Analyse de logs

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Analyse de logs

Messagede Dgray » 06 Aoû 2010, 21:33

Bonjour,

Configuration: Windows XP SP3 / Firefox 3.6.8

Voilà suite à l'ouverture d'un fichier du type "Cabinet self extractor", Avira m'a tout de suite prévenu que un virus s'y trouvait, je l'ai donc mis en quarantaine puis supprimé.

Voici ce virus :
Dans le fichier 'C:\Documents and Settings\Propriétaire\Local Settings\Temp\0.exe'
un virus ou un programme indésirable 'W32/Parite' [virus] a été détecté.
Action exécutée : Déplacer le fichier en quarantaine

Ensuite j'ai voulu me débarrasser du fichier contenant le virus en le jetant à la corbeille, mais comme ce n'était pas possible, j'ai donc vérifié les processus et l'ayant repéré j'ai stoppé son processus.
Le problème c'est que à présent j'ai l'impression d'avoir des svchost.exe en trop dans mes processus actifs... Au lieu des 5 / 6 que j'avais habituellement, j'en ai à présent 9 ou 10. Les 4 en trop sont des svchost / propriétaire.

Vu que mon pc a commencé à ramer, j'ai donc redémarré, et là au départ j'ai mon pare feu qui me demande si j'autorise ou pas l'accès au net à "Cabinet self extractor", relié à priori à svchost... Dans le doute j'ai bloqué l'accès...

Ensuite j'ai fais une recherche virale avec :

- Avira qui a détecté 4 virus mais pas celui en question ( trois plugins de msn+ dont je ne veux pas me débarrasser, et un autre concernant un launcher sur un jeu dont je ne veux pas non plus me débarrasser )

- Mbam qui a détecté 12 malwares. ( peut être liés à ceux que Avira m'a detecté )

Je me permets donc de solliciter votre aide si cela ne vous dérange pas, en vous postant, les rapports de Avira, de Mbam, de ZHPDiag ( vu que j'ai vu que Hijackthis était dépassé soi disant ) ainsi que ceux de OTL.

Merci d'avance pour votre aide.
Dgray
 
Messages: 18
Inscription: 20 Fév 2008, 17:35

Messagede Dgray » 06 Aoû 2010, 21:39

Première partie du rapport ZHPDiag :

Rapport de ZHPDiag v1.26.36 par Nicolas Coolman, Update du 27/07/2010
Run by Propriétaire at 06/08/2010 21:49:08
Web site : http://www.premiumorange.com/zeb-help-p ... pdiag.html
Contact : nicolascoolman@yahoo.fr

---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702
OPIE: Opera 10.00
MFIE: Mozilla Firefox (3.6.8)

---\\ System Information
Platform : Microsoft Windows XP (5.1.2600) Service Pack 3
Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2046 MB (59% free)
System drive C: has 27 GB (17%) free of 149 GB

---\\ Logged in mode
Computer Name: CAS-LIBRE
User Name: Propriétaire
All Users Names: SUPPORT_388945a0, Propriétaire, HelpAssistant, ASPNET, Administrateur,
Unselected Option: O1,O45,O61,O65,O82
Logged in as Administrator

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 27 Go of 149 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ CD-ROM drive (Not Inserted)
F:\ Hard drive, Flash drive, Thumb drive (Free 5 Go of 233 Go)
G:\ CD-ROM drive (Not Inserted)


---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableTaskMgr: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableRegistryTools: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] NoDispScrSavPage: OK


---\\ Processus lancés
[MD5.327EAC8C955C19D3F6384CE3AAB5ED31] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [602112]
[MD5.9015BC03F62940527EC92D45EE89E46F] - (.Avira GmbH - Antivirus Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [108289]
[MD5.B8720A787C1223492E6F319465E996CE] - (.Avira GmbH - Antivirus On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [185089]
[MD5.2EDB74E72FEEB39C8906E4C8C54D91A5] - (.COMODO - Comodo Agent Service.) -- C:\Program Files\Comodo\Firewall\cmdagent.exe [361040]
[MD5.831883B107684301F48ACE752C963984] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\PnkBstrA.exe [66872]
[MD5.1E49634AEBD55ABCC2D29960F82B3524] - (.TuneUp Software - TuneUp Utilities Service.) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [1021256]
[MD5.86651DBA0CDEAA47D91703ED62409682] - (.TuneUp Software - TuneUp Utilities.) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe [486216]
[MD5.1F5882037BAD07E9926F47A3A32F0931] - (.COMODO - COMODO Firewall Pro.) -- C:\Program Files\Comodo\Firewall\CPF.exe [1115728]
[MD5.4FB8967C7785FB689F2244E1187AD786] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.EXE [16858112]
[MD5.52DB6CDAC5BC7A1FC884E97C41C91213] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [248040]
[MD5.29680A793F690EEF4AAA68479D2A6DF8] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [209153]
[MD5.5E24085433054756BDDCA7612318DB96] - (.SFX Cabinet Self-Extractor - SFX Cabinet Self-Extractor.) -- C:\WINDOWS\system32\WinDir\svchost.exe [32507123]
[MD5.78AB9B0A66ED31E35078FE3A28AF026B] - (.Azureus Inc - Pas de description.) -- C:\Program Files\Azureus\Azureus.exe [254976]
[MD5.D088DC4870D9FA2E75538455F4367A94] - (.Nullsoft, Inc. - Winamp.) -- C:\Program Files\Winamp\winamp.exe [1592672]
[MD5.BACCDA841C689D1CBA941F478E8ED24B] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [910296]
[MD5.AAB0BD862E14111E97A918AB0A8D223F] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [481792]


---\\ Plugins de navigateurs Opera/Firefox(P1/P2)
P1 - OPN:Opera Plugin Navigator . (.Microsoft Corporation (written by Digital R - Npdsplay dll.) -- C:\Program Files\Opera\Program\Plugins\npdsplay.dll
P1 - OPN:Opera Plugin Navigator . (.Microsoft Corporation - Office Plugin for Netscape Navigator.) -- C:\Program Files\Opera\Program\Plugins\NPOFF12.DLL
P1 - OPN:Opera Plugin Navigator . (.Microsoft Corporation - DRM Store Netscape Plugin.) -- C:\Program Files\Opera\Program\Plugins\npwmsdrm.dll
P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll
P2 - FPN:Firefox Plugin Navigator . (.mozilla.org - Default Plug-in.) -- C:\Program Files\Mozilla Firefox\Plugins\npnul32.dll
P2 - FPN:Firefox Plugin Navigator . (.Nullsoft, Inc. - Winamp Application Detector.) -- C:\Program Files\Mozilla Firefox\Plugins\npwachk.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.5.) -- C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
P2 - FPN: [HKLM] [@divx.com/DivX Browser Plugin,version=1.0.0] - (.DivX,Inc. - DivX Web Player version 2.0.2.39.) -- C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
P2 - FPN: [HKLM] [@divx.com/DivX Content Upload Plugin,version=1.0.0] - (.DivX,Inc. - DivX® Content Upload Plugin.) -- C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=14.0.8064.0206] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=14.0.8081.0709] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@real.com/nppl3260;version=6.0.11.3088] - (.RealNetworks, Inc. - RealPlayer(tm) LiveConnect-Enabled Plug-In.) -- C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll
P2 - FPN: [HKLM] [@real.com/nprpjplug;version=6.0.11.3006] - (.RealNetworks, Inc. - 6.0.12.1662.) -- C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll
P2 - FPN: [HKLM] [@videolan.org/vlc;version=0.8.6e] - (.VideoLAN Team - Version 0.8.6e, copyright 1996-2007 The VideoLAN Team<br><a href="http.) -- C:\Program Files\VideoLAN\VLC\npvlc.dll
P2 - FPN: [HKCU] [@adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll


---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"


---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


---\\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18928 (longhorn_ie8_gdr.100503-1700)) -- C:\WINDOWS\system32\ieframe.dll


---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} . (.Skype Technologies S.A. - Skype add-on for IE.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} . (.Safer Networking Limited - SBSD IE Protection.) -- C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll


---\\ Applications démarrées par registre & par dossier(O4)
O4 - HKLM\..\Run: [COMODO Firewall Pro] . (.COMODO - COMODO Firewall Pro.) -- C:\Program Files\Comodo\Firewall\CPF.exe
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\Windows\RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] . (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) -- C:\Windows\ALCMTR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] . (.Microsoft Corporation - Microsoft IME.) -- C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe
O4 - HKLM\..\Run: [MSPY2002] . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
O4 - HKLM\..\Run: [PHIME2002ASync] . (.Microsoft Corporation - ???????? 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
O4 - HKLM\..\Run: [PHIME2002A] . (.Microsoft Corporation - ???????? 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [ISUSScheduler] . (.InstallShield Software Corporation - InstallShield Update Service Scheduler.) -- C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
O4 - HKLM\..\Run: [HKLM] . (.SFX Cabinet Self-Extractor - SFX Cabinet Self-Extractor.) -- C:\WINDOWS\system32\WinDir\svchost.exe
O4 - HKCU\..\Run: [HKCU] . (.SFX Cabinet Self-Extractor - SFX Cabinet Self-Extractor.) -- C:\WINDOWS\system32\WinDir\svchost.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\policies\Explorer\Run: [Policies] . (.SFX Cabinet Self-Extractor - SFX Cabinet Self-Extractor.) -- C:\WINDOWS\system32\WinDir\svchost.exe
O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data=1
O4 - HKCU\..\policies\Explorer\Run: [Policies] . (.SFX Cabinet Self-Extractor - SFX Cabinet Self-Extractor.) -- C:\WINDOWS\system32\WinDir\svchost.exe
O4 - HKCU\..\policies\Explorer: [NoDriveTypeAutoRun] Data=145
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-343818398-2052111302-682003330-1003\..\Run: [HKCU] . (.SFX Cabinet Self-Extractor - SFX Cabinet Self-Extractor.) -- C:\WINDOWS\system32\WinDir\svchost.exe
O4 - HKUS\S-1-5-21-343818398-2052111302-682003330-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma.lnk . (.Adobe Systems, Inc. - Adobe Gamma Loader.) -- C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe


---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MI1933~1\Office12\EXCEL.exe


---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} . (.Pas de propriétaire - Pas de description.) -- C:\PROGRA~1\Skype\Toolbars\INTERN~1\favicon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (.Pas de propriétaire - Pas de description.) -- C:\PROGRA~1\MI1933~1\Office12\REFBARH.ICO
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} . (.not file.) - (.not file.)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (.not file.) - (.not file.)
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe


---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll


---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] *.chat-land.org
O15 - Trusted Zone: [HKCU\...\Domains\www] *.chat-land.org


---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: Microsoft XML Parser for Java (Microsoft XML Parser for Java) - (.not file.) - file:\\C:\WINDOWS\Java\classes\xmldso.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://www.visiogood.com/jalss/cfweb_ac ... module.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 6651829875


---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\System32\Ati2evxx.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll


---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll


---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll


---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: (Ati HotKey Poller) . (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Comodo Application Agent (CmdAgent) . (.COMODO - Comodo Agent Service.) - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: PnkBstrA (PnkBstrA) . (.Pas de propriétaire - Pas de description.) - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) . (.TuneUp Software - TuneUp Utilities Service.) - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe


---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Recherche de problèmes automatique.job


---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Personnalisation du navigateur - >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS . (.Pas de propriétaire - Pas de description.) -- RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: (no name) - {3U54D0HK-76GN-UB16-7117-XR2M8877K84J} . (.SFX Cabinet Self-Extractor - SFX Cabinet Self-Extractor.) -- C:\WINDOWS\system32\WinDir\svchost.exe
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msnetmtg.inf
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msmsgs.inf
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\wmp11.inf
O40 - ASIC: Macromedia Shockwave Flash - {D27CDB6E-AE6D-11cf-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 9.0 r45.) -- C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx


---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: ATITool Overclocking Utility (ATITool) . (.Pas de propriétaire - Low-Level Driver.) - C:\Windows\system32\DRIVERS\ATITool.sys
O41 - Driver: avgio (avgio) . (.Avira GmbH - Avira AntiVir Support for Minifilter.) - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
O41 - Driver: avipbb (avipbb) . (.Avira GmbH - Avira Driver for RootKit Detection.) - C:\Windows\system32\DRIVERS\avipbb.sys
O41 - Driver: Comodo Application Engine (CmdMon) . (.Comodo Research Lab., Inc. - Comodo Application Engine driver.) - C:\Windows\system32\DRIVERS\cmdmon.sys
O41 - Driver: Paragon NetBurning Driver (NetBurn) . (.Rocket Division Software - StarPort Storage Controller.) - C:\Windows\system32\DRIVERS\NetBurn.sys
O41 - Driver: ssmdrv (ssmdrv) . (.Avira GmbH - AVIRA SnapShot Driver.) - C:\Windows\system32\DRIVERS\ssmdrv.sys
O41 - Driver: Universal Image Mounter Controller (UimBus) . (.Windows (R) 2000 DDK provider - Image Mounter SCSI Port Driver.) - C:\Windows\system32\DRIVERS\UimBus.sys
O41 - Driver: UIM Drive Backup Image Plugin (Uim_IM) . (.Paragon - Image Mounter.) - C:\Windows\system32\Drivers\Uim_IM.sys


