[Ok]PCpeut etre infecté demande d'étude de rapport d'analyse

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

[Ok]PCpeut etre infecté demande d'étude de rapport d'analyse

Messagede mae » 05 Oct 2010, 15:47

Bonjour,

Voici les "symptômes" que j'ai en ce moment :

-tous les programmes de démarrage ne démarrent pas forcément (parfois je n'ai pas le logiciel ATI, parfois les logo Fsecure n'apparaissent pas...)
-erreur à chaque démarrage windows : "Generic Host Process for Win32 Services a rencontré un probleme et doit fermer..."
-quand je veux afficher la fenêtre de configuration du pare-feu Window, j'obtiens ce message : "les parametres du Pare-feu Windows ne peuvent pas êtres affichés car le service associé n'est pas en cours d'execution. Voulez vous demarrer le service pare-feu Windows/ Partage de connexion Internet ?" => oui =>"Windows ne peut pas démarrer le service Pare-feu Windows/ partage de connexion internet". Impossible de le démarrer à partir de l'outils services de l'outils administration.
-problème de son (pas le son système mais son des videos, ou musiques) (mais qui se résout en redémarrant le service SoundMAX agent services dans l'outils services de l'outils administration)
-liens google détournés : certains liens (ex: pages jaunes ou autres) lorsque cliqués directement me renvoi sur des pages de publicités.
-impossible d'ouvrir spybot S&D pour effectuer un scan (même si l'icone spybot resident est présent dans la barre d'outils)
-impossible d'ouvrir malwarebytes (meme si aucun probleme pendant l'installation)
-impossible parfois d'accéder au contenu des clefs USB
-parfois en ouvrant firefox, un script ne marche pas et je dois l'arreter pour pouvoir lancer firefox.
-mais aucun virus n'est détecté par Fsecure.

j'espère que vous pouvez m'aider....
merci d'avance
mae
 
Messages: 22
Inscription: 05 Oct 2010, 15:24

Messagede mae » 05 Oct 2010, 15:54

voici le log OTL.txt

OTL logfile created on: 05/10/2010 14:54:49 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Maeva Pop\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

511,00 Mb Total Physical Memory | 154,00 Mb Available Physical Memory | 30,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 57,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51,38 Gb Total Space | 6,17 Gb Free Space | 12,00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAEVA
Current User Name: Maeva Pop
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/05 12:00:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maeva Pop\Bureau\OTL.exe
PRC - [2010/07/27 17:05:00 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010/07/04 10:45:03 | 000,346,624 | ---- | M] () -- C:\Program Files\Philips\Philips Songbird\extensions\philips-autoplay@philips.com\application\PhilipsSongbirdLauncher.exe
PRC - [2010/06/03 19:18:14 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2010/05/14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
PRC - [2010/04/26 13:46:32 | 000,144,824 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2010/04/22 18:02:56 | 000,181,608 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2010/04/22 18:02:54 | 000,431,464 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2010/04/22 18:02:50 | 000,243,048 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2010/04/22 18:02:48 | 000,103,784 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2010/04/22 17:13:00 | 000,176,128 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2010/04/07 14:37:22 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010/04/01 14:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2009/12/11 12:19:02 | 000,337,256 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2009/12/01 02:39:00 | 000,256,576 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2009/11/24 13:51:18 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009/11/18 14:04:18 | 000,038,248 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2009/10/30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/06/12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2009/02/27 07:54:22 | 000,870,672 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/02/27 06:55:20 | 000,909,312 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/02/27 06:38:38 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/08/29 14:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/04 10:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008/03/04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
PRC - [2008/02/12 22:02:38 | 000,016,384 | ---- | M] () -- C:\Program Files\F-Secure\BackWeb\7681197\Program\ServiceWrapper-7681197.exe
PRC - [2008/02/12 22:02:38 | 000,016,384 | ---- | M] () -- C:\Program Files\F-Secure\BackWeb\7681197\Program\backWeb-7681197.exe
PRC - [2007/12/29 13:20:00 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
PRC - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2006/09/11 05:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
PRC - [2006/06/29 22:57:50 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2005/10/06 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\DLACTRLW.EXE
PRC - [2004/10/14 09:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2004/08/06 03:23:10 | 000,308,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
PRC - [2003/10/31 16:47:34 | 000,122,880 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
PRC - [2003/10/14 09:33:16 | 000,225,332 | ---- | M] (F-Secure Corp.) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32.exe
PRC - [2003/10/10 10:52:22 | 000,163,892 | ---- | M] (F-Secure Corp.) -- C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
PRC - [2002/12/05 17:24:34 | 000,180,300 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Common\FSMB32.exe
PRC - [2002/12/05 17:24:32 | 000,110,668 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Common\FNRB32.exe
PRC - [2002/12/05 17:24:32 | 000,106,571 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Common\FSM32.exe
PRC - [2002/12/05 17:24:32 | 000,061,516 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Common\FSMA32.exe
PRC - [2002/12/05 17:24:32 | 000,057,419 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Common\FIH32.exe
PRC - [2002/12/05 17:24:30 | 000,266,317 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Common\FAMEH32.exe
PRC - [2002/12/05 17:24:30 | 000,065,611 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Common\fch32.exe
PRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2001/09/04 10:15:22 | 000,045,056 | ---- | M] (F-Secure Corp.) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe


========== Modules (SafeList) ==========

MOD - [2010/10/05 12:00:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maeva Pop\Bureau\OTL.exe
MOD - [2008/04/14 04:32:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/02/12 22:02:38 | 000,024,576 | ---- | M] (BackWeb) -- C:\WINDOWS\Temp\IadHide4.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/26 18:31:20 | 001,355,928 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/04/22 18:02:50 | 000,243,048 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2010/04/22 18:02:48 | 000,103,784 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010/04/07 14:37:22 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010/04/07 12:02:16 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009/11/18 14:04:18 | 000,038,248 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2009/10/09 12:12:30 | 000,039,976 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2009/06/12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/02/27 07:54:22 | 000,870,672 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009/02/27 06:55:20 | 000,909,312 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2009/02/27 06:38:38 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2008/08/29 14:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008/03/04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2008/02/12 22:02:40 | 000,039,936 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe -- (F-Secure BackWeb LAN Access)
SRV - [2008/02/12 22:02:38 | 000,016,384 | ---- | M] () [Auto | Running] -- C:\Program Files\F-Secure\BackWeb\7681197\Program\ServiceWrapper-7681197.exe -- (BackWeb Client - 7681197)
SRV - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2006/10/26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/06/29 22:57:50 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/06 03:23:10 | 000,308,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2002/12/05 17:24:32 | 000,225,280 | ---- | M] (F-Secure Corporation. All Rights Reserved.) [Auto | Stopped] -- C:\Program Files\F-Secure\Common\FSAA.EXE -- (FSAA)
SRV - [2002/12/05 17:24:32 | 000,110,668 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure\Common\FNRB32.EXE -- (F-Secure Network Request Broker)
SRV - [2002/12/05 17:24:32 | 000,061,516 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure\Common\FSMA32.EXE -- (FSMA)
SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2001/09/04 10:15:22 | 000,045,056 | ---- | M] (F-Secure Corp.) [Auto | Running] -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\UIUSys.sys -- (UIUSys)
DRV - [2010/08/12 14:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/08/12 14:15:19 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/06/03 19:18:58 | 001,303,728 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/12/15 23:56:12 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/11/18 14:03:36 | 000,026,608 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2009/10/09 12:12:02 | 000,120,360 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009/10/09 12:10:24 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009/08/18 10:20:45 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2008/10/29 16:41:50 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/10/29 16:35:32 | 000,007,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/10/15 16:03:00 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbvoice.sys -- (ZTEusbvoice)
DRV - [2008/10/15 16:03:00 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/10/15 16:03:00 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/10/13 13:49:14 | 000,110,080 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2008/08/29 14:57:18 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/08/13 17:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/05/12 22:14:14 | 000,017,844 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2008/05/12 20:22:04 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2008/05/12 18:04:02 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008/04/13 20:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/04/13 20:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 20:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/03/29 18:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/01/07 14:36:16 | 002,216,064 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Pilote de carte de connexion réseau Intel(R)
DRV - [2007/11/14 18:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/03/09 03:57:02 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007/02/07 00:38:32 | 001,133,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/01/18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/10/02 02:55:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006/10/02 02:55:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2005/10/18 17:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 17:52:38 | 000,242,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/10/18 17:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/10/06 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/10/06 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/10/06 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/10/06 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/10/06 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/10/06 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/10/06 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/28 17:07:02 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/09/12 04:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (drvmcdb)
DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 06:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (drvnddm)
DRV - [2005/06/06 03:44:05 | 000,091,841 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P0630Vid.sys -- (P0630VID)
DRV - [2004/08/30 03:26:58 | 003,151,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Pilote Intel(R)
DRV - [2004/07/29 11:37:00 | 000,016,384 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2004/02/25 09:21:52 | 000,005,120 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS -- (EGATHDRV)
DRV - [2003/10/15 10:19:50 | 000,041,488 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\F-Secure\Anti-Virus\win2k\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2003/04/30 12:13:24 | 000,048,336 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\F-Secure\Anti-Virus\win2k\FSfilter.sys -- (F-Secure Filter)
DRV - [2003/02/06 13:32:02 | 000,016,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\F-Secure\Anti-Virus\win2k\FSrec.sys -- (F-Secure Recognizer)
DRV - [2002/12/05 17:24:34 | 000,065,328 | ---- | M] (F-Secure Corporation) [Kernel | Auto | Running] -- C:\Program Files\F-Secure\Common\FSpm.sys -- (FSpm)
DRV - [2001/11/01 12:57:14 | 000,095,104 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3ssavm.sys -- (S3SSavage)
DRV - [2001/08/24 03:04:44 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/18 08:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 08:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 08:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 08:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 08:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/18 07:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/18 07:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/18 07:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/18 07:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/18 07:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/18 07:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/18 07:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/18 07:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/18 07:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/18 07:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)
DRV - [2001/08/18 07:28:10 | 000,802,683 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LTSM.sys -- (LucentSoftModem)
DRV - [2001/08/18 06:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Service d'installation du pilote audio Intel(r) 82801 (WDM)
DRV - [2001/08/17 22:05:20 | 000,031,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OVCE.sys -- (QCEmerald)
DRV - [2001/08/17 22:05:06 | 000,025,216 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\OVSound2.sys -- (lusbaudio)
DRV - [2001/08/17 21:53:32 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX)
DRV - [2000/06/01 06:29:54 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1220981666-3027267687-1226268322-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr
IE - HKU\S-1-5-21-1220981666-3027267687-1226268322-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipédia (fr)"
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/ig?hl=fr"
FF - prefs.js..extensions.enabledItems: fr-FR@dictionaries.addons.mozilla.org:3.5
FF - prefs.js..extensions.enabledItems: it-IT@dictionaries.addons.mozilla.org:3.1
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2007/12/29 13:20:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/02 08:19:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/24 13:52:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/09/29 10:10:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/07/04 10:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maeva Pop\Application Data\Mozilla\Extensions
[2010/07/04 10:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maeva Pop\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2010/10/02 15:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maeva Pop\Application Data\Mozilla\Firefox\Profiles\j7lc8mrt.default\extensions
