[OK]Infecté par "Antivirus Pro 2010"

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Messagede Valérie » 02 Oct 2009, 18:21

Je signale juste que MalwareBytes ne parvient pas à éliminer ce fichier au reboot :
C:\Documents and Settings\Val\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.

Il est toujours présent.
Valérie
 
Messages: 41
Inscription: 13 Sep 2005, 14:26
Localisation: Région Centre

Messagede nickW » 04 Oct 2009, 00:50

Bonsoir,


La suite .....

Étape 1: The Avenger (de Swandog46), téléchargement
Télécharger The Avenger en cliquant sur ce lien: http://swandog46.geekstogo.com/avenger2/download.php
Enregistrer ce fichier sur le Bureau.
Extraire de l'archive avenger.zip le fichier avenger.exe et le placer sur le Bureau.


Étape 2: Création du fichier aven-1.txt
Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK
Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
Begin copying here:

Files to replace with dummy:
C:\WINDOWS\system32\drivers\rotscxirlnnbqt.sys
C:\Documents and Settings\All Users\Documents\ubukeg.bat
C:\WINDOWS\pecuxydy.reg
C:\Documents and Settings\All Users\Application Data\uqyjin.bin
C:\Documents and Settings\All Users\Application Data\bohi.bat
C:\Program Files\Fichiers communs\oloxoqyty.bin
C:\Documents and Settings\All Users\Application Data\izeritaguz.com
C:\WINDOWS\lixewew._sy
C:\WINDOWS\adaze.bat
C:\WINDOWS\xuxik.dll
C:\Documents and Settings\All Users\Application Data\hipiq.dat
C:\WINDOWS\ijoweje.bat
C:\WINDOWS\System32\acosiki.sys
C:\WINDOWS\System32\nyne.vbs
C:\Documents and Settings\All Users\Application Data\geqyfuhal.dat
C:\Documents and Settings\Val\Local Settings\Temp\nsrbgxod.bak

Drivers to disable:
rotscxdqypwbhw


Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom aven-1.txt
Fermer le Bloc-notes.

Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: Valérie.
si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 3: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image Norton 360
*- Faire un clic droit sur l'icône Norton 360 norton360 dans la SysBarre (à coté de l'horloge)
*- Cliquer sur Ouvrir la fenêtre des tâches et des paramètres
*- Dans la partie droite, dans la paragraphe Paramètres, cliquer sur Modifier les paramètres avancés
*- Cliquer sur Paramètres de protection contre les virus et les logiciels espions
*- Décocher la case située devant Activer Auto-Protect, puis cliquer sur le bouton Appliquer
*- Dans la fenêtre d'Alerte, choisir la durée de désactivation: En permanence, puis cliquer sur OK



Étape 4: The Avenger (de Swandog46), exécution
Fermer toutes les fenêtres de programme (il va y avoir redémarrage du PC).

Lancer The Avenger en cliquant sur son icône située sur le Bureau.

Cliquer sur OK sur le message d'avertissement.
Cliquer sur l'icône Image représentant un dossier jaune.

Il y a ouverture d'une nouvelle fenêtre "Open script file"
Dans cette fenêtre, naviguer jusqu'au Bureau et sélectionner (double clic) le fichier aven-1.txt

Le contenu du fichier aven-1.txt doit s'afficher dans la zone blanche (sous "Input script here:").

Ensuite cliquer sur le bouton Image "Execute" pour lancer l'exécution du script.

Cliquer sur "Oui" deux fois quand demandé (fenêtres "Confirm execution" et "First step completed").
Il va y avoir un ou deux redémarrages (avec une brève apparition d'une fenêtre de commande à fond noir).
En fin d'exécution, le rapport s'affichera dans le Bloc-notes.
Fermer le Bloc-notes.


Étape 5: RootRepeal (de AD)
Dans l'Explorateur, ouvrir le dossier RootRepeal
Faire un double clic sur RootRepeal.exe pour lancer l'outil.

Cliquer sur l'onglet Report (en bas de la fenêtre) comme ceci:
Image

Cliquer sur le bouton Scan
Image

Dans la nouvelle fenêtre Select Scan, cocher:
+ Drivers
+ Files
+ Processes
+ Hidden Services


Cliquer sur le bouton OK
Dans la nouvelle fenêtre Select Drives, cocher le lecteur système (dans ton cas, C:\)
Image

Cliquer sur le bouton OK pour lancer l'analyse

Note: Cette analyse prend un certain temps. NE PAS LANCER d'autres programmes tant qu'elle est active.

Lorsque l'analyse est terminée, le bouton Save Report sera disponible.
Image

Cliquer sur ce bouton Save Report et enregistrer le fichier rapport dans le dossier RootRepeal sous le nom RootRepeal-091003.txt

Ouvrir le menu File, cliquer sur Exit pour fermer le programme.


Étape 6: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 7: Résultats
Envoyer en réponse:
*- le rapport de The Avenger (contenu du fichier SystemDrive\avenger.txt)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de RootRepeal (contenu du fichier RootRepeal-091003.txt)
Ce rapport peut être très long. Bien vérifier qu'il est complet dans le message envoyé. Si nécessaire, le découper en plusieurs messages.


Dans ta réponse, n'oublie pas de donner le plus d'informations possible sur l'état du PC: amélioration / disparition / aggravation des symptômes d'infection.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede Valérie » 04 Oct 2009, 13:15

Bonjour nickw et mille mercis de m'accorder de ton temps Image

Un point sur l'état actuel de mon PC :
- Disparition totale des fenêtres d'alerte du pseudo Antivirus.
- Le processus inconnu qui se multipliait et monopolisait 100% de mon processeur toutes les 4mn a disparu. Je peux donc à nouveau travailler sur mes programmes sans être interrompue.
- Après les premiers nettoyages (ceux indiqués dans ce message) Norton 360 détectait toujours Antivirus Pro 2010 ainsi qu'un Packed.Generic.243. Les 2 ont été mis en quarantaine par 2 fois.
- Après la deuxième série de manips (celles indiquées dans ce message) Norton 360 ne détecte plus les menaces ci-dessus mais un Trojan Horse qui est mis en quarantaine et un Downloader, situé dans le dossier d'installation d'AntiVirus Pro 2010, dossier que j'ai supprimé depuis belle lurette.