---\\ Logiciels installés (O42)
O42 - Logiciel: 7-Zip 4.57 - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: ATI Catalyst Registration - (.ATI Technologies Inc..) [HKLM]
O42 - Logiciel: AVI/MPEG/ASF/WMV Splitter 3.25 - (.boilsoft, Inc..) [HKLM]
O42 - Logiciel: Adobe Bridge 1.0 - (.Adobe Systems.) [HKLM]
O42 - Logiciel: Adobe Common File Installer - (.Adobe System Incorporated.) [HKLM]
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM]
O42 - Logiciel: Adobe Flash Player ActiveX - (.Adobe Systems Incorporated.) [HKLM]
O42 - Logiciel: Adobe Help Center 1.0 - (.Adobe Systems.) [HKLM]
O42 - Logiciel: Adobe Photoshop CS2 - (.Adobe Systems, Inc..) [HKLM]
O42 - Logiciel: Adobe Shockwave Player 11.5 - (.Adobe Systems, Inc..) [HKLM]
O42 - Logiciel: Adobe Stock Photos 1.0 - (.Adobe Systems.) [HKLM]
O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Auto Gordian Knot 2.40 - (.len0x.) [HKLM]
O42 - Logiciel: AviSynth 2.5 - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM]
O42 - Logiciel: Azureus Vuze - (.Azureus, Inc..) [HKLM]
O42 - Logiciel: Blood Bowl 1.0.1.5 - (.Cyanide Entertainment.) [HKLM]
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM]
O42 - Logiciel: COMODO Firewall Pro - (.COMODO.) [HKLM]
O42 - Logiciel: CamfrogWEB Advanced ActiveX Plugin (remove only) - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: Capturino 1.4 - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: Catalyst Control Center - Branding - (.ATI.) [HKLM]
O42 - Logiciel: Clean Virus MSN - (.AxBx.) [HKLM]
O42 - Logiciel: Configuration DivX - (.DivX, Inc. .) [HKLM]
O42 - Logiciel: ConvertHelper 2.2 - (.DownloadHelper.) [HKLM]
O42 - Logiciel: DH Driver Cleaner Professional Edition - (.Ruud Ketelaars.) [HKLM]
O42 - Logiciel: DVD Decrypter (Remove Only) - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: Dead Space™ - (.Electronic Arts.) [HKLM]
O42 - Logiciel: DivX Content Uploader - (.DivX, Inc..) [HKLM]
O42 - Logiciel: DivX Converter - (.DivX, Inc..) [HKLM]
O42 - Logiciel: Dragon Age: Origins - (.Electronic Arts, Inc..) [HKLM]
O42 - Logiciel: Détection de l'application Winamp - (.Nullsoft, Inc.) [HKCU]
O42 - Logiciel: Empty Temp Folders 2.8.3 - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: FileHippo.com Update Checker - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: Galerie de photos Windows Live - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Gigabyte Raid Configurer - (.Gigabyte Technology Corp..) [HKLM]
O42 - Logiciel: Grand Theft Auto IV - (.Rockstar Games.) [HKLM]
O42 - Logiciel: High Definition Audio Driver Package - KB888111 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Hotfix for Windows XP (KB976002-v5) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: ILLUSION ?-??- - (.ILLUSION.) [HKLM]
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Java(TM) 6 Update 20 - (.Sun Microsystems, Inc..) [HKLM]
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: K-Lite Mega Codec Pack 6.2.0 - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: Lecteur Windows Media 11 - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM]
O42 - Logiciel: MSXML 4.0 SP2 (KB936181) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: MSXML 6.0 Parser (KB925673) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Media Player Classic fr - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: Messenger Plus! Live - (.Yuna Software.) [HKLM]
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft .NET Framework 3.0 French Language Pack - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft AppLocale - (.MS.) [HKLM]
O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Games for Windows - LIVE - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Games for Windows - LIVE Redistributable - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft National Language Support Downlevel APIs - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM]
O42 - Logiciel: Microsoft Office Access MUI (French) 2007 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Office Excel MUI (French) 2007 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Office InfoPath MUI (French) 2007 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Office Outlook MUI (French) 2007 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Office Proof (Arabic) 2007 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Office Proof (Dutch) 2007 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Office Proof (French) 2007 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Office Proof (German) 2007 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Office Proofing (French) 2007 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM]
O42 - Logiciel: Microsoft Office Publisher MUI (French) 2007 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Office Shared MUI (French) 2007 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Office Word MUI (French) 2007 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Windows Application Compatibility Database - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: Mozilla Firefox (3.6.8) - (.Mozilla.) [HKLM]
O42 - Logiciel: NVIDIA PhysX - (.NVIDIA Corporation.) [HKLM]
O42 - Logiciel: Nero 7 Premium - (.Nero AG.) [HKLM]
O42 - Logiciel: OCCT Perestroika 3.1.0 - (.Tetedeiench.) [HKLM]
O42 - Logiciel: Opera 10.00 - (.Opera Software ASA.) [HKLM]
O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: PC Wizard 2010.1.94 - (.Laurent KUTIL & Franck DELATTRE.) [HKLM]
O42 - Logiciel: Paragon Drive Backup 8.5 Enterprise Server Edition - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: Pro Evolution Soccer 2010 - (.KONAMI.) [HKLM]
O42 - Logiciel: PunkBuster Services - (.Even Balance, Inc..) [HKLM]
O42 - Logiciel: QuickTime Alternative 3.1.1 - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: REALTEK GbE & FE Ethernet PCI-E NIC Driver - (.Realtek.) [HKLM]
O42 - Logiciel: Real Alternative 1.7.5 - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM]
O42 - Logiciel: RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition - (.Alexey Nicolaychuk.) [HKLM]
O42 - Logiciel: Rockstar Games Social Club - (.Rockstar Games.) [HKLM]
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB969559) - (.Microsoft.) [HKLM]
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB976321) - (.Microsoft.) [HKLM]
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB982312) - (.Microsoft.) [HKLM]
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB982331) - (.Microsoft.) [HKLM]
O42 - Logiciel: Security Update for Microsoft Office Access 2007 (KB979440) - (.Microsoft.) [HKLM]
O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB982308) - (.Microsoft.) [HKLM]
O42 - Logiciel: Security Update for Microsoft Office InfoPath 2007 (KB979441) - (.Microsoft.) [HKLM]
O42 - Logiciel: Security Update for Microsoft Office Outlook 2007 (KB980376) - (.Microsoft.) [HKLM]
O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB982158) - (.Microsoft.) [HKLM]
O42 - Logiciel: Security Update for Microsoft Office Publisher 2007 (KB982124) - (.Microsoft.) [HKLM]
O42 - Logiciel: Security Update for Microsoft Office Visio Viewer 2007 (KB973709) - (.Microsoft.) [HKLM]
O42 - Logiciel: Security Update for Microsoft Office Word 2007 (KB982135) - (.Microsoft.) [HKLM]
O42 - Logiciel: Security Update for Microsoft Office system 2007 (972581) - (.Microsoft.) [HKLM]
O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB969613) - (.Microsoft.) [HKLM]
O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB974234) - (.Microsoft.) [HKLM]
O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM]
O42 - Logiciel: Skype™ 4.0 - (.Skype Technologies S.A..) [HKLM]
O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.) [HKLM]
O42 - Logiciel: SuperCopier2 - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: TWIN PS TO PC CONVERTER - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: The Lord of the Rings FREE Trial - (.ATI Technologies Inc..) [HKLM]
O42 - Logiciel: Time Adjuster STANDARD 3.1 - (.IrekSoftware.com.) [HKCU]
O42 - Logiciel: TuneUp Utilities - (.TuneUp Software.) [HKLM]
O42 - Logiciel: Unlocker 1.8.9 - (.Cedrick Collomb.) [HKLM]
O42 - Logiciel: Update for 2007 Microsoft Office System (KB967642) - (.Microsoft.) [HKLM]
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Update for Outlook 2007 Junk Email Filter (kb2202131) - (.Microsoft.) [HKLM]
O42 - Logiciel: VC80CRTRedist - 8.0.50727.4053 - (.DivX, Inc.) [HKLM]
O42 - Logiciel: VideoLAN VLC media player 0.8.6e - (.VideoLAN Team.) [HKLM]
O42 - Logiciel: WD Diagnostics - (.Western Digital Technologies.) [HKLM]
O42 - Logiciel: Winamp - (.Nullsoft, Inc.) [HKLM]
O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Imaging Component - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Installer Clean Up - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Internet Explorer 7 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Live FolderShare - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Live OneCare safety scanner - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: Windows Media Format 11 runtime - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Media Format 11 runtime - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: Windows Media Player 11 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Presentation Foundation Language Pack (FRA) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows XP Service Pack 3 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: XML Paper Specification Shared Components Language Pack 1.0 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: XML Paper Specification Shared Components Pack 1.0 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: XviD MPEG4 Video Codec (remove only) - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: neroxml - (.Nero AG.) [HKLM]

---\\ HKCU & HKLM Software Keys
[HKCU\Software\150610]
[HKCU\Software\3rd Eye Solutions]
[HKCU\Software\7-Zip]
[HKCU\Software\AC3Filter]
[HKCU\Software\AIST]
[HKCU\Software\ASProtect]
[HKCU\Software\ATI Technologies Inc.]
[HKCU\Software\ATI]
[HKCU\Software\Adobe]
[HKCU\Software\Ahead audio RAW convertor]
[HKCU\Software\Ahead]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\AudioPluginManager]
[HKCU\Software\Avira]
[HKCU\Software\Azureus]
[HKCU\Software\CDDB]
[HKCU\Software\CPUID]
[HKCU\Software\CamfrogWEBAdvanced]
[HKCU\Software\CamfrogWEB]
[HKCU\Software\Camfrog]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\CoreAAC]
[HKCU\Software\Cyanide]
[HKCU\Software\Cyberlink]
[HKCU\Software\DSP-worx]
[HKCU\Software\DT Soft]
[HKCU\Software\DVD Decrypter]
[HKCU\Software\DivXNetworks]
[HKCU\Software\DivX]
[HKCU\Software\Do The Evolution! - Next Generation]
[HKCU\Software\DownloadCenter]
[HKCU\Software\Easy Video Splitter]
[HKCU\Software\Electronic Arts]
[HKCU\Software\Emulators]
[HKCU\Software\FileHippo.com]
[HKCU\Software\Foxit Software]
[HKCU\Software\Freeware]
[HKCU\Software\GNU]
[HKCU\Software\GSpot Appliance Corp]
[HKCU\Software\Gabest]
[HKCU\Software\GameSpy]
[HKCU\Software\Gigabyte]
[HKCU\Software\Google]
[HKCU\Software\Haali]
[HKCU\Software\IM Providers]
[HKCU\Software\INTERHEART]
[HKCU\Software\InstallShield]
[HKCU\Software\Intel]
[HKCU\Software\IrekZielinskiSoft]
[HKCU\Software\JavaSoft]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\MONOGRAM]
[HKCU\Software\MS]
[HKCU\Software\Macromedia]
[HKCU\Software\MainConcept]
[HKCU\Software\MediaInfo]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\Nero Digital Audio (HE-AAC)]
[HKCU\Software\Nero]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\Opera Software]
[HKCU\Software\PC Wizard]
[HKCU\Software\Patchou]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\RadLight]
[HKCU\Software\RealNetworks]
[HKCU\Software\Realtek]
[HKCU\Software\SFX TEAM]
[HKCU\Software\Safer Networking Limited]
[HKCU\Software\SecuROM]
[HKCU\Software\Skype]
[HKCU\Software\Sysinternals]
[HKCU\Software\The Creative Assembly]
[HKCU\Software\The Silicon Realms Toolworks]
[HKCU\Software\Trolltech]
[HKCU\Software\TuneUp]
[HKCU\Software\Ulead]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\Vision Thing]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\Winamp]
[HKCU\Software\Windows Media Audio]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\Yahoo]
[HKCU\Software\Zyrax Software]
[HKCU\Software\ej-technologies]
[HKCU\Software\epsxe]
[HKCU\Software\illusion]
[HKCU\Software\madFlac]
[HKCU\Software\mp3PRO]
[HKLM\Software\ACE Compression Software]
[HKLM\Software\AGEIA Technologies]
[HKLM\Software\ALWIL Software]
[HKLM\Software\ATI Technologies]
[HKLM\Software\ATI]
[HKLM\Software\Adobe Systems]
[HKLM\Software\Adobe]
[HKLM\Software\Ahead]
[HKLM\Software\AppDataLow]
[HKLM\Software\Avira]
[HKLM\Software\Azureus]
[HKLM\Software\BioWare]
[HKLM\Software\BrowserChoice]
[HKLM\Software\C07ft5Y]
[HKLM\Software\CDDB]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Codec Tweak Tool]
[HKLM\Software\ComodoGroup]
[HKLM\Software\CompanyA]
[HKLM\Software\Cyanide]
[HKLM\Software\Cyberlink]
[HKLM\Software\Cygnus Solutions]
[HKLM\Software\DT Soft]
[HKLM\Software\DivXNetworks]
[HKLM\Software\DivX]
[HKLM\Software\DownloadHelper]
[HKLM\Software\Electronic Arts]
[HKLM\Software\Even Balance]
[HKLM\Software\GNU]
[HKLM\Software\Gabest]
[HKLM\Software\Gemplus]
[HKLM\Software\Gigabyte]
[HKLM\Software\Google]
[HKLM\Software\HaaliMkx]
[HKLM\Software\InstallShield]
[HKLM\Software\Intel]
[HKLM\Software\InterVideo]
[HKLM\Software\JavaRa]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\KLCodecPack]
[HKLM\Software\KONAMI]
[HKLM\Software\Licenses]
[HKLM\Software\MOVDLTool]
[HKLM\Software\Macromedia]
[HKLM\Software\Memeo]
[HKLM\Software\MicroQuill]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\Nero]
[HKLM\Software\Netscape]
[HKLM\Software\Nullsoft]
[HKLM\Software\ODBC]
[HKLM\Software\Opera Software]
[HKLM\Software\Paragon Software]
[HKLM\Software\Patchou]
[HKLM\Software\PocketSoft]
[HKLM\Software\Policies]
[HKLM\Software\Program Groups]
[HKLM\Software\QTAlternative]
[HKLM\Software\RTLSetup]
[HKLM\Software\RealAlternative]
[HKLM\Software\RealNetworks]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Rockstar Games]
[HKLM\Software\S3R521]
[HKLM\Software\Safer Networking Limited]
[HKLM\Software\Schlumberger]
[HKLM\Software\Services]
[HKLM\Software\Skype]
[HKLM\Software\Sys Modules]
[HKLM\Software\The Silicon Realms Toolworks]
[HKLM\Software\Trolltech]
[HKLM\Software\TuneUp]
[HKLM\Software\Unwinder]
[HKLM\Software\Valve]
[HKLM\Software\VideoLAN]
[HKLM\Software\Windows 3.1 Migration Status]
[HKLM\Software\X-AVCSD]
[HKLM\Software\Yahoo]
[HKLM\Software\aprentice]
[HKLM\Software\ej-technologies]
[HKLM\Software\mozilla.org]

---\\ Contenu des dossiers Program Files (O43)
O43 - CFD:Common File Directory ----D- C:\Program Files\7-Zip
O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\AGEIA Technologies
O43 - CFD:Common File Directory ----D- C:\Program Files\Apple Software Update
O43 - CFD:Common File Directory ----D- C:\Program Files\ATI
O43 - CFD:Common File Directory ----D- C:\Program Files\ATI Technologies
O43 - CFD:Common File Directory ----D- C:\Program Files\autobackup-win
O43 - CFD:Common File Directory ----D- C:\Program Files\AutoGK
O43 - CFD:Common File Directory ----D- C:\Program Files\AVI MPEG ASF WMV Splitter
O43 - CFD:Common File Directory ----D- C:\Program Files\Avira
O43 - CFD:Common File Directory ----D- C:\Program Files\AviSynth 2.5
O43 - CFD:Common File Directory ----D- C:\Program Files\AxBx
O43 - CFD:Common File Directory ----D- C:\Program Files\Azureus
O43 - CFD:Common File Directory ----D- C:\Program Files\Capturino 1.4
O43 - CFD:Common File Directory ----D- C:\Program Files\CCleaner
O43 - CFD:Common File Directory ----D- C:\Program Files\CFWebAdvancedU
O43 - CFD:Common File Directory ----D- C:\Program Files\Comodo
O43 - CFD:Common File Directory ----D- C:\Program Files\ConvertHelper
O43 - CFD:Common File Directory ----D- C:\Program Files\CPUID
O43 - CFD:Common File Directory ----D- C:\Program Files\cpuz
O43 - CFD:Common File Directory ----D- C:\Program Files\Cyanide
O43 - CFD:Common File Directory ----D- C:\Program Files\DAEMON Tools Lite
O43 - CFD:Common File Directory ----D- C:\Program Files\DivX
O43 - CFD:Common File Directory ----D- C:\Program Files\Dragon Age
O43 - CFD:Common File Directory ----D- C:\Program Files\Driver Cleaner Pro
O43 - CFD:Common File Directory ----D- C:\Program Files\DVD Decrypter
O43 - CFD:Common File Directory ----D- C:\Program Files\Electronic Arts
O43 - CFD:Common File Directory ----D- C:\Program Files\Empire Total War
O43 - CFD:Common File Directory ----D- C:\Program Files\Empty Temp Folders 2.8.3
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers communs
O43 - CFD:Common File Directory ----D- C:\Program Files\FileHippo.com
O43 - CFD:Common File Directory ----D- C:\Program Files\Foxit Reader
O43 - CFD:Common File Directory ----D- C:\Program Files\Gabest
O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD:Common File Directory ----D- C:\Program Files\Intel
O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer
O43 - CFD:Common File Directory ----D- C:\Program Files\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\JavaRa
O43 - CFD:Common File Directory ----D- C:\Program Files\jtk374en
O43 - CFD:Common File Directory ----D- C:\Program Files\K-Lite Codec Pack
O43 - CFD:Common File Directory ----D- C:\Program Files\KONAMI
O43 - CFD:Common File Directory ----D- C:\Program Files\Media Player Classic
O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger
O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger Plus! Live
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft
O43 - CFD:Common File Directory ----D- C:\Program Files\microsoft frontpage
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Games for Windows - LIVE
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft SQL Server Compact Edition
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Visual Studio
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Visual Studio 8
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Works
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft.NET
O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker
O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Firefox
O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild
O43 - CFD:Common File Directory ----D- C:\Program Files\MSECACHE
O43 - CFD:Common File Directory ----D- C:\Program Files\MSN
O43 - CFD:Common File Directory ----D- C:\Program Files\MSN Gaming Zone
O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 4.0
O43 - CFD:Common File Directory ----D- C:\Program Files\Nero
O43 - CFD:Common File Directory ----D- C:\Program Files\NetMeeting
O43 - CFD:Common File Directory ----D- C:\Program Files\OCCT
O43 - CFD:Common File Directory ----D- C:\Program Files\Online Services
O43 - CFD:Common File Directory ----D- C:\Program Files\Opera
O43 - CFD:Common File Directory ----D- C:\Program Files\Outlook Express
O43 - CFD:Common File Directory ----D- C:\Program Files\Paragon Software
O43 - CFD:Common File Directory ----D- C:\Program Files\QuickTime Alternative
O43 - CFD:Common File Directory ----D- C:\Program Files\Real Alternative
O43 - CFD:Common File Directory ----D- C:\Program Files\Realtek
O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies
O43 - CFD:Common File Directory ----D- C:\Program Files\RegSeeker
O43 - CFD:Common File Directory ----D- C:\Program Files\RivaTuner v2.24
O43 - CFD:Common File Directory ----D- C:\Program Files\Rockstar Games
O43 - CFD:Common File Directory ----D- C:\Program Files\Services en ligne
O43 - CFD:Common File Directory R---D- C:\Program Files\Skype
O43 - CFD:Common File Directory ----D- C:\Program Files\Spybot - Search & Destroy
O43 - CFD:Common File Directory ----D- C:\Program Files\SuperCopier2
O43 - CFD:Common File Directory ----D- C:\Program Files\TimeAdjuster
O43 - CFD:Common File Directory ----D- C:\Program Files\TuneUp Utilities 2010
O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information
O43 - CFD:Common File Directory ----D- C:\Program Files\Unlocker
O43 - CFD:Common File Directory ----D- C:\Program Files\USB Vibration
O43 - CFD:Common File Directory ----D- C:\Program Files\VideoLAN
O43 - CFD:Common File Directory ----D- C:\Program Files\VirtualDub
O43 - CFD:Common File Directory ----D- C:\Program Files\Western Digital
O43 - CFD:Common File Directory ----D- C:\Program Files\Western Digital Technologies
O43 - CFD:Common File Directory ----D- C:\Program Files\WinAce
O43 - CFD:Common File Directory ----D- C:\Program Files\Winamp
O43 - CFD:Common File Directory ----D- C:\Program Files\Winamp Detect
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Installer Clean Up
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live Safety Center
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live SkyDrive
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Connect 2
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT
O43 - CFD:Common File Directory --H-D- C:\Program Files\WindowsUpdate
O43 - CFD:Common File Directory ----D- C:\Program Files\xerox
O43 - CFD:Common File Directory ----D- C:\Program Files\ZHPDiag
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Adobe Systems Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Ahead
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Apple
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\BioWare
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\DESIGNER
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\DivX Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\InstallShield
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Microsoft Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\MSSoap
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Nero
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\ODBC
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Services
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\SpeechEngines
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\System
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Ulead Systems
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Windows Live
O43 - CFD:Common File Directory -SH-D- C:\Program Files\Fichiers Communs\WindowsLiveInstaller
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Wise Installation Wizard


