: Read Descripteur non valide
kernel: error reading MBR


---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by GroOgie at 24.01.2011 05:42:30
Use the desktop link 'MBRCheck' to have full report




---\\ Liste des émulateurs de CD/DVD (Hook du MBR)
O58 - SDL:[MD5.AF7CE12C4F3DC8CB2B07685C916BBCFE] - 15.01.2009 - 10:24:54 ---A- . (.VSO Software - low level access layer for CD/DVD/BD devices.) -- C:\Windows\system32\drivers\pcouffin.sys [82816]
O58 - SDL:[MD5.9CED1700D64D6E7500DCFD7E70EE1700] - 22.12.2008 - 00:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\drivers\sptd.sys [868848]



End of the scan (916 lines in 01mn 10s)(0)

--
Avatar de l’utilisateur
mddee
Maître Libellulien
Maître Libellulien
 
Messages: 571
Inscription: 29 Mar 2003 16:12

Re: TR/Spy.Gen

Messagepar Florinator » 24 Jan 2011 17:36

Bonjour,

Ok, il ne reste plus grand chose:

  • Copie ces lignes ci dessous:

Code: Tout sélectionner
G2 - GCE: Preference [User Data\Default] [defdhglnppeioeflggkmglipcecffkhk] AutocompletePro plugin for chrome v.1.0 (Activé)
O43 - CFD: 13.12.2008 - 06:58:54 ----D- C:\ProgramData\PopCap Games
[MD5.16E53BFC96CE14021C0E07EB1C198478] [SPRF] (.Pas de propriétaire - Pas de description.) -- C:\Users\GroOgie\AppData\Roaming\inst.exe [99384]


  • Ouvre ZHPDiag, puis clique sur l'icône Image
    Si l'icône n'apparait pas, relance un scan avec ZHPDiag, à la fin du scan elle apparaitra
  • Clique successivement sur l'icône Image,pour effacer le rapport qui s'est affiché
  • Clique ensuite sur Image pour coller la sélection
  • Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre
  • Clique sur "OK", ce qui fait apparaître un carré à gauche de chaque ligne.
  • Clique sur "Tous" puis sur "Nettoyer".
    Si on te demande de redémarrer l'ordi pour achever le nettoyage, fais le immmédiatement.
  • Copie/colle le rapport dans ton prochain post.

Remarque:Le rapport se situe aussi sous C:\Program Files\ZebHelpProcess\ZHPFixReport.txt

A++
Le savoir n'est utile que si il est transmis.
Avatar de l’utilisateur
Florinator
Maître Libellulien
Maître Libellulien
 
Messages: 661
Inscription: 28 Déc 2009 16:19

Re: TR/Spy.Gen

Messagepar mddee » 24 Jan 2011 18:28

Big merci ca a l'air d'aller deja bien mieux..

voila le rapport ZHPDiag

--

Rapport de ZHPDiag v1.27.151 par Nicolas Coolman, Update du 22/01/2011
Run by GroOgie at 24.01.2011 18:18:42
Web site : http://www.premiumorange.com/zeb-help-p ... pdiag.html
Contact : nicolascoolman@yahoo.fr

---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18999
GCIE: Google Chrome v8.0.552.237

---\\ System Information
Windows Vista Home Premium Edition, 64-bit Service Pack 2 (Build 6002)
Processor: Intel64 Family 6 Model 23 Stepping 7, GenuineIntel
Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8190.2 MB (73% free)
System Restore: Activé (Enable)
System drive C: has 32 GB (11%) free of 279 GB

---\\ Logged in mode
Computer Name: GROOGIE-PC
User Name: GroOgie
All Users Names: GroOgie, ASPNET, Administrateur,
Unselected Option: O45,O61,O62,O65,O66,O82
Logged in as Administrator

---\\ Environnement Variables
%AppData%=%USERPROFILE%\AppData\Roaming
%LocalAppData%=%USERPROFILE%\AppData\Local
%StartMenu%=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu

---\\ DOS/Devices
A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
C:\ Hard drive, Flash drive, Thumb drive (Free 32 Go of 279 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ Hard drive, Flash drive, Thumb drive (Free 147 Go of 932 Go)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Free 2 Go of 2 Go)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
J:\ CD-ROM drive (Not Inserted)


---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK


---\\ Recherche particulière de fichiers génériques
[MD5.6B08E54A451B3F95E4109DBA7E594270] - (.Microsoft Corporation - Explorateur Windows.) (.11.04.2009 08:10:17.) -- C:\Windows\Explorer.exe [3079168]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.19.01.2008 08:33:37.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11.04.2009 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]


---\\ Processus lancés
[MD5.C1BFAA9AF96B48E1959F8FBD952CF62B] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files (x86)\ASUS\AASP\1.00.59\aaCenter.exe [613376]
[MD5.BF26D9CF26D7E915EB152631847A9E0B] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [16200]
[MD5.9D5E8B45BD348DF0882C69EED0E83111] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768]
[MD5.93DB1FF92B03D24738A71E6E4992DFD3] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552]
[MD5.A58E05767687E1E636D160ECEA9BC8ED] - (.Pas de propriétaire - DivX Update.) -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1226608]
[MD5.57D8C4ED26DFD7EF0E2CB196FB8BFB54] - (.DivX, LLC - DivX Download Manager Service.) -- C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe [63360]
[MD5.5CF0DB946153DDBCD76359F77AB492F5] - (.Lavasoft - Ad-Aware Tray Application.) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe [864112]
[MD5.4C82939331997FF620EB4C377D861309] - (.Microsoft Corp. - Barre d'outils Bing.) -- C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\mswinext.exe [273672]
[MD5.B9E350C3EEE748E332251274DEC33829] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IELowutil.exe [115712]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\SysWOW64\conime.exe [69120]
[MD5.091549EB1CDC5FE9CC68EE5D5AD14C6A] - (.Microsoft Corporation - LifeTray.exe.) -- C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe [95088]
[MD5.78366318920DE90DAC3B68A75176595A] - (.Microsoft Corporation - LifeEnC2.exe.) -- C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe [245248]
[MD5.0E20A3213ED010FC4997D1EF48082ABC] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [912344]
[MD5.BA9A09CF1B9503C363617F3748F6D791] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [16856]
[MD5.41C493C4B92F7EDA46EBA74D90C9A78F] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [624128]


---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2)
P2 - FPN: [HKCU] [@facebook.com/FBPlugin,version=1.0.3] - (.Pas de propriétaire - Provides additional functionality on Facebook. See <a href="http://www.) -- C:\Users\GroOgie\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=8] - (.Google Inc. - Google Update.) -- C:\Users\GroOgie\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll


---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
G1 - GCS: Preference [User Data\Default] None
G2 - GCE: Preference [User Data\Default] [defdhglnppeioeflggkmglipcecffkhk] AutocompletePro plugin for chrome v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [fnjbmmemklcjgepojigaapkoodmkgbae] DivX HiQ v.2.1.0.900 (Activé)
G2 - GCE: Preference [User Data\Default] [nneajnkjbffgblleaoojgaacokifdkhm] \u003Cvideo\u003E HTML5 DivX Plus Web Player v.2.1.0.900 (Activé)


---\\ Internet Explorer, Démarrage,Recherche,URSearchHook (R0,R1,R3)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)) -- C:\Windows\system32\ieframe.dll


---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"


---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll


---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [IntelliPoint] . (.Microsoft Corporation - IPoint.exe.) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (.not file.)
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\GroOgie\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Wow6432Node\Run: [IntelliPoint] . (.Microsoft Corporation - IPoint.exe.) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-3617200559-1845489161-3153413402-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-3617200559-1845489161-3153413402-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-21-3617200559-1845489161-3153413402-1000\..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (.not file.)
O4 - HKUS\S-1-5-21-3617200559-1845489161-3153413402-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\GroOgie\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-3617200559-1845489161-3153413402-1000\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe (.not file.)
O4 - Global Startup: C:\Users\GroOgie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk . (.Adobe Systems, Inc..) -- C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe


---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Documents And Settings\GroOgie\Desktop\10 ONEX.pdf - Raccourci.lnk . (.Pas de propriétaire.) -- C:\Users\GroOgie\Documents\Tpg\10 ONEX.pdf
O4 - Global Startup: C:\Documents And Settings\GroOgie\Desktop\AD-R.lnk . (.Pas de propriétaire.) -- C:\Program Files (x86)\Ad-Remover\main.exe
O4 - Global Startup: C:\Documents And Settings\GroOgie\Desktop\BEBE - Raccourci.lnk . (.Pas de propriétaire.) -- E:\MES IMAGES\BEBE
O4 - Global Startup: C:\Documents And Settings\GroOgie\Desktop\Bee.Movie.avi - Raccourci.lnk . (.Pas de propriétaire.) -- E:\dessins animés\Bee.Movie.avi
O4 - Global Startup: C:\Documents And Settings\GroOgie\Desktop\daemon.exe - Raccourci.lnk . (.DT Soft Ltd.) -- C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
O4 - Global Startup: C:\Documents And Settings\GroOgie\Desktop\Documents - Raccourci.lnk . (.Pas de propriétaire.) -- C:\Users\GroOgie\Documents
O4 - Global Startup: C:\Documents And Settings\GroOgie\Desktop\Incoming - Raccourci.lnk . (.Pas de propriétaire.) -- C:\Users\GroOgie\Downloads\eMule\Incoming
O4 - Global Startup: C:\Documents And Settings\GroOgie\Desktop\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Documents And Settings\GroOgie\Desktop\Ma musique - Raccourci.lnk . (.Pas de propriétaire.) -- E:\Ma musique
O4 - Global Startup: C:\Documents And Settings\GroOgie\Desktop\Messenger.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - Global Startup: C:\Documents And Settings\GroOgie\Desktop\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - Global Startup: C:\Documents And Settings\GroOgie\Desktop\Steam.lnk . (.Pas de propriétaire.) -- C:\Windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe
O4 - Global Startup: C:\Users\GroOgie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\GroOgie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Windows Mail\WinMail.exe
O4 - Global Startup: C:\Users\GroOgie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\GroOgie\Desktop\10 ONEX.pdf - Raccourci.lnk . (.Pas de propriétaire.) -- C:\Users\GroOgie\Documents\Tpg\10 ONEX.pdf
O4 - Global Startup: C:\Users\GroOgie\Desktop\AD-R.lnk . (.Pas de propriétaire.) -- C:\Program Files (x86)\Ad-Remover\main.exe
O4 - Global Startup: C:\Users\GroOgie\Desktop\BEBE - Raccourci.lnk . (.Pas de propriétaire.) -- E:\MES IMAGES\BEBE
O4 - Global Startup: C:\Users\GroOgie\Desktop\Bee.Movie.avi - Raccourci.lnk . (.Pas de propriétaire.) -- E:\dessins animés\Bee.Movie.avi
O4 - Global Startup: C:\Users\GroOgie\Desktop\daemon.exe - Raccourci.lnk . (.DT Soft Ltd.) -- C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
O4 - Global Startup: C:\Users\GroOgie\Desktop\Documents - Raccourci.lnk . (.Pas de propriétaire.) -- C:\Users\GroOgie\Documents
O4 - Global Startup: C:\Users\GroOgie\Desktop\Incoming - Raccourci.lnk . (.Pas de propriétaire.) -- C:\Users\GroOgie\Downloads\eMule\Incoming
O4 - Global Startup: C:\Users\GroOgie\Desktop\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\GroOgie\Desktop\Ma musique - Raccourci.lnk . (.Pas de propriétaire.) -- E:\Ma musique
O4 - Global Startup: C:\Users\GroOgie\Desktop\Messenger.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - Global Startup: C:\Users\GroOgie\Desktop\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - Global Startup: C:\Users\GroOgie\Desktop\Steam.lnk . (.Pas de propriétaire.) -- C:\Windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe
O4 - Global Startup: C:\Users\GroOgie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk . (.Lavasoft.) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe
O4 - Global Startup: C:\Users\GroOgie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDvd.lnk . (.VSO Software SARL.) -- C:\Program Files (x86)\VSO\ConvertX\3\ConvertXtoDvd.exe
O4 - Global Startup: C:\Users\GroOgie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Corel MediaOne.lnk . (.Corel, Inc..) -- C:\Program Files (x86)\Corel\Corel MediaOne\Corel MediaOne.exe
O4 - Global Startup: C:\Users\GroOgie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Corel Paint Shop Pro Photo X2.lnk . (.Corel, Inc..) -- C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe
O4 - Global Startup: C:\Users\GroOgie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Easy MP3 Cutter.lnk . (.ManiacTools.) -- C:\Program Files (x86)\Easy MP3 Cutter\mp3_cutter.exe
O4 - Global Startup: C:\Users\GroOgie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.lnk . (.Pas de propriétaire.) -- C:\Users\GroOgie\AppData\Roaming\Desktopicon\eBayShortcuts.exe (.not file.)
O4 - Global Startup: C:\Users\GroOgie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\GroOgie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - Global Startup: C:\Users\GroOgie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - Clé orpheline
O4 - Global Startup: C:\Users\GroOgie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk . (.Vuze Inc..) -- C:\Program Files (x86)\Vuze\Azureus.exe
O4 - Global Startup: C:\Users\GroOgie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - Clé orpheline
O4 - Global Startup: C:\Users\GroOgie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe


---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~2\MICROS~3\Office12\EXCEL.exe


---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll


---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0306B408-B9CB-4BD7-AC40-83A6ED507D13}: DhcpNameServer = 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158
O17 - HKLM\System\CS1\Services\Tcpip\..\{0306B408-B9CB-4BD7-AC40-83A6ED507D13}: DhcpNameServer = 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158
O17 - HKLM\System\CS3\Services\Tcpip\..\{0306B408-B9CB-4BD7-AC40-83A6ED507D13}: DhcpNameServer = 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158


---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\Windows\System32\webcheck.dll


---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\system32\browseui.dll


---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (AMD External Events Utility) - Clé orpheline
O23 - Service: (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: (dwil) - Clé orpheline
O23 - Service: (gupdate1c9c2acc7a12a0) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: (gusvc) . (.Google - gusvc.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: (Lavasoft Ad-Aware Service) . (.Lavasoft - Ad-Aware Service Application.) - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 (Nero BackItUp Scheduler 4.0) . (.Nero AG - Nero BackItUp.) - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: (OMSI download service) . (.Pas de propriétaire - Pas de description.) - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: (PnkBstrA) . (.Pas de propriétaire - Pas de description.) - C:\Windows\system32\PnkBstrA.exe
O23 - Service: (ProtexisLicensing) . (.Pas de propriétaire - nTitles PSIService.) - C:\Windows\SysWOW64\PSIService.exe


---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Pas de propriétaire - Pas de description.) - (.not file.)


---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Google Software Updater.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3617200559-1845489161-3153413402-1000Core.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3617200559-1845489161-3153413402-1000UA.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\User_Feed_Synchronization-{05F4B327-2C27-4D2C-A0B6-62740C9DAAE1}.job
[MD5.D6814B567D8C7884DCC342C20F87FB70] [APT] [Ad-Aware Update (Weekly)] (.Lavasoft.) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
[MD5.5467F1FF0AF264566740F67E8B810735] [APT] [Google Software Updater] (.Google.) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
[MD5.626A24ED1228580B9518C01930936DF9] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.626A24ED1228580B9518C01930936DF9] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.626A24ED1228580B9518C01930936DF9] [APT] [GoogleUpdateTaskUserS-1-5-21-3617200559-1845489161-3153413402-1000Core] (.Google Inc..) -- C:\Users\GroOgie\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.626A24ED1228580B9518C01930936DF9] [APT] [GoogleUpdateTaskUserS-1-5-21-3617200559-1845489161-3153413402-1000UA] (.Google Inc..) -- C:\Users\GroOgie\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.00000000000000000000000000000000] [APT] [{099CC5E9-AC5D-486F-9D10-14A50FB5469D}] (.Pas de propriétaire.) -- C:\Users\GroOgie\Downloads\eMule\Incoming\ImageLine.Toxic.Biohazard.VSTi.FLi.v1.0-TSRh\ImageLine.Toxic.Biohazard.VSTi.FLi.v1.0-TSRh\toxicbiohazard_install.exe (.not file.)
[MD5.DC10EB942C6995D137788ECB087D304B] [APT] [{92D7E701-F88D-48A2-B93B-10ED4339EF40}] (.DT Soft Ltd..) -- E:\MOM GAMES\daemon-tools_daemon_tools_4.30.2_francais_10729.exe
[MD5.7B43567B4C32AD7ADED537CD3B1342B9] [APT] [AppleSoftwareUpdate] (.Apple Inc..) -- C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
[MD5.C1BFAA9AF96B48E1959F8FBD952CF62B] [APT] [ASUS ACPI Service Provider] (.Pas de propriétaire.) -- C:\Program Files (x86)\ASUS\AASP\1.00.59\aaCenter.exe
[MD5.2E5039A6599CAF0C4A406ED9460F80A1] [APT] [ASUS RegRun Loader] (.Pas de propriétaire.) -- C:\Program Files (x86)\ASUS\AASP\1.00.59\AsLoader.exe


---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (AsIO) . (.Pas de propriétaire - Pas de description.) - C:\Windows\Syswow64\drivers\AsIO.sys
O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for Security Enhancement.) - C:\Windows\System32\DRIVERS\avipbb.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\Windows\System32\DRIVERS\i8042prt.sys
O41 - Driver: (kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\Windows\System32\DRIVERS\kbdclass.sys
O41 - Driver: (kbdhid) . (.Microsoft Corporation - Pilote de filtre clavier HID.) - C:\Windows\System32\DRIVERS\kbdhid.sys
O41 - Driver: (mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\Windows\System32\DRIVERS\mouclass.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: (netbt) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (PSched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\System32\DRIVERS\rasacd.sys
O41 - Driver: (rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: (RDPENCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (Smb) . (.Microsoft Corporation - SMB Transport driver.) - C:\Windows\System32\DRIVERS\smb.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys


---\\ Logiciels installés (O42)
O42 - Logiciel: ATI AVIVO64 Codecs - (.ATI Technologies Inc..) [HKLM] -- {9C208A4D-D4A8-6E6E-BF66-02665EEF994C}
O42 - Logiciel: ATI Catalyst Install Manager - (.ATI Technologies, Inc..) [HKLM] -- {5DDB098A-2B70-94B2-CC92-3D39008E17EC}
O42 - Logiciel: ATI Problem Report Wizard - (.ATI Technologies.) [HKLM] -- {B308C317-A8DE-9DD4-C260-B2BBDB5133D9}
O42 - Logiciel: Dell Driver Download Manager - (.Dell Inc..) [HKCU] -- 309a46b1dc89b774
O42 - Logiciel: Dell Driver Download Manager - 1 - (.Dell Inc..) [HKCU] -- f031ef6ac137efc5
O42 - Logiciel: Facebook Plug-In - (.Facebook, Inc..) [HKCU] -- Facebook Plug-In
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKCU] -- Google Chrome
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra - (.Microsoft Corporation.) [HKLM] -- {3E31821C-7917-367E-938E-E65FC413EA31}
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
O42 - Logiciel: Microsoft Corporation - (.Microsoft Corporation.) [HKLM] -- {9C5A08BF-BB99-4998-81BD-F6CC32483B34}
O42 - Logiciel: Microsoft LifeCam - (.Microsoft Corporation.) [HKLM] -- {6965A8D2-465D-4F98-9FAA-0E9E2348F329}
O42 - Logiciel: Microsoft Office Office 64-bit Components 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002A-0000-1000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Shared 64-bit MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002A-040C-1000-0000000FF1CE}
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {B6E3757B-5E77-3915-866A-CCFC4B8D194C}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable (x64) - (.Microsoft Corporation.) [HKLM] -- {071c9b48-7c32-4621-a0ac-3f809523288f}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable (x64) - (.Microsoft Corporation.) [HKLM] -- {6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {8220EEFE-38CD-377E-8595-13398D740ACE}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - fra
O42 - Logiciel: Octoshape add-in for Adobe Flash Player - (.Pas de propriétaire.) [HKCU] -- Octoshape add-in for Adobe Flash Player
O42 - Logiciel: Windows Live Family Safety - (.Microsoft Corporation.) [HKLM] -- {46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}
O42 - Logiciel: Windows Live Family Safety - (.Microsoft Corporation.) [HKLM] -- {FE4BE0BD-1EDB-4D24-9614-847B3C472887}
O42 - Logiciel: Windows Live ID Sign-in Assistant - (.Microsoft Corporation.) [HKLM] -- {1B8ABA62-74F0-47ED-B18C-A43128E591B8}
O42 - Logiciel: Windows Live Language Selector - (.Microsoft Corporation.) [HKLM] -- {5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}
O42 - Logiciel: Windows Live MIME IFilter - (.Microsoft Corporation.) [HKLM] -- {DA54F80E-261C-41A2-A855-549A144F2F59}
O42 - Logiciel: Windows Live Remote Client - (.Microsoft Corporation.) [HKLM] -- {DF6D988A-EEA0-4277-AAB8-158E086E439B}
O42 - Logiciel: Windows Live Remote Client Resources - (.Microsoft Corporation.) [HKLM] -- {B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}
O42 - Logiciel: Windows Live Remote Service - (.Microsoft Corporation.) [HKLM] -- {E02A6548-6FDE-40E2-8ED9-119D7D7E641F}
O42 - Logiciel: Windows Live Remote Service Resources - (.Microsoft Corporation.) [HKLM] -- {5E2CD4FB-4538-4831-8176-05D653C3E6D4}