- Une nouvelle analyse de Norton détecte 2 accès non autorisés qu'il bloque.
acteur : C:\WINDOWS\system32\ctfmon.exe
PID acteur : 1568
cible : C:\PROGRAM FILES\Norton360\Engine\3.5.2.11\ccSvcHst.exe
PID cible : 3056
action : ouvrir le jeton de processus

Le PC a l'air de fonctionner normalement mais Norton détecte régulièrement diverses menaces (Trojans, tentatives d'intrusion, downloaders, etc) qu'il ne parvient pas toujours à neutraliser.
Édit : Entre 12h et 19 h, N360 a détecté et bloqué 6 fois un Trojan Horse. :shock:

Rapport Avenger :

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\WINDOWS\system32\drivers\rotscxirlnnbqt.sys" not found!
Replacement with dummy of file "C:\WINDOWS\system32\drivers\rotscxirlnnbqt.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Documents and Settings\All Users\Documents\ubukeg.bat" replaced with dummy successfully.
File "C:\WINDOWS\pecuxydy.reg" replaced with dummy successfully.
File "C:\Documents and Settings\All Users\Application Data\uqyjin.bin" replaced with dummy successfully.
File "C:\Documents and Settings\All Users\Application Data\bohi.bat" replaced with dummy successfully.
File "C:\Program Files\Fichiers communs\oloxoqyty.bin" replaced with dummy successfully.
File "C:\Documents and Settings\All Users\Application Data\izeritaguz.com" replaced with dummy successfully.
File "C:\WINDOWS\lixewew._sy" replaced with dummy successfully.
File "C:\WINDOWS\adaze.bat" replaced with dummy successfully.
File "C:\WINDOWS\xuxik.dll" replaced with dummy successfully.
File "C:\Documents and Settings\All Users\Application Data\hipiq.dat" replaced with dummy successfully.
File "C:\WINDOWS\ijoweje.bat" replaced with dummy successfully.
File "C:\WINDOWS\System32\acosiki.sys" replaced with dummy successfully.
File "C:\WINDOWS\System32\nyne.vbs" replaced with dummy successfully.
File "C:\Documents and Settings\All Users\Application Data\geqyfuhal.dat" replaced with dummy successfully.
File "C:\Documents and Settings\Val\Local Settings\Temp\nsrbgxod.bak" replaced with dummy successfully.

Error: could not open driver "rotscxdqypwbhw"
Disablement of driver "rotscxdqypwbhw" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.
Valérie
 
Messages: 41
Inscription: 13 Sep 2005, 14:26
Localisation: Région Centre

Messagede Valérie » 04 Oct 2009, 13:17

Rapport RootRepeal :

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/10/04 11:39
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB425E000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xB863E000 Size: 8192 File Visible: No Signed: -
Status: -

Name: msjbatqo.sys
Image Path: msjbatqo.sys
Address: 0xB80A8000 Size: 61440 File Visible: No Signed: -
Status: -

Name: PCI_PNP5486
Image Path: \Driver\PCI_PNP5486
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB2CF7000 Size: 49152 File Visible: No Signed: -
Status: -

Name: speh.sys
Image Path: speh.sys
Address: 0xB7EA9000 Size: 1040384 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: SYMEFA.SYS
Image Path: SYMEFA.SYS
Address: 0xB7D61000 Size: 323584 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\Documents and Settings\LocalService\ntuser.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\NetworkService\ntuser.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Val\ntuser.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\calc.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\ntuser.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Val\Menu Démarrer\Programmes\Démarrage\scandisk.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Val\Menu Démarrer\Programmes\Démarrage\scandisk.lnk
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Démarrage\scandisk.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Démarrage\scandisk.lnk
Status: Invisible to the Windows API!

==EOF==
Valérie
 
Messages: 41
Inscription: 13 Sep 2005, 14:26
Localisation: Région Centre

Messagede nickW » 05 Oct 2009, 00:38

Bonsoir,


Quels sont les noms et emplacements des fichiers détectés par Norton360 comme "Trojan Horse" ou "downloader"?


Peux-tu effectuer un nouveau nettoyage avec MBAM:


Étape 1: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image Norton 360
*- Faire un clic droit sur l'icône Norton 360 norton360 dans la SysBarre (à coté de l'horloge)
*- Cliquer sur Ouvrir la fenêtre des tâches et des paramètres
*- Dans la partie droite, dans la paragraphe Paramètres, cliquer sur Modifier les paramètres avancés
*- Cliquer sur Paramètres de protection contre les virus et les logiciels espions
*- Décocher la case située devant Activer Auto-Protect, puis cliquer sur le bouton Appliquer
*- Dans la fenêtre d'Alerte, choisir la durée de désactivation: En permanence, puis cliquer sur OK



Étape 2: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher.
Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats".

Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection"
Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Étape 3: RootRepeal (de AD)
Dans l'Explorateur, ouvrir le dossier RootRepeal
Faire un double clic sur RootRepeal.exe pour lancer l'outil.

Cliquer sur l'onglet Report (en bas de la fenêtre) comme ceci:
Image

Cliquer sur le bouton Scan
Image

Dans la nouvelle fenêtre Select Scan, cocher:
+ Drivers
+ Files
+ Processes
+ SSDT
+ Stealth Objects
+ Hidden Services
+ Shadow SSDT

Image

Cliquer sur le bouton OK
Dans la nouvelle fenêtre Select Drives, cocher le lecteur système (dans ton cas, C:\)
Image

Cliquer sur le bouton OK pour lancer l'analyse

Note: Cette analyse prend un certain temps. NE PAS LANCER d'autres programmes tant qu'elle est active.

Lorsque l'analyse est terminée, le bouton Save Report sera disponible.
Image

Cliquer sur ce bouton Save Report et enregistrer le fichier rapport dans le dossier RootRepeal sous le nom RootRepeal-091004.txt

Ouvrir le menu File, cliquer sur Exit pour fermer le programme.