---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 06/08/2010 - 20:39:59 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\bootstat.dat [2048]
O44 - LFC:[MD5.B1ABD2CBF29D1DDDF8ADFB420B2BA80A] - 06/08/2010 - 12:55:33 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\wpa.dbl [13646]
O44 - LFC:[MD5.4CE91CEDF6EC0F5FDFF2B6E2DB4E520A] - 05/08/2010 - 19:23:46 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\NeroDigital.ini [69]
O44 - LFC:[MD5.365571CE7539F18934C72D1142CDD622] - 03/08/2010 - 05:24:52 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\win.ini [324]
O44 - LFC:[MD5.335A224416BA985EAFA71D15C004F702] - 03/08/2010 - 05:13:00 ---A- . (.Disappearing Inc. - Huffyuv lossless video codec.) -- C:\WINDOWS\System32\huffyuv.dll [39936]
O44 - LFC:[MD5.23D4907D662E248E09872E5A32E71570] - 03/08/2010 - 05:13:00 ---A- . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Audio Layer-3 Codec for MSACM.) -- C:\WINDOWS\System32\mp3fhg.acm [232448]
O44 - LFC:[MD5.CF2B89CD147519657CA087B180B5A884] - 03/08/2010 - 05:13:00 ---A- . (.HMS http://hp.vector.co.jp/authors/VA012897 - Ogg Vorbis CODEC for MSACM.) -- C:\WINDOWS\System32\vorbis.acm [1294336]
O44 - LFC:[MD5.047057D56AA7249A55708A9161E3D148] - 03/08/2010 - 05:13:00 ---A- . (.Hacked with Joy ! - DivX ;-) MPEG-4 Video Codec.) -- C:\WINDOWS\System32\DivXc32.dll [413760]
O44 - LFC:[MD5.80158C86A4B7ABB3E4EC09903442E57E] - 03/08/2010 - 05:13:00 ---A- . (.Hacked with Joy ! - DivX ;-) MPEG-4 Video Codec.) -- C:\WINDOWS\System32\DivXc32f.dll [413760]
O44 - LFC:[MD5.B0C224473248EB1F21C2BC1676C7579C] - 03/08/2010 - 05:13:00 ---A- . (.Intel Corporation - Intel I.263 Video Driver 2.55.012.) -- C:\WINDOWS\System32\I263_32.drv [391680]
O44 - LFC:[MD5.8B32D7F2C98E4CE24CA678551EE3F780] - 03/08/2010 - 05:13:00 ---A- . (.Kristal Studi - DivX WMA Audi.) -- C:\WINDOWS\System32\divxa32.acm [287744]
O44 - LFC:[MD5.FAC0D5B16EFA7376CA81047490187D0D] - 03/08/2010 - 05:13:00 ---A- . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\WINDOWS\System32\vp6vfw.dll [438272]
O44 - LFC:[MD5.1D7856BE8960111D435CE8B73BF72232] - 03/08/2010 - 05:13:00 ---A- . (.On2.com - VP70 VIDEO FOR WINDOWS CODEC.) -- C:\WINDOWS\System32\vp7vfw.dll [630784]
O44 - LFC:[MD5.5B7F4F0976BE76D8F0A8BFA8714BD1C8] - 03/08/2010 - 05:13:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\lame_acm.xml [414]
O44 - LFC:[MD5.DFE29D932C02602228B820AE812D7C3F] - 03/08/2010 - 05:13:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\x264vfw.dll [3200512]
O44 - LFC:[MD5.6AFF193BF793517DA7A7D86A8264CC8F] - 03/08/2010 - 05:13:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\xvidcore.dll [790528]
O44 - LFC:[MD5.8EF0DA11DA8CF738B88DC1F33E2BA74D] - 03/08/2010 - 05:13:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\xvidvfw.dll [134144]
O44 - LFC:[MD5.13FA039C5E464F3BF0C6D01E00581CAA] - 03/08/2010 - 05:13:00 ---A- . (.fccHandler - AC-3 ACM Codec.) -- C:\WINDOWS\System32\ac3acm.acm [151552]
O44 - LFC:[MD5.22722B4E887BB95AB071542DE5A42C80] - 03/08/2010 - 05:13:00 ---A- . (.http://www.mp3dev.org/ - Lame MP3 codec engine.) -- C:\WINDOWS\System32\lameACM.acm [839680]
O44 - LFC:[MD5.DD602C1FBA3A3E962627569C9E10AF7C] - 03/08/2010 - 05:13:00 ---A- . (.www.helixcommunity.org - Helix YV12 YUV Codec.) -- C:\WINDOWS\System32\yv12vfw.dll [217088]
O44 - LFC:[MD5.AB90E3453839235FD759A854203B948E] - 03/08/2010 - 05:12:59 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ff_vfw.dll.manifest [547]
O44 - LFC:[MD5.ED69BFFF29F6D8242E094415D67C6632] - 02/08/2010 - 22:57:37 ---A- . (.CPUID - PC Wizard Control Panel Applet.) -- C:\WINDOWS\System32\PCWizard.cpl [27136]
O44 - LFC:[MD5.7FD1956E221C3750E0532A48E8EDD305] - 02/08/2010 - 02:08:01 ---A- . (.Pas de propriétaire - About Page.) -- C:\WINDOWS\System32\RtNicProp32.dll [80416]
O44 - LFC:[MD5.65A5BD4A43ED3C029A514E7502CD804F] - 02/08/2010 - 02:08:01 ---A- . (.Realtek Semiconductor Corporation - RTNUninst.) -- C:\WINDOWS\System32\RTNUninst32.dll [100896]
O44 - LFC:[MD5.7E13F3F0F4C4C337A6949A18D1D23089] - 02/08/2010 - 01:55:25 ---A- . (.ATI Technologies, Inc. - ATI High Definition Audio Function Driver.) -- C:\WINDOWS\System32\drivers\AtiHdmi.sys [101904]
O44 - LFC:[MD5.54789F9BA0D59072CDD4E7C200E122C4] - 01/08/2010 - 20:59:03 ---A- . (.Windows (R) 2000 DDK provider - GIGABYTE Tools.) -- C:\WINDOWS\gdrv.sys [15600]
O44 - LFC:[MD5.0D448725A72ECD481A84158A3349C065] - 01/08/2010 - 19:56:09 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\hwm.ini [47]
O44 - LFC:[MD5.A4001C78F2806662B3BD91ACB44E6330] - 31/07/2010 - 18:54:07 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\initdebug.nfo [45]
O44 - LFC:[MD5.2DAA8CC2670720DEDDCC74A20EDE2EE9] - 30/07/2010 - 12:45:19 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver Manager.) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [22360]
O44 - LFC:[MD5.5B44C214F9CD9F590BE9125347610380] - 30/07/2010 - 12:45:19 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver.) -- C:\WINDOWS\System32\drivers\avgntdd.sys [45416]
O44 - LFC:[MD5.AD9BD66A862116E79CB45BB6BE46055F] - 30/07/2010 - 12:45:19 ---A- . (.Avira GmbH - Avira Driver for RootKit Detection.) -- C:\WINDOWS\System32\drivers\avipbb.sys [96104]
O44 - LFC:[MD5.14FE36D8F2C6A2435275338D061A0B66] - 30/07/2010 - 12:45:19 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\WINDOWS\System32\drivers\avgntflt.sys [56816]
O44 - LFC:[MD5.3AD0362CF68DE3AC500E981700242CCA] - 30/07/2010 - 12:45:17 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [28520]
O44 - LFC:[MD5.486E0B1BC94C346E5C352C295388C803] - 30/07/2010 - 12:38:21 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\CONFIG.NT [3072]
O44 - LFC:[MD5.AD37EB36651199907A03236237B7FEB7] - 30/07/2010 - 10:58:08 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\FNTCACHE.DAT [1093256]
O44 - LFC:[MD5.FE92235D4A7046F4186615A02879A308] - 30/07/2010 - 06:36:25 ---A- . (. ATI Technologies Inc. - atiddc.) -- C:\WINDOWS\System32\ATIDDC.DLL [53248]
O44 - LFC:[MD5.6E05CDEEE5FEBB21850A0A7BA4CFCE03] - 30/07/2010 - 06:36:25 ---A- . (.ATI Technologies Inc. - .INF file installer.) -- C:\WINDOWS\System32\atiiiexx.dll [311296]
O44 - LFC:[MD5.327EAC8C955C19D3F6384CE3AAB5ED31] - 30/07/2010 - 06:36:25 ---A- . (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\System32\ati2evxx.exe [602112]
O44 - LFC:[MD5.636522EF9F3EFC70CCDD3A00886ADEE6] - 30/07/2010 - 06:36:25 ---A- . (.ATI Technologies Inc. - ATI Radeon WindowsNT Display Driver.) -- C:\WINDOWS\System32\ati2dvag.dll [299520]
O44 - LFC:[MD5.1D99D1B43638E31EA5CF4A8FD199762B] - 30/07/2010 - 06:36:25 ---A- . (.ATI Technologies Inc. - ATI Radeon WindowsNT Miniport Driver.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys [5069312]
O44 - LFC:[MD5.3C2DD57E0C1384BEC6307E896D56BC44] - 30/07/2010 - 06:36:25 ---A- . (.ATI Technologies Inc. - ATI RageTheater/ImpacTV2 COM interface.) -- C:\WINDOWS\System32\atitvo32.dll [17408]
O44 - LFC:[MD5.FF29CD9175C5A8A93FE12202590DA7D1] - 30/07/2010 - 06:36:25 ---A- . (.ATI Technologies Inc. - Central Memory Manager / Queue Server Modul.) -- C:\WINDOWS\System32\ati2cqag.dll [704512]
O44 - LFC:[MD5.77F1D84D29A52E83ED9CEA5178A3BCDE] - 30/07/2010 - 06:36:25 ---A- . (.ATI Technologies Inc. - Virtual Command And Memory Manager.) -- C:\WINDOWS\System32\atikvmag.dll [573440]
O44 - LFC:[MD5.A7818C421D089896AE79668BE68C2745] - 30/07/2010 - 06:36:25 ---A- . (.ATI Technologies Inc. - ati3duag.dll.) -- C:\WINDOWS\System32\ati3duag.dll [3869952]
O44 - LFC:[MD5.48E7C7637DFFA13CE3CD5D9C66FBCB22] - 30/07/2010 - 06:36:25 ---A- . (.ATI Technologies Inc. - eRecord Message Resource File.) -- C:\WINDOWS\System32\drivers\ati2erec.dll [53248]
O44 - LFC:[MD5.9505C5D2F033614EF8725DCF6DE6013A] - 30/07/2010 - 06:36:25 ---A- . (.ATI Technologies, Inc. - 32-bit ATI VCO Driver.) -- C:\WINDOWS\System32\ativcoxx.dll [24064]
O44 - LFC:[MD5.F25F5B0CA6694589701E72F2CE3F2D0C] - 30/07/2010 - 06:36:25 ---A- . (.ATI Technologies, Inc. - ATI Desktop CWDDEDI DLL.) -- C:\WINDOWS\System32\atipdlxx.dll [208896]
O44 - LFC:[MD5.7978106A0AA45369718F4A26BFAE212C] - 30/07/2010 - 06:36:25 ---A- . (.ATI Technologies, Inc. - ATI Driver Interface DLL.) -- C:\WINDOWS\System32\Oemdspif.dll [155648]
O44 - LFC:[MD5.382E1C06227D5A1797639CE8A68FE289] - 30/07/2010 - 06:36:25 ---A- . (.ATI Technologies, Inc. - ATI2MDXX.) -- C:\WINDOWS\System32\Ati2mdxx.exe [26112]
O44 - LFC:[MD5.86FB844677C4F2D4B2E684ED2798FF4B] - 30/07/2010 - 06:36:25 ---A- . (.ATI Technologies, Inc. - ati2edxx.) -- C:\WINDOWS\System32\ati2edxx.dll [43520]
O44 - LFC:[MD5.0AE158B661206A96C075562DC61A8556] - 30/07/2010 - 06:36:25 ---A- . (.Advanced Micro Devices, Inc. - ATI OpenGL driver.) -- C:\WINDOWS\System32\atioglxx.dll [15499264]
O44 - LFC:[MD5.0A8D921D512244F694C95EBC077B890B] - 30/07/2010 - 06:36:25 ---A- . (.Advanced Micro Devices, Inc. - Graphics DEM.) -- C:\WINDOWS\System32\ATIDEMGX.dll [446464]
O44 - LFC:[MD5.29C5216C2A88D61B6076CB76DFDB19F4] - 30/07/2010 - 06:36:25 ---A- . (.Advanced Micro Devices, Inc. - Radeon Video Acceleration Universal Driver.) -- C:\WINDOWS\System32\ativvaxx.dll [2273920]
O44 - LFC:[MD5.1B4BE23F7A11E6D9CD274DDA71189729] - 30/07/2010 - 06:36:25 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\atiapfxx.blb [63416]
O44 - LFC:[MD5.6D68F701C262E22B7014A2FFE169D1EA] - 30/07/2010 - 06:36:25 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\atiicdxx.dat [205156]
O44 - LFC:[MD5.DADAFE066983AB646E8550013FB7DA13] - 30/07/2010 - 06:36:25 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ativva5x.dat [3]
O44 - LFC:[MD5.CD663D99F1458BAA1840411C01B86EE5] - 30/07/2010 - 06:36:25 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ativva6x.dat [887724]
O44 - LFC:[MD5.A604A87869B0870F37F2BDC09E1032C8] - 30/07/2010 - 06:36:25 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\atiogl.xml [21682]
O44 - LFC:[MD5.E18993FE4EA22237045BDCC509933167] - 27/07/2010 - 23:16:59 ---A- . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\System32\ati2evxx.dll [159744]
O44 - LFC:[MD5.DA9CF79D06B276B703E4F6DB5D4B597B] - 27/07/2010 - 23:16:59 ---A- . (.Advanced Micro Devices Inc. - ATI CAL DD.) -- C:\WINDOWS\System32\aticaldd.dll [4337664]
O44 - LFC:[MD5.76F7B8F2BB59AED134F7146741062F0B] - 27/07/2010 - 23:16:59 ---A- . (.Advanced Micro Devices Inc. - ATI CAL compiler runtime.) -- C:\WINDOWS\System32\aticalcl.dll [53248]
O44 - LFC:[MD5.AFA21CD94031B37A88F3CA96B684FF10] - 27/07/2010 - 23:16:59 ---A- . (.Advanced Micro Devices Inc. - ATI CAL runtime.) -- C:\WINDOWS\System32\aticalrt.dll [53248]
O44 - LFC:[MD5.81BF405B468862B23D5034126901EBC7] - 27/07/2010 - 23:16:59 ---A- . (.Advanced Micro Devices, Inc. - ADL.) -- C:\WINDOWS\System32\atiadlxx.dll [184320]
O44 - LFC:[MD5.749584902AE80A53EFDA4F8FA03E1713] - 27/07/2010 - 23:16:59 ---A- . (.Advanced Micro Devices, Inc. - ATIBRTMON.) -- C:\WINDOWS\System32\atibtmon.exe [118784]
O44 - LFC:[MD5.75B576C6C2E18FC1909E8EB692B54F9F] - 27/07/2010 - 23:16:59 ---A- . (.Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) -- C:\WINDOWS\System32\amdpcom32.dll [65024]
O44 - LFC:[MD5.75B576C6C2E18FC1909E8EB692B54F9F] - 27/07/2010 - 23:16:59 ---A- . (.Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) -- C:\WINDOWS\System32\atimpc32.dll [65024]
O44 - LFC:[MD5.C94497B1F3BA6C6426818163D37BA3D1] - 27/07/2010 - 23:16:59 ---A- . (.Advanced Micro Devices, Inc. - Ring 0 x2 component.) -- C:\WINDOWS\System32\atiok3x2.dll [393216]
O44 - LFC:[MD5.9090F00C4685C1AC6922DDB8AE3945CC] - 27/07/2010 - 23:16:59 ---A- . (.Advanced Micro Devices, Inc. - atiapfxx Application.) -- C:\WINDOWS\System32\atiapfxx.exe [143360]
O44 - LFC:[MD5.FC094174027C23B89C24837D3B1405D5] - 27/07/2010 - 23:16:59 ---A- . (.Pas de propriétaire - ATIODCLI Application.) -- C:\WINDOWS\System32\ATIODCLI.exe [45056]
O44 - LFC:[MD5.118B79E717FE6F93F79D3E110240D8F9] - 27/07/2010 - 23:16:59 ---A- . (.Pas de propriétaire - ATIODE Application.) -- C:\WINDOWS\System32\ATIODE.exe [294912]
O44 - LFC:[MD5.F14AE3454DCBF7A1A45CAAC16FBE49AB] - 27/07/2010 - 23:16:59 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ativvaxx.cap [486064]
O44 - LFC:[MD5.7868DFAC25FF31FFD7793423E4F0C030] - 27/07/2010 - 22:56:15 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\CCCInstall_201007272356156363.log [18078]
O44 - LFC:[MD5.C3AE8AA2B991D55587AE5BD9B40E961A] - 27/07/2010 - 22:55:09 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\WININIT.INI [678]
O44 - LFC:[MD5.BD4407FB55C809A19340A64C4E00DFE8] - 21/07/2010 - 21:13:42 ---A- . (.TuneUp Software - TuneUp Registry Optimization Boot Applicati.) -- C:\WINDOWS\System32\TURegOpt.exe [29512]
O44 - LFC:[MD5.7E8A653DF60CF5A0EBC1C646EE4949CB] - 21/07/2010 - 21:13:39 ---A- . (.TuneUp Software - TuneUp Theme Extension.) -- C:\WINDOWS\System32\uxtuneup.dll [30024]
O44 - LFC:[MD5.D53DD4D4B632EDD75F876D4311F6C84A] - 14/07/2010 - 09:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ff_vfw.dll [108032]
O44 - LFC:[MD5.8B138ED363128BFF2C2E1E7FEA9793B4] - 14/07/2010 - 09:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\avisplitter.ini [38]
Dgray
 