---\\ HKCU & HKLM Software Keys
[HKCU\Software\ASIO4ALL v2 by Wuschel]
[HKCU\Software\ASIO]
[HKCU\Software\ASProtect]
[HKCU\Software\ASUS]
[HKCU\Software\ATI Technologies Inc.]
[HKCU\Software\ATI]
[HKCU\Software\Ad-Remover]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow\Aurigma]
[HKCU\Software\AppDataLow\Software\DivX]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\Avira]
[HKCU\Software\Azureus]
[HKCU\Software\CDDB]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Corel]
[HKCU\Software\Crystal Dynamics]
[HKCU\Software\DT Soft]
[HKCU\Software\DVD Decrypter]
[HKCU\Software\Digital River]
[HKCU\Software\DivXNetworks]
[HKCU\Software\DivX]
[HKCU\Software\E-lab.Obsession]
[HKCU\Software\Electronic Arts]
[HKCU\Software\Freeware]
[HKCU\Software\GNU]
[HKCU\Software\Gabest]
[HKCU\Software\GameSpy]
[HKCU\Software\GeoVid]
[HKCU\Software\Google]
[HKCU\Software\Haali]
[HKCU\Software\IGA]
[HKCU\Software\IM Providers]
[HKCU\Software\Image-Line]
[HKCU\Software\JEDI-VCL]
[HKCU\Software\JaboSoft]
[HKCU\Software\JavaSoft]
[HKCU\Software\Lavalys]
[HKCU\Software\Lavasoft]
[HKCU\Software\MONOGRAM]
[HKCU\Software\Macromedia]
[HKCU\Software\MainConcept]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\ManiacTools]
[HKCU\Software\MediaInfo]
[HKCU\Software\Minnetonka Audio Software]
[HKCU\Software\Monolith Productions]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\N64 Emulation]
[HKCU\Software\Namida]
[HKCU\Software\Nero]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\OpenAutomate]
[HKCU\Software\Orange]
[HKCU\Software\Outsim]
[HKCU\Software\Policies]
[HKCU\Software\ProgSense]
[HKCU\Software\Rockstar Games]
[HKCU\Software\SOUNDGRAPH]
[HKCU\Software\SecuROM]
[HKCU\Software\SoftVoice]
[HKCU\Software\Sony Ericsson]
[HKCU\Software\SoulSeek]
[HKCU\Software\Steam]
[HKCU\Software\TouchStone Software]
[HKCU\Software\Trolltech]
[HKCU\Software\Ubisoft]
[HKCU\Software\Unlimited Possibilities]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\VSO]
[HKCU\Software\Valve]
[HKCU\Software\VirtualDJ]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\Winamp]
[HKCU\Software\Wow6432Node]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\Zattoo Inc.]
[HKCU\Software\Zattoo]
[HKCU\Software\Zylom]
[HKCU\Software\eMule]
[HKCU\Software\ej-technologies]
[HKCU\Software\flv2avi]
[HKCU\Software\flv2mp3]
[HKCU\Software\keyhole.com]
[HKCU\Software\madFlac]
[HKCU\Software\mquadr.at]
[HKCU\Software\nik multimedia]
[HKLM\Software\<company>]
[HKLM\Software\AMD]
[HKLM\Software\ASUS]
[HKLM\Software\ATI Technologies]
[HKLM\Software\ATI]
[HKLM\Software\Analog Devices]
[HKLM\Software\Audible]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\DivX]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\ODBC]
[HKLM\Software\Policies]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SonicFocus]
[HKLM\Software\Sonic]
[HKLM\Software\Wow6432Node]
Avatar de l’utilisateur
mddee
Maître Libellulien
Maître Libellulien
 