Étape 4: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 5: OTL (de OldTimer), analyse
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cocher (en haut) la case située devant Scan All Users:
Image

Puis cliquer sur le bouton Run Scan:
Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 6: Résultats
Envoyer en réponse:
*- le log de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-*-**-**** (**-**-**).txt situé dans le dossier SystemDrive\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs / *-**-**** (**-**-**) représente la date [mois-jour-année] et l'heure [hh-mn-ss])
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de RootRepeal (contenu du fichier RootRepeal-091004.txt)
Ce rapport peut être très long. Bien vérifier qu'il est complet dans le message envoyé. Si nécessaire, le découper en plusieurs messages.

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du log):
*- le rapport principal de OTL (contenu du fichier OTL.Txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede Valérie » 05 Oct 2009, 08:53

Image nickw
Je réponds à ta première question avant d'entamer la nouvelle série de nettoyages.
nickW a écrit:Quels sont les noms et emplacements des fichiers détectés par Norton360 comme "Trojan Horse" ou "downloader"?


Voici les seules infos disponibles dans l'historique de sécurité de N360.

Trojan Horse :
Zone affectée :
1 fichier
1 cache du navigateur

Détails :
C:\system volume information\_restore{c75d780b-5cd4-494e-ab96-5da2a6677439}\rp586\xxxxxxxx.dll (le nom du fichier .dll change à chaque détection mais je peux te donner ses divers noms si tu en as besoin)

Dowloader :
Zone affectée :
1 fichier
1 processus
1 cache du navigateur

Détails :
C:\program files\antiviruspro_2010.exe


N360 a systématiquement bloqué le cheval de Troie mais le problème du dowloader reste "non résolu" et "requiert une intervention manuelle" de ma part.
Le fichier antiviruspro_2010.exe est cependant introuvable à l'emplacement indiqué. Je pense l'avoir supprimé dès le début de mes problèmes.
Valérie
 
Messages: 41
Inscription: 13 Sep 2005, 14:26
Localisation: Région Centre

Messagede Valérie » 05 Oct 2009, 11:28

Image Encore moi !

Norton n'a plus détecté le cheval de Troie depuis hier 18h42.
Pas d'alerte aujourd'hui (ce qui ne me rassure pas vraiment, vu les performances de Norton ces derniers jours Image)
Le PC se comporte normalement.
Malwarebytes n'a rien trouvé et je n'ai donc pas eu à supprimer quoi que ce soit.

Rapport Malwarebytes :

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2908
Windows 5.1.2600 Service Pack 2

05-oct-2009 11:56:49
mbam-log-2009-10-05 (11-56-49).txt

Type de recherche: Examen rapide
Eléments examinés: 106271
Temps écoulé: 4 minute(s), 56 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Valérie
 
Messages: 41
Inscription: 13 Sep 2005, 14:26
Localisation: Région Centre

Messagede Valérie » 05 Oct 2009, 11:49

Pourquoi ce rapport est-il si long par rapport aux précédents rapports de RootRepeal ?
C'est parce que je suis de nouveau connectée au Net ?

Rapport RootRepeal :

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/10/05 12:32
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB4185000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xB85E0000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_PNP9540
Image Path: \Driver\PCI_PNP9540
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB3D3E000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spop.sys
Image Path: spop.sys
Address: 0xB7EA9000 Size: 1040384 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: SYMEFA.SYS
Image Path: SYMEFA.SYS
Address: 0xB7D61000 Size: 323584 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

SSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x8ab36050

#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x8a320070

#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a896c80

#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x8a82af48

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x8ab16990

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb45ef130

#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x8acc1350

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "<unknown>" at address 0x8a3110c8

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x8a2db158

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x8a2ce050

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb45ef3b0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb45ef910

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "<unknown>" at address 0x8a896580

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spop.sys" at address 0xb7ec7ca2

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spop.sys" at address 0xb7ec8030

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x8ab1c008

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x8a717098

#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x8a70b050

#: 097 Function Name: NtLoadDriver
Status: Hooked by "<unknown>" at address 0x8a8407f0

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x8a67e230

#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x8a719f90

#: 119 Function Name: NtOpenKey
Status: Hooked by "spop.sys" at address 0xb7eaa0c0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x8a2fd0c0

#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x8a6b8070

#: 125 Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0x8a83f790

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x8a2e92b8

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a6870c8

#: 160 Function Name: NtQueryKey
Status: Hooked by "spop.sys" at address 0xb7ec8108

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spop.sys" at address 0xb7ec7f88

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x8ab1fae0

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x8a32b070

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x8a681088

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "<unknown>" at address 0x8a2ce008