Messages: 18
Inscription: 20 Fév 2008, 17:35

Messagede Dgray » 06 Aoû 2010, 21:40

Deuxième partie du rapport ZHPDiag :

---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll


---\\ Export de clé d'application autorisée (ECAA) (O47)
O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\PnkBstrA.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\PnkBstrA.exe
O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\PnkBstrB.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\PnkBstrB.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [Enabled] .(.Take-Two Interactive Software, Inc. - RGSCLauncher.) -- C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) -- C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Cyanide\Blood Bowl\BB.exe" [Enabled] .(.Cyanide - Blood Bowl.) -- C:\Program Files\Cyanide\Blood Bowl\BB.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Cyanide\Blood Bowl\Autorun\Exe\Autorun.exe" [Enabled] .(.Pas de propriétaire - AutorunApp.) -- C:\Program Files\Cyanide\Blood Bowl\Autorun\exe\Autorun.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" [Enabled] .(.Microsoft Corporation - Windows Live Sync.) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
O47 - AAKE:Key Export SP - "C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe" [Enabled] .(.Konami Digital Entertainment Co., Ltd. - Pro Evolution Soccer 2010.) -- C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Dragon Age\bin_ship\daorigins.exe" [Enabled] .(.BioWare - Dragon Age: ??????.) -- C:\Program Files\Dragon Age\bin_ship\daorigins.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Dragon Age\DAOriginsLauncher.exe" [Enabled] .(.BioWare - Launcher Application.) -- C:\Program Files\Dragon Age\DAOriginsLauncher.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe" [Enabled] .(.BioWare - DAUpdaterSvc.Service.) -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Skype\Phone\Skype.exe" [Enabled] .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" [Enabled] .(.Microsoft Corporation - Microsoft Office Outlook.) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.exe
O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe
O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" [Enabled] .(.Microsoft Corporation - Windows Live Sync.) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe


---\\ Déni du service (Local Security Authority) (LSA) (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\System32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\System32\msv1_0.dll


---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d


---\\ MountPoints2 Shell Key (MPSK) (O51)
O51 - MPSK:{b3c3a167-fc71-11dc-85da-001a4d5794dd}\Shell\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- J:\wd_windows_tools\setup.exe (.not file.)
O51 - MPSK:{ffe3a048-bb36-11dd-8651-001a4d5794dd}\Shell\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- wd_windows_tools\WDSetup.exe (.not file.)


---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech(TM) DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll
O52 - TDSD: \Drivers32\"vidc.I420"="i420vfw.dll" . (.www.helixcommunity.org - Helix I420 YUV Codec.) -- C:\WINDOWS\System32\i420vfw.dll
O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\System32\ir41_32.ax
O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm
O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax
O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\System32\ir50_32.dll
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm
O52 - TDSD: \Drivers32\"vidc.DIVX"="DivX.dll" . (.DivX, Inc. - DivX.) -- C:\WINDOWS\System32\DivX.dll
O52 - TDSD: \Drivers32\"vidc.i263"="i263_32.drv" . (.Intel Corporation - Intel I.263 Video Driver 2.55.012.) -- C:\WINDOWS\System32\i263_32.drv
O52 - TDSD: \Drivers32\"msacm.l3fhg"="mp3fhg.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Audio Layer-3 Codec for MSACM.) -- C:\WINDOWS\System32\mp3fhg.acm
O52 - TDSD: \Drivers32\"msacm.divxa32"="divxa32.acm" . (.Kristal Studi - DivX WMA Audi.) -- C:\WINDOWS\System32\divxa32.acm
O52 - TDSD: \Drivers32\"msacm.vorbis"="vorbis.acm" . (.HMS http://hp.vector.co.jp/authors/VA012897 - Ogg Vorbis CODEC for MSACM.) -- C:\WINDOWS\System32\vorbis.acm
O52 - TDSD: \Drivers32\"VIDC.X264"="x264vfw.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\x264vfw.dll
O52 - TDSD: \Drivers32\"VIDC.DIV3"="DivXc32.dll" . (.Hacked with Joy ! - DivX ;-) MPEG-4 Video Codec.) -- C:\WINDOWS\System32\DivXc32.dll
O52 - TDSD: \Drivers32\"VIDC.DIV4"="DivXc32f.dll" . (.Hacked with Joy ! - DivX ;-) MPEG-4 Video Codec.) -- C:\WINDOWS\System32\DivXc32f.dll
O52 - TDSD: \Drivers32\"VIDC.VP60"="vp6vfw.dll" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\WINDOWS\System32\vp6vfw.dll
O52 - TDSD: \Drivers32\"VIDC.VP61"="vp6vfw.dll" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\WINDOWS\System32\vp6vfw.dll
O52 - TDSD: \Drivers32\"VIDC.VP62"="vp6vfw.dll" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\WINDOWS\System32\vp6vfw.dll
O52 - TDSD: \Drivers32\"VIDC.VP70"="vp7vfw.dll" . (.On2.com - VP70 VIDEO FOR WINDOWS CODEC.) -- C:\WINDOWS\System32\vp7vfw.dll
O52 - TDSD: \Drivers32\"VIDC.XVID"="xvidvfw.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\xvidvfw.dll
O52 - TDSD: \Drivers32\"VIDC.HFYU"="huffyuv.dll" . (.Disappearing Inc. - Huffyuv lossless video codec.) -- C:\WINDOWS\System32\huffyuv.dll
O52 - TDSD: \Drivers32\"VIDC.YV12"="yv12vfw.dll" . (.www.helixcommunity.org - Helix YV12 YUV Codec.) -- C:\WINDOWS\System32\yv12vfw.dll
O52 - TDSD: \Drivers32\"msacm.ac3acm"="ac3acm.acm" . (.fccHandler - AC-3 ACM Codec.) -- C:\WINDOWS\System32\ac3acm.acm
O52 - TDSD: \Drivers32\"msacm.lameacm"="lameACM.acm" . (.http://www.mp3dev.org/ - Lame MP3 codec engine.) -- C:\WINDOWS\System32\lameACM.acm
O52 - TDSD: \Drivers32\"VIDC.FFDS"="ff_vfw.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ff_vfw.dll
O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm
O52 - TDSD: \drivers.desc\"ir50_32.dll"="Indeo® video 5.10" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm
O52 - TDSD: \drivers.desc\"ulmp3acm.acm"="Ulead ACM MP3 Codec" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O52 - TDSD: \drivers.desc\"DivX.dll"="DivX 6.9.2 Codec" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O52 - TDSD: \drivers.desc\"i263_32.drv"="Intel I.263 Video Driver 2.55.1.16" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O52 - TDSD: \drivers.desc\"mp3fhg.acm"="Fraunhofer IIS MPEG Layer-3 Codec (Professional) v3.3.2" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O52 - TDSD: \drivers.desc\"divxa32.acm"="DivX WMA" . (.Kristal Studi - DivX WMA Audi.) -- C:\WINDOWS\System32\divxa32.acm
O52 - TDSD: \drivers.desc\"vorbis.acm"="Ogg Vorbis Audio Codec" . (.HMS http://hp.vector.co.jp/authors/VA012897 - Ogg Vorbis CODEC for MSACM.) -- C:\WINDOWS\System32\vorbis.acm
O52 - TDSD: \drivers.desc\"x264vfw.dll"="x264 H.264 Video Codec" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O52 - TDSD: \drivers.desc\"DivXc32.dll"="DivX 3.11 MPEG-4 Video Codec (Low-Motion)" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O52 - TDSD: \drivers.desc\"DivXc32f.dll"="DivX 3.11 MPEG-4 Video Codec (Fast-Motion)" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O52 - TDSD: \drivers.desc\"vp6vfw.dll"="On2 VP6" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\WINDOWS\System32\vp6vfw.dll
O52 - TDSD: \drivers.desc\"vp7vfw.dll"="On2 VP7" . (.On2.com - VP70 VIDEO FOR WINDOWS CODEC.) -- C:\WINDOWS\System32\vp7vfw.dll
O52 - TDSD: \drivers.desc\"xvidvfw.dll"="Xvid MPEG-4 Video Codec 1.2.2" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O52 - TDSD: \drivers.desc\"lameACM.acm"="Lame ACM MP3 CODEC v3.98.2" . (.Pas de propriétaire - Pas de description.) -- (.not file.)
O52 - TDSD: \drivers.desc\"huffyuv.dll"="Huffyuv lossless codec" . (.Disappearing Inc. - Huffyuv lossless video codec.) -- C:\WINDOWS\System32\huffyuv.dll
O52 - TDSD: \drivers.desc\"ac3acm.acm"="AC-3 ACM Codec" . (.fccHandler - AC-3 ACM Codec.) -- C:\WINDOWS\System32\ac3acm.acm
O52 - TDSD: \drivers.desc\"ff_vfw.dll"="ffdshow video encoder" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ff_vfw.dll


---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\ATICustomerCare [Key] . (.Advanced Micro Devices, Inc. - ATI Customer Care.) -- C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe
O53 - SMSR:HKLM\...\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} [Key] . (.Nero AG - Nero Home.) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
O53 - SMSR:HKLM\...\startupreg\ctfmon.exe [Key] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O53 - SMSR:HKLM\...\startupreg\DAEMON Tools Lite [Key] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
O53 - SMSR:HKLM\...\startupreg\DivXUpdate [Key] . (.Pas de propriétaire - DivX Update.) -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
O53 - SMSR:HKLM\...\startupreg\JMB36X IDE Setup [Key] . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\RaidTool\xInsIDE.exe
O53 - SMSR:HKLM\...\startupreg\MSMSGS [Key] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O53 - SMSR:HKLM\...\startupreg\NeroFilterCheck [Key] . (.Nero AG - NeroCheck.) -- C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O53 - SMSR:HKLM\...\startupreg\StartCCC [Key] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O53 - SMSR:HKLM\...\startupreg\UnlockerAssistant [Key] . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Unlocker\UnlockerAssistant.exe


---\\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll


---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1


---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoDriveTypeAutoRun"=145
O56 - MWPE:[HKLM\...\Policies\Explorer] - "HonorAutoRunSetting"=1