Messages: 571
Inscription: 29 Mar 2003 16:12

Re: TR/Spy.Gen

Messagepar mddee » 24 Jan 2011 18:29

---\\ Contenu des dossiers ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 17.05.2010 - 16:09:02 ----D- C:\Program Files\ATI
O43 - CFD: 17.05.2010 - 16:23:58 ----D- C:\Program Files\ATI Technologies
O43 - CFD: 17.05.2010 - 16:23:14 ----D- C:\Program Files\Common Files
O43 - CFD: 22.12.2010 - 10:57:04 ----D- C:\Program Files\DivX
O43 - CFD: 26.11.2008 - 21:32:26 -SH-D- C:\Program Files\Fichiers communs
O43 - CFD: 17.12.2010 - 03:20:00 ----D- C:\Program Files\Internet Explorer
O43 - CFD: 02.11.2006 - 16:07:28 ----D- C:\Program Files\Microsoft Games
O43 - CFD: 17.05.2010 - 17:16:52 ----D- C:\Program Files\Microsoft IntelliPoint
O43 - CFD: 20.11.2010 - 16:29:58 ----D- C:\Program Files\Microsoft LifeCam
O43 - CFD: 23.12.2008 - 08:34:34 ----D- C:\Program Files\Microsoft Office
O43 - CFD: 12.08.2010 - 02:20:10 ----D- C:\Program Files\Movie Maker
O43 - CFD: 02.11.2006 - 16:07:28 ----D- C:\Program Files\MSBuild
O43 - CFD: 02.11.2006 - 16:07:28 ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 02.11.2006 - 16:44:56 --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 27.11.2008 - 00:51:58 ----D- C:\Program Files\Windows Calendar
O43 - CFD: 24.09.2009 - 21:29:12 ----D- C:\Program Files\Windows Collaboration
O43 - CFD: 24.09.2009 - 21:29:10 ----D- C:\Program Files\Windows Defender
O43 - CFD: 24.09.2009 - 21:29:12 ----D- C:\Program Files\Windows Journal
O43 - CFD: 22.10.2010 - 20:25:00 ----D- C:\Program Files\Windows Live
O43 - CFD: 17.12.2010 - 03:20:00 ----D- C:\Program Files\Windows Mail
O43 - CFD: 14.10.2010 - 02:20:52 ----D- C:\Program Files\Windows Media Player
O43 - CFD: 26.11.2008 - 21:32:26 ----D- C:\Program Files\Windows NT
O43 - CFD: 24.09.2009 - 21:29:12 ----D- C:\Program Files\Windows Photo Gallery
O43 - CFD: 17.11.2009 - 18:45:24 ----D- C:\Program Files\Windows Portable Devices
O43 - CFD: 24.09.2009 - 21:29:12 ----D- C:\Program Files\Windows Sidebar
O43 - CFD: 17.05.2010 - 16:23:14 ----D- C:\Program Files\Common Files\ATI Technologies
O43 - CFD: 22.10.2010 - 20:24:28 ----D- C:\Program Files\Common Files\Microsoft Shared
O43 - CFD: 02.11.2006 - 14:33:54 ----D- C:\Program Files\Common Files\Services
O43 - CFD: 02.11.2006 - 14:33:54 ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 27.11.2008 - 00:51:56 ----D- C:\Program Files\Common Files\System
O43 - CFD: 06.10.2010 - 17:09:18 ----D- C:\ProgramData\Adobe
O43 - CFD: 21.06.2009 - 20:25:56 ----D- C:\ProgramData\Adobe Systems
O43 - CFD: 07.02.2009 - 05:41:22 ----D- C:\ProgramData\Apple
O43 - CFD: 05.09.2010 - 07:47:24 ----D- C:\ProgramData\Apple Computer
O43 - CFD: 02.11.2006 - 16:42:18 -SH-D- C:\ProgramData\Application Data
O43 - CFD: 17.05.2010 - 16:28:18 ----D- C:\ProgramData\ATI
O43 - CFD: 03.06.2009 - 03:36:38 ----D- C:\ProgramData\Avira
O43 - CFD: 12.12.2008 - 09:26:38 ----D- C:\ProgramData\Azureus
O43 - CFD: 26.11.2008 - 21:32:26 -SH-D- C:\ProgramData\Bureau
O43 - CFD: 28.10.2009 - 21:00:12 ----D- C:\ProgramData\BVRP Software
O43 - CFD: 11.12.2008 - 07:56:04 ----D- C:\ProgramData\Corel
O43 - CFD: 22.12.2008 - 15:20:12 ----D- C:\ProgramData\DAEMON Tools Lite
O43 - CFD: 02.11.2006 - 16:42:18 -SH-D- C:\ProgramData\Desktop
O43 - CFD: 22.12.2010 - 10:57:50 ----D- C:\ProgramData\DivX
O43 - CFD: 02.11.2006 - 16:42:18 -SH-D- C:\ProgramData\Documents
O43 - CFD: 24.03.2009 - 13:42:32 ----D- C:\ProgramData\Electronic Arts
O43 - CFD: 06.12.2008 - 17:15:36 ----D- C:\ProgramData\eMule
O43 - CFD: 26.11.2008 - 21:32:26 -SH-D- C:\ProgramData\Favoris
O43 - CFD: 02.11.2006 - 16:42:18 -SH-D- C:\ProgramData\Favorites
O43 - CFD: 24.01.2011 - 13:26:12 ----D- C:\ProgramData\Google Updater
O43 - CFD: 19.05.2010 - 07:24:16 ----D- C:\ProgramData\Lavasoft
O43 - CFD: 27.11.2008 - 13:19:52 ----D- C:\ProgramData\ma-config.com
O43 - CFD: 23.01.2011 - 19:01:24 ----D- C:\ProgramData\Malwarebytes
O43 - CFD: 19.02.2009 - 07:31:52 ----D- C:\ProgramData\Media Center Programs
O43 - CFD: 26.11.2008 - 21:32:26 -SH-D- C:\ProgramData\Menu Démarrer
O43 - CFD: 22.10.2010 - 20:25:36 -S--D- C:\ProgramData\Microsoft
O43 - CFD: 12.01.2011 - 22:02:20 ----D- C:\ProgramData\Microsoft Help
O43 - CFD: 26.11.2008 - 21:32:26 -SH-D- C:\ProgramData\Modèles
O43 - CFD: 12.12.2008 - 09:59:24 ----D- C:\ProgramData\Nero
O43 - CFD: 13.12.2008 - 06:58:54 ----D- C:\ProgramData\PopCap Games
O43 - CFD: 27.05.2010 - 20:48:10 -SH-D- C:\ProgramData\SecuROM
O43 - CFD: 28.10.2009 - 20:55:46 ----D- C:\ProgramData\Sony Ericsson
O43 - CFD: 09.01.2009 - 13:52:08 ----D- C:\ProgramData\Soulseek
O43 - CFD: 27.11.2008 - 13:43:04 ----D- C:\ProgramData\SOUNDGRAPH
O43 - CFD: 02.11.2006 - 16:42:18 -SH-D- C:\ProgramData\Start Menu
O43 - CFD: 13.12.2008 - 06:58:24 ----D- C:\ProgramData\Steam
O43 - CFD: 30.03.2010 - 18:20:50 ----D- C:\ProgramData\Sun
O43 - CFD: 02.11.2006 - 16:42:18 -SH-D- C:\ProgramData\Templates
O43 - CFD: 20.12.2008 - 09:42:38 ----D- C:\ProgramData\TrackMania
O43 - CFD: 01.05.2010 - 09:51:28 ----D- C:\ProgramData\Ubisoft
O43 - CFD: 28.02.2009 - 18:42:20 ----D- C:\ProgramData\vsosdk
O43 - CFD: 26.11.2008 - 23:58:44 ----D- C:\ProgramData\WLInstaller
O43 - CFD: 22.12.2008 - 16:36:18 ----D- C:\ProgramData\Zylom
O43 - CFD: 23.12.2008 - 18:20:10 ----D- C:\Users\GroOgie\AppData\Roaming\Ace
O43 - CFD: 22.06.2009 - 10:43:46 ----D- C:\Users\GroOgie\AppData\Roaming\Adobe
O43 - CFD: 06.09.2010 - 17:43:02 ----D- C:\Users\GroOgie\AppData\Roaming\Apowersoft
O43 - CFD: 26.11.2008 - 22:16:26 ----D- C:\Users\GroOgie\AppData\Roaming\ATI
O43 - CFD: 22.12.2010 - 11:50:56 ----D- C:\Users\GroOgie\AppData\Roaming\Avira
O43 - CFD: 07.03.2009 - 14:14:36 ----D- C:\Users\GroOgie\AppData\Roaming\Azureus
O43 - CFD: 08.01.2009 - 09:01:06 ----D- C:\Users\GroOgie\AppData\Roaming\Corel
O43 - CFD: 22.12.2008 - 15:20:50 ----D- C:\Users\GroOgie\AppData\Roaming\DAEMON Tools
O43 - CFD: 22.12.2008 - 15:21:24 ----D- C:\Users\GroOgie\AppData\Roaming\DAEMON Tools Lite
O43 - CFD: 22.12.2008 - 15:20:50 ----D- C:\Users\GroOgie\AppData\Roaming\DAEMON Tools Pro
O43 - CFD: 30.01.2009 - 05:56:32 ----D- C:\Users\GroOgie\AppData\Roaming\Deckadance
O43 - CFD: 27.07.2010 - 20:01:58 ----D- C:\Users\GroOgie\AppData\Roaming\Dell
O43 - CFD: 22.12.2010 - 12:24:22 ----D- C:\Users\GroOgie\AppData\Roaming\DivX
O43 - CFD: 21.08.2010 - 00:46:52 ----D- C:\Users\GroOgie\AppData\Roaming\dvdcss
O43 - CFD: 11.04.2010 - 08:58:26 ----D- C:\Users\GroOgie\AppData\Roaming\Facebook
O43 - CFD: 30.03.2009 - 09:09:08 ----D- C:\Users\GroOgie\AppData\Roaming\GeoVid
O43 - CFD: 25.08.2010 - 08:03:50 ----D- C:\Users\GroOgie\AppData\Roaming\GrabPro
O43 - CFD: 22.12.2008 - 16:36:20 ----D- C:\Users\GroOgie\AppData\Roaming\Identities
O43 - CFD: 22.12.2010 - 10:57:46 ----D- C:\Users\GroOgie\AppData\Roaming\Local
O43 - CFD: 26.11.2008 - 23:09:38 ----D- C:\Users\GroOgie\AppData\Roaming\Macromedia
O43 - CFD: 23.01.2011 - 19:01:36 ----D- C:\Users\GroOgie\AppData\Roaming\Malwarebytes
O43 - CFD: 02.11.2006 - 16:07:26 ----D- C:\Users\GroOgie\AppData\Roaming\Media Center Programs
O43 - CFD: 07.04.2009 - 16:17:22 ----D- C:\Users\GroOgie\AppData\Roaming\Media Player Classic
O43 - CFD: 21.09.2010 - 09:36:40 -S--D- C:\Users\GroOgie\AppData\Roaming\Microsoft
O43 - CFD: 20.12.2008 - 22:49:12 ----D- C:\Users\GroOgie\AppData\Roaming\Mozilla
O43 - CFD: 14.12.2008 - 12:31:10 ----D- C:\Users\GroOgie\AppData\Roaming\Nero
O43 - CFD: 01.12.2008 - 22:52:48 ----D- C:\Users\GroOgie\AppData\Roaming\OpenOffice.org
O43 - CFD: 25.08.2010 - 08:19:40 ----D- C:\Users\GroOgie\AppData\Roaming\Orbit
O43 - CFD: 25.08.2010 - 08:04:16 ----D- C:\Users\GroOgie\AppData\Roaming\ProgSense
O43 - CFD: 27.11.2008 - 01:54:26 R-H-D- C:\Users\GroOgie\AppData\Roaming\SecuROM
O43 - CFD: 26.08.2009 - 17:48:36 ----D- C:\Users\GroOgie\AppData\Roaming\SOUNDGRAPH
O43 - CFD: 26.11.2008 - 21:56:18 ----D- C:\Users\GroOgie\AppData\Roaming\TMP
O43 - CFD: 07.01.2011 - 09:30:28 ----D- C:\Users\GroOgie\AppData\Roaming\vlc
O43 - CFD: 14.01.2010 - 15:35:28 ----D- C:\Users\GroOgie\AppData\Roaming\Vso
O43 - CFD: 03.12.2008 - 16:25:42 ----D- C:\Users\GroOgie\AppData\Roaming\WinRAR
O43 - CFD: 22.12.2008 - 16:36:20 ----D- C:\Users\GroOgie\AppData\Roaming\Zylom
O43 - CFD: 28.04.2009 - 12:23:36 ----D- C:\Program Files (x86)\A Vampyre Story
O43 - CFD: 01.04.2009 - 16:15:58 ----D- C:\Program Files (x86)\Abdio
O43 - CFD: 29.12.2008 - 20:46:58 ----D- C:\Program Files (x86)\Activision
O43 - CFD: 23.01.2011 - 14:31:16 ----D- C:\Program Files (x86)\Ad-Remover
O43 - CFD: 21.06.2009 - 20:26:58 ----D- C:\Program Files (x86)\Adobe
O43 - CFD: 07.02.2009 - 05:41:22 ----D- C:\Program Files (x86)\Apple Software Update
O43 - CFD: 21.01.2009 - 13:39:38 ----D- C:\Program Files (x86)\ASIO4ALL v2
O43 - CFD: 26.11.2008 - 21:59:38 ----D- C:\Program Files (x86)\ASUS
O43 - CFD: 17.05.2010 - 16:12:58 ----D- C:\Program Files (x86)\ATI
O43 - CFD: 17.05.2010 - 16:24:24 ----D- C:\Program Files (x86)\ATI Technologies
O43 - CFD: 03.06.2009 - 03:36:38 ----D- C:\Program Files (x86)\Avira
O43 - CFD: 13.01.2009 - 11:48:02 ----D- C:\Program Files (x86)\AviSynth 2.5
O43 - CFD: 17.05.2009 - 11:54:00 ----D- C:\Program Files (x86)\AxBx
O43 - CFD: 22.10.2010 - 20:24:22 ----D- C:\Program Files (x86)\Bing Bar Installer
O43 - CFD: 21.09.2010 - 09:36:32 ----D- C:\Program Files (x86)\cablecom
O43 - CFD: 22.06.2009 - 10:35:38 ----D- C:\Program Files (x86)\Canon
O43 - CFD: 21.02.2009 - 09:21:22 ----D- C:\Program Files (x86)\CDex_150
O43 - CFD: 01.04.2009 - 16:13:14 ----D- C:\Program Files (x86)\Ciuly
O43 - CFD: 22.12.2010 - 10:56:52 ----D- C:\Program Files (x86)\Common Files
O43 - CFD: 08.01.2009 - 09:00:34 ----D- C:\Program Files (x86)\Corel
O43 - CFD: 26.11.2008 - 21:51:38 ----D- C:\Program Files (x86)\Creative
O43 - CFD: 14.03.2010 - 16:04:02 ----D- C:\Program Files (x86)\Custom-Strike
O43 - CFD: 22.12.2008 - 15:20:10 ----D- C:\Program Files (x86)\DAEMON Tools Lite
O43 - CFD: 22.12.2010 - 10:57:46 ----D- C:\Program Files (x86)\DivX
O43 - CFD: 02.04.2009 - 13:54:08 ----D- C:\Program Files (x86)\Easy MP3 Cutter
O43 - CFD: 20.03.2009 - 18:03:16 ----D- C:\Program Files (x86)\Electronic Arts
O43 - CFD: 06.12.2008 - 17:15:24 ----D- C:\Program Files (x86)\eMule
O43 - CFD: 20.03.2009 - 07:26:14 ----D- C:\Program Files (x86)\Enlight
O43 - CFD: 28.11.2008 - 23:12:44 ----D- C:\Program Files (x86)\GameSpy
O43 - CFD: 28.09.2010 - 11:56:20 ----D- C:\Program Files (x86)\Google
O43 - CFD: 07.02.2009 - 05:39:42 ----D- C:\Program Files (x86)\IK Multimedia
O43 - CFD: 18.02.2009 - 06:18:30 ----D- C:\Program Files (x86)\Image-Line
O43 - CFD: 01.05.2010 - 09:50:54 --H-D- C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD: 26.11.2008 - 23:14:28 ----D- C:\Program Files (x86)\Intel
O43 - CFD: 17.12.2010 - 03:20:00 ----D- C:\Program Files (x86)\Internet Explorer
O43 - CFD: 11.01.2011 - 16:41:26 ----D- C:\Program Files (x86)\Java
O43 - CFD: 05.09.2010 - 21:32:46 ----D- C:\Program Files (x86)\K-Lite Codec Pack
O43 - CFD: 22.12.2008 - 17:18:20 ----D- C:\Program Files (x86)\Kyodai Mahjongg
O43 - CFD: 28.11.2008 - 07:08:12 ----D- C:\Program Files (x86)\Lavalys
O43 - CFD: 19.05.2010 - 07:24:24 ----D- C:\Program Files (x86)\Lavasoft
O43 - CFD: 23.01.2011 - 19:01:24 ----D- C:\Program Files (x86)\Malwarebytes' Anti-Malware
O43 - CFD: 26.11.2008 - 21:55:56 ----D- C:\Program Files (x86)\Marvell
O43 - CFD: 06.10.2009 - 06:44:10 ----D- C:\Program Files (x86)\Microsoft
O43 - CFD: 03.12.2008 - 11:40:10 ----D- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
O43 - CFD: 20.11.2010 - 16:29:58 ----D- C:\Program Files (x86)\Microsoft LifeCam
O43 - CFD: 23.12.2008 - 08:36:58 ----D- C:\Program Files (x86)\Microsoft Office
O43 - CFD: 07.01.2011 - 11:10:28 ----D- C:\Program Files (x86)\Microsoft Silverlight
O43 - CFD: 22.10.2010 - 20:26:58 ----D- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
O43 - CFD: 23.12.2008 - 08:36:56 ----D- C:\Program Files (x86)\Microsoft Visual Studio
O43 - CFD: 23.12.2008 - 08:34:28 ----D- C:\Program Files (x86)\Microsoft Visual Studio 8
O43 - CFD: 01.05.2009 - 15:36:12 ----D- C:\Program Files (x86)\Microsoft Works
O43 - CFD: 30.06.2010 - 10:12:24 ----D- C:\Program Files (x86)\Microsoft.NET
O43 - CFD: 18.02.2009 - 06:34:34 ----D- C:\Program Files (x86)\Morphine
O43 - CFD: 10.12.2010 - 07:58:08 ----D- C:\Program Files (x86)\Mozilla Firefox
O43 - CFD: 23.12.2008 - 08:37:08 ----D- C:\Program Files (x86)\MSBuild
O43 - CFD: 22.10.2010 - 20:21:38 ----D- C:\Program Files (x86)\MSN Toolbar
O43 - CFD: 28.11.2008 - 19:35:34 ----D- C:\Program Files (x86)\MSXML 4.0
O43 - CFD: 12.12.2008 - 10:07:38 ----D- C:\Program Files (x86)\Nero
O43 - CFD: 20.12.2008 - 22:45:22 ----D- C:\Program Files (x86)\OpenAL
O43 - CFD: 23.12.2008 - 08:29:04 ----D- C:\Program Files (x86)\OpenOffice.org 3
O43 - CFD: 21.01.2009 - 13:38:58 ----D- C:\Program Files (x86)\Outsim
O43 - CFD: 06.11.2009 - 18:52:00 ----D- C:\Program Files (x86)\Project64 1.6
O43 - CFD: 05.09.2010 - 07:47:44 ----D- C:\Program Files (x86)\QuickTime
O43 - CFD: 02.11.2006 - 16:07:28 ----D- C:\Program Files (x86)\Reference Assemblies
O43 - CFD: 13.01.2009 - 11:48:36 ----D- C:\Program Files (x86)\Ripp-it_AM
O43 - CFD: 08.04.2009 - 15:04:18 ----D- C:\Program Files (x86)\Sagasoft
O43 - CFD: 28.11.2008 - 07:00:26 ----D- C:\Program Files (x86)\SIW
O43 - CFD: 30.03.2009 - 09:27:06 ----D- C:\Program Files (x86)\Smallvideosoft
O43 - CFD: 28.10.2009 - 20:55:46 ----D- C:\Program Files (x86)\Sony Ericsson
O43 - CFD: 26.08.2009 - 18:10:02 ----D- C:\Program Files (x86)\SOUNDGRAPH
O43 - CFD: 24.01.2011 - 16:48:04 ----D- C:\Program Files (x86)\Steam
O43 - CFD: 23.12.2008 - 18:18:24 ----D- C:\Program Files (x86)\THQ
O43 - CFD: 01.05.2010 - 09:50:54 ----D- C:\Program Files (x86)\UBISOFT
O43 - CFD: 02.11.2006 - 16:36:08 --H-D- C:\Program Files (x86)\Uninstall Information
O43 - CFD: 28.11.2008 - 07:53:40 ----D- C:\Program Files (x86)\VideoLAN
O43 - CFD: 02.06.2009 - 05:56:44 ----D- C:\Program Files (x86)\VirtualDJ
O43 - CFD: 15.01.2009 - 10:24:52 ----D- C:\Program Files (x86)\VSO
O43 - CFD: 23.01.2011 - 20:01:58 ----D- C:\Program Files (x86)\VstPlugins
O43 - CFD: 07.03.2009 - 09:43:48 ----D- C:\Program Files (x86)\Vuze
O43 - CFD: 24.09.2009 - 21:29:10 ----D- C:\Program Files (x86)\Windows Calendar
O43 - CFD: 27.11.2008 - 00:51:58 ----D- C:\Program Files (x86)\Windows Collaboration
O43 - CFD: 27.11.2008 - 00:51:58 ----D- C:\Program Files (x86)\Windows Defender
O43 - CFD: 22.10.2010 - 20:28:58 ----D- C:\Program Files (x86)\Windows Live
O43 - CFD: 21.01.2009 - 13:42:52 ----D- C:\Program Files (x86)\Windows Live Safety Center
O43 - CFD: 17.12.2010 - 03:20:00 ----D- C:\Program Files (x86)\Windows Mail
O43 - CFD: 14.10.2010 - 02:20:52 ----D- C:\Program Files (x86)\Windows Media Player
O43 - CFD: 02.11.2006 - 16:07:28 ----D- C:\Program Files (x86)\Windows NT
O43 - CFD: 24.09.2009 - 21:29:10 ----D- C:\Program Files (x86)\Windows Photo Gallery
O43 - CFD: 17.11.2009 - 18:45:24 ----D- C:\Program Files (x86)\Windows Portable Devices
O43 - CFD: 24.09.2009 - 21:29:10 ----D- C:\Program Files (x86)\Windows Sidebar
O43 - CFD: 27.11.2008 - 08:32:34 ----D- C:\Program Files (x86)\WinRAR
O43 - CFD: 27.11.2008 - 14:19:16 ----D- C:\Program Files (x86)\Zattoo
O43 - CFD: 18.05.2010 - 14:23:52 ----D- C:\Program Files (x86)\Zattoo4
O43 - CFD: 24.01.2011 - 18:18:52 ----D- C:\Program Files (x86)\ZHPDiag
O43 - CFD: 22.12.2008 - 17:18:12 ----D- C:\Program Files (x86)\Zylom Games
O43 - CFD: 17.05.2010 - 16:23:14 ----D- C:\Program Files\Common Files\ATI Technologies
O43 - CFD: 22.10.2010 - 20:24:28 ----D- C:\Program Files\Common Files\Microsoft Shared
O43 - CFD: 02.11.2006 - 14:33:54 ----D- C:\Program Files\Common Files\Services
O43 - CFD: 02.11.2006 - 14:33:54 ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 27.11.2008 - 00:51:56 ----D- C:\Program Files\Common Files\System