[2009/09/16 08:58:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Maeva Pop\Application Data\Mozilla\Firefox\Profiles\j7lc8mrt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/28 09:53:31 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Maeva Pop\Application Data\Mozilla\Firefox\Profiles\j7lc8mrt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/15 18:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maeva Pop\Application Data\Mozilla\Firefox\Profiles\j7lc8mrt.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2009/10/16 12:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maeva Pop\Application Data\Mozilla\Firefox\Profiles\j7lc8mrt.default\extensions\en-US@dictionaries.addons.mozilla.org
[2010/02/15 18:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maeva Pop\Application Data\Mozilla\Firefox\Profiles\j7lc8mrt.default\extensions\fr-FR@dictionaries.addons.mozilla.org
[2007/12/26 20:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maeva Pop\Application Data\Mozilla\Firefox\Profiles\j7lc8mrt.default\extensions\it-IT@dictionaries.addons.mozilla.org
[2010/10/03 15:45:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/24 13:52:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/03/01 17:34:15 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/03/01 17:34:15 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/03/01 17:34:15 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2009/04/27 10:04:49 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2010/03/01 17:34:15 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/03/25 16:39:31 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2001/08/28 17:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\DLASHX_W.DLL (Sonic Solutions)
O3 - HKU\S-1-5-21-1220981666-3027267687-1226268322-1005\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE ()
O4 - HKLM..\Run: [BMMMONWND] C:\Program Files\ThinkPad\Utilities\BATINFEX.DLL (IBM Corp.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\dla\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [PD0630 STISvc] C:\WINDOWS\System32\P0630Pin.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [PhilipsSongbirdLauncher] C:\Program Files\Philips\Philips Songbird\extensions\philips-autoplay@philips.com\application\PhilipsSongbirdLauncher.exe ()
O4 - HKLM..\Run: [S3TRAY2] C:\WINDOWS\System32\S3Tray2.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\S-1-5-21-1220981666-3027267687-1226268322-1005..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1220981666-3027267687-1226268322-1005..\Run: [ISUSPM] C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-1220981666-3027267687-1226268322-1005..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\VPN Client.lnk = C:\WINDOWS\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\Maeva Pop\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1220981666-3027267687-1226268322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 5142395895 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4 ... 41-win.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.71,93.188.166.106
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Maeva Pop\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Maeva Pop\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/27 02:50:05 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3a849fe1-7371-11de-b623-000e35b05636}\Shell - "" = AutoRun
O33 - MountPoints2\{3a849fe1-7371-11de-b623-000e35b05636}\Shell\AutoRun\command - "" = F:\SFR.exe -- File not found
O33 - MountPoints2\{45408557-4bc0-11de-b607-000e35b05636}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{4bc36120-6335-11dd-b4f8-000e35b05636}\Shell\AutoRun\command - "" = stdhost_boa.exe
O33 - MountPoints2\{4bc36120-6335-11dd-b4f8-000e35b05636}\Shell\verb\command - "" = stdhost_boa.exe
O33 - MountPoints2\{4bc36121-6335-11dd-b4f8-000e35b05636}\Shell\AutoRun\command - "" = stdhost_boa.exe
O33 - MountPoints2\{4bc36121-6335-11dd-b4f8-000e35b05636}\Shell\verb\command - "" = stdhost_boa.exe
O33 - MountPoints2\{4fc3a220-c161-11dd-b598-000e35b05636}\Shell - "" = AutoRun
O33 - MountPoints2\{55eb0290-873d-11df-b6c1-000e35b05636}\Shell - "" = Autorun
O33 - MountPoints2\{55eb0290-873d-11df-b6c1-000e35b05636}\Shell\downloadsb\command - "" = C:\WINDOWS\explorer.exe -- [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{56dba4d0-7550-11de-b628-000e35b05636}\Shell - "" = AutoRun
O33 - MountPoints2\{56dba4d0-7550-11de-b628-000e35b05636}\Shell\AutoRun\command - "" = E:\SFR.exe -- File not found
O33 - MountPoints2\{621fa654-95a6-11de-b64a-000e35b05636}\Shell\Auto\command - "" = E:\RavMonE.exe -- File not found
O33 - MountPoints2\{622f1188-f7bd-11de-b68d-000e35b05636}\Shell\AutoRun\command - "" = F:\wubi.exe -- File not found
O33 - MountPoints2\{930efcf0-7370-11de-b622-000e35b05636}\Shell - "" = AutoRun
O33 - MountPoints2\{930efcf0-7370-11de-b622-000e35b05636}\Shell\AutoRun\command - "" = E:\SFR.exe -- File not found
O33 - MountPoints2\{bd4443ad-bd07-11dc-b3fa-000e35b05636}\Shell\AutoRun\command - "" = I:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Documents and Settings\Maeva Pop\Bureau\tableau logement fêtes de fin d'année 2008.xls
File not found -- C:\Documents and Settings\Maeva Pop\Bureau\repas fêtes de fin d'année 2008.xls
File not found -- C:\Documents and Settings\Maeva Pop\Bureau\4a au départ de maman.jpg
File not found -- C:\Documents and Settings\Maeva Pop\Bureau\2a à son bureau.jpg
File not found -- C:\Documents and Settings\Maeva Pop\Bureau\1a prête pour sa première journée d'école.jpg
[2010/10/05 14:48:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/05 14:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/05 14:48:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/05 14:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/05 12:19:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/05 12:17:14 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/10/05 12:11:47 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Maeva Pop\Bureau\mbam-setup-1.46.exe
[2010/10/05 12:11:47 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Maeva Pop\Bureau\erunt-setup.exe
[2010/10/05 12:11:47 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Maeva Pop\Bureau\OTL.exe
[2010/10/05 12:11:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maeva Pop\Bureau\probpc
[2010/09/27 19:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maeva Pop\Bureau\Pop
[2010/09/26 18:32:10 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/09/26 18:31:44 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/09/26 18:14:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maeva Pop\Local Settings\Application Data\Sunbelt Software
[2010/09/26 18:12:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/09/26 14:14:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maeva Pop\Application Data\Update
[2010/09/24 13:56:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/09/24 13:52:42 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/09/24 13:52:41 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/09/24 13:52:41 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/09/24 13:52:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/09/24 13:52:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/09/22 15:32:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maeva Pop\Bureau\sport
[2010/09/22 12:31:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/09/22 11:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\msn
[2010/09/22 11:26:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/09/22 11:26:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr
[2010/09/22 11:26:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/09/22 11:09:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/09/22 09:27:36 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2010/09/22 09:27:23 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2010/09/22 09:27:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/09/22 09:27:01 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2010/09/20 23:35:36 | 000,000,000 | ---D | C] -- C:\F-Secure
[2010/09/20 00:43:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maeva Pop\Bureau\candidature
[2010/09/19 13:58:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maeva Pop\Bureau\bourse EXPIC
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\Documents and Settings\Maeva Pop\Mes documents\*.tmp files -> C:\Documents and Settings\Maeva Pop\Mes documents\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Maeva Pop\Bureau\*.tmp files -> C:\Documents and Settings\Maeva Pop\Bureau\*.tmp -> ]
[1 C:\Documents and Settings\Maeva Pop\*.tmp files -> C:\Documents and Settings\Maeva Pop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Documents and Settings\Maeva Pop\Bureau\tableau logement fêtes de fin d'année 2008.xls
File not found -- C:\Documents and Settings\Maeva Pop\Bureau\repas fêtes de fin d'année 2008.xls
File not found -- C:\Documents and Settings\Maeva Pop\Bureau\4a au départ de maman.jpg
File not found -- C:\Documents and Settings\Maeva Pop\Bureau\2a à son bureau.jpg
File not found -- C:\Documents and Settings\Maeva Pop\Bureau\1a prête pour sa première journée d'école.jpg
[2010/10/05 14:49:07 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/10/05 14:36:37 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\VPN Client.lnk
[2010/10/05 14:34:32 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/05 14:32:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/05 14:32:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/05 14:32:40 | 535,810,048 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/05 14:30:41 | 011,010,048 | -H-- | M] () -- C:\Documents and Settings\Maeva Pop\NTUSER.DAT
[2010/10/05 14:30:41 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Maeva Pop\ntuser.ini
[2010/10/05 12:17:32 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\Maeva Pop\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/10/05 12:17:16 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\Maeva Pop\Bureau\NTREGOPT.lnk