---\\ Liste des Drivers Système (SDL) (O58)
O58 - SDL:[MD5.1D99D1B43638E31EA5CF4A8FD199762B] - 07/07/2010 - 03:27:52 ---A- . (.ATI Technologies Inc. - ATI Radeon WindowsNT Miniport Driver.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys
O58 - SDL:[MD5.7E13F3F0F4C4C337A6949A18D1D23089] - 17/05/2010 - 13:04:06 ---A- . (.ATI Technologies, Inc. - ATI High Definition Audio Function Driver.) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys
O58 - SDL:[MD5.0E4BB35C5305099AC82053AC992E3E0E] - 10/11/2006 - 14:08:50 ---A- . (.Pas de propriétaire - Low-Level Driver.) -- C:\WINDOWS\system32\drivers\ATITool.sys
O58 - SDL:[MD5.F0D933B42CD0594048E4D5200AE9E417] - 11/10/2009 - 04:41:35 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\drivers\atksgt.sys
O58 - SDL:[MD5.5B44C214F9CD9F590BE9125347610380] - 13/02/2009 - 11:17:49 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver.) -- C:\WINDOWS\system32\drivers\avgntdd.sys
O58 - SDL:[MD5.14FE36D8F2C6A2435275338D061A0B66] - 25/11/2009 - 11:19:02 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\WINDOWS\system32\drivers\avgntflt.sys
O58 - SDL:[MD5.2DAA8CC2670720DEDDCC74A20EDE2EE9] - 13/02/2009 - 11:28:39 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver Manager.) -- C:\WINDOWS\system32\drivers\avgntmgr.sys
O58 - SDL:[MD5.AD9BD66A862116E79CB45BB6BE46055F] - 30/03/2009 - 09:32:47 ---A- . (.Avira GmbH - Avira Driver for RootKit Detection.) -- C:\WINDOWS\system32\drivers\avipbb.sys
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 05/08/2004 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\drivers\cinemst2.sys
O58 - SDL:[MD5.7399B62C07D2340826CCAD5B4D661D35] - 28/03/2008 - 03:10:56 ---A- . (.Comodo Research Lab., Inc. - Comodo Application Engine driver.) -- C:\WINDOWS\system32\drivers\cmdmon.sys
O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 05/08/2004 - 13:00:00 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys
O58 - SDL:[MD5.ACA060CDDE6824C352F67B143130AF7A] - 23/10/2006 - 11:42:30 ---A- . (.Compuware Corporation - Sample USB Filter Driver.) -- C:\WINDOWS\system32\drivers\hid8101.sys
O58 - SDL:[MD5.3F2A452E1E0F6ED7015748841C523058] - 08/02/2007 - 14:44:16 ---A- . (.Paragon Software Group - Hotbackup helper driver.) -- C:\WINDOWS\system32\drivers\hotcore3.sys
O58 - SDL:[MD5.9B2BECE9AFC21DA79A703034EF578ED8] - 04/10/2007 - 11:28:58 ---A- . (.Ahead Software AG - NERO IMAGEDRIVE SCSI miniport.) -- C:\WINDOWS\system32\drivers\imagedrv.sys
O58 - SDL:[MD5.8E0BE30A48D102A78DA6BDF4515B847F] - 04/10/2007 - 11:29:00 ---A- . (.Ahead Software AG - Nero Image Server.) -- C:\WINDOWS\system32\drivers\imagesrv.sys
O58 - SDL:[MD5.76A44EA5960F2F7224F5E7C7A18A0E3B] - 28/03/2008 - 03:10:56 ---A- . (.COMODO - Comodo Personal Firewall Stateful Inspection Engine.) -- C:\WINDOWS\system32\drivers\inspect.sys
O58 - SDL:[MD5.C1632FE31D1824A43DEA29725312E3FA] - 13/06/2007 - 16:47:12 R--A- . (.JMicron Technology Corp. - JMicron JMB36X RAID Driver.) -- C:\WINDOWS\system32\drivers\jraid.sys
O58 - SDL:[MD5.F8A7212D0864EF5E9185FB95E6623F4D] - 11/10/2009 - 04:41:34 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\drivers\lirsgt.sys
O58 - SDL:[MD5.521AC031B415AE02C4C18AC5085A32F1] - 08/02/2007 - 14:44:22 ---A- . (.Rocket Division Software - StarPort Storage Controller.) -- C:\WINDOWS\system32\drivers\NetBurn.sys
O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 05/08/2004 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\nikedrv.sys
O58 - SDL:[MD5.D929E935C140025C18678E6E97A75471] - 10/05/2008 - 20:58:29 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 05/08/2004 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys
O58 - SDL:[MD5.116C340ACF37602D12CAC6DE6B8107CD] - 24/04/2005 - 21:43:58 ---A- . (.Razer (Asia-Pacific) Pte Ltd - Diamondback USB Optical Mouse Driver.) -- C:\WINDOWS\system32\drivers\Razerlow.sys
O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 05/08/2004 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers\rio8drv.sys
O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 05/08/2004 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\riodrv.sys
O58 - SDL:[MD5.40607773FECD00708354809E233823F2] - 03/05/2010 - 13:49:18 ---A- . (.Realtek Semiconductor Corporation - Realtek 10/100/1000 NDIS 5.1 Driver.) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys
O58 - SDL:[MD5.856531CD105523A2F81375E7BE4954C7] - 27/02/2008 - 19:30:00 ---A- . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function Driver.) -- C:\WINDOWS\system32\drivers\RtHDMI.sys
O58 - SDL:[MD5.6708CFA52D71374371F61435845F3C9B] - 11/03/2008 - 18:54:14 ---A- . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function Driver.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys
O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/11/2007 - 11:25:54 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\secdrv.sys
O58 - SDL:[MD5.00000000000000000000000000000000] - 05/08/2010 - 02:50:46 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\drivers\sptd.sys
O58 - SDL:[MD5.3AD0362CF68DE3AC500E981700242CCA] - 11/05/2009 - 09:11:52 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\system32\drivers\ssmdrv.sys
O58 - SDL:[MD5.D74A8EC75305F1D3CFDE7C7FC1BD62A9] - 05/08/2004 - 13:00:00 ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\drivers\tsbvcap.sys
O58 - SDL:[MD5.0D3BAAB7661859CDE0452662DB3B4674] - 08/02/2007 - 14:44:16 ---A- . (.Windows (R) 2000 DDK provider - Image Mounter SCSI Port Driver.) -- C:\WINDOWS\system32\drivers\UimBus.sys
O58 - SDL:[MD5.059C248901A32E316DB8EF9C351F47B9] - 08/02/2007 - 14:44:16 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\drivers\UimFIO.sys
O58 - SDL:[MD5.FDE6D035BE6F28F8D81E4D870836ADD0] - 08/02/2007 - 14:44:16 ---A- . (.Paragon - Image Mounter.) -- C:\WINDOWS\system32\drivers\Uim_IM.sys
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 05/08/2004 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 05/08/2004 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ansi.sys
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 05/08/2004 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\country.sys
O58 - SDL:[MD5.77EBF3E9386DAA51551AF429052D88D0] - 03/04/1996 - 20:33:26 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\giveio.sys
O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 05/08/2004 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\himem.sys
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 05/08/2004 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\key01.sys
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 05/08/2004 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\keyboard.sys
O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 05/08/2004 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos.sys
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 05/08/2004 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos404.sys
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 05/08/2004 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos411.sys
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 05/08/2004 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos412.sys
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 05/08/2004 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos804.sys
O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 05/08/2004 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio.sys
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 05/08/2004 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio404.sys
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 05/08/2004 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio411.sys
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 05/08/2004 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio412.sys
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 05/08/2004 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio804.sys
O58 - SDL:[MD5.5D6401DB90EC81B71F8E2C5C8F0FEF23] - 24/09/2006 - 14:28:46 ---A- . (.Windows (R) 2000 DDK provider - SpeedFan Device Driver.) -- C:\WINDOWS\system32\speedfan.sys


---\\ Liste des outils de nettoyage (LATC) (O63)
O63 - Logiciel: ZHPDiag 1.26 - (.Nicolas Coolman.)


---\\ Liste des services Legacy (LALS) (O64)
O64 - Services: CurCS - C:\Program Files\Avira\AntiVir Desktop\sched.exe - Avira AntiVir Planificateur (AntiVirSchedulerService) .(.Avira GmbH - Antivirus Scheduler.) - LEGACY_ANTIVIRSCHEDULERSERVICE
O64 - Services: CurCS - C:\Program Files\Avira\AntiVir Desktop\avguard.exe - Avira AntiVir Guard (AntiVirService) .(.Avira GmbH - Antivirus On-Access Service.) - LEGACY_ANTIVIRSERVICE
O64 - Services: CurCS - (.not file.) - aswFsBlk (aswFsBlk) .(.Pas de propriétaire - Pas de description.) - LEGACY_ASWFSBLK
O64 - Services: CurCS - (.not file.) - avast! Self Protection (aswSP) .(.Pas de propriétaire - Pas de description.) - LEGACY_ASWSP
O64 - Services: CurCS - C:\WINDOWS\system32\Ati2evxx.exe - Ati HotKey Poller (Ati HotKey Poller) .(.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - LEGACY_ATI_HOTKEY_POLLER
O64 - Services: CurCS - (.not file.) - ATI Smart (ATI Smart) .(.Pas de propriétaire - Pas de description.) - LEGACY_ATI_SMART
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\atksgt.sys - atksgt (atksgt) .(.Pas de propriétaire - Pas de description.) - LEGACY_ATKSGT
O64 - Services: CurCS - C:\Program Files\Avira\AntiVir Desktop\avgio.sys - avgio (avgio) .(.Avira GmbH - Avira AntiVir Support for Minifilter.) - LEGACY_AVGIO
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\avgntflt.sys - avgntflt (avgntflt) .(.Avira GmbH - Avira Minifilter Driver.) - LEGACY_AVGNTFLT
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\avipbb.sys - avipbb (avipbb) .(.Avira GmbH - Avira Driver for RootKit Detection.) - LEGACY_AVIPBB
O64 - Services: CurCS - C:\Program Files\Comodo\Firewall\cmdagent.exe - Comodo Application Agent (CmdAgent) .(.COMODO - Comodo Agent Service.) - LEGACY_CMDAGENT
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\cmdmon.sys - Comodo Application Engine (CmdMon) .(.Comodo Research Lab., Inc. - Comodo Application Engine driver.) - LEGACY_CMDMON
O64 - Services: CurCS - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe - Dragon Age: Origins - Content Updater (DAUpdaterSvc) .(.BioWare - DAUpdaterSvc.Service.) - LEGACY_DAUPDATERSVC
O64 - Services: CurCS - (.not file.) - Lanceur de processus serveur DCOM (DcomLaunch) .(.Pas de propriétaire - Pas de description.) - LEGACY_DCOMLAUNCH
O64 - Services: CurCS - C:\WINDOWS\gdrv.sys - gdrv (gdrv) .(.Windows (R) 2000 DDK provider - GIGABYTE Tools.) - LEGACY_GDRV
O64 - Services: CurCS - C:\Windows\system32\drivers\hotcore3.sys - hotcore3 (hotcore3) .(.Paragon Software Group - Hotbackup helper driver.) - LEGACY_HOTCORE3
O64 - Services: CurCS - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe - InstallDriver Table Manager (IDriverT) .(.Macrovision Corporation - IDriverT Module.) - LEGACY_IDRIVERT
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\inspect.sys - Comodo Network Engine (Inspect) .(.COMODO - Comodo Personal Firewall Stateful Inspectio.) - LEGACY_INSPECT
O64 - Services: CurCS - (.not file.) - klmd24 (klmd24) .(.Pas de propriétaire - Pas de description.) - LEGACY_KLMD24
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\lirsgt.sys - lirsgt (lirsgt) .(.Pas de propriétaire - Pas de description.) - LEGACY_LIRSGT
O64 - Services: CurCS - (.not file.) - mbr (mbr) .(.Pas de propriétaire - Pas de description.) - LEGACY_MBR
O64 - Services: CurCS - (.not file.) - mchInjDrv (mchInjDrv) .(.Pas de propriétaire - Pas de description.) - LEGACY_MCHINJDRV
O64 - Services: CurCS - (.not file.) - mountmgr (mountmgr) .(.Pas de propriétaire - Pas de description.) - LEGACY_MOUNTMGR
O64 - Services: CurCS - (.not file.) - Mup (Mup) .(.Pas de propriétaire - Pas de description.) - LEGACY_MUP
O64 - Services: CurCS - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe - NBService (NBService) .(.Nero AG - Nero BackItUp.) - LEGACY_NBSERVICE
O64 - Services: CurCS - (.not file.) - Pilote système NDIS (NDIS) .(.Pas de propriétaire - Pas de description.) - LEGACY_NDIS
O64 - Services: CurCS - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe - NMIndexingService (NMIndexingService) .(.Nero AG - Nero Home.) - LEGACY_NMINDEXINGSERVICE
O64 - Services: CurCS - (.not file.) - PartMgr (PartMgr) .(.Pas de propriétaire - Pas de description.) - LEGACY_PARTMGR
O64 - Services: CurCS - C:\WINDOWS\system32\PnkBstrA.exe - PnkBstrA (PnkBstrA) .(.Pas de propriétaire - Pas de description.) - LEGACY_PNKBSTRA
O64 - Services: CurCS - (.not file.) - PROCEXP141 (PROCEXP141) .(.Pas de propriétaire - Pas de description.) - LEGACY_PROCEXP141
O64 - Services: CurCS - (.not file.) - pxldypow (pxldypow) .(.Pas de propriétaire - Pas de description.) - LEGACY_PXLDYPOW
O64 - Services: CurCS - (.not file.) - RDPNP (RDPNP) .(.Pas de propriétaire - Pas de description.) - LEGACY_RDPNP
O64 - Services: CurCS - C:\Program Files\RivaTuner v2.24\RivaTuner32.sys - RivaTuner32 (RivaTuner32) .(.Pas de propriétaire - Pas de description.) - LEGACY_RIVATUNER32
O64 - Services: CurCS - (.not file.) - RKREVEAL150 (RKREVEAL150) .(.Pas de propriétaire - Pas de description.) - LEGACY_RKREVEAL150
O64 - Services: CurCS - (.not file.) - Appel de procédure distante (RPC) (RpcSs) .(.Pas de propriétaire - Pas de description.) - LEGACY_RPCSS
O64 - Services: CurCS - (.not file.) - SANDRA (SANDRA) .(.Pas de propriétaire - Pas de description.) - LEGACY_SANDRA
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\secdrv.sys - Secdrv (Secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
O64 - Services: CurCS - C:\Windows\system32\Drivers\sptd.sys - sptd (sptd) .(.Pas de propriétaire - Pas de description.) - LEGACY_SPTD
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\ssmdrv.sys - ssmdrv (ssmdrv) .(.Avira GmbH - AVIRA SnapShot Driver.) - LEGACY_SSMDRV
O64 - Services: CurCS - (.not file.) - Services Terminal Server (TermService) .(.Pas de propriétaire - Pas de description.) - LEGACY_TERMSERVICE
O64 - Services: CurCS - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe - TuneUp Drive Defrag Service (TuneUp.Defrag) .(.TuneUp Software - TuneUp Drive Defrag-Dienst.) - LEGACY_TUNEUP.DEFRAG
O64 - Services: CurCS - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe - TuneUp Utilities Service (TuneUp.UtilitiesSvc) .(.TuneUp Software - TuneUp Utilities Service.) - LEGACY_TUNEUP.UTILITIESSVC
O64 - Services: CurCS - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys - TuneUpUtilitiesDrv (TuneUpUtilitiesDrv) .(.TuneUp Software - TuneUp Utilities Driver.) - LEGACY_TUNEUPUTILITIESDRV
O64 - Services: CurCS - C:\Program Files\Unlocker\UnlockerDriver5.sys - UnlockerDriver5 (UnlockerDriver5) .(.Pas de propriétaire - Pas de description.) - LEGACY_UNLOCKERDRIVER5


---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll
O67 - Shell Spawning: <cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <com> <comfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe
O67 - Shell Spawning: <reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe
O67 - Shell Spawning: <html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll
O67 - Shell Spawning: <cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <com> <comfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe
O67 - Shell Spawning: <reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe


---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX> <Mozilla>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE> <Internet>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <Opera> <Opera>[HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\Opera.exe


---\\ Search Browser Infection (SBI) (O69)
[HKCU\Software\Microsoft\Internet Explorer\MenuExt\E&xporter vers Microsoft Excel]
O69 - SBI: SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A}- () - http://search.live.com
O69 - SBI: SearchScopes {19750DE4-7198-440C-85B3-BED0870A73E0} [DefaultScope] - (Yahoo! Search) - http://search.yahoo.com
O69 - SBI: SearchScopes {EDDC3228-7152-45E2-AF36-CA6440E2FB16}- (Google) - http://www.google.fr


---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
Run by Propriétaire at 06/08/2010 21:50:29
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spml.sys >>UNKNOWN [0x8A803938]<<
kernel: MBR read successfully
user & kernel MBR OK
Dgray
 
Messages: 18
Inscription: 20 Fév 2008, 17:35

Messagede Dgray » 06 Aoû 2010, 21:42

Troisième partie du rapport ZHPDiag :