---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.9CED1700D64D6E7500DCFD7E70EE1700] - 24.01.2011 - 18:12:57 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\WindowsUpdate.log [1588189]
O44 - LFC:[MD5.16BC05E7889B3F60D8921B1F93673538] - 24.01.2011 - 17:36:41 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysNative\PerfStringBackup.INI [1697616]
O44 - LFC:[MD5.8F40FCD4678B1393D9A9E1D577DC1FFD] - 24.01.2011 - 17:36:41 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysNative\perfc009.dat [130758]
O44 - LFC:[MD5.93EF171562C8DEB99E53B32AEEFC8FE9] - 24.01.2011 - 17:36:41 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysNative\perfc00C.dat [160540]
O44 - LFC:[MD5.DB759955785F51C3CDF5CF129BBFCF76] - 24.01.2011 - 17:36:41 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysNative\perfh009.dat [659162]
O44 - LFC:[MD5.675D095E19E3AB257C5E2DC1A7D3120E] - 24.01.2011 - 17:36:41 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysNative\perfh00C.dat [751800]
O44 - LFC:[MD5.4956663F62788023FEAA63E86F8DCAAD] - 24.01.2011 - 05:37:42 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.A76760D1C5C441FBF98CB79848E0988E] - 23.01.2011 - 20:03:53 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\aaw7boot.log [24887]
O44 - LFC:[MD5.A7926751E073B5E9930442A1DE7C5FDC] - 23.01.2011 - 14:32:14 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Ad-Report-CLEAN[1].txt [18005]
O44 - LFC:[MD5.0F13F5CC136FDEA92D0DA81CF172236D] - 22.01.2011 - 18:36:41 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\PFRO.log [25380]
O44 - LFC:[MD5.4547E1627547BB7C0103D0969FC08188] - 14.01.2011 - 08:35:13 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\DirectX.log [280244]


---\\ MountPoints2 Shell Key (MPSK) (O51)
O51 - MPSK:{0ad02165-8867-11de-b9a9-001fc6e51485}\Shell\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- L:\setup.exe (.not file.)


---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm


---\\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TS Single Sign On Security Package.) -- C:\Windows\system32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TS Single Sign On Security Package.) -- C:\Windows\system32\credssp.dll


---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=2
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0


---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "BindDirectlyToPropertySetStorage"=0