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb45efb60

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x8a83f850

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x8a2db070

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x8a4663d8

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x8a675248

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x8a342268

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x8ac64890

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x8ad461f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x8a47d500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x8a47d500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x8a47d500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x8a47d500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a47d500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a47d500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a47d500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x8a47d500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a47d500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a47d500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a47d500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a47d500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a47d500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a47d500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a47d500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a47d500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x8a47d500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x8a47d500 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x8ad471f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x8ad471f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ad471f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x8ad471f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ad471f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x8ad471f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x8aabe1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x8aabe1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x8aabe1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x8aabe1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8aabe1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8aabe1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8aabe1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8aabe1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x8aabe1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8aabe1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x8aabe1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]
Process: System Address: 0x8a2bc250 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]
Process: System Address: 0x8a2bc250 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]
Process: System Address: 0x8a2bc250 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]
Process: System Address: 0x8a2bc250 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a2bc250 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]
Process: System Address: 0x8a2bc250 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a2bc250 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]
Process: System Address: 0x8a2bc250 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x8acd71f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x8acd71f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x8acd71f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x8acd71f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8acd71f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8acd71f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8acd71f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8acd71f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x8acd71f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8acd71f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x8acd71f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x8aafb1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x8aafb1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8aafb1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8aafb1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x8aafb1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8aafb1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x8aafb1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x8ad481f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x8ad481f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x8ad481f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8ad481f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ad481f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ad481f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8ad481f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x8ad481f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x8ad481f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ad481f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x8ad481f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x8aa5e1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x8aa5e1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8aa5e1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8aa5e1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x8aa5e1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x8aa5e1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x8aace1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x8aace1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8aace1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8aace1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x8aace1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8aace1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x8aace1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x8a325500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8a325500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x8a325500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x8a325500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x8a325500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a325500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a325500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a325500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x8a325500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a325500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a325500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a325500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a325500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a325500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a325500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a325500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a325500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a325500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x8a325500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a325500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a325500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a325500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x8a325500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a325500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8a325500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a325500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a325500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x8a325500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ䵃慄ȁఅ瑎獆㠘, IRP_MJ_CREATE]
Process: System Address: 0x8a467500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ䵃慄ȁఅ瑎獆㠘, IRP_MJ_CLOSE]
Process: System Address: 0x8a467500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ䵃慄ȁఅ瑎獆㠘, IRP_MJ_READ]
Process: System Address: 0x8a467500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ䵃慄ȁఅ瑎獆㠘, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a467500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ䵃慄ȁఅ瑎獆㠘, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a467500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ䵃慄ȁఅ瑎獆㠘, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a467500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ䵃慄ȁఅ瑎獆㠘, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a467500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ䵃慄ȁఅ瑎獆㠘, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a467500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ䵃慄ȁఅ瑎獆㠘, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a467500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ䵃慄ȁఅ瑎獆㠘, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a467500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ䵃慄ȁఅ瑎獆㠘, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a467500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ䵃慄ȁఅ瑎獆㠘, IRP_MJ_CLEANUP]
Process: System Address: 0x8a467500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ䵃慄ȁఅ瑎獆㠘, IRP_MJ_PNP]
Process: System Address: 0x8a467500 Size: 121

Shadow SSDT
-------------------
#: 307 Function Name: NtUserAttachThreadInput
Status: Hooked by "<unknown>" at address 0x8a8a87c0

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "<unknown>" at address 0x8a89ae58

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "<unknown>" at address 0x8a8952e0

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "<unknown>" at address 0x8a89af30

#: 428 Function Name: NtUserGetRawInputData
Status: Hooked by "<unknown>" at address 0x8ab7bdd8

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "<unknown>" at address 0x8ab54dc8

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "<unknown>" at address 0x8ab56578

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "<unknown>" at address 0x8ab6c668

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "<unknown>" at address 0x8aab1238

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "<unknown>" at address 0x8ad3bb78

==EOF==
Valérie
 
Messages: 41
Inscription: 13 Sep 2005, 14:26
Localisation: Région Centre

Messagede Valérie » 05 Oct 2009, 11:51

Rapport OTL :