[2010/10/05 12:17:16 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\Maeva Pop\Bureau\ERUNT.lnk
[2010/10/05 12:10:06 | 000,005,024 | ---- | M] () -- C:\Documents and Settings\Maeva Pop\Bureau\erunt-loc_fr.zip
[2010/10/05 12:09:18 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Maeva Pop\Bureau\erunt-setup.exe
[2010/10/05 12:03:08 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Maeva Pop\Bureau\mbam-setup-1.46.exe
[2010/10/05 12:00:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maeva Pop\Bureau\OTL.exe
[2010/10/05 11:42:31 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/10/05 11:36:16 | 000,122,232 | ---- | M] () -- C:\Documents and Settings\Maeva Pop\Bureau\Fsecurereport.pdf
[2010/10/05 10:07:30 | 000,156,922 | ---- | M] () -- C:\Documents and Settings\Maeva Pop\Bureau\taches.JPG
[2010/10/03 22:40:54 | 000,092,160 | ---- | M] () -- C:\Documents and Settings\Maeva Pop\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/03 14:56:16 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/10/01 19:50:16 | 044,810,752 | ---- | M] () -- C:\Documents and Settings\Maeva Pop\Bureau\report 01102010.doc
[2010/10/01 12:03:57 | 043,183,104 | ---- | M] () -- C:\Documents and Settings\Maeva Pop\Bureau\report 30092010.doc
[2010/09/30 15:49:43 | 033,455,104 | ---- | M] () -- C:\Documents and Settings\Maeva Pop\Bureau\report 29092010.doc
[2010/09/29 15:28:50 | 031,223,808 | ---- | M] () -- C:\Documents and Settings\Maeva Pop\Bureau\report 27092010.doc
[2010/09/29 09:41:14 | 000,055,626 | ---- | M] () -- C:\Documents and Settings\Maeva Pop\Bureau\Carnet d'adresses2.pdf
[2010/09/29 08:41:46 | 000,124,021 | ---- | M] () -- C:\Documents and Settings\Maeva Pop\Bureau\liste email.pdf
[2010/09/28 22:55:05 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Maeva Pop\Bureau\Downstream Process engineer in PD Pilot plant.doc
[2010/09/27 16:00:58 | 019,118,080 | ---- | M] () -- C:\Documents and Settings\Maeva Pop\Bureau\report.doc
[2010/09/27 09:34:59 | 000,241,587 | ---- | M] () -- C:\Documents and Settings\Maeva Pop\Bureau\mp03600.pdf
[2010/09/26 18:31:42 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/09/26 18:12:34 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\Maeva Pop\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/09/26 18:12:34 | 000,000,890 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Ad-Aware.lnk
[2010/09/26 17:00:33 | 000,160,344 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/26 16:54:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/26 16:49:29 | 001,078,194 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/26 16:49:29 | 000,510,980 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/09/26 16:49:29 | 000,441,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/26 16:49:29 | 000,084,964 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/09/26 16:49:29 | 000,071,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/26 15:36:36 | 000,122,817 | ---- | M] () -- C:\Documents and Settings\Maeva Pop\Bureau\F-Secure Anti-Virus.pdf
[2010/09/24 19:52:48 | 000,129,035 | ---- | M] () -- C:\Documents and Settings\Maeva Pop\Bureau\Prozessingenieur (m_w) (Ken....pdf
[2010/09/24 09:18:33 | 000,034,292 | ---- | M] () -- C:\Documents and Settings\Maeva Pop\Bureau\Copie de error host.jpg
[2010/09/24 09:18:33 | 000,013,977 | ---- | M] () -- C:\Documents and Settings\Maeva Pop\.recently-used.xbel
[2010/09/23 10:38:58 | 011,480,576 | ---- | M] () -- C:\Documents and Settings\Maeva Pop\Bureau\presentation Mae.ppt
[2010/09/22 11:58:10 | 002,205,375 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/09/22 11:17:34 | 000,252,240 | RHS- | M] () -- C:\ntldr
[2010/09/22 09:27:45 | 000,000,683 | ---- | M] () -- C:\Documents and Settings\Maeva Pop\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2010/09/19 12:05:50 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2010/09/10 16:37:42 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\Documents and Settings\Maeva Pop\Mes documents\*.tmp files -> C:\Documents and Settings\Maeva Pop\Mes documents\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Maeva Pop\Bureau\*.tmp files -> C:\Documents and Settings\Maeva Pop\Bureau\*.tmp -> ]
[1 C:\Documents and Settings\Maeva Pop\*.tmp files -> C:\Documents and Settings\Maeva Pop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/05 14:49:07 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/10/05 12:17:32 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\Maeva Pop\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/10/05 12:17:16 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\Maeva Pop\Bureau\NTREGOPT.lnk
[2010/10/05 12:17:16 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\Maeva Pop\Bureau\ERUNT.lnk
[2010/10/05 12:11:47 | 000,005,024 | ---- | C] () -- C:\Documents and Settings\Maeva Pop\Bureau\erunt-loc_fr.zip
[2010/10/05 11:36:10 | 000,122,232 | ---- | C] () -- C:\Documents and Settings\Maeva Pop\Bureau\Fsecurereport.pdf
[2010/10/05 10:07:28 | 000,156,922 | ---- | C] () -- C:\Documents and Settings\Maeva Pop\Bureau\taches.JPG
[2010/10/04 11:03:15 | 000,748,544 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/04 08:26:58 | 000,034,292 | ---- | C] () -- C:\Documents and Settings\Maeva Pop\Bureau\Copie de error host.jpg
[2010/10/01 12:04:04 | 044,810,752 | ---- | C] () -- C:\Documents and Settings\Maeva Pop\Bureau\report01102010.doc
[2010/09/30 15:49:57 | 043,183,104 | ---- | C] () -- C:\Documents and Settings\Maeva Pop\Bureau\report30092010.doc
[2010/09/29 15:28:58 | 033,455,104 | ---- | C] () -- C:\Documents and Settings\Maeva Pop\Bureau\report29092010.doc
[2010/09/29 09:41:08 | 000,055,626 | ---- | C] () -- C:\Documents and Settings\Maeva Pop\Bureau\Carnet d'adresses2.pdf
[2010/09/29 08:41:36 | 000,124,021 | ---- | C] () -- C:\Documents and Settings\Maeva Pop\Bureau\liste email.pdf
[2010/09/28 22:55:03 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Maeva Pop\Bureau\Downstream Process engineer in PD Pilot plant.doc
[2010/09/27 16:01:08 | 031,223,808 | ---- | C] () -- C:\Documents and Settings\Maeva Pop\Bureau\report27092010.doc
[2010/09/27 09:34:59 | 000,241,587 | ---- | C] () -- C:\Documents and Settings\Maeva Pop\Bureau\mp03600.pdf
[2010/09/27 04:44:29 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/09/26 18:12:34 | 000,000,908 | ---- | C] () -- C:\Documents and Settings\Maeva Pop\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/09/26 18:12:34 | 000,000,890 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Ad-Aware.lnk
[2010/09/26 15:36:29 | 000,122,817 | ---- | C] () -- C:\Documents and Settings\Maeva Pop\Bureau\F-Secure Anti-Virus.pdf
[2010/09/24 19:52:40 | 000,129,035 | ---- | C] () -- C:\Documents and Settings\Maeva Pop\Bureau\Prozessingenieur (m_w) (Ken....pdf
[2010/09/24 09:18:33 | 000,013,977 | ---- | C] () -- C:\Documents and Settings\Maeva Pop\.recently-used.xbel
[2010/09/22 13:22:11 | 011,480,576 | ---- | C] () -- C:\Documents and Settings\Maeva Pop\Bureau\presentation Maeva.ppt
[2010/09/20 00:35:48 | 019,118,080 | ---- | C] () -- C:\Documents and Settings\Maeva Pop\Bureau\report.doc
[2010/09/10 16:37:42 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/09/10 16:37:42 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/01/10 00:58:29 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS2v.DLL
[2009/12/15 23:56:12 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/12/11 07:14:56 | 000,000,274 | ---- | C] () -- C:\WINDOWS\Qlogigra.ini
[2009/04/20 08:41:02 | 000,000,084 | ---- | C] () -- C:\WINDOWS\STATVIEW.INI
[2009/02/28 02:35:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SxmW32.INI
[2009/02/28 01:01:18 | 000,000,029 | ---- | C] () -- C:\WINDOWS\Vnti40.ini
[2008/08/29 14:58:26 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/08/29 14:58:16 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/07/29 16:52:40 | 000,000,335 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/07/14 20:25:29 | 000,000,041 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/12/28 16:26:45 | 000,092,160 | ---- | C] () -- C:\Documents and Settings\Maeva Pop\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/28 16:19:31 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/12/27 02:40:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/12/27 02:37:27 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2007/12/27 02:35:25 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/12/27 02:35:25 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/12/27 02:35:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/12/27 02:35:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/12/27 02:35:25 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/12/27 02:35:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/12/27 02:34:15 | 000,001,611 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/12/27 02:26:41 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2007/12/27 02:26:19 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2007/12/27 02:25:51 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2007/12/27 02:07:06 | 000,002,500 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/12/27 00:14:13 | 002,115,816 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/12/26 20:30:24 | 000,000,514 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/12/26 20:30:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2007/12/26 18:36:23 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Maeva Pop\Local Settings\Application Data\fusioncache.dat
[2006/06/09 12:43:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/30 21:16:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2005/07/06 00:45:08 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2004/01/09 16:10:32 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
[2003/02/25 19:22:18 | 000,000,821 | ---- | C] () -- C:\WINDOWS\orun32.ini