---\\ Liste des Drivers Système (SDL) (O58)
O58 - SDL:[MD5.9137451D37BA1C325CD6C2DEF3D2D692] - 02.11.2006 - 12:52:16 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [485480]
O58 - SDL:[MD5.01F80898DF5CC7DF19B3B11351846263] - 02.11.2006 - 12:51:59 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [339560]
O58 - SDL:[MD5.DA001DB13FFF45DFE9109936E265B7CC] - 02.11.2006 - 12:51:24 ---A- . (.Adaptec, Inc. - Adaptec LH Ultra160 Driver (X64).) -- C:\Windows\system32\drivers\adpu160m.sys [184424]
O58 - SDL:[MD5.2B10C35C5B7C5C0C28F572E035319602] - 02.11.2006 - 12:51:19 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\system32\drivers\adpu320.sys [178792]
O58 - SDL:[MD5.157D0898D4B73F075CE9FA26B482DF98] - 02.11.2006 - 13:00:19 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [15976]
O58 - SDL:[MD5.2E8623F2FED998A97129A3DB919551C8] - 02.11.2006 - 13:03:49 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [76392]
O58 - SDL:[MD5.741A003C041A3EC480A2E71AF71E9654] - 02.11.2006 - 13:03:49 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [76392]
O58 - SDL:[MD5.6936198F2CC25B39CF5262436C80DF46] - 31.10.2006 - 16:23:42 ---A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\Windows\system32\drivers\ASACPI.sys [15680]
O58 - SDL:[MD5.19AAA5FA3A9804B8722F7B95649FB6C9] - 28.01.2010 - 15:33:34 ---A- . (.ATI Technologies, Inc. - ATI High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\AtiHdmi.sys [114176]
O58 - SDL:[MD5.9C0BA1E5195075D2908FDCE1B3F3B902] - 10.02.2010 - 23:47:56 ---A- . (.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) -- C:\Windows\system32\drivers\atikmdag.sys [6377472]
O58 - SDL:[MD5.1FCD6862762D74E47417FD94433EFC69] - 10.02.2010 - 22:31:26 ---A- . (.Advanced Micro Devices, Inc. - AMD multi-vendor Miniport Driver.) -- C:\Windows\system32\drivers\atikmpag.sys [186880]
O58 - SDL:[MD5.9C0BA1E5195075D2908FDCE1B3F3B902] - 10.02.2010 - 23:47:56 ---A- . (.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) -- C:\Windows\system32\drivers\atipmdag.sys [6377472]
O58 - SDL:[MD5.39C2E2870FC0C2AE0595B883CBE716B4] - 22.12.2010 - 11:51:36 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\Windows\system32\drivers\avgntflt.sys [83120]
O58 - SDL:[MD5.C98FA6E5AD0E857D22716BD2B8B1F399] - 17.08.2010 - 13:39:11 ---A- . (.Avira GmbH - Avira Driver for Security Enhancement.) -- C:\Windows\system32\drivers\avipbb.sys [116568]
O58 - SDL:[MD5.F09EEE9EDC320B5E1501F749FDE686C8] - 18.09.2006 - 22:30:15 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [18432]
O58 - SDL:[MD5.B114D3098E9BDB8BEA8B053685831BE6] - 18.09.2006 - 22:30:15 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [8704]
O58 - SDL:[MD5.F0F0BA4D815BE446AA6A4583CA3BCA9B] - 02.11.2006 - 09:43:25 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [86528]
O58 - SDL:[MD5.A6ECA2151B08A09CACECA35C07F05B42] - 18.09.2006 - 22:30:18 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [47104]
O58 - SDL:[MD5.B79968002C277E869CF38BD22CD61524] - 18.09.2006 - 22:30:18 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [14976]
O58 - SDL:[MD5.A87528880231C54E75EA7A44943B38BF] - 19.09.2006 - 12:42:33 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [14720]
O58 - SDL:[MD5.E5D5499A1C50A54B5161296B6AFE6192] - 02.11.2006 - 13:00:48 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [18024]
O58 - SDL:[MD5.222CB641B4B8A1D1126F8033F9FD6A00] - 02.11.2006 - 12:50:06 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys [88168]
O58 - SDL:[MD5.D57FE09B575545738A73A0C193D0616A] - 18.09.2006 - 22:27:18 ---A- . (.Intel Corporation - Intel(R) PRO/1000 Adapter NDIS 6 deserialized driver.) -- C:\Windows\system32\drivers\E1G6032E.sys [141824]
O58 - SDL:[MD5.3D6298AFF3FE06C0616CE5D090A3EEAA] - 02.11.2006 - 12:52:07 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [368232]
O58 - SDL:[MD5.8EDC820115DF1E04763B2923676EA5B2] - 02.11.2006 - 13:02:37 ---A- . (.Hewlett-Packard Company - Smart Array Storport Driver.) -- C:\Windows\system32\drivers\HpCISSs.sys [43112]
O58 - SDL:[MD5.72C3EE7EA3CD75A772E62AE0E5DF8B8C] - 02.11.2006 - 12:51:48 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver (base).) -- C:\Windows\system32\drivers\iaStorV.sys [280680]
O58 - SDL:[MD5.8C3951AD2FE886EF76C7B5027C3125D3] - 02.11.2006 - 13:02:39 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [44648]
O58 - SDL:[MD5.63C766CDC609FF8206CB447A65ABBA4A] - 02.11.2006 - 13:02:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\system32\drivers\iteatapi.sys [37480]
O58 - SDL:[MD5.1281FE73B17664631D12F643CBEA3F59] - 02.11.2006 - 13:02:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\system32\drivers\iteraid.sys [37480]
O58 - SDL:[MD5.3C46290F7A5D45BA6EF32C248E22AA69] - 05.06.2010 - 07:30:24 ---A- . (.Lavasoft AB - Boot Driver.) -- C:\Windows\system32\drivers\Lbd.sys [69152]
O58 - SDL:[MD5.1572F8D999C0AB4376AFDCE058A78DF9] - 02.11.2006 - 13:03:56 ---A- . (.LSI Logic - LSI Logic Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [78440]
O58 - SDL:[MD5.64470979C3E3C9FF60EDFB5230C56E0E] - 02.11.2006 - 13:03:56 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [78440]
O58 - SDL:[MD5.4CED7D3B54BFC5BBAE75C4A73C7F7428] - 02.11.2006 - 13:04:02 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [78440]
O58 - SDL:[MD5.3D3C4B63F11F63F50253E734F0ACE9F2] - 20.12.2010 - 18:08:40 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys [24152]
O58 - SDL:[MD5.2F631C2939D5F2E8958935EE701D70D7] - 02.11.2006 - 13:01:55 ---A- . (.LSI Logic Corporation - MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x.) -- C:\Windows\system32\drivers\megasas.sys [32872]
O58 - SDL:[MD5.3C200630A89EF2C0864D515B7A75802E] - 02.11.2006 - 13:02:24 ---A- . (.LSI Logic Corporation - MegaRAID RAID Controller Driver for Windows Vista/Longhorn for.) -- C:\Windows\system32\drivers\Mraid35x.sys [39016]
O58 - SDL:[MD5.4AC08BD6AF2DF42E0C3196D826C8AEA7] - 02.11.2006 - 13:03:03 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [51816]
O58 - SDL:[MD5.840EEB44DC49317A6161961F7682CD99] - 02.11.2006 - 12:50:24 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [112744]
O58 - SDL:[MD5.94C5334040A5D500897F4C5FD12AEEDE] - 02.11.2006 - 13:02:51 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [48232]
O58 - SDL:[MD5.AF7CE12C4F3DC8CB2B07685C916BBCFE] - 15.01.2009 - 10:24:54 ---A- . (.VSO Software - low level access layer for CD/DVD/BD devices.) -- C:\Windows\system32\drivers\pcouffin.sys [82816]
O58 - SDL:[MD5.E9158FA6923E80BD57CF068CE9CDDAA2] - 03.04.2007 - 09:30:14 ---A- . (.Philips Semiconductors GmbH - Ph3xIBxx.) -- C:\Windows\system32\drivers\Ph3xIB64.sys [1418112]
O58 - SDL:[MD5.4A29D25704917161BAD9B4659A248DFD] - 02.11.2006 - 12:52:27 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [990312]
O58 - SDL:[MD5.E1C80F8D4D1E39EF9595809C1369BF2A] - 02.11.2006 - 12:50:27 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [124008]
O58 - SDL:[MD5.EA268BCE30691C2DD24F02E617FD2EB5] - 16.05.2008 - 12:32:56 ---A- . (.MCCI Corporation - Sony Ericsson Device 0016 Driver.) -- C:\Windows\system32\drivers\s0016bus.sys [115240]
O58 - SDL:[MD5.41BDDE57907CA92D438E4C3C8B4C33EC] - 16.05.2008 - 12:32:58 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\Windows\system32\drivers\s0016cm.sys [14888]
O58 - SDL:[MD5.41BDDE57907CA92D438E4C3C8B4C33EC] - 16.05.2008 - 12:32:58 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\Windows\system32\drivers\s0016cmnt.sys [14888]
O58 - SDL:[MD5.4EDEAA70224D40990A9BE6091E762168] - 16.05.2008 - 12:33:02 ---A- . (.MCCI Corporation - Sony Ericsson Device 0016 USB Ethernet Emulation (WDM class reg.) -- C:\Windows\system32\drivers\s0016cr.sys [13864]
O58 - SDL:[MD5.F5F9DEB89996D333EF976624D37E24E3] - 16.05.2008 - 12:33:04 ---A- . (.MCCI Corporation - Sony Ericsson Device 0016 USB WMC Modem Filter Driver.) -- C:\Windows\system32\drivers\s0016mdfl.sys [19496]
O58 - SDL:[MD5.C17CE2AEE67480FEBCC36ECCB54C0BE8] - 16.05.2008 - 12:33:06 ---A- . (.MCCI Corporation - Sony Ericsson Device 0016 USB WMC Modem WDM Driver.) -- C:\Windows\system32\drivers\s0016mdm.sys [158760]
O58 - SDL:[MD5.CC267F04C54C5EC5B7BD658D7628469F] - 16.05.2008 - 12:33:06 ---A- . (.MCCI Corporation - Sony Ericsson Device 0016 USB WMC Device Management Driver.) -- C:\Windows\system32\drivers\s0016mgmt.sys [137256]
O58 - SDL:[MD5.30A35BBCE09D9FE67482FD62C61911FC] - 16.05.2008 - 12:33:06 ---A- . (.MCCI Corporation - Sony Ericsson Device 0016 USB Ethernet Emulation (NDIS 5 Minipo.) -- C:\Windows\system32\drivers\s0016nd5.sys [34344]
O58 - SDL:[MD5.CA394DCC38579C7AD82E83EE64D798A0] - 16.05.2008 - 12:33:06 ---A- . (.MCCI Corporation - Sony Ericsson Device 0016 USB WMC OBEX Interface Device Driver.) -- C:\Windows\system32\drivers\s0016obex.sys [136744]
O58 - SDL:[MD5.EB267CCEA84E6E8598D92F73332AC67B] - 16.05.2008 - 12:33:06 ---A- . (.MCCI Corporation - Sony Ericsson Device 0016 USB Ethernet Emulation.) -- C:\Windows\system32\drivers\s0016unic.sys [151592]
O58 - SDL:[MD5.07CACBFEF2226DEA608749439B2764E7] - 16.05.2008 - 12:33:06 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\Windows\system32\drivers\s0016wh.sys [15912]
O58 - SDL:[MD5.07CACBFEF2226DEA608749439B2764E7] - 16.05.2008 - 12:33:06 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\Windows\system32\drivers\s0016whnt.sys [15912]
O58 - SDL:[MD5.4019149E4E296072831C8855605D9FDC] - 19.05.2010 - 07:30:24 ---A- . (.Sunbelt Software - Anti-Rootkit Engine.) -- C:\Windows\system32\drivers\SBREDrv.sys [95024]
O58 - SDL:[MD5.3EA8A16169C26AFBEB544E0E48421186] - 30.09.2006 - 00:51:44 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys [23040]
O58 - SDL:[MD5.EDE7A1D2715AAC2190D51DC07AFD44E3] - 09.01.2008 - 11:28:20 ---A- . (.Sony Ericsson Mobile Communications - seehcri Driver.) -- C:\Windows\system32\drivers\seehcri.sys [34032]
O58 - SDL:[MD5.08DDA16573FA44F8B13AFE74597AD2E5] - 02.11.2006 - 13:02:33 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\system32\drivers\sisraid2.sys [42600]
O58 - SDL:[MD5.C52259E9DAAF3890D572D87FFEE0979E] - 02.11.2006 - 13:03:44 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys [74856]
O58 - SDL:[MD5.9CED1700D64D6E7500DCFD7E70EE1700] - 22.12.2008 - 00:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\drivers\sptd.sys [868848]
O58 - SDL:[MD5.2F26A2C6FC96B29BEFF5D8ED74E6625B] - 02.11.2006 - 13:02:52 ---A- . (.LSI Logic - LSI Logic 8XX SCSI Miniport Driver.) -- C:\Windows\system32\drivers\symc8xx.sys [49256]
O58 - SDL:[MD5.A909667976D3BCCD1DF813FED517D837] - 02.11.2006 - 13:02:37 ---A- . (.LSI Logic - LSI Logic Hi-Perf SCSI Miniport Driver.) -- C:\Windows\system32\drivers\sym_hi.sys [44648]
O58 - SDL:[MD5.36887B56EC2D98B9C362F6AE4DE5B7B0] - 02.11.2006 - 13:02:47 ---A- . (.LSI Logic - LSI Logic Ultra160 SCSI Miniport Driver.) -- C:\Windows\system32\drivers\sym_u3.sys [48232]
O58 - SDL:[MD5.6030B68E86A30D1B315B51C4D7778B16] - 02.11.2006 - 12:51:49 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\system32\drivers\uliahci.sys [279656]
O58 - SDL:[MD5.31707F09846056651EA2C37858F5DDB0] - 02.11.2006 - 12:50:54 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\system32\drivers\ulsata.sys [148072]
O58 - SDL:[MD5.85E5E43ED5B48C8376281BAB519271B7] - 02.11.2006 - 12:51:19 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series x64 Windows Driver.) -- C:\Windows\system32\drivers\ulsata2.sys [174696]
O58 - SDL:[MD5.8294B6C3FDB6C33F24E150DE647ECDAA] - 02.11.2006 - 13:00:41 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys [18024]
O58 - SDL:[MD5.410AE2C141142C58BC617FC2C677F8B0] - 02.11.2006 - 12:50:37 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys [128104]
O58 - SDL:[MD5.2AE06B41B36549FABF0886B2AF89A599] - 06.12.2007 - 09:51:00 ---A- . (.Marvell - Miniport Driver for Marvell Yukon Ethernet Controller..) -- C:\Windows\system32\drivers\yk60x64.sys [391680]
O58 - SDL:[MD5.8065A7659562005127673AC52898675F] - 17.12.2007 - 10:14:12 R--A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysWOW64\drivers\AsIO.sys [14392]
O58 - SDL:[MD5.B979979AB8027F7F53FB16EC4229B7DB] - 10.09.1999 - 12:06:00 ---A- . (.Adaptec - ASPI for WIN32 Kernel Driver.) -- C:\Windows\SysWOW64\drivers\aspi32.sys [25244]
O58 - SDL:[MD5.2AD78087FF299D1596F0336749F84B1F] - 01.08.2007 - 04:39:28 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysWOW64\drivers\ASUSHWIO.SYS [12536]
O58 - SDL:[MD5.D68E165C3123ABA3B1282EDDB4213BD8] - 20.12.2010 - 18:09:00 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys [38224]
O58 - SDL:[MD5.20ED5DBEE3FB56FA7A272BE2A0970E58] - 13.02.2009 - 11:49:30 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\Windows\SysWOW64\drivers\ssmdrv.sys [28376]
O58 - SDL:[MD5.1A006963644C7FDE5BE60036F3A43E68] - 27.11.2008 - 10:26:19 ---A- . (.EnTech Taiwan - TVicHW32 driver for Windows XP 64-bit edition.) -- C:\Windows\SysWOW64\drivers\TVICHW64.SYS [21200]
O58 - SDL:[MD5.62D853061D9E69586FE10B14E73436E6] - 08.01.2009 - 08:52:10 RSH-- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysWOW64\1F3D0E23C3.sys [88]
O58 - SDL:[MD5.A59A6BEE485E6D2C740CE4DA3FEF79FE] - 12.01.2011 - 17:40:13 -SHA- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysWOW64\KGyGaAvL.sys [3818]