---\\ Recherche des services démarrés par Svchost (SSS) (O83)
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\WINDOWS\System32\audiosrv.dll
O83 - Search Svchost Services: Browser (Browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\WINDOWS\System32\browser.dll
O83 - Search Svchost Services: CryptSvc (CryptSvc) . (.Microsoft Corporation - Cryptographic Services.) -- C:\WINDOWS\System32\cryptsvc.dll
O83 - Search Svchost Services: DMServer (DMServer) . (.Microsoft Corp. - DLL Service gestionnaire de disque logique.) -- C:\WINDOWS\System32\dmserver.dll
O83 - Search Svchost Services: DHCP (DHCP) . (.Microsoft Corporation - Service client DHCP.) -- C:\WINDOWS\System32\dhcpcsvc.dll
O83 - Search Svchost Services: ERSvc (ERSvc) . (.Microsoft Corporation - Windows Error Reporting Service.) -- C:\WINDOWS\System32\ersvc.dll
O83 - Search Svchost Services: EventSystem (EventSystem) . (.Microsoft Corporation - Pas de description.) -- C:\WINDOWS\system32\es.dll
O83 - Search Svchost Services: FastUserSwitchingCompatibility (FastUserSwitchingCompatibility) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\WINDOWS\System32\shsvcs.dll
O83 - Search Svchost Services: HidServ (HidServ) . (.Microsoft Corporation - HID Audio Service.) -- C:\WINDOWS\System32\hidserv.dll
O83 - Search Svchost Services: LanmanServer (LanmanServer) . (.Microsoft Corporation - Server Service DLL.) -- C:\WINDOWS\System32\srvsvc.dll
O83 - Search Svchost Services: LanmanWorkstation (LanmanWorkstation) . (.Microsoft Corporation - Workstation Service DLL.) -- C:\WINDOWS\System32\wkssvc.dll
O83 - Search Svchost Services: Messenger (Messenger) . (.Microsoft Corporation - NT Messenger Service.) -- C:\WINDOWS\System32\msgsvc.dll
O83 - Search Svchost Services: Netman (Netman) . (.Microsoft Corporation - Gestionnaire de connexions réseau.) -- C:\WINDOWS\System32\netman.dll
O83 - Search Svchost Services: Nla (Nla) . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\System32\mswsock.dll
O83 - Search Svchost Services: Ntmssvc (Ntmssvc) . (.Microsoft Corporation - Gestionnaire de stockage amovible.) -- C:\WINDOWS\system32\ntmssvc.dll
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\WINDOWS\System32\rasauto.dll
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\WINDOWS\System32\rasmans.dll
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\WINDOWS\System32\mprdim.dll
O83 - Search Svchost Services: Schedule (Schedule) . (.Microsoft Corporation - Moteur du Planificateur de tâches.) -- C:\WINDOWS\system32\schedsvc.dll
O83 - Search Svchost Services: Seclogon (Seclogon) . (.Microsoft Corporation - DLL de service d'ouverture de session secondaire.) -- C:\WINDOWS\System32\seclogon.dll
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\WINDOWS\system32\sens.dll
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Composants de l'application d'assistance à Microsoft NAT.) -- C:\WINDOWS\System32\ipnathlp.dll
O83 - Search Svchost Services: SRService (SRService) . (.Microsoft Corporation - Service de restauration du système.) -- C:\WINDOWS\system32\srsvc.dll
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Serveur de téléphonie Microsoft® Windows(TM).) -- C:\WINDOWS\System32\tapisrv.dll
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\WINDOWS\System32\shsvcs.dll
O83 - Search Svchost Services: TrkWks (TrkWks) . (.Microsoft Corporation - Distributed Link Tracking Client.) -- C:\WINDOWS\system32\trkwks.dll
O83 - Search Svchost Services: UxTuneUp (UxTuneUp) . (.TuneUp Software - TuneUp Theme Extension.) -- C:\WINDOWS\System32\uxtuneup.dll
O83 - Search Svchost Services: W32Time (W32Time) . (.Microsoft Corporation - Service de temps Windows.) -- C:\WINDOWS\system32\w32time.dll
O83 - Search Svchost Services: WZCSVC (WZCSVC) . (.Microsoft Corporation - Service configuration automatique sans fil.) -- C:\WINDOWS\System32\wzcsvc.dll
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\WINDOWS\system32\wbem\WMIsvc.dll
O83 - Search Svchost Services: wscsvc (wscsvc) . (.Microsoft Corporation - Windows Security Center Service.) -- C:\WINDOWS\system32\wscsvc.dll
O83 - Search Svchost Services: xmlprov (xmlprov) . (.Microsoft Corporation - Network Provisioning Service.) -- C:\WINDOWS\System32\xmlprov.dll
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Service de transfert intelligent en arrière-plan.) -- C:\WINDOWS\system32\qmgr.dll
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\WINDOWS\System32\shsvcs.dll
O83 - Search Svchost Services: helpsvc (helpsvc) . (.Microsoft Corporation - Microsoft PCHealth Service Holder.) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
O83 - Search Svchost Services: WmdmPmSN (WmdmPmSN) . (.Microsoft Corporation - Microsoft Media Device Service Provider.) -- C:\WINDOWS\system32\MsPMSNSv.dll
O83 - Search Svchost Services: napagent (napagent) . (.Microsoft Corporation - Exécution du service Agent de quarantaine.) -- C:\WINDOWS\System32\qagentrt.dll
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Service Gestion des clés.) -- C:\WINDOWS\System32\kmsvc.dll
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update AutoUpdate Service.) -- C:\WINDOWS\system32\wuauserv.dll


End of the scan (1087 lines in 01mn 20s)
Dgray
 
Messages: 18
Inscription: 20 Fév 2008, 17:35

Messagede Dgray » 06 Aoû 2010, 21:56

Rapport Avira :

Avira AntiVir Personal
Date de création du fichier de rapport : vendredi 6 août 2010 20:09

La recherche porte sur 2680386 souches de virus.

Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus
Numéro de série : 0000149996-ADJIE-0000001
Plateforme : Windows XP
Version de Windows : (Service Pack 3) [5.1.2600]
Mode Boot : Démarré normalement
Identifiant : SYSTEM
Nom de l'ordinateur : CAS-LIBRE

Informations de version :
BUILD.DAT : 9.0.0.77 21698 Bytes 09/06/2010 12:01:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 13/10/2009 10:25:46
AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11
LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 06:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 11:49:34
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 11:50:32
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 11:50:51
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 11:51:17
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 11:52:04
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02/06/2010 11:53:03
VBASE007.VDF : 7.10.9.165 4840960 Bytes 23/07/2010 11:54:34
VBASE008.VDF : 7.10.9.166 2048 Bytes 23/07/2010 11:54:34
VBASE009.VDF : 7.10.9.167 2048 Bytes 23/07/2010 11:54:34
VBASE010.VDF : 7.10.9.168 2048 Bytes 23/07/2010 11:54:34
VBASE011.VDF : 7.10.9.169 2048 Bytes 23/07/2010 11:54:34
VBASE012.VDF : 7.10.9.170 2048 Bytes 23/07/2010 11:54:35
VBASE013.VDF : 7.10.9.198 157696 Bytes 26/07/2010 11:54:38
VBASE014.VDF : 7.10.9.255 997888 Bytes 29/07/2010 11:54:54
VBASE015.VDF : 7.10.10.28 139264 Bytes 02/08/2010 18:59:24
VBASE016.VDF : 7.10.10.52 127488 Bytes 03/08/2010 21:02:55
VBASE017.VDF : 7.10.10.53 1536 Bytes 03/08/2010 21:02:55
VBASE018.VDF : 7.10.10.54 1536 Bytes 03/08/2010 21:02:55
VBASE019.VDF : 7.10.10.55 1536 Bytes 03/08/2010 21:02:55
VBASE020.VDF : 7.10.10.56 1536 Bytes 03/08/2010 21:02:55
VBASE021.VDF : 7.10.10.57 1536 Bytes 03/08/2010 21:02:56
VBASE022.VDF : 7.10.10.58 1536 Bytes 03/08/2010 21:02:56
VBASE023.VDF : 7.10.10.59 1536 Bytes 03/08/2010 21:02:56
VBASE024.VDF : 7.10.10.60 1536 Bytes 03/08/2010 21:02:56
VBASE025.VDF : 7.10.10.61 1536 Bytes 03/08/2010 21:02:56
VBASE026.VDF : 7.10.10.62 1536 Bytes 03/08/2010 21:02:56
VBASE027.VDF : 7.10.10.63 1536 Bytes 03/08/2010 21:02:56
VBASE028.VDF : 7.10.10.64 1536 Bytes 03/08/2010 21:02:56
VBASE029.VDF : 7.10.10.65 1536 Bytes 03/08/2010 21:02:56
VBASE030.VDF : 7.10.10.66 1536 Bytes 03/08/2010 21:02:56
VBASE031.VDF : 7.10.10.82 116224 Bytes 05/08/2010 05:15:53
Version du moteur : 8.2.4.32
AEVDF.DLL : 8.1.2.1 106868 Bytes 30/07/2010 11:56:01
AESCRIPT.DLL : 8.1.3.42 1364347 Bytes 30/07/2010 11:56:01
AESCN.DLL : 8.1.6.1 127347 Bytes 30/07/2010 11:55:51
AESBX.DLL : 8.1.3.1 254324 Bytes 30/07/2010 11:56:04
AERDL.DLL : 8.1.8.2 614772 Bytes 30/07/2010 11:55:49
AEPACK.DLL : 8.2.3.3 471414 Bytes 30/07/2010 11:55:43
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 30/07/2010 11:55:37
AEHEUR.DLL : 8.1.2.10 2830711 Bytes 30/07/2010 11:55:37
AEHELP.DLL : 8.1.13.2 242039 Bytes 30/07/2010 11:55:10
AEGEN.DLL : 8.1.3.18 393589 Bytes 30/07/2010 11:55:08
AEEMU.DLL : 8.1.2.0 393588 Bytes 30/07/2010 11:55:03
AECORE.DLL : 8.1.16.2 192887 Bytes 30/07/2010 11:55:02
AEBB.DLL : 8.1.1.0 53618 Bytes 30/07/2010 11:54:59
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30
AVPREF.DLL : 9.0.3.0 44289 Bytes 26/08/2009 14:13:31
AVREP.DLL : 8.0.0.7 159784 Bytes 30/07/2010 11:56:05
AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57
NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 17/06/2009 12:44:26
RCTEXT.DLL : 9.0.73.0 88321 Bytes 02/11/2009 15:58:32

Configuration pour la recherche actuelle :
Nom de la tâche...............................: Contrôle intégral du système
Fichier de configuration......................: c:\program files\avira\antivir desktop\sysscan.avp
Documentation.................................: bas
Action principale.............................: interactif
Action secondaire.............................: ignorer
Recherche sur les secteurs d'amorçage maître..: marche
Recherche sur les secteurs d'amorçage.........: marche
Secteurs d'amorçage...........................: C:, F:,
Recherche dans les programmes actifs..........: marche
Recherche en cours sur l'enregistrement.......: marche
Recherche de Rootkits.........................: marche
Contrôle d'intégrité de fichiers système......: arrêt
Fichier mode de recherche.....................: Tous les fichiers
Recherche sur les archives....................: marche
Limiter la profondeur de récursivité..........: 20
Archive Smart Extensions......................: marche
Heuristique de macrovirus.....................: marche
Heuristique fichier...........................: moyen
Catégories de dangers divergentes.............: +SPR,

Début de la recherche : vendredi 6 août 2010 20:09

La recherche d'objets cachés commence.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdAgent\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123
[INFO] L'entrée d'enregistrement n'est pas visible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdMon\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123
[INFO] L'entrée d'enregistrement n'est pas visible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inspect\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123
[INFO] L'entrée d'enregistrement n'est pas visible.
'50184' objets ont été contrôlés, '3' objets cachés ont été trouvés.

La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche '12yo preteen model.exe' - '1' module(s) sont contrôlés
Processus de recherche 'Azureus.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'RTHDCPL.exe' - '1' module(s) sont contrôlés
Processus de recherche 'cpf.exe' - '1' module(s) sont contrôlés
Processus de recherche 'TuneUpUtilitiesApp32.exe' - '1' module(s) sont contrôlés
Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'TuneUpUtilitiesService32.exe' - '1' module(s) sont contrôlés
Processus de recherche 'PnkBstrA.exe' - '1' module(s) sont contrôlés
Processus de recherche 'cmdagent.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ati2evxx.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ati2evxx.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'29' processus ont été contrôlés avec '29' modules

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD1
[INFO] Aucun virus trouvé !

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !
Secteur d'amorçage 'F:\'
[INFO] Aucun virus trouvé !

La recherche sur les renvois aux fichiers exécutables (registre) commence :
Le registre a été contrôlé ( '59' fichiers).


La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'C:\'
C:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Ce fichier est un fichier système Windows.
[REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
C:\Documents and Settings\Propriétaire\Mes documents\Jeux\Dragon.Age.Origins-SKIDROW\DA DLC\DA DLC.r05
[0] Type d'archive: RAR
--> DAO_PRC_NRX_1_1.0.dazip
[AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
[AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
C:\Documents and Settings\Propriétaire\Mes documents\Jeux\Dragon.Age.Origins-SKIDROW\DA DLC\DA DLC.r09
[0] Type d'archive: RAR
--> DAO_PRC_OCP_2_1.0.dazip
[AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
[AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
C:\Documents and Settings\Propriétaire\Mes documents\Jeux\[H-S].Interact.Play.VR\[H-S].Interact.Play.VR.DeathMarine.ace
[0] Type d'archive: ACE
--> file_id.diz
[AVERTISSEMENT] Mémoire insuffisante ! Le virus ou le programme indésirable n'a pas été supprimé !
--> [H-S].Interact.Play.VR.CD1.DeathMarine.iso
[AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
[AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
C:\Documents and Settings\Propriétaire\Mes documents\Jeux\[H-S].Interact.Play.VR\[H-S].Interact.Play.VR.Game.Save.ace
[0] Type d'archive: ACE
--> IPVR.CFG
[AVERTISSEMENT] Mémoire insuffisante ! Le virus ou le programme indésirable n'a pas été supprimé !
[AVERTISSEMENT] Mémoire insuffisante ! Le virus ou le programme indésirable n'a pas été supprimé !
C:\Program Files\Messenger Plus! Live\Scripts\Live Notifier\BotDKLive.dll
[RESULTAT] Contient le modèle de détection du programme backdoor (dangereux) BDS/Gendal.629760
C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
[RESULTAT] Contient le cheval de Troie TR/Spy.28160.B
C:\WINDOWS\system32\mswinsck.ocx
[RESULTAT] Contient le modèle de détection du programme backdoor (dangereux) BDS/VB.fnl
C:\WINDOWS\system32\drivers\sptd.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
Recherche débutant dans 'F:\' <HDD>
F:\Logiciels\script-live-notifier.msn-maniac.over-blog.com.plsc
[0] Type d'archive: ZIP
--> BotDKLive.dll
[RESULTAT] Contient le modèle de détection du programme backdoor (dangereux) BDS/Gendal.629760

Début de la désinfection :
C:\Program Files\Messenger Plus! Live\Scripts\Live Notifier\BotDKLive.dll
[RESULTAT] Contient le modèle de détection du programme backdoor (dangereux) BDS/Gendal.629760
[AVERTISSEMENT] Fichier ignoré.
C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
[RESULTAT] Contient le cheval de Troie TR/Spy.28160.B
[AVERTISSEMENT] Fichier ignoré.
C:\WINDOWS\system32\mswinsck.ocx
[RESULTAT] Contient le modèle de détection du programme backdoor (dangereux) BDS/VB.fnl
[AVERTISSEMENT] Fichier ignoré.
F:\Logiciels\script-live-notifier.msn-maniac.over-blog.com.plsc
[AVERTISSEMENT] Fichier ignoré.