========== LOP Check ==========

[2009/08/20 17:09:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/12/15 23:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2007/12/27 02:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ibm
[2009/02/28 01:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Informax
[2009/08/18 10:21:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2010/08/28 12:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2010/09/26 18:13:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2008/11/10 22:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Avaya
[2010/05/22 10:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maeva Pop\Application Data\Avaya
[2009/12/16 08:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maeva Pop\Application Data\DAEMON Tools Lite
[2009/08/10 01:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maeva Pop\Application Data\DNA
[2009/08/18 10:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maeva Pop\Application Data\Downloaded Installations
[2010/10/02 09:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maeva Pop\Application Data\EndNote
[2010/09/24 09:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maeva Pop\Application Data\gtk-2.0
[2007/12/27 16:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maeva Pop\Application Data\IBM
[2008/01/15 19:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maeva Pop\Application Data\InterVideo
[2008/08/28 22:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maeva Pop\Application Data\Leadertech
[2009/03/05 22:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maeva Pop\Application Data\MEGA4_4028
[2009/02/08 10:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maeva Pop\Application Data\OpenOffice.org
[2010/07/04 10:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maeva Pop\Application Data\Philips-Songbird
[2009/07/18 10:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maeva Pop\Application Data\SFR
[2007/12/26 20:43:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maeva Pop\Application Data\Thunderbird
[2010/09/26 14:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maeva Pop\Application Data\Update
[2010/10/05 11:42:31 | 000,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2007/12/27 02:39:28 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\BMMTask.job
[2010/08/21 10:29:05 | 000,000,528 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
[2010/09/19 12:05:50 | 000,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Custom Scans ==========


<SYSTEMDRIVE>


<MD5>
[2004/08/20 02:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/20 02:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/09/22 11:09:15 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/09/22 11:09:15 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\AGP440.SYS

<MD5>
[2002/08/29 22:17:04 | 010,179,564 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2004/08/20 02:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2002/08/29 22:17:04 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/20 02:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/09/22 11:09:15 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/09/22 11:09:15 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

<MD5>
[2004/08/20 02:09:26 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 04:33:
mae
 
Messages: 22
Inscription: 05 Oct 2010, 15:24

Messagede mae » 05 Oct 2010, 15:58

Voici le log OTL extras.txt

OTL Extras logfile created on: 05/10/2010 14:54:49 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Maeva Pop\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

511,00 Mb Total Physical Memory | 154,00 Mb Available Physical Memory | 30,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 57,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51,38 Gb Total Space | 6,17 Gb Free Space | 12,00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAEVA
Current User Name: Maeva Pop
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.scr [@ = RasWin.Script] -- C:\Program Files\RasWin\RasWin.exe ()

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0000040C-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = IBM ThinkVantage Technologies Welcome Message
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = Utilitaire ThinkPad EasyEject
"{1526D87C-A955-4FAB-BF18-697BA457E352}" = Norton WMI Update
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = Utilitaire de personnalisation du clavier ThinkPad
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = Système de protection active ThinkVantage
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300
"{5A682D37-E093-40A0-BF74-A4A6D1861B92}" = ANPSEDIC
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6860B340-530D-46B3-91F8-1AE1F70F7C33}" = OpenOffice.org 3.0
"{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit Runtime Environment for Java 2, v1.4.1
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = Assistant UltraNav ThinkPad
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{8745DEAB-1126-42F5-9585-C66D5497B47B}" = EMEA Wallpaper
"{87F7773C-EC9C-461A-AA7B-4AF8EF54DF49}" = EndNote X1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0054-040C-0000-0000000FF1CE}" = Microsoft Office Visio MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{9085040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1036-7B44-A81300000003}" = Adobe Reader 8.1.4 - Français
"{AF6D9313-E338-48F0-9B0C-7DE20EDB99CF}" = BioEdit
"{B185CA27-2F59-49C0-A043-42A98E723C8E}" = MEGA 4
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EA664480-3844-11D5-8C25-444553540000}" = Fonctions d'accessibilité TrackPoint
"{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}" = Access IBM
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}" = Logiciel Intel(R) PROSet/Wireless WiFi
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3C1E76C-18C1-4297-8FBB-350AE453B22F}" = CCP4-Packages-6.1.2
"{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5}" = Access IBM Message Center
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = Configuration du ThinkPad
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Video FX Utility" = Utilitaire Effets vidéos avancés
"All ATI Software" = ATI - Utilitaire de désinstallation du logiciel
"ATI Display Driver" = ATI Display Driver
"CCP4MG_is1" = ccp4mg 1.112.0
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = ThinkPad Integrated 56K Modem
"Creative PD0630" = Creative WebCam Live! Driver (1.02.03.0606)
"Creative Photo Manager" = Creative Photo Manager
"Creative WebCam Center" = Creative WebCam Center
"ERUNT_is1" = ERUNT 1.1j
"Exact Audio Copy" = Exact Audio Copy 0.99pb3
"FileZilla Client" = FileZilla Client 3.0.4.1
"F-Secure Anti-Virus" = F-Secure Anti-Virus
"F-Secure BackWeb" = F-Secure BackWeb
"F-Secure Management Agent" = F-Secure Management Agent
"GanttProject" = GanttProject
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit Runtime Environment for Java 2, v1.4.1
"IrfanView" = IrfanView (remove only)
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"LiveUpdate" = LiveUpdate 1.90 (Symantec Corporation)
"Lucent Technologies Soft Modem" = Lucent Technologies Soft Modem AMR
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Manuel d'utilisation de Creative WebCam Live! French" = Manuel d'utilisation de Creative WebCam Live! (Français)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnScreenDisplay" = Incrustation
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Philips Songbird" = Philips Songbird
"Picasa 3" = Picasa 3
"Power Features" = Optimiseur de batterie et gestion de l'alimentation du ThinkPad
"Power Management Driver" = ThinkPad Power Management Driver
"Presentation Director" = Gestionnaire de présentation ThinkPad
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) PRO Network Connections Drivers
"PyMOL" = PyMOL
"QuickTime" = QuickTime
"RasWin" = RasWin (remove only)
"RealPlayer 6.0" = RealPlayer
"RealVNC_is1" = VNC Free Edition 4.1.3
"SightSpeed" = SightSpeed (remove only)
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ThinkPadSoftwareInstaller" = Programme d'installation de logiciels ThinkPad
"Utilitaires Sierra" = Utilitaires Sierra
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WebCam Live! Product Registration" = Enregistrement du produit WebCam Live!
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.4.6
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wubi" = Ubuntu
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1220981666-3027267687-1226268322-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Winamp Detect" = Détection de l'application Winamp

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05/10/2010 09:25:20 | Computer Name = MAEVA | Source = F-Secure Anti-Virus | ID = 103
Description = 57 2010-10-05 15:25:20+02:00 maeva MAEVA\Maeva Pop F-Secure Anti-Virus

An error occurred while scanning C:\WINDOWS\SYSTEM32\WOW32.DLL.