---\\ Liste des services Legacy (LALS) (O64)
O64 - Services: CurCS - C:\Windows\system32\drivers\afd.sys - Ancilliary Function Driver for Winsock (AFD) .(.Microsoft Corporation - Ancillary Function Driver for WinSock.) - LEGACY_AFD
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\atipmdag.sys - amdkmdag (amdkmdag) .(.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) - LEGACY_AMDKMDAG
O64 - Services: CurCS - C:\Windows\Syswow64\drivers\AsIO.sys - AsIO (AsIO) .(.Pas de propriétaire - Pas de description.) - LEGACY_ASIO
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\avgntflt.sys - avgntflt (avgntflt) .(.Avira GmbH - Avira Minifilter Driver.) - LEGACY_AVGNTFLT
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\avipbb.sys - avipbb (avipbb) .(.Avira GmbH - Avira Driver for Security Enhancement.) - LEGACY_AVIPBB
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\bowser.sys - Bowser (bowser) .(.Microsoft Corporation - NT Lan Manager Datagram Receiver Driver.) - LEGACY_BOWSER
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\cdfs.sys - CD/DVD File System Reader (cdfs) .(.Microsoft Corporation - CD-ROM File System Driver.) - LEGACY_CDFS
O64 - Services: CurCS - C:\Windows\System32\CLFS.sys - Common Log (CLFS) (CLFS) .(.Microsoft Corporation - Common Log File System Driver.) - LEGACY_CLFS
O64 - Services: CurCS - C:\Windows\System32\drivers\crcdisk.sys - Crcdisk Filter Driver (crcdisk) .(.Microsoft Corporation - Disk Block Verification Filter Driver.) - LEGACY_CRCDISK
O64 - Services: CurCS - C:\Windows\System32\Drivers\dfsc.sys - Dfs Client Driver (DfsC) .(.Microsoft Corporation - DFS Namespace Client Driver.) - LEGACY_DFSC
O64 - Services: CurCS - C:\Windows\system32\drivers\dxgkrnl.sys - LDDM Graphics Subsystem (DXGKrnl) .(.Microsoft Corporation - DirectX Graphics Kernel.) - LEGACY_DXGKRNL
O64 - Services: CurCS - C:\Windows\system32\Drivers\EXFAT.sys - (.not file.) - exFAT File System Driver (exfat) .(.Pas de propriétaire - Pas de description.) - LEGACY_EXFAT
O64 - Services: CurCS - C:\Windows\system32\Drivers\FASTFAT.sys - (.not file.) - FAT12/16/32 File System Driver (fastfat) .(.Pas de propriétaire - Pas de description.) - LEGACY_FASTFAT
O64 - Services: CurCS - C:\Windows\System32\drivers\fileinfo.sys - File Information FS MiniFilter (FileInfo) .(.Microsoft Corporation - FileInfo Filter Driver.) - LEGACY_FILEINFO
O64 - Services: CurCS - C:\Windows\System32\drivers\fltmgr.sys - FltMgr (FltMgr) .(.Microsoft Corporation - Gestionnaire de filtres de système de fichi.) - LEGACY_FLTMGR
O64 - Services: CurCS - C:\Windows\system32\Drivers\FS_REC.sys - Fs_Rec (Fs_Rec) .(.Pas de propriétaire - Pas de description.) - LEGACY_FS_REC
O64 - Services: CurCS - C:\Windows\System32\drivers\HTTP.sys - HTTP (HTTP) .(.Microsoft Corporation - HTTP Pile du protocole.) - LEGACY_HTTP
O64 - Services: CurCS - C:\Windows\System32\Drivers\ksecdd.sys - KSecDD (KSecDD) .(.Microsoft Corporation - Kernel Security Support Provider Interface.) - LEGACY_KSECDD
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\Lbd.sys - Lbd (Lbd) .(.Lavasoft AB - Boot Driver.) - LEGACY_LBD
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\lltdio.sys - Link-Layer Topology Discovery Mapper I/O Driver (lltdio) .(.Microsoft Corporation - Link-Layer Topology Mapper I/O Driver.) - LEGACY_LLTDIO
O64 - Services: CurCS - C:\Windows\system32\drivers\luafv.sys - UAC File Virtualization (luafv) .(.Microsoft Corporation - Pilote de filtre de virtualisation de fichi.) - LEGACY_LUAFV
O64 - Services: CurCS - C:\Windows\System32\drivers\modem.sys - modem (modem) .(.Microsoft Corporation - Pilote de périphérique modem.) - LEGACY_MODEM
O64 - Services: CurCS - C:\Windows\System32\drivers\mountmgr.sys - Mount Point Manager (MountMgr) .(.Microsoft Corporation - Mount Point Manager.) - LEGACY_MOUNTMGR
O64 - Services: CurCS - C:\Windows\system32\FirewallAPI.dll (mpsdrv) .(.Microsoft Corporation - API du Pare-feu Windows.) - LEGACY_MPSDRV
O64 - Services: CurCS - C:\Windows\system32\drivers\mrxdav.sys - WebDav Client Redirector Driver (MRxDAV) .(.Microsoft Corporation - Windows NT WebDav Minirdr.) - LEGACY_MRXDAV
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\mrxsmb.sys - SMB MiniRedirector Wrapper and Engine (mrxsmb) .(.Microsoft Corporation - Windows NT SMB Minirdr.) - LEGACY_MRXSMB
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\mrxsmb10.sys - SMB 1.x MiniRedirector (mrxsmb10) .(.Microsoft Corporation - Longhorn SMB Downlevel SubRdr.) - LEGACY_MRXSMB10
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\mrxsmb20.sys - SMB 2.0 MiniRedirector (mrxsmb20) .(.Microsoft Corporation - Longhorn SMB 2.0 Redirector.) - LEGACY_MRXSMB20
O64 - Services: CurCS - C:\Windows\system32\Drivers\MSFS.sys - Msfs (Msfs) .(.Pas de propriétaire - Pas de description.) - LEGACY_MSFS
O64 - Services: CurCS - C:\Windows\System32\drivers\msisadrv.sys - ISA/EISA Class Driver (msisadrv) .(.Microsoft Corporation - ISA Driver.) - LEGACY_MSISADRV
O64 - Services: CurCS - C:\Windows\System32\Drivers\mup.sys - Mup (Mup) .(.Microsoft Corporation - Multiple UNC Provider driver.) - LEGACY_MUP
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\nwifi.sys - Filtre NativeWiFi (NativeWifiP) .(.Microsoft Corporation - NativeWiFi Miniport Driver.) - LEGACY_NATIVEWIFIP
O64 - Services: CurCS - C:\Windows\System32\drivers\ndis.sys - NDIS System Driver (NDIS) .(.Microsoft Corporation - NDIS 6.0 wrapper driver.) - LEGACY_NDIS
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\ndisuio.sys - NDIS mode utilisateur E/S Protocole (Ndisuio) .(.Microsoft Corporation - NDIS User mode I/O driver.) - LEGACY_NDISUIO
O64 - Services: CurCS - C:\Windows\system32\Drivers\NDPROXY.sys - NDProxy (NDProxy) .(.Pas de propriétaire - Pas de description.) - LEGACY_NDPROXY
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\netbios.sys - NetBIOS Interface (NetBIOS) .(.Microsoft Corporation - NetBIOS interface driver.) - LEGACY_NETBIOS
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\netbt.sys - NETBT (netbt) .(.Microsoft Corporation - MBT Transport driver.) - LEGACY_NETBT
O64 - Services: CurCS - C:\Windows\system32\Drivers\NPFS.sys - Npfs (Npfs) .(.Pas de propriétaire - Pas de description.) - LEGACY_NPFS
O64 - Services: CurCS - C:\Windows\System32\drivers\nsiproxy.sys - NSI proxy service (nsiproxy) .(.Microsoft Corporation - NSI Proxy.) - LEGACY_NSIPROXY
O64 - Services: CurCS - C:\Windows\system32\Drivers\NTFS.sys - Ntfs (Ntfs) .(.Pas de propriétaire - Pas de description.) - LEGACY_NTFS
O64 - Services: CurCS - C:\Windows\system32\Drivers\NULL.sys - Null (Null) .(.Pas de propriétaire - Pas de description.) - LEGACY_NULL
O64 - Services: CurCS - C:\Windows\System32\drivers\peauth.sys - PEAUTH (PEAUTH) .(.Microsoft Corporation - Protected Environment Authentication and Au.) - LEGACY_PEAUTH
O64 - Services: CurCS - C:\Windows\system32\drivers\pacer.sys (PSched) .(.Microsoft Corporation - Planificateur de paquets QoS.) - LEGACY_PSCHED
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\rasacd.sys - Remote Access Auto Connection Driver (RasAcd) .(.Microsoft Corporation - RAS Automatic Connection Driver.) - LEGACY_RASACD
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\rdbss.sys - Redirected Buffering Sub Sysytem (rdbss) .(.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - LEGACY_RDBSS
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\RDPCDD.sys - RDPCDD (RDPCDD) .(.Microsoft Corporation - RDP Miniport.) - LEGACY_RDPCDD
O64 - Services: CurCS - C:\Windows\System32\drivers\rdpencdd.sys - RDP Encoder Mirror Driver (RDPENCDD) .(.Microsoft Corporation - RDP Miniport.) - LEGACY_RDPENCDD
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\rspndr.sys - Link-Layer Topology Discovery Responder (rspndr) .(.Microsoft Corporation - Link-Layer Topology Responder Driver for ND.) - LEGACY_RSPNDR
O64 - Services: CurCS - C:\Windows\system32\Drivers\SECDRV.sys - (.not file.) - Security Driver (secdrv) .(.Pas de propriétaire - Pas de description.) - LEGACY_SECDRV
O64 - Services: CurCS - C:\Windows\system32\tcpipcfg.dll (Smb) .(.Microsoft Corporation - Objets de configuration du réseau.) - LEGACY_SMB
O64 - Services: CurCS - C:\Windows\system32\Drivers\SPLDR.sys - (.not file.) - Security Processor Loader Driver (spldr) .(.Pas de propriétaire - Pas de description.) - LEGACY_SPLDR
O64 - Services: CurCS - C:\Windows\System32\Drivers\sptd.sys - sptd (sptd) .(.Pas de propriétaire - Pas de description.) - LEGACY_SPTD
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\srv.sys - srv (srv) .(.Microsoft Corporation - Server driver.) - LEGACY_SRV
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\srv2.sys - srv2 (srv2) .(.Microsoft Corporation - Smb 2.0 Server driver.) - LEGACY_SRV2
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\srvnet.sys - srvnet (srvnet) .(.Microsoft Corporation - Server Network driver.) - LEGACY_SRVNET
O64 - Services: CurCS - C:\Windows\system32\tcpipcfg.dll (Tcpip) .(.Microsoft Corporation - Objets de configuration du réseau.) - LEGACY_TCPIP
O64 - Services: CurCS - C:\Windows\System32\drivers\tcpipreg.sys - TCP/IP Registry Compatibility (tcpipreg) .(.Microsoft Corporation - TCP/IP Registry Compatibility Driver.) - LEGACY_TCPIPREG
O64 - Services: CurCS - C:\Windows\system32\tcpipcfg.dll (tdx) .(.Microsoft Corporation - Objets de configuration du réseau.) - LEGACY_TDX
O64 - Services: CurCS - (.not file.) - TVICHW64 (TVICHW64) .(.Pas de propriétaire - Pas de description.) - LEGACY_TVICHW64
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\udfs.sys - udfs (udfs) .(.Microsoft Corporation - UDF File System Driver.) - LEGACY_UDFS
O64 - Services: CurCS - C:\Windows\system32\drivers\vga.sys - VgaSave (VgaSave) .(.Microsoft Corporation - VGA/Super VGA Video Driver.) - LEGACY_VGASAVE
O64 - Services: CurCS - C:\Windows\System32\drivers\volmgrx.sys - Dynamic Volume Manager (volmgrx) .(.Microsoft Corporation - Volume Manager Extension Driver.) - LEGACY_VOLMGRX
O64 - Services: CurCS - C:\Windows\System32\drivers\volsnap.sys - Volumes de stockage (volsnap) .(.Microsoft Corporation - Pilote de cliché instantané du volume.) - LEGACY_VOLSNAP
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\wanarp.sys - Remote Access IPv6 ARP Driver (Wanarpv6) .(.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - LEGACY_WANARPV6
O64 - Services: CurCS - C:\Windows\System32\drivers\Wdf01000.sys - Kernel Mode Driver Frameworks service (Wdf01000) .(.Microsoft Corporation - WDF dynamique.) - LEGACY_WDF01000