Fin de la recherche : vendredi 6 août 2010 21:29
Temps nécessaire: 1:17:41 Heure(s)

La recherche a été effectuée intégralement

10359 Les répertoires ont été contrôlés
315807 Des fichiers ont été contrôlés
4 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
0 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
2 Impossible de contrôler des fichiers
315801 Fichiers non infectés
4312 Les archives ont été contrôlées
15 Avertissements
1 Consignes
50184 Des objets ont été contrôlés lors du Rootkitscan
3 Des objets cachés ont été trouvés
Dgray
 
Messages: 18
Inscription: 20 Fév 2008, 17:35

Messagede Dgray » 06 Aoû 2010, 21:57

Rapport Mbam :

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4399

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

06/08/2010 22:02:15
mbam-log-2010-08-06 (22-02-15).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 133134
Temps écoulé: 4 minute(s), 30 seconde(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 6

Processus mémoire infecté(s):
C:\WINDOWS\system32\WinDir\svchost.exe (Backdoor.SpyNet) -> No action taken.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3u54d0hk-76gn-ub16-7117-xr2m8877k84j} (Generic.Bot.H) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Backdoor.SpyNet) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.SpyNet) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hklm (Backdoor.SpyNet) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.SpyNet) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\WinDir\svchost.exe (Generic.Bot.H) -> No action taken.
C:\Documents and Settings\Propriétaire\Application Data\logs.dat (Bifrose.Trace) -> No action taken.
C:\Documents and Settings\Propriétaire\Local Settings\Temp\MSN.abc (Malware.Trace) -> No action taken.
C:\Documents and Settings\Propriétaire\Local Settings\Temp\UuU.uUu (Malware.Trace) -> No action taken.
C:\Documents and Settings\Propriétaire\Local Settings\Temp\XxX.xXx (Malware.Trace) -> No action taken.
C:\Documents and Settings\Propriétaire\Local Settings\Temp\xxxyyyzzz.dat (Malware.Trace) -> No action taken.
Dgray
 
Messages: 18
Inscription: 20 Fév 2008, 17:35

Messagede Dgray » 07 Aoû 2010, 01:44

Rapport OTL :

OTL logfile created on: 07/08/2010 02:30:04 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Propriétaire\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 3069 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 26,68 Gb Free Space | 17,90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 232,88 Gb Total Space | 4,89 Gb Free Space | 2,10% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CAS-LIBRE
Current User Name: Propriétaire
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/06 23:03:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Propriétaire\Bureau\OTL.exe
PRC - [2010/07/24 03:06:15 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
PRC - [2009/11/12 10:30:32 | 000,486,216 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2009/11/12 10:28:40 | 001,021,256 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009/07/21 14:33:58 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 16:47:40 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:11 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/28 04:10:55 | 001,115,728 | ---- | M] (COMODO) -- C:\Program Files\Comodo\Firewall\cpf.exe
PRC - [2008/03/28 04:10:55 | 000,361,040 | ---- | M] (COMODO) -- C:\Program Files\Comodo\Firewall\cmdagent.exe
PRC - [2005/06/29 14:28:08 | 032,507,123 | ---- | M] (SFX Cabinet Self-Extractor) -- C:\WINDOWS\system32\WinDir\svchost.exe
PRC - [2005/06/29 14:28:08 | 032,507,123 | ---- | M] (SFX Cabinet Self-Extractor) -- C:\WINDOWS\system32\WinDir\svchost.exe
PRC - [2005/06/29 14:28:08 | 032,507,123 | ---- | M] (SFX Cabinet Self-Extractor) -- C:\WINDOWS\system32\WinDir\svchost.exe
PRC - [2005/06/29 14:28:08 | 032,507,123 | ---- | M] (SFX Cabinet Self-Extractor) -- C:\WINDOWS\system32\WinDir\svchost.exe
PRC - [2005/06/29 14:28:08 | 032,507,123 | ---- | M] (SFX Cabinet Self-Extractor) -- C:\WINDOWS\system32\WinDir\svchost.exe


========== Modules (SafeList) ==========

MOD - [2010/08/06 23:03:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Propriétaire\Bureau\OTL.exe
MOD - [2008/04/14 04:33:29 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mlang.dll
MOD - [2008/04/14 04:32:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/07/21 22:13:37 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/11/12 10:28:40 | 001,021,256 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009/11/12 10:25:24 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/07/26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/07/21 14:33:58 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/16 17:01:55 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2009/05/13 16:47:40 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/03/28 04:10:55 | 000,361,040 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\Firewall\cmdagent.exe -- (CmdAgent)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/06/27 20:04:00 | 000,279,848 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\Sandra.sys -- (SANDRA)
DRV - [2010/08/05 14:55:36 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/08/01 21:59:03 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010/07/07 04:27:52 | 005,069,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/05/17 14:04:06 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010/05/03 14:49:18 | 000,225,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/11/25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/10/14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/10/11 05:41:35 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/10/11 05:41:34 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/08/22 20:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\RivaTuner v2.24\RivaTuner32.sys -- (RivaTuner32)
DRV - [2009/05/11 10:11:52 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:32:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/04/13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/28 04:10:56 | 000,075,520 | ---- | M] (Comodo Research Lab., Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdmon.sys -- (CmdMon)
DRV - [2008/03/28 04:10:56 | 000,051,328 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2008/03/11 19:54:14 | 004,687,872 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/02/27 20:30:00 | 003,688,640 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtHDMI.sys -- (RTHDMIAzAudService)
DRV - [2007/06/13 17:47:12 | 000,048,256 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2007/02/08 15:44:22 | 000,084,752 | ---- | M] (Rocket Division Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NetBurn.sys -- (NetBurn)
DRV - [2007/02/08 15:44:16 | 000,131,456 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2007/02/08 15:44:16 | 000,036,592 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2007/02/08 15:44:16 | 000,032,352 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2006/11/23 23:47:50 | 000,040,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ET5Drv.sys -- (ET5Drv)
DRV - [2006/11/10 15:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
DRV - [2006/10/23 12:42:30 | 000,031,899 | ---- | M] (Compuware Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hid8101.sys -- (hid8101)
DRV - [2005/04/24 22:43:58 | 000,013,225 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Razerlow.sys -- (Razerlow)
DRV - [2004/08/05 14:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-343818398-2052111302-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-343818398-2052111302-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-343818398-2052111302-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-343818398-2052111302-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: newtaburl@sogame.cat:2.2.0
FF - prefs.js..extensions.enabledItems: anycolor.pavlos256@gmail.com:0.3.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.3.1
FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=fr&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/03 05:46:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/03 05:46:39 | 000,000,000 | ---D | M]

[2010/06/12 23:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Extensions
[2010/08/06 13:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\0k0sbdj5.default\extensions
[2010/06/14 00:12:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\0k0sbdj5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/01 21:02:02 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\0k0sbdj5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/07/26 15:52:11 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\0k0sbdj5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/08/05 07:41:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\0k0sbdj5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/13 18:11:09 | 000,000,000 | ---D | M] (Black Steel) -- C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\0k0sbdj5.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
[2010/06/15 01:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\0k0sbdj5.default\extensions\anycolor.pavlos256@gmail.com
[2010/06/13 22:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\0k0sbdj5.default\extensions\newtaburl@sogame.cat
[2010/06/12 23:41:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/06/29 06:01:22 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/07/24 03:06:21 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/07/24 03:06:21 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/07/24 03:06:21 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/07/24 03:06:21 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/07/24 03:06:21 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/07/28 01:31:09 | 000,416,068 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 14365 more lines...
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [COMODO Firewall Pro] C:\Program Files\Comodo\Firewall\CPF.exe (COMODO)
O4 - HKLM..\Run: [HKLM] C:\WINDOWS\system32\WinDir\svchost.exe (SFX Cabinet Self-Extractor)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-343818398-2052111302-682003330-1003..\Run: [HKCU] C:\WINDOWS\system32\WinDir\svchost.exe (SFX Cabinet Self-Extractor)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\WinDir\svchost.exe (SFX Cabinet Self-Extractor)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-2052111302-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-2052111302-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\WinDir\svchost.exe (SFX Cabinet Self-Extractor)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-343818398-2052111302-682003330-1003\..Trusted Domains: chat-land.org ([]* in Trusted sites)
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} http://www.visiogood.com/jalss/cfweb_ac ... module.exe (CamfrogWEB Advanced Unicode Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 6651829875 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/27 21:17:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b3c3a167-fc71-11dc-85da-001a4d5794dd}\Shell\AutoRun\command - "" = J:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\{ffe3a048-bb36-11dd-8651-001a4d5794dd}\Shell\AutoRun\command - "" = wd_windows_tools\WDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/08/07 02:08:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Propriétaire\Recent
[2010/08/06 23:10:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/06 23:08:38 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/06 23:02:59 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Propriétaire\Bureau\OTL.exe
[2010/08/06 21:54:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
[2010/08/06 21:53:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/06 21:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/06 21:53:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/06 21:53:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/06 21:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag
[2010/08/05 14:55:28 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/08/04 13:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\RivaTuner v2.24
[2010/08/04 12:03:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Propriétaire\Application Data\atitray
[2010/08/04 02:54:24 | 000,000,000 | ---D | C] -- C:\Program Files\OCCT
[2010/08/03 06:21:08 | 000,000,000 | ---D | C] -- C:\Program Files\Media Player Classic
[2010/08/03 06:13:00 | 001,294,336 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) -- C:\WINDOWS\System32\vorbis.acm
[2010/08/03 06:13:00 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2010/08/03 06:13:00 | 000,630,784 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp7vfw.dll
[2010/08/03 06:13:00 | 000,438,272 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll
[2010/08/03 06:13:00 | 000,413,760 | ---- | C] (Hacked with Joy !) -- C:\WINDOWS\System32\DivXc32f.dll
[2010/08/03 06:13:00 | 000,413,760 | ---- | C] (Hacked with Joy !) -- C:\WINDOWS\System32\DivXc32.dll
[2010/08/03 06:13:00 | 000,391,680 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\I263_32.drv
[2010/08/03 06:13:00 | 000,287,744 | ---- | C] (Kristal StudioDFileDescription) -- C:\WINDOWS\System32\divxa32.acm
[2010/08/03 06:13:00 | 000,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\mp3fhg.acm
[2010/08/03 06:13:00 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010/08/03 06:13:00 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2010/08/03 06:13:00 | 000,039,936 | ---- | C] (Disappearing Inc.) -- C:\WINDOWS\System32\huffyuv.dll
[2010/08/02 23:57:37 | 000,027,136 | ---- | C] (CPUID) -- C:\WINDOWS\System32\PCWizard.cpl
[2010/08/02 23:57:36 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2010/08/02 03:08:01 | 000,100,896 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\RTNUninst32.dll
[2010/08/02 02:55:25 | 000,101,904 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\drivers\AtiHdmi.sys
[2010/08/01 20:56:01 | 000,040,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ET5Drv.sys
[2010/08/01 20:51:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/08/01 02:24:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\DAEMON Tools Images
[2010/07/31 20:00:20 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll
[2010/07/31 20:00:20 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll
[2010/07/31 20:00:20 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll
[2010/07/31 20:00:19 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2010/07/31 20:00:19 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2010/07/31 20:00:18 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2010/07/31 20:00:18 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2010/07/31 20:00:18 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2010/07/31 20:00:17 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
[2010/07/31 20:00:17 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
[2010/07/31 20:00:17 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
[2010/07/31 20:00:16 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2010/07/31 20:00:16 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
[2010/07/31 20:00:15 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2010/07/31 20:00:14 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2010/07/31 20:00:14 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2010/07/31 20:00:13 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2010/07/31 20:00:13 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2010/07/31 20:00:13 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2010/07/30 13:45:19 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/07/30 13:45:19 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/07/30 13:45:19 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/07/30 13:45:19 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/07/30 13:45:17 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/07/30 13:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/07/30 13:45:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/07/30 07:40:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2010/07/30 07:36:25 | 015,499,264 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atioglxx.dll
[2010/07/30 07:36:25 | 005,069,312 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2010/07/30 07:36:25 | 005,069,312 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtag.sys
[2010/07/30 07:36:25 | 003,869,952 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3duag.dll
[2010/07/30 07:36:25 | 003,869,952 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2010/07/30 07:36:25 | 002,273,920 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\dllcache\ativvaxx.dll
[2010/07/30 07:36:25 | 002,273,920 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2010/07/30 07:36:25 | 000,704,512 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2cqag.dll
[2010/07/30 07:36:25 | 000,704,512 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2010/07/30 07:36:25 | 000,573,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atikvmag.dll
[2010/07/30 07:36:25 | 000,446,464 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\ATIDEMGX.dll
[2010/07/30 07:36:25 | 000,311,296 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atiiiexx.dll
[2010/07/30 07:36:25 | 000,299,520 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvag.dll
[2010/07/30 07:36:25 | 000,299,520 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2010/07/30 07:36:25 | 000,208,896 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2010/07/30 07:36:25 | 000,155,648 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2010/07/30 07:36:25 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2erec.dll
[2010/07/30 07:36:25 | 000,053,248 | ---- | C] ( ATI Technologies Inc.) -- C:\WINDOWS\System32\ATIDDC.DLL
[2010/07/30 07:36:25 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2010/07/30 07:36:25 | 000,026,112 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2010/07/30 07:36:25 | 000,024,064 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ativcoxx.dll
[2010/07/30 07:36:25 | 000,017,408 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atitvo32.dll
[2010/07/30 07:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/07/30 07:35:17 | 000,000,000 | ---D | C] -- C:\ATI
[2010/07/28 00:16:59 | 004,337,664 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticaldd.dll
[2010/07/28 00:16:59 | 000,393,216 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiok3x2.dll
[2010/07/28 00:16:59 | 000,184,320 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiadlxx.dll
[2010/07/28 00:16:59 | 000,159,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2evxx.dll
[2010/07/28 00:16:59 | 000,143,360 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiapfxx.exe
[2010/07/28 00:16:59 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atibtmon.exe
[2010/07/28 00:16:59 | 000,065,024 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\atimpc32.dll
[2010/07/28 00:16:59 | 000,065,024 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\amdpcom32.dll
[2010/07/28 00:16:59 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalrt.dll
[2010/07/28 00:16:59 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalcl.dll
[2010/07/25 04:44:40 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2010/07/25 04:44:22 | 000,066,544 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2010/07/25 04:44:22 | 000,066,032 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2010/07/25 04:44:22 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2010/07/25 04:44:22 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2010/07/25 04:44:20 | 001,858,032 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2010/07/25 04:44:20 | 000,670,192 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2010/07/25 04:44:20 | 000,551,408 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2010/07/25 04:44:20 | 000,436,720 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2010/07/25 04:44:20 | 000,219,632 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2010/07/25 04:44:20 | 000,129,520 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2010/07/25 04:44:20 | 000,096,752 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2010/07/25 04:35:27 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2010/07/25 04:35:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Propriétaire\Application Data\Winamp
[2010/07/22 00:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2010/07/21 22:13:42 | 000,029,512 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2010/07/21 22:13:39 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2010/07/21 22:13:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Propriétaire\Application Data\TuneUp Software
[2010/07/21 22:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2010
[2010/07/21 22:12:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/07/21 22:12:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/07/14 01:08:46 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[14 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/07 02:27:44 | 000,037,620 | -H-- | M] () -- C:\Documents and Settings\Propriétaire\Application Data\logs.dat
[2010/08/07 02:08:37 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/07 02:08:26 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/07 02:01:13 | 000,000,530 | ---- | M] () -- C:\WINDOWS\tasks\Recherche de problèmes automatique.job
[2010/08/06 23:03:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Propriétaire\Bureau\OTL.exe
[2010/08/06 21:56:51 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/08/06 21:51:22 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Internet Explorer\Quick Launch\ZHPDiag.lnk
[2010/08/06 21:40:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/06 21:39:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/06 21:38:39 | 020,447,232 | ---- | M] () -- C:\Documents and Settings\Propriétaire\ntuser.dat
[2010/08/06 21:38:39 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Propriétaire\ntuser.ini
[2010/08/06 13:55:33 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/05 14:58:30 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Internet Explorer\Quick Launch\DAEMON Tools Lite.lnk
[2010/08/05 14:55:36 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/08/04 14:09:25 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Internet Explorer\Quick Launch\RivaTuner.lnk
[2010/08/04 05:18:14 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Internet Explorer\Quick Launch\OCCT.lnk
[2010/08/03 23:02:16 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Internet Explorer\Quick Launch\procexp.lnk
[2010/08/03 06:24:52 | 000,000,324 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/02 23:57:38 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Bureau\PC Wizard 2010.lnk
[2010/08/02 22:21:10 | 000,000,064 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sandra.ldb
[2010/08/01 21:59:03 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2010/08/01 20:56:09 | 000,000,047 | ---- | M] () -- C:\WINDOWS\hwm.ini
[2010/07/31 19:54:07 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2010/07/30 13:45:31 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk
[2010/07/30 13:38:21 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/30 13:34:14 | 002,160,486 | -H-- | M] () -- C:\Documents and Settings\Propriétaire\Local Settings\Application Data\IconCache.db
[2010/07/30 11:58:08 | 001,093,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/28 01:31:09 | 000,416,068 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/27 23:55:09 | 000,000,678 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/07/27 08:30:01 | 008,518,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/25 04:53:25 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2010/07/16 08:21:05 | 000,000,102 | ---- | M] () -- C:\Documents and Settings\Propriétaire\default.pls
[2010/07/14 10:00:00 | 000,108,032 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/07/14 10:00:00 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini
[2010/07/13 14:25:07 | 000,413,266 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100728-013109.backup
[14 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/06 21:56:51 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/08/06 21:51:22 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Internet Explorer\Quick Launch\ZHPDiag.lnk
[2010/08/05 14:58:30 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Internet Explorer\Quick Launch\DAEMON Tools Lite.lnk
[2010/08/05 14:55:35 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/08/04 14:09:25 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Internet Explorer\Quick Launch\RivaTuner.lnk
[2010/08/04 05:18:14 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Internet Explorer\Quick Launch\OCCT.lnk
[2010/08/03 23:02:16 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Internet Explorer\Quick Launch\procexp.lnk
[2010/08/03 06:13:01 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/08/03 06:13:00 | 003,200,512 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2010/08/03 06:13:00 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/08/03 06:13:00 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/08/03 06:13:00 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2010/08/03 06:12:59 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/08/03 06:12:59 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/08/02 23:57:38 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\Propriétaire\Bureau\PC Wizard 2010.lnk
[2010/08/02 22:21:09 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.ldb
[2010/08/02 03:08:01 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/08/01 20:56:09 | 000,000,047 | ---- | C] () -- C:\WINDOWS\hwm.ini
[2010/07/30 13:45:31 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk
[2010/07/30 07:36:25 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/07/30 07:36:25 | 000,205,156 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/07/30 07:36:25 | 000,063,416 | ---- | C] () -- C:\WINDOWS\System32\atiapfxx.blb
[2010/07/30 07:36:25 | 000,021,682 | ---- | C] () -- C:\WINDOWS\atiogl.xml
[2010/07/30 07:36:25 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/07/28 00:16:59 | 000,486,064 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/07/28 00:16:59 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/07/28 00:16:59 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/07/25 04:53:25 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2010/07/21 22:13:49 | 000,000,530 | ---- | C] () -- C:\WINDOWS\tasks\Recherche de problèmes automatique.job
[2010/06/02 02:20:03 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/05/11 22:10:13 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/01/10 06:07:01 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/12/24 07:34:07 | 000,000,056 | ---- | C] () -- C:\WINDOWS\kgt2k.INI
[2009/10/11 05:41:35 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/10/11 05:41:34 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/04/22 00:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/03/01 07:40:47 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/11/04 10:21:58 | 000,000,014 | ---- | C] () -- C:\WINDOWS\dswplug.ini
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/07/26 14:39:13 | 000,011,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\UimFIO.sys
[2008/07/26 14:39:11 | 004,245,008 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll
[2008/07/26 14:39:11 | 000,247,824 | ---- | C] () -- C:\WINDOWS\System32\prgiso.dll
[2008/07/26 14:18:35 | 000,013,840 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2008/05/17 00:06:48 | 000,000,678 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/05/10 21:58:29 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/04/22 20:10:28 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/04/05 16:59:34 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/03/29 05:46:32 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/03/27 21:18:00 | 000,000,829 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2008/03/11 10:20:26 | 000,004,927 | ---- | C] () -- C:\WINDOWS\System32\ASPRTMM8.DLL
[2008/02/21 04:05:44 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/02/21 04:04:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2006/11/10 15:08:50 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2004/07/20 14:30:25 | 000,000,446 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/03/17 02:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000019.DLL
[1996/04/03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2008/07/07 07:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2010/06/25 14:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/03/29 02:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/11/09 20:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2010/01/10 06:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2008/03/28 03:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/10/28 15:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KONAMI
[2009/05/20 12:31:02 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Memeo
[2010/05/11 00:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010/06/23 21:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/21 22:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008/12/04 17:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/07/21 22:12:48 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/07/22 00:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2010/08/07 02:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Azureus
[2009/05/09 11:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Braid
[2010/02/16 07:46:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Broad Intelligence
[2009/04/10 00:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\CamfrogWEB
[2009/10/10 22:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\DAEMON Tools
[2009/10/10 22:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\DAEMON Tools Lite
[2009/03/03 15:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\INTERHEART
[2009/02/06 13:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Opera
[2009/04/08 22:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\The Creative Assembly
[2010/07/21 22:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\TuneUp Software
[2008/11/04 10:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Ulead Systems
[2010/08/07 02:01:13 | 000,000,530 | ---- | M] () -- C:\WINDOWS\Tasks\Recherche de problèmes automatique.job