OTL logfile created on: 05-oct.-2009 12:10:48 - Run 3
OTL by OldTimer - Version 3.0.16.0 Folder = C:\Documents and Settings\Val\Bureau
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd-MMM-yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228,13 Gb Total Space | 165,48 Gb Free Space | 72,54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 37,30 Gb Total Space | 20,18 Gb Free Space | 54,10% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TRUQUINOU
Current User Name: Val
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009-05-01 00:30:18 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2007-06-13 15:22:28 | 01,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005-03-22 17:20:44 | 00,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2008-08-14 17:11:48 | 00,565,008 | ---- | M] () -- C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2005-09-08 06:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
PRC - [2009-07-13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2007-04-23 04:00:00 | 00,692,224 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2007-04-11 15:32:22 | 00,056,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
PRC - [2004-11-17 15:48:40 | 00,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
PRC - [2009-06-05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2006-10-09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005-08-05 16:38:38 | 00,103,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2003-11-12 02:05:00 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
PRC - [2008-07-26 08:23:42 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008-07-26 08:25:36 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2003-06-19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2009-09-17 01:19:17 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
PRC - [2005-08-05 14:16:40 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2009-07-13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008-07-26 08:23:42 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2009-09-17 01:19:17 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
PRC - [2009-09-28 00:36:20 | 00,518,144 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Val\Bureau\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009-06-05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008-07-25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005-08-03 22:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])
SRV - [2008-07-25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006-10-09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005-08-05 16:38:38 | 00,103,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2004-11-17 15:48:40 | 00,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService [Auto | Running])
SRV - [2003-11-12 02:05:00 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2 [Auto | Running])
SRV - [2008-07-29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2004-08-10 13:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007-06-04 23:14:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2007-06-04 23:14:50 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008-07-29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009-07-13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - File not found -- -- (LBTServ [On_Demand | Stopped])
SRV - [2008-07-26 08:23:42 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer [Auto | Running])
SRV - [2008-07-26 08:25:36 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
SRV - [2005-08-05 14:16:40 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2003-06-19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2004-08-10 08:30:26 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2009-09-17 01:19:17 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe -- (N360 [Auto | Running])
SRV - [2006-10-31 14:56:24 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2004-11-19 12:26:40 | 00,147,456 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2008-07-29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009-05-01 00:30:18 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (nvsvc [Auto | Running])
SRV - [2003-07-28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006-10-31 14:56:28 | 00,052,736 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2006-11-03 10:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2001-08-17 22:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2004-08-04 00:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001-08-17 22:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001-08-17 22:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2005-08-03 22:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])
DRV - [2008-07-01 21:59:08 | 00,278,984 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])
DRV - [2009-09-17 01:19:19 | 00,259,632 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\BHDrvx86.sys -- (BHDrvx86 [System | Running])
DRV - [2009-09-17 01:19:20 | 00,482,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\ccHPx86.sys -- (ccHP [System | Running])
DRV - [2001-08-23 18:04:44 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001-08-17 22:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2005-09-08 06:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2005-08-25 13:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2005-09-08 06:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
DRV - [2005-09-08 06:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2005-09-08 06:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2005-09-08 06:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2005-08-25 13:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
DRV - [2005-09-08 06:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2005-09-08 06:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2005-09-12 04:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2005-08-12 06:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2005-06-13 13:58:04 | 00,162,816 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2009-09-16 19:56:54 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2009-09-16 19:56:54 | 00,102,448 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2009-09-17 01:19:20 | 00,026,600 | R--- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2004-08-12 18:45:54 | 00,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007-03-08 06:20:48 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Running])
DRV - [2007-03-08 06:20:49 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
DRV - [2007-03-08 06:20:50 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Running])
DRV - [2009-09-10 22:10:19 | 00,329,080 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090916.003\IDSxpx86.sys -- (IDSxpx86 [System | Running])
DRV - [2007-04-11 15:32:52 | 00,034,832 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
DRV - [2007-05-05 13:45:51 | 00,018,048 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])
DRV - [2008-05-25 14:20:31 | 00,137,344 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\litsgt.sys -- (litsgt [Auto | Running])
DRV - [2007-04-11 15:32:58 | 00,036,112 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
DRV - [2007-04-11 15:33:14 | 00,028,688 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LUsbFilt.Sys -- (LUsbFilt [On_Demand | Running])
DRV - [2008-07-26 08:25:02 | 00,025,624 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])
DRV - [2008-07-26 17:25:46 | 00,627,864 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\lvrs.sys -- (LVRS [On_Demand | Stopped])
DRV - [2008-07-26 17:26:20 | 00,041,752 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
DRV - [2001-08-17 22:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2009-09-16 19:56:54 | 00,084,912 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091004.019\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009-09-16 19:56:54 | 01,323,568 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091004.019\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2009-04-30 22:02:00 | 08,055,584 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2008-07-26 17:22:20 | 00,013,848 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\lv302af.sys -- (pepifilter [On_Demand | Stopped])
DRV - [2008-07-26 17:22:32 | 02,570,520 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\LV302V32.SYS -- (PID_PEPI [On_Demand | Stopped])
DRV - [2004-08-10 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005-04-25 03:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001-08-17 22:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001-08-17 22:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001-08-17 22:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2007-11-13 12:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2006-03-26 14:22:14 | 00,051,200 | ---- | M] (Protection Technology (StarForce)) -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
DRV - [2006-03-13 11:38:23 | 00,006,656 | ---- | M] (Protection Technology (StarForce)) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
DRV - [2004-12-03 12:20:41 | 00,020,544 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02 [Boot | Running])
DRV - [2006-03-24 18:27:01 | 00,050,176 | ---- | M] (Protection Technology (StarForce)) -- C:\WINDOWS\System32\drivers\sfsync04.sys -- (sfsync04 [Boot | Running])
DRV - [2005-11-03 16:40:07 | 00,063,488 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02 [Boot | Running])
DRV - [2004-08-04 00:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001-08-17 23:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2008-02-24 12:46:02 | 00,715,248 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2009-09-17 01:19:20 | 00,308,272 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SRTSP.SYS -- (SRTSP [System | Running])
DRV - [2009-09-17 01:19:20 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SRTSPX.SYS -- (SRTSPX [System | Running])
DRV - [2005-11-16 15:36:00 | 01,047,816 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\System32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001-08-17 23:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001-08-17 23:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2009-09-17 01:19:20 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SYMEFA.SYS -- (SymEFA [Boot | Running])
DRV - [2009-09-17 01:19:43 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2009-09-17 01:19:20 | 00,089,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SYMFW.SYS -- (SYMFW [On_Demand | Running])
DRV - [2009-09-17 01:19:20 | 00,033,072 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SYMIDS.SYS -- (SYMIDS [On_Demand | Running])
DRV - [2009-09-17 01:19:20 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM [On_Demand | Stopped])
DRV - [2009-09-17 01:19:20 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP [On_Demand | Running])
DRV - [2009-09-17 01:19:20 | 00,036,400 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Running])
DRV - [2009-09-17 01:19:20 | 00,217,136 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\N360\0305020.00B\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2001-08-17 23:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001-08-17 23:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2008-05-25 14:20:31 | 00,012,032 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\tansgt.sys -- (tansgt [Auto | Running])
DRV - [2001-08-17 22:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2004-06-11 01:31:20 | 00,135,168 | R--- | M] () -- C:\WINDOWS\UNDPX2A.exe -- (UNDPX2A [On_Demand | Stopped])
DRV - [2004-08-03 23:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2004-06-26 16:22:00 | 00,006,016 | ---- | M] (RDV Soft) -- C:\WINDOWS\System32\Drivers\vnccom.SYS -- (vnccom [Auto | Running])
DRV - [2004-06-26 16:22:00 | 00,004,736 | ---- | M] (RDV Soft) -- C:\WINDOWS\System32\DRIVERS\vncdrv.sys -- (vncdrv [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.fr/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.fr/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-413838125-2170784474-235814362-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-413838125-2170784474-235814362-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-413838125-2170784474-235814362-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-413838125-2170784474-235814362-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-413838125-2170784474-235814362-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-413838125-2170784474-235814362-1005\S-1-5-21-413838125-2170784474-235814362-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-413838125-2170784474-235814362-1005\S-1-5-21-413838125-2170784474-235814362-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-07-01 20:12:06 | 00,000,000 | ---D | M]

[2007-01-26 14:45:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Val\Application Data\mozilla\Firefox\Profiles\3bbamqx1.default\extensions