Error - 05/10/2010 09:25:20 | Computer Name = MAEVA | Source = F-Secure Anti-Virus | ID = 103
Description = 58 2010-10-05 15:25:20+02:00 maeva MAEVA\Maeva Pop F-Secure Anti-Virus

An error occurred while scanning C:\WINDOWS\SYSTEM32\WOW32.DLL.

Error - 05/10/2010 09:25:20 | Computer Name = MAEVA | Source = F-Secure Anti-Virus | ID = 103
Description = 59 2010-10-05 15:25:20+02:00 maeva MAEVA\Maeva Pop F-Secure Anti-Virus

An error occurred while scanning C:\WINDOWS\SYSTEM32\WOW32.DLL.

Error - 05/10/2010 09:25:20 | Computer Name = MAEVA | Source = F-Secure Anti-Virus | ID = 103
Description = 60 2010-10-05 15:25:20+02:00 maeva MAEVA\Maeva Pop F-Secure Anti-Virus

An error occurred while scanning C:\WINDOWS\SYSTEM32\WOW32.DLL.

Error - 05/10/2010 09:25:20 | Computer Name = MAEVA | Source = F-Secure Anti-Virus | ID = 103
Description = 61 2010-10-05 15:25:20+02:00 maeva MAEVA\Maeva Pop F-Secure Anti-Virus

An error occurred while scanning C:\WINDOWS\SYSTEM32\WOW32.DLL.

Error - 05/10/2010 09:25:20 | Computer Name = MAEVA | Source = F-Secure Anti-Virus | ID = 103
Description = 62 2010-10-05 15:25:20+02:00 maeva MAEVA\Maeva Pop F-Secure Anti-Virus

An error occurred while scanning C:\WINDOWS\SYSTEM32\WOW32.DLL.

Error - 05/10/2010 09:25:20 | Computer Name = MAEVA | Source = F-Secure Anti-Virus | ID = 103
Description = 63 2010-10-05 15:25:20+02:00 maeva MAEVA\Maeva Pop F-Secure Anti-Virus

An error occurred while scanning C:\WINDOWS\SYSTEM32\WOW32.DLL.

Error - 05/10/2010 09:25:20 | Computer Name = MAEVA | Source = F-Secure Anti-Virus | ID = 103
Description = 64 2010-10-05 15:25:20+02:00 maeva MAEVA\Maeva Pop F-Secure Anti-Virus

An error occurred while scanning C:\WINDOWS\SYSTEM32\WOW32.DLL.

Error - 05/10/2010 09:25:20 | Computer Name = MAEVA | Source = F-Secure Anti-Virus | ID = 103
Description = 65 2010-10-05 15:25:20+02:00 maeva MAEVA\Maeva Pop F-Secure Anti-Virus

An error occurred while scanning C:\WINDOWS\SYSTEM32\WOW32.DLL.

Error - 05/10/2010 09:25:20 | Computer Name = MAEVA | Source = F-Secure Anti-Virus | ID = 103
Description = 66 2010-10-05 15:25:20+02:00 maeva MAEVA\Maeva Pop F-Secure Anti-Virus

An error occurred while scanning C:\WINDOWS\SYSTEM32\WOW32.DLL.

[ Lenovo-Message Center Plus/Admin Events ]
Error - 27/11/2009 12:08:49 | Computer Name = MAEVA | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\Documents and Settings\All Users\Application Data\Lenovo\MessageCenterPlus\ServerRepository\temp\new
does not have a Lenovo Digital Signature. The file will be deleted

Error - 10/12/2009 23:52:41 | Computer Name = MAEVA | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\Documents and Settings\All Users\Application Data\Lenovo\MessageCenterPlus\ServerRepository\temp\new
does not have a Lenovo Digital Signature. The file will be deleted

Error - 14/12/2009 11:28:41 | Computer Name = MAEVA | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\Documents and Settings\All Users\Application Data\Lenovo\MessageCenterPlus\ServerRepository\temp\new
does not have a Lenovo Digital Signature. The file will be deleted

Error - 22/12/2009 04:31:48 | Computer Name = MAEVA | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\Documents and Settings\All Users\Application Data\Lenovo\MessageCenterPlus\ServerRepository\temp\new
does not have a Lenovo Digital Signature. The file will be deleted

Error - 03/01/2010 17:51:47 | Computer Name = MAEVA | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\Documents and Settings\All Users\Application Data\Lenovo\MessageCenterPlus\ServerRepository\temp\new
does not have a Lenovo Digital Signature. The file will be deleted

Error - 14/01/2010 04:17:16 | Computer Name = MAEVA | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\Documents and Settings\All Users\Application Data\Lenovo\MessageCenterPlus\ServerRepository\temp\new
does not have a Lenovo Digital Signature. The file will be deleted

Error - 23/01/2010 05:55:54 | Computer Name = MAEVA | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\Documents and Settings\All Users\Application Data\Lenovo\MessageCenterPlus\ServerRepository\temp\new
does not have a Lenovo Digital Signature. The file will be deleted

Error - 25/01/2010 16:39:29 | Computer Name = MAEVA | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\Documents and Settings\All Users\Application Data\Lenovo\MessageCenterPlus\ServerRepository\temp\new
does not have a Lenovo Digital Signature. The file will be deleted

Error - 26/01/2010 03:31:29 | Computer Name = MAEVA | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\Documents and Settings\All Users\Application Data\Lenovo\MessageCenterPlus\ServerRepository\temp\new
does not have a Lenovo Digital Signature. The file will be deleted

Error - 26/01/2010 07:33:30 | Computer Name = MAEVA | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\Documents and Settings\All Users\Application Data\Lenovo\MessageCenterPlus\ServerRepository\temp\new
does not have a Lenovo Digital Signature. The file will be deleted

[ System Events ]
Error - 22/09/2010 09:32:14 | Computer Name = MAEVA | Source = Service Control Manager | ID = 7032
Description = Le Gestionnaire de services de contrôle a essayé d'entreprendre une
action corrective (Redémarrer le service) après la fin inattendue du service Infrastructure
de gestion Windows, mais cette action a échoué en raison de l'erreur suivante :
%%1056

Error - 22/09/2010 09:37:22 | Computer Name = MAEVA | Source = Service Control Manager | ID = 7032
Description = Le Gestionnaire de services de contrôle a essayé d'entreprendre une
action corrective (Redémarrer le service) après la fin inattendue du service Infrastructure
de gestion Windows, mais cette action a échoué en raison de l'erreur suivante :
%%1056