========== Purity Check ==========



========== Custom Scans ==========


<SYSTEMDRIVE>


<MD5>
[2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/21 00:06:24 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/21 00:06:24 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

<MD5>
[2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/21 00:06:24 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/21 00:06:24 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

<MD5>
[2004/08/05 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

<MD5>
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/05 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

<MD5>
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
[2004/08/05 14:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

<systemroot>

<systemroot>

<systemroot>
<End>
Dgray
 
Messages: 18
Inscription: 20 Fév 2008, 17:35

Messagede Dgray » 07 Aoû 2010, 01:46

Rapport Extra :

OTL Extras logfile created on: 07/08/2010 02:30:04 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Propriétaire\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 3069 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 26,68 Gb Free Space | 17,90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 232,88 Gb Total Space | 4,89 Gb Free Space | 2,10% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CAS-LIBRE
Current User Name: Propriétaire
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-343818398-2052111302-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"48113:TCP" = 48113:TCP:LocalSubNet:Enabled:maconfig_tcp
"48113:UDP" = 48113:UDP:LocalSubNet:Enabled:maconfig_udp

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.)
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe" = C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- ()
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Cyanide\Blood Bowl\BB.exe" = C:\Program Files\Cyanide\Blood Bowl\BB.exe:*:Enabled:Blood Bowl -- (Cyanide)
"C:\Program Files\Cyanide\Blood Bowl\Autorun\Exe\Autorun.exe" = C:\Program Files\Cyanide\Blood Bowl\Autorun\Exe\Autorun.exe:*:Enabled:Blood Bowl - AutoRun -- ()
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation)
"C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe" = C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010 -- (Konami Digital Entertainment Co., Ltd.)
"C:\Program Files\Dragon Age\bin_ship\daorigins.exe" = C:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game -- (BioWare)
"C:\Program Files\Dragon Age\DAOriginsLauncher.exe" = C:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher -- (BioWare)
"C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe" = C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater -- (BioWare)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{035E858B-2E6E-7AC7-16A9-41506F698D1E}" = Catalyst Control Center Graphics Full New
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{083511A6-7733-48E0-B2DB-07D311EDF40F}" = Paragon Drive Backup 8.5 Enterprise Server Edition
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
"{0F33250B-7C59-5A14-6ED5-FCC251A962D0}" = Skins
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1116FD69-3C49-BE9A-C206-E8BA26CCA10F}" = CCC Help English
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14378007-ACD5-2482-33A1-F79289A452E7}" = Catalyst Control Center Graphics Full Existing
"{147AAF68-A89A-8E2E-97EE-A1F1430F9F68}" = Catalyst Control Center Graphics Previews Common
"{16FE2579-06B2-3E32-58F2-4B70B69A3070}" = ccc-core-preinstall
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BBDD6C0-ED6F-43C3-8A9C-84E3249A5615}" = TWIN PS TO PC CONVERTER
"{1E1CB0CC-50E9-2618-5D7C-03BE0A27E118}" = Catalyst Control Center Core Implementation
"{1EB21F28-E3AF-A317-4658-6C0C455C2F61}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
"{2085F05D-24C5-4E27-B7B4-A51DE890FFC9}" = Opera 10.00
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-040C-1E257A25E34D}" = Adobe Photoshop CS2
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{2F06D374-97CE-D8FB-9383-73150A2382DF}" = CCC Help English
"{2F93BFDD-EECE-924B-54ED-B0896F03D758}" = Catalyst Control Center Graphics Previews Common
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{46D9C523-FABB-FFF1-321D-F493A68E2C3E}" = Catalyst Control Center Graphics Previews Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CA9EA31-65E6-00E2-3DBB-19AF01D51C8D}" = Catalyst Control Center Graphics Light
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{4FA944D6-623E-EBBD-47D7-CE02A28C0796}" = Catalyst Control Center Graphics Light
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{57D32909-FCA8-A78B-2AD2-2A50F5E11858}" = ccc-core-static
"{57EA735B-4F1D-9FC5-6A36-B0C0F1D704FE}" = Catalyst Control Center Graphics Light
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5EF19AD3-1873-9072-D526-E8F4E6A9EE59}" = Catalyst Control Center Graphics Full New
"{68C83D63-C661-C444-7E60-E0328D842ECB}" = ccc-core-preinstall
"{6901DD22-527A-41EF-9059-E81FEDE9E494}" = Windows Presentation Foundation Language Pack (FRA)
"{6CA5F5DC-33C3-D56F-F399-BD5792397089}" = CCC Help English
"{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
"{72D07FDD-94B7-A4EE-8C28-888C55D33831}" = ccc-core-static
"{7516254D-7F98-49DD-8209-5D2208BD1036}" = Nero 7 Premium
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{77654E99-F083-ED32-B326-118741828039}" = Catalyst Control Center Graphics Full Existing
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7B0A8F0E-3672-4DA5-9540-A8D0171C38D8}" = TuneUp Utilities Language Pack (fr-FR)
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7FFC95A3-A514-E94D-72A1-B0FF80656519}" = CCC Help English
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{87CA98F3-0A13-77FE-A9F0-2AB1F28D741A}" = ccc-core-preinstall
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8C8BC74F-E17F-4D59-D098-2F90BB9AE9E0}" = Skins
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96DA8A90-1BD6-F86A-D51B-B46882A80980}" = ccc-utility
"{97FA9DC8-B4AF-84EE-DA97-B13FE28381BA}" = ccc-utility
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B5337F7-0444-5607-A397-909EFEFA7CFF}" = Catalyst Control Center Core Implementation
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A51892-D4A5-616B-4489-44B790179455}" = ccc-utility
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB20D3BC-6C7C-A9CA-D679-914240CDA0D3}" = ccc-core-static
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D1DD73EB-36DE-D4E8-421A-88D0C8FD998F}" = ccc-core-static
"{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D4DA3592-87EA-457F-A254-6C0F1F1D6F1A}" = ILLUSION 箱-はこ-
"{DA85F579-3C60-A492-6B3F-9F4C85529C9E}" = ATI Catalyst Install Manager
"{DE31F8AA-B12D-3A38-E561-C657EED45465}" = Catalyst Control Center Graphics Full Existing
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}" = Microsoft .NET Framework 3.0 French Language Pack
"{E6EB53D4-5AD0-07F0-2DAC-0A2D624DF39D}" = ccc-utility
"{E74CC47C-28D3-25E1-14D2-68EBC87C31BA}" = Skins
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F251B61F-9D18-13C4-02EE-71A36343D442}" = Catalyst Control Center Graphics Full New
"{F73920B1-FD39-6893-4E9B-748311B666AF}" = Catalyst Control Center Graphics Previews Common
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-040C-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AutoGK" = Auto Gordian Knot 2.40
"AVI MPEG ASF WMV Splitter_is1" = AVI/MPEG/ASF/WMV Splitter 3.25
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Azureus Vuze" = Azureus Vuze
"BloodBowl_is1" = Blood Bowl 1.0.1.5
"Capturino 1.4" = Capturino 1.4
"CCleaner" = CCleaner
"CFWebAdvancedU" = CamfrogWEB Advanced ActiveX Plugin (remove only)
"Clean Virus MSN_is1" = Clean Virus MSN
"COMODO Firewall Pro" = COMODO Firewall Pro
"DivX Setup.divx.com" = Configuration DivX
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Empty Temp Folders 2.8.3" = Empty Temp Folders 2.8.3
"ERUNT_is1" = ERUNT 1.1j
"FileHippo.com" = FileHippo.com Update Checker
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Player Classic" = Media Player Classic fr
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OCCT_is1" = OCCT Perestroika 3.1.0
"PC Wizard 2010_is1" = PC Wizard 2010.1.94
"PROPLUS" = Microsoft Office Professional Plus 2007
"PunkBusterSvc" = PunkBuster Services
"QuicktimeAlt_is1" = QuickTime Alternative 3.1.1
"RealAlt_is1" = Real Alternative 1.7.5
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"SuperCopier2" = SuperCopier2
"TuneUp Utilities" = TuneUp Utilities
"Unlocker" = Unlocker 1.8.9
"VLC media player" = VideoLAN VLC media player 0.8.6e
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Installation Windows Live
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"ZHPDiag_is1" = ZHPDiag 1.26

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-343818398-2052111302-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TimeAdjuster" = Time Adjuster STANDARD 3.1
"Winamp Detect" = Détection de l'application Winamp

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/07/2010 01:15:42 | Computer Name = CAS-LIBRE | Source = Application Hang | ID = 1002
Description = Application bloquée mpc-hc.exe, version 1.3.1458.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 28/07/2010 01:15:42 | Computer Name = CAS-LIBRE | Source = Application Hang | ID = 1002
Description = Application bloquée mpc-hc.exe, version 1.3.1458.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 30/07/2010 06:37:27 | Computer Name = CAS-LIBRE | Source = Application Hang | ID = 1002
Description = Application bloquée bit.exe, version 6.0.1016.3, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 30/07/2010 07:16:51 | Computer Name = CAS-LIBRE | Source = Application Error | ID = 1000
Description = Application défaillante azureus.exe, version 3.0.0.0, module défaillant
java.dll, version 6.0.200.2, adresse de défaillance 0x00004e46.

Error - 30/07/2010 11:49:43 | Computer Name = CAS-LIBRE | Source = Application Hang | ID = 1002
Description = Application bloquée mpc-hc.exe, version 1.3.1458.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 02/08/2010 15:46:16 | Computer Name = CAS-LIBRE | Source = Application Hang | ID = 1002
Description = Application bloquée winamp.exe, version 5.5.8.2975, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 02/08/2010 17:35:38 | Computer Name = CAS-LIBRE | Source = Application Hang | ID = 1002
Description = Application bloquée sandra.exe, version 16.52.2010.7, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 02/08/2010 23:17:06 | Computer Name = CAS-LIBRE | Source = Application Hang | ID = 1002
Description = Application bloquée mpc-hc.exe, version 1.3.1458.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 04/08/2010 05:38:57 | Computer Name = CAS-LIBRE | Source = Application Hang | ID = 1002
Description = Application bloquée ATITool.exe, version 0.26.0.0, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 06/08/2010 14:31:40 | Computer Name = CAS-LIBRE | Source = Application Error | ID = 1000
Description = Application défaillante svchost.exe, version 3.0.12.38, module défaillant
unknown, version 0.0.0.0, adresse de défaillance 0x24017c1e.

[ System Events ]
Error - 04/08/2010 10:05:56 | Computer Name = CAS-LIBRE | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%2

Error - 04/08/2010 10:05:56 | Computer Name = CAS-LIBRE | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%2

Error - 04/08/2010 10:05:57 | Computer Name = CAS-LIBRE | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%2

Error - 04/08/2010 10:05:57 | Computer Name = CAS-LIBRE | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%2

Error - 04/08/2010 10:05:57 | Computer Name = CAS-LIBRE | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%2

Error - 04/08/2010 10:05:57 | Computer Name = CAS-LIBRE | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%2

Error - 04/08/2010 10:05:57 | Computer Name = CAS-LIBRE | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%2

Error - 04/08/2010 10:05:57 | Computer Name = CAS-LIBRE | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%2

Error - 04/08/2010 10:05:57 | Computer Name = CAS-LIBRE | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%2

Error - 05/08/2010 08:33:47 | Computer Name = CAS-LIBRE | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : sptd


<End>
Dgray
 
Messages: 18
Inscription: 20 Fév 2008, 17:35

Messagede Dgray » 09 Aoû 2010, 00:17

Bonjour,

Vous pouvez clore le sujet dès que possible, problème résolu.

Merci.
Dgray
 
Messages: 18
Inscription: 20 Fév 2008, 17:35


Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 45 invités