O1 HOSTS File: (965 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-413838125-2170784474-235814362-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-413838125-2170784474-235814362-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\.DEFAULT..\Run: [mserv] C:\WINDOWS\System32\config\systemprofile\Application Data\seres.exe File not found
O4 - HKU\.DEFAULT..\Run: [svchost] C:\WINDOWS\System32\config\systemprofile\Application Data\svcst.exe File not found
O4 - HKU\.DEFAULT..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe File not found
O4 - HKU\S-1-5-18..\Run: [mserv] C:\WINDOWS\System32\config\systemprofile\Application Data\seres.exe File not found
O4 - HKU\S-1-5-18..\Run: [svchost] C:\WINDOWS\System32\config\systemprofile\Application Data\svcst.exe File not found
O4 - HKU\S-1-5-18..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\System32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-413838125-2170784474-235814362-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-413838125-2170784474-235814362-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-413838125-2170784474-235814362-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-413838125-2170784474-235814362-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-413838125-2170784474-235814362-1005\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkID=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/Shar ... vSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} http://www.symantec.com/techsupp/active ... rdtinf.cab (AxProdInfoCtl Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdat ... /opuc3.cab (Office Update Installation Engine)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/Shar ... /cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/fl ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.dellfix.com/rel/41/ins ... downde.cab (Dell PC Checkup Installer Control)
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} http://update.hpphoto.com/download/HPSWUpdate.ocx (CUpdateCtl Object)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll (Symantec Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll - c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005-09-01 07:17:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{36343c9e-57ca-11dd-85f9-001372d65a8d}\Shell\Auto\command - "" = AdobeR.exe e
O33 - MountPoints2\{556166ec-7f51-11de-8696-001372e694ac}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe
O33 - MountPoints2\{556166ec-7f51-11de-8696-001372e694ac}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009-10-05 11:48:55 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009-10-05 11:48:52 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-10-05 11:48:50 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-10-05 11:48:50 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009-10-04 11:38:39 | 00,092,598 | ---- | C] () -- C:\Documents and Settings\Val\Bureau\ErreurWin.jpg
[2009-10-04 11:35:05 | 00,000,000 | ---D | C] -- C:\Avenger
[2009-10-04 11:30:46 | 00,731,136 | ---- | C] () -- C:\Documents and Settings\Val\Bureau\avenger.exe
[2009-10-04 11:30:34 | 00,724,952 | ---- | C] () -- C:\Documents and Settings\Val\Bureau\avenger.zip
[2009-10-02 12:56:03 | 00,289,001 | ---- | C] () -- C:\Documents and Settings\Val\Bureau\AlerteN3602.jpg
[2009-10-02 11:13:19 | 00,291,743 | ---- | C] () -- C:\Documents and Settings\Val\Bureau\AlerteN3601.jpg
[2009-10-02 10:20:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Val\Local Settings\Application Data\Symantec
[2009-10-02 10:07:38 | 00,000,000 | ---D | C] -- C:\RootRepeal
[2009-10-01 10:23:37 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009-09-30 22:00:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Val\Application Data\Malwarebytes
[2009-09-30 22:00:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009-09-30 21:59:42 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Val\Bureau\mbam-setup.exe
[2009-09-30 21:59:40 | 00,518,144 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Val\Bureau\OTL.exe
[2009-09-30 21:19:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\xuxik.dll
[2009-09-30 21:19:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\nyne.vbs
[2009-09-30 21:19:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\acosiki.sys
[2009-09-30 21:19:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pecuxydy.reg
[2009-09-30 21:19:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\lixewew._sy
[2009-09-30 21:19:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ijoweje.bat
[2009-09-30 21:19:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\adaze.bat
[2009-09-30 21:19:30 | 00,000,000 | ---- | C] () -- C:\Program Files\Fichiers communs\oloxoqyty.bin
[2009-09-30 21:19:30 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\ubukeg.bat
[2009-09-30 21:19:30 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\uqyjin.bin
[2009-09-30 21:19:30 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\izeritaguz.com
[2009-09-30 21:19:30 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hipiq.dat
[2009-09-30 21:19:30 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\geqyfuhal.dat
[2009-09-30 21:19:30 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bohi.bat
[2009-09-30 16:23:30 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\mail calamo2.doc
[2009-09-30 11:19:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Val\Mes documents\sauvegarde
[2009-09-30 11:10:56 | 85,457,223 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\grappe.c4d
[2009-09-30 11:10:16 | 07,695,365 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\grappe.rar
[2009-09-28 14:43:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Val\Mes documents\SMC Zogolo
[2009-09-27 11:36:13 | 00,429,192 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\ss454.jpg
[2009-09-26 19:03:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009-09-26 19:01:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Val\Application Data\PlayFirst
[2009-09-25 22:39:13 | 00,606,577 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\Image4.jpg
[2009-09-25 22:31:13 | 00,496,035 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\Image3.jpg
[2009-09-25 22:10:05 | 00,128,711 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\SelecAretes.jpg
[2009-09-25 21:57:46 | 00,270,704 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\creationPoly.jpg
[2009-09-25 17:54:08 | 00,218,887 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\BPCube.jpg
[2009-09-23 22:20:34 | 04,401,164 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\12-%20Ouf%20le%20processeur%20rentre%20bien.jpg
[2009-09-23 21:51:29 | 00,031,232 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\Trad Mails ArtsversusCalamo.doc
[2009-09-23 15:05:35 | 00,030,720 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\Codes.xls
[2009-09-21 19:32:48 | 01,046,495 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\tut_bp3_part_04.pdf
[2009-09-21 19:02:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Val\Mes documents\radio
[2009-09-21 19:00:00 | 00,531,179 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\radio.zip
[2009-09-21 16:03:31 | 00,150,120 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\Signure.pspimage
[2009-09-20 19:13:56 | 00,110,847 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\Image2.jpg
[2009-09-20 19:12:52 | 00,081,557 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\Image1.jpg
[2009-09-20 15:00:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Val\Mes documents\Dame à la capuche
[2009-09-17 20:22:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2009-09-17 19:39:45 | 00,006,844 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\CourSMCThumb.jpg
[2009-09-17 19:33:32 | 00,095,000 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\CourSMC.jpg
[2009-09-17 01:21:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Val\Mes documents\Symantec
[2009-09-17 01:20:22 | 00,692,914 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\Cat.DB