Error - 22/09/2010 09:38:54 | Computer Name = MAEVA | Source = Service Control Manager | ID = 7032
Description = Le Gestionnaire de services de contrôle a essayé d'entreprendre une
action corrective (Redémarrer le service) après la fin inattendue du service Infrastructure
de gestion Windows, mais cette action a échoué en raison de l'erreur suivante :
%%1056

Error - 22/09/2010 10:49:22 | Computer Name = MAEVA | Source = Service Control Manager | ID = 7032
Description = Le Gestionnaire de services de contrôle a essayé d'entreprendre une
action corrective (Redémarrer le service) après la fin inattendue du service Infrastructure
de gestion Windows, mais cette action a échoué en raison de l'erreur suivante :
%%1056

Error - 22/09/2010 11:10:57 | Computer Name = MAEVA | Source = Service Control Manager | ID = 7032
Description = Le Gestionnaire de services de contrôle a essayé d'entreprendre une
action corrective (Redémarrer le service) après la fin inattendue du service Infrastructure
de gestion Windows, mais cette action a échoué en raison de l'erreur suivante :
%%1056


<End>
mae
 
Messages: 22
Inscription: 05 Oct 2010, 15:24

Messagede mae » 05 Oct 2010, 16:02

Comme dit au début, impossible d'ouvrir Malwarebytes et donc de faire un scan avec.
Par contre j'ai le log d'Hijackthis. Si ca peut vous aider.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:31, on 05/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PhilipsSongbirdLauncher] C:\Program Files\Philips\Philips Songbird\extensions\philips-autoplay@philips.com\application\PhilipsSongbirdLauncher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [LenovoAutoScrollUtility] C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5142395895
O17 - HKLM\System\CCS\Services\Tcpip\..\{641445E5-25D1-4F3F-822A-D246F32F19C3}: NameServer = 93.188.163.71,93.188.166.106
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.163.71,93.188.166.106
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.163.71,93.188.166.106
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 93.188.163.71,93.188.166.106
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.71,93.188.166.106
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: Incrustation (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe

--
End of file - 12539 bytes
mae
 
Messages: 22
Inscription: 05 Oct 2010, 15:24

Messagede mae » 05 Oct 2010, 16:14

si cela peut vous aider, j'ai aussi le log de Fsecure et celui Ad aware.
mae
 
Messages: 22
Inscription: 05 Oct 2010, 15:24

Messagede nickW » 05 Oct 2010, 22:46

Bonsoir,

Utilisation d'autres outils et nouvelles analyses:

Je te conseille d'imprimer la procédure, d'enregistrer la page dans un fichier HTML, ou d'en sélectionner toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC (Note: des redémarrages sont prévus).
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscur, demande des explications avant de commencer la désinfection.



Étape 1: Defogger (de jpshortstuff), téléchargement
Télécharger Defogger depuis http://www.jpshortstuff.247fixes.com/Defogger.exe
Enregistrer le fichier sur le Bureau.


Étape 2: Defogger (de jpshortstuff), désactivation des émulateurs de CD
Lancer Defogger par un double clic sur Defogger.exe

Fermer toutes les fenêtres de programme ouvertes autres que Defogger (navigateur, traitement de texte, etc...): un redémarrage du PC va se produire.

L'écran de Defogger s'affiche:
Image

Cliquer sur Disable afin de désactiver les pilotes d'émulateurs de CD.

Cliquer sur Yes/Oui pour continuer.

Lors de l'apparition du message Finished!, cliquer sur OK.

Defogger annonce que le PC va redémarrer, cliquer sur OK.


Étape 3: Rootkit Unhooker (de DiabloNova), téléchargement
Télécharger Rootkit Unhooker depuis ce lien: http://www.rootkit.com/vault/DiabloNova ... okerLE.EXE
Enregistrer ce fichier sur le Bureau.


Étape 4: rkill (de Grinler), téléchargement
Remarque importante:
rkill est parfois, à tort, détecté comme nuisible. Si nécessaire, désactiver l'antivirus lors de son téléchargement.

Télécharger rkill via un clic droit suivi de Enregistrer la cible du lien sous ... depuis l'un des liens ci-dessous:

Lien 1
Lien 2
Lien 3

Enregistrer le fichier sur le Bureau.


Étape 5: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus et celui de l'antispyware.

Image F-Secure: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), choisir "Décharger"

Désactiver TeaTimer de Spybot-S&D.
Dans la SysBarre (zone située juste à gauche de l'horloge) faire un clic droit sur l'icône du Résident de Spybot-S&D et choisir "Quitter Résident de Spybot-S&D".
Si cela est faisable, lancer Spybot-S&D, Mode avancé, Outils, Résident, décocher la case située devant Résident "TeaTimer". Fermer Spybot-S&D.
Note:
Il ne faut pas réactiver TeaTimer avant la fin du nettoyage du PC (je te dirai quand et comment le faire).


Étape 6: Rootkit Unhooker (de DiabloNova), exécution
Faire un double clic sur RKUnhookerLE.EXE pour lancer l'exécution de l'outil.

Cliquer sur l'onglet Report:
Image

Cliquer sur le bouton Scan:
Image

Cocher les cases Drivers et Stealth Code, et dé-cocher les autres, puis cliquer sur le bouton OK, comme ceci:
Image

Attendre la fin de l'analyse (les fichiers analysés sont affichés en bas sur la gauche de la fenêtre).
Lorsque le rapport est affiché (dans l'onglet Report), cliquer en haut sur le Menu File et choisir Save Report.
Enregistrer le rapport sur le Bureau sous le nom Report-RKU-101005.txt
Fermer RKU en cliquant sur le bouton Close, puis en confirmant en cliquant sur le bouton Oui (message Hmm, are you sure? :)).

Note - Cet avertissement peut parfois être affiché:
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
Il faut l'ignorer en cliquant sur OK.


Étape 7: rkill (de Grinler), exécution
Faire un double clic sur le fichier rkill téléchargé pour lancer l'outil.

Une fenêtre à fond noir va apparaître brièvement, puis disparaître.
En fin d'exécution, enregistrer le fichier rkill.log

Si rien ne se passe, ou si l'outil ne se lance pas, télécharger l'outil depuis un autre des trois liens ci-dessus et faire une nouvelle tentative d'exécution.

Si aucun des outils téléchargés depuis les trois liens ci-dessus ne semble fonctionner, télécharger une version renommée de rkill depuis iExplore.exe ou eXplorer.exe et essayer de le lancer.

Si aucun des cinq outils téléchargés ne semble fonctionner, ne pas continuer le nettoyage, et me prévenir sur le forum.

Ne pas faire redémarrer le PC.


Étape 8: Adresses des serveurs DNS

Il faudrait modifier les adresses des serveurs DNS dans les paramètres de la connexion.

Panneau de configuration---->Connexions réseau
Sélectionner la connexion (dans Réseau local ou Internet à grande vitesse), clic droit dessus, choisir Propriétés
Sélectionner Protocole Internet (TCP/IP), cliquer sur le bouton Propriétés
Dans le paragraphe du bas, cocher Utiliser l'adresse de serveur DNS suivante: puis saisir
208.67.222.222 dans Serveur DNS préféré
208.67.220.220 dans Serveur DNS auxiliaire
Valider en cliquant sur OK.