---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe


---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe


---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://search.live.co
O69 - SBI: SearchScopes [HKCU] {7532CAD3-78DB-4669-9198-73681ECEDEB9} [DefaultScope] - (Google) - http://www.google.fr


---\\ Recherche particuliere à la racine de certains dossiers (SPRF) (O84)
[MD5.16E53BFC96CE14021C0E07EB1C198478] [SPRF] (.Pas de propriétaire - Pas de description.) -- C:\Users\GroOgie\AppData\Roaming\inst.exe [99384]
[MD5.AF7CE12C4F3DC8CB2B07685C916BBCFE] [SPRF] (.VSO Software - low level access layer for CD/DVD/BD devices.) -- C:\Users\GroOgie\AppData\Roaming\pcouffin.sys [82816]


---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 21.06.2009 72704 | (Adobe LM Service) . (.Adobe Systems.) - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
SR - | Auto 10.02.2010 202752 | (AMD External Events Utility) . (.AMD.) - C:\Windows\system32\atiesrxx.exe
SR - | Auto 17.08.2010 135336 | (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 22.12.2010 267944 | (AntiVirService) . (.Avira GmbH.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SS - | Demand 22.12.2010 0 | Service d'état ASP.NET (aspnet_state) . (.Pas de propriétaire.) - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
SS - | Auto 22.12.2010 0 | (dwil) . (.Pas de propriétaire.) - ll32.exe
SS - | Auto 21.04.2009 133104 | (gupdate1c9c2acc7a12a0) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 21.04.2009 183280 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 04.04.2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SR - | Auto 30.06.2010 1352832 | (Lavasoft Ad-Aware Service) . (.Lavasoft.) - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
SR - | Auto 24.09.2008 935208 | Nero BackItUp Scheduler 4.0 (Nero BackItUp Scheduler 4.0) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
SR - | Auto 30.04.2009 90112 | (OMSI download service) . (.Pas de propriétaire.) - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
SR - | Auto 30.04.2009 0 | (PnkBstrA) . (.Pas de propriétaire.) - C:\Windows\system32\PnkBstrA.exe
SR - | Auto 05.06.2007 177704 | (ProtexisLicensing) . (.Pas de propriétaire.) - C:\Windows\SysWOW64\PSIService.exe
SS - | Demand 13.01.2011 407336 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SR - | Auto 19.01.2008 27648 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\system32\svchost.exe


---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net
Run by GroOgie at 24.01.2011 18:19:49

device: opened successfully
user: error reading MBR

Disk trace:
error: Read Descripteur non valide
kernel: error reading MBR


---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by GroOgie at 24.01.2011 18:19:49
Use the desktop link 'MBRCheck' to have full report




---\\ Liste des émulateurs de CD/DVD (Hook du MBR)
O58 - SDL:[MD5.AF7CE12C4F3DC8CB2B07685C916BBCFE] - 15.01.2009 - 10:24:54 ---A- . (.VSO Software - low level access layer for CD/DVD/BD devices.) -- C:\Windows\system32\drivers\pcouffin.sys [82816]
O58 - SDL:[MD5.9CED1700D64D6E7500DCFD7E70EE1700] - 22.12.2008 - 00:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\drivers\sptd.sys [868848]



End of the scan (920 lines in 01mn 06s)(0)
Avatar de l’utilisateur
mddee
Maître Libellulien
Maître Libellulien
 
Messages: 571
Inscription: 29 Mar 2003 16:12

Re: TR/Spy.Gen

Messagepar Florinator » 25 Jan 2011 10:00

Bonjour,

Ok, on va finir:

Télécharge TFC crée par OldTimer

  • Double clique dessus pour le lancer. (Note: Si tu es sous Vista, fais un clique droit sur le fichier et choisis "Exécuter en tant qu'Administrateur").
  • L'outil va fermer tous les programmes lors de son exécution, donc vérifies que tu ais sauvegardé tout ton travail en cours avant de commencer.
  • Clique sur le bouton "Start" pour lancer le processus.Laisse le programme s'exécuter sans l'interrompre.
  • Lorsqu'il a terminé, l'outil devrait faire redémarrer votre système. S'il ne le fait pas, fais redémarrer manuellement le PC toi même pour finir le nettoyage.


  • Clique droit sur l'icône ZHPFix
  • Sélectionne 'Exécuter en tant qu'administrateur' ou double clique dessus sur XP
  • Clique sur le A rougeImage.
  • Clique sur Nettoyer.
  • Fais redémarrer l'ordi pour terminer le nettoyage.


Il te faut supprimer tes points de restauration infectés, et recréer un point sain.

  • Va sur "Démarrer" puis clique droit sur "Ordinateur"
  • Selectionne "Propriété"
  • Ensuite dans le volet de gauche, clique sur " protection du système ".
  • Va dans « Points de restauration automatique » et décoche toutes les cases. Une alerte t' informera que tous les points vont être supprimés.
  • Clique sur « désactiver ».
  • Effectue l'opération inverse pour les réactiver


Penses à bien garder ton système à jour, pour cela tu peux utiliser Sécunia PSI

Fais attention aux toolbars qui s'installent trés facilement: http://www.libellules.ch/opt_out.php

Modifie ton 1er post et ajoute au titre [Résolu]

A++
Le savoir n'est utile que si il est transmis.
Avatar de l’utilisateur
Florinator
Maître Libellulien
Maître Libellulien
 
Messages: 661
Inscription: 28 Déc 2009 16:19

Re: TR/Spy.Gen [Résolu]

Messagepar mddee » 25 Jan 2011 19:17

hello.. un grand merci pour tout Florinator..

Tout a l'aire ok!

je peut désinstaller et effacer tout les ptits logs??

bye ++
Avatar de l’utilisateur
mddee
Maître Libellulien
Maître Libellulien
 
Messages: 571
Inscription: 29 Mar 2003 16:12

Re: TR/Spy.Gen [Résolu]

Messagepar Florinator » 25 Jan 2011 22:31

Oui tu peux, ainsi que toutes traces d'outils que nous avons utilisé.

A++
Le savoir n'est utile que si il est transmis.
Avatar de l’utilisateur
Florinator
Maître Libellulien
Maître Libellulien
 
Messages: 661
Inscription: 28 Déc 2009 16:19


Retourner vers Désinfections et demandes d'analyse

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 0 invités