[2009-09-17 01:19:54 | 00,036,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009-09-17 01:19:43 | 00,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009-09-17 01:19:43 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009-09-17 01:19:43 | 00,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009-09-17 01:19:43 | 00,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009-09-17 01:19:43 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009-09-17 01:19:20 | 00,310,320 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.sys
[2009-09-17 01:19:20 | 00,308,272 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.sys
[2009-09-17 01:19:20 | 00,217,136 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symtdi.sys
[2009-09-17 01:19:20 | 00,089,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symfw.sys
[2009-09-17 01:19:20 | 00,048,688 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symndisv.sys
[2009-09-17 01:19:20 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.sys
[2009-09-17 01:19:20 | 00,036,400 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symndis.sys
[2009-09-17 01:19:20 | 00,033,072 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symids.sys
[2009-09-17 01:19:19 | 00,482,432 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\cchpx86.sys
[2009-09-17 01:19:19 | 00,259,632 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\BHDrvx86.sys
[2009-09-17 01:18:50 | 00,001,562 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNetV.inf
[2009-09-17 01:18:50 | 00,001,561 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNet.inf
[2009-09-17 01:18:50 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\isolate.ini
[2009-09-17 01:18:49 | 00,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.inf
[2009-09-17 01:18:49 | 00,001,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\ccHPx86.inf
[2009-09-17 01:18:49 | 00,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.inf
[2009-09-17 01:18:49 | 00,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.inf
[2009-09-17 01:18:49 | 00,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\BHDrvx86.inf
[2009-09-17 01:18:22 | 00,009,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symnetv.cat
[2009-09-17 01:18:22 | 00,009,402 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNet.cat
[2009-09-17 01:18:22 | 00,007,431 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.cat
[2009-09-17 01:18:22 | 00,007,429 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.cat
[2009-09-17 01:18:22 | 00,007,425 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.cat
[2009-09-17 01:18:20 | 00,007,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\bhdrvx86.cat
[2009-09-17 01:18:20 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\ccHPx86.cat
[2009-09-17 01:18:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0305020.00B
[2009-09-17 01:18:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2009-09-17 01:18:09 | 00,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2009-09-16 23:16:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009-09-16 23:16:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009-09-16 23:16:18 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009-09-16 23:16:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009-09-14 20:13:58 | 05,250,445 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\ChataigierBump.jpg
[2009-09-14 20:10:34 | 06,497,334 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\ChataignierBlanc.jpg
[2009-09-14 20:06:44 | 07,526,123 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\ChataignierGris.jpg
[2009-09-14 20:06:30 | 07,526,123 | ---- | C] () -- C:\Documents and Settings\Val\Mes documents\ChataigierGris.jpg
[2009-09-14 19:19:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Val\Mes documents\Théière & Tasses
[2009-09-14 18:02:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Val\Mes documents\Théière
[2009-09-10 22:18:54 | 00,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2009-09-09 10:22:41 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009-07-23 17:44:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SetPointInstall.ini
[2009-05-01 00:31:06 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009-05-01 00:31:06 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009-05-01 00:31:06 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009-05-01 00:31:06 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009-01-16 15:59:56 | 00,000,384 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008-07-26 08:25:02 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008-05-25 14:20:31 | 00,137,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\litsgt.sys
[2008-05-25 14:20:31 | 00,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\tansgt.sys
[2008-03-06 12:53:23 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2008-02-25 17:00:33 | 00,000,023 | -HS- | C] () -- C:\WINDOWS\System32\ddaeedb0_d.dll
[2008-02-17 11:49:06 | 00,000,235 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2008-02-04 21:20:23 | 00,000,039 | ---- | C] () -- C:\WINDOWS\System32\CielComponent.ini
[2008-02-04 21:16:45 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\xxxprogress.dll
[2007-12-10 21:09:18 | 00,715,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007-11-09 22:10:17 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2007-09-09 22:25:05 | 00,000,040 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2007-07-29 21:30:47 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\QTUninst.dll
[2007-07-24 22:29:55 | 00,000,054 | ---- | C] () -- C:\WINDOWS\CmdFile.INI
[2007-05-05 13:45:51 | 00,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007-05-05 13:45:51 | 00,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007-03-25 13:59:36 | 00,558,592 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2007-03-25 13:59:35 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007-03-25 13:59:35 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007-03-25 13:59:34 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007-03-25 13:59:33 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007-03-25 13:59:32 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007-03-13 21:23:51 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2007-02-06 21:08:33 | 00,066,482 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007-02-06 20:55:06 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006-12-16 13:59:53 | 00,053,693 | R--- | C] () -- C:\WINDOWS\UNDPX2A.sys
[2006-12-10 20:53:41 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006-09-28 15:55:34 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2006-09-26 15:01:40 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2006-09-23 21:08:30 | 00,000,041 | ---- | C] () -- C:\WINDOWS\System32\dbbdafddc_d.dll
[2006-09-08 10:01:50 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2006-09-08 10:01:50 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2006-09-08 10:01:50 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2006-09-08 10:01:50 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2006-09-08 10:01:50 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2006-09-08 10:01:50 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2006-09-08 10:01:50 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2006-09-08 10:01:50 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006-07-28 23:55:25 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006-07-14 14:30:21 | 00,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006-07-13 00:38:38 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\72CC8C18CD.sys
[2006-07-13 00:38:23 | 00,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006-07-11 21:42:18 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006-07-11 20:52:48 | 00,000,504 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2006-07-05 19:41:43 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006-07-05 19:36:28 | 00,000,415 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006-07-05 19:10:07 | 00,000,537 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005-11-10 02:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005-09-01 07:12:11 | 00,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005-09-01 06:53:38 | 00,001,073 | ---- | C] () -- C:\WINDOWS\win.ini
[2005-09-01 06:53:35 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005-08-05 16:38:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[1997-06-14 12:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
Valérie
 
Messages: 41
Inscription: 13 Sep 2005, 14:26
Localisation: Région Centre

Messagede Valérie » 05 Oct 2009, 11:52

Suite du rapport OTL :

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009-10-05 11:48:55 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009-10-04 14:39:16 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-10-04 14:38:49 | 00,229,488 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2009-10-04 14:38:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-10-04 14:38:39 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-10-04 14:38:35 | 32,192,79872 | -HS- | M] () -- C:\hiberfil.sys
[2009-10-04 11:38:39 | 00,092,598 | ---- | M] () -- C:\Documents and Settings\Val\Bureau\ErreurWin.jpg
[2009-10-04 11:35:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\xuxik.dll
[2009-10-04 11:35:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\nyne.vbs
[2009-10-04 11:35:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\acosiki.sys
[2009-10-04 11:35:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\lixewew._sy
[2009-10-04 11:35:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\ijoweje.bat
[2009-10-04 11:35:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\adaze.bat
[2009-10-04 11:35:06 | 00,000,000 | ---- | M] () -- C:\Program Files\Fichiers communs\oloxoqyty.bin
[2009-10-04 11:35:06 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\uqyjin.bin
[2009-10-04 11:35:06 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\izeritaguz.com
[2009-10-04 11:35:06 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\hipiq.dat
[2009-10-04 11:35:06 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\geqyfuhal.dat
[2009-10-04 11:35:06 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\bohi.bat
[2009-10-04 11:35:05 | 00,000,000 | ---- | M] () -- C:\WINDOWS\pecuxydy.reg
[2009-10-04 11:35:05 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ubukeg.bat
[2009-10-04 11:33:34 | 02,106,958 | -H-- | M] () -- C:\Documents and Settings\Val\Local Settings\Application Data\IconCache.db
[2009-10-02 12:56:03 | 00,289,001 | ---- | M] () -- C:\Documents and Settings\Val\Bureau\AlerteN3602.jpg
[2009-10-02 11:13:19 | 00,291,743 | ---- | M] () -- C:\Documents and Settings\Val\Bureau\AlerteN3601.jpg
[2009-10-02 11:12:32 | 00,692,914 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\Cat.DB
[2009-10-01 10:50:09 | 00,001,073 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-10-01 10:50:09 | 00,000,322 | ---- | M] () -- C:\WINDOWS\System32\CRUNX.BIN
[2009-10-01 10:25:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\vpd.properties
[2009-10-01 10:06:54 | 00,000,384 | ---- | M] () -- C:\WINDOWS\SIERRA.INI
[2009-09-30 16:23:30 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\mail calamo2.doc
[2009-09-30 11:10:16 | 07,695,365 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\grappe.rar
[2009-09-30 10:59:34 | 85,457,223 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\grappe.c4d
[2009-09-29 08:49:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009-09-28 00:36:20 | 00,518,144 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Val\Bureau\OTL.exe
[2009-09-27 11:36:01 | 00,429,192 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\ss454.jpg
[2009-09-25 22:39:13 | 00,606,577 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\Image4.jpg
[2009-09-25 22:31:13 | 00,496,035 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\Image3.jpg
[2009-09-25 22:10:05 | 00,128,711 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\SelecAretes.jpg
[2009-09-25 21:57:46 | 00,270,704 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\creationPoly.jpg
[2009-09-25 17:54:08 | 00,218,887 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\BPCube.jpg
[2009-09-23 22:33:47 | 00,150,120 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\Signure.pspimage
[2009-09-23 22:20:30 | 04,401,164 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\12-%20Ouf%20le%20processeur%20rentre%20bien.jpg
[2009-09-23 21:51:29 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\Trad Mails ArtsversusCalamo.doc
[2009-09-23 15:05:36 | 00,030,720 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\Codes.xls
[2009-09-21 19:32:48 | 01,046,495 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\tut_bp3_part_04.pdf
[2009-09-21 19:00:01 | 00,531,179 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\radio.zip
[2009-09-21 14:45:56 | 00,000,177 | ---- | M] () -- C:\CielVideo.ini
[2009-09-20 19:13:56 | 00,110,847 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\Image2.jpg
[2009-09-20 19:12:52 | 00,081,557 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\Image1.jpg
[2009-09-17 19:39:45 | 00,006,844 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\CourSMCThumb.jpg
[2009-09-17 19:34:25 | 00,095,000 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\CourSMC.jpg
[2009-09-17 19:33:30 | 00,000,054 | ---- | M] () -- C:\WINDOWS\CmdFile.INI
[2009-09-17 01:19:43 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009-09-17 01:19:43 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009-09-17 01:19:43 | 00,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009-09-17 01:19:43 | 00,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009-09-17 01:19:20 | 00,482,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\cchpx86.sys
[2009-09-17 01:19:20 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.sys
[2009-09-17 01:19:20 | 00,308,272 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.sys
[2009-09-17 01:19:20 | 00,217,136 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symtdi.sys
[2009-09-17 01:19:20 | 00,089,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symfw.sys
[2009-09-17 01:19:20 | 00,048,688 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symndisv.sys
[2009-09-17 01:19:20 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.sys
[2009-09-17 01:19:20 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009-09-17 01:19:20 | 00,036,400 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symndis.sys
[2009-09-17 01:19:20 | 00,033,072 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symids.sys
[2009-09-17 01:19:20 | 00,026,600 | R--- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys
[2009-09-17 01:19:19 | 00,259,632 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0305020.00B\BHDrvx86.sys
[2009-09-17 01:19:07 | 00,107,368 | R--- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2009-09-17 01:18:50 | 00,001,562 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNetV.inf
[2009-09-17 01:18:50 | 00,001,561 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNet.inf
[2009-09-17 01:18:50 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\isolate.ini
[2009-09-17 01:18:49 | 00,003,373 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.inf
[2009-09-17 01:18:49 | 00,001,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\ccHPx86.inf
[2009-09-17 01:18:49 | 00,001,388 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.inf
[2009-09-17 01:18:49 | 00,001,382 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.inf
[2009-09-17 01:18:49 | 00,000,640 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\BHDrvx86.inf
[2009-09-17 01:18:22 | 00,009,412 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\symnetv.cat
[2009-09-17 01:18:22 | 00,009,402 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymNet.cat
[2009-09-17 01:18:22 | 00,007,431 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\SymEFA.cat
[2009-09-17 01:18:22 | 00,007,429 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtspx.cat
[2009-09-17 01:18:22 | 00,007,425 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\srtsp.cat
[2009-09-17 01:18:20 | 00,007,400 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\bhdrvx86.cat
[2009-09-17 01:18:20 | 00,007,383 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0305020.00B\ccHPx86.cat
[2009-09-14 20:13:59 | 05,250,445 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\ChataigierBump.jpg
[2009-09-14 20:10:35 | 06,497,334 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\ChataignierBlanc.jpg
[2009-09-14 20:06:46 | 07,526,123 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\ChataignierGris.jpg
[2009-09-14 20:06:32 | 07,526,123 | ---- | M] () -- C:\Documents and Settings\Val\Mes documents\ChataigierGris.jpg
[2009-09-10 22:57:58 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Val\Bureau\mbam-setup.exe
[2009-09-10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-09-10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-09-09 13:00:32 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
<End>
Valérie
 
Messages: 41
Inscription: 13 Sep 2005, 14:26
Localisation: Région Centre

PrécédenteSuivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 22 invités