Étape 9: Malwarebytes' Anti-Malware, recherche
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher, comme ceci:

Image

Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats":
Image

Cliquer sur le bouton "Enregistrer le rapport", valider la sauvegarde, puis cliquer sur le bouton "Quitter"


Étape 10: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 11: Résultats
Envoyer en réponse:
*- le rapport de Rootkit Unhooker (contenu du fichier Report-RKU-101005.txt situé sur le Bureau).
*- le rapport de rkill (contenu du fichier rkill.log situé dans le dossier SystemDrive\)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct:
*- le rapport de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-****-**-** (**-**-**).txt situé dans le dossier SystemDrive\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs où ****-**-** (**-**-**) représente la date [année-mois-jour] et l'heure [hh-mn-ss])
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]


Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede mae » 06 Oct 2010, 10:55

Bonjour

en premier merci pour ta réponse.

Je suis arrivée à l'étape 5... sans problème jusque là.
le problème que j'ai est qu'il m'est impossible de désactiver Fsecure car le logo n'est plus présent dans la SysBarre après le redémarrage (apres l'étape 2). J'ai tenté en redemarrant le PC une nouvelle fois, mais plus de logo Fsecure (a part Backweb qui a tjs été présent). Dans les processus j'ai Fsav32.exe, Fsgk32.exe, fsgk32st.exe, FSM32.exe, FSMA32.exe, FSMB32.exe et fssm32.exe qui tournent. Est ce que je doit les arrêter ? Si je ferme manuellement F secure Backweb, il se relance automatiquement.

D'autres part toujours impossible d'ouvrir Spybot S&D, mais pas de problème pour le fermer.

J'attends une réponse de votre part avant de continuer.

Bonne journée
Mae
mae
 
Messages: 22
Inscription: 05 Oct 2010, 15:24

Messagede nickW » 07 Oct 2010, 00:46

Bonsoir,

Dans un premier temps, il faudrait arrêter le plus possible de processus/services liés à F-Secure:

Processus:
fsav32.exe
fsgk32.exe
fssm32.exe
FSMB32.exe
FNRB32.exe
FSM32.exe
FSMA32.exe
FIH32.exe
FAMEH32.exe
fch32.exe
fsgk32st.exe

Services/Pilotes:
FSAA
F-Secure Network Request Broker
FSMA
F-Secure Gatekeeper Handler Starter
F-Secure Gatekeeper
F-Secure Filter
F-Secure Recognizer
FSpm

Via le Gestionnaire de tâches [Démarrer--->Exécuter, taper taskmgr puis cliquer sur OK], tu peux "Terminer le processus" des éléments actifs.
Via la Console de gestion des services [Démarrer--->Exécuter, taper services.msc puis cliquer sur OK], tu peux arrêter (Attention: Ne pas les supprimer, mais seulement arrêter leur exécution) ceux qui sont actifs.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede mae » 07 Oct 2010, 08:31

Bonjour

Alors en premier voici le rapport de Rootkit Unhooker :

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF0B2000 C:\WINDOWS\System32\ati3duag.dll 2310144 bytes (ATI Technologies Inc. , ati3duag.dll)
0xF7F1A000 C:\WINDOWS\system32\DRIVERS\w29n51.sys 2220032 bytes (Intel® Corporation, Intel® Wireless LAN Driver)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2192000 bytes (Microsoft Corporation, Noyau et système NT)
0x804D7000 PnpManager 2192000 bytes
0x804D7000 RAW 2192000 bytes
0x804D7000 WMIxWDM 2192000 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Pilote Win32 multi-utilisateurs)
0xF7DDD000 C:\WINDOWS\System32\DRIVERS\SynTP.sys 1298432 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0xF8198000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1200128 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xF7B7A000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 999424 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF7AC9000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 724992 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xBF2E6000 C:\WINDOWS\System32\ativvaxx.dll 606208 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xB75E9000 C:\WINDOWS\system32\Drivers\CVPNDRVA.sys 589824 bytes (Cisco Systems, Inc., Cisco Systems VPN Client IPSec Driver)
0xF86C1000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF7D6C000 C:\WINDOWS\System32\Drivers\wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0xBA55F000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF79CD000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xBA704000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB747A000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB66E8000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 245760 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xF7C6E000 C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys 245760 bytes (Conexant Systems, Inc., HSFHWICH WDM driver)
0xF7CEE000 C:\WINDOWS\system32\drivers\smwdm.sys 221184 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xBF04E000 C:\WINDOWS\System32\ati2cqag.dll 204800 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF080000 C:\WINDOWS\System32\atikvmag.dll 204800 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xF7A2B000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF8826000 ACPI.sys 192512 bytes (Microsoft Corporation, Pilote ACPI pour NT)
0xB76A1000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF8694000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xBA5CF000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF8138000 C:\WINDOWS\System32\DRIVERS\e1000325.sys 163840 bytes (Intel Corporation, Intel(R) PRO/1000 Adapter NDIS 5.1 deserialized driver)
0xBA6DC000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xBA519000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF7CCA000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF8160000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF7D24000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xBA6BA000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF7CAA000 C:\WINDOWS\system32\drivers\aeaudio.sys 131072 bytes (Andrea Electronics Corporation, Andrea Audio Noise Cancellation Driver)
0xF8674000 Apsx86.sys 131072 bytes (Lenovo., Shockproof Disk Driver)
0xF87A0000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF87D8000 ftdisk.sys 126976 bytes (Microsoft Corporation, Pilote de disque à FT)
0xF7AAB000 C:\WINDOWS\system32\DRIVERS\dne2000.sys 122880 bytes (Deterministic Networks, Inc., Deterministic Network Enhancer)
0xF87F7000 pcmcia.sys 122880 bytes (Microsoft Corporation, Pilote de bus PCMCIA)
0xF865A000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF87C0000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB7D25000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)
0xF8761000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF7A6C000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB7D65000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xB7D0F000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xF8778000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0xB7BB9000 C:\WINDOWS\System32\DRIVERS\irda.sys 90112 bytes (Microsoft Corporation, IRDA Protocol Driver)
0xB785C000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF7D47000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Pilote de port parallèle)
0xF8184000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x806EF000 ACPI_HAL 81152 bytes
0x806EF000 C:\WINDOWS\system32\hal.dll 81152 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xBA75D000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF874E000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF878E000 sr.sys 73728 bytes (Microsoft Corporation, Pilote de filtre de système de fichiers pour la restauration du système)
0xF8815000 pci.sys 69632 bytes (Microsoft Corporation, Énumérateur Plug-and-Play PCI pour NT)
0xF7A5B000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF7D5B000 C:\WINDOWS\System32\DRIVERS\serial.sys 69632 bytes (Microsoft Corporation, Pilote de périphérique série)
0xF8A36000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF832D000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB777E000 C:\Program Files\F-Secure\Common\FSPM.SYS 65536 bytes (F-Secure Corporation, F-Secure Policy Manager)
0xF830D000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF88C6000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xF831D000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Pilote de filtre audio Livre rouge)
0xB7931000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF8976000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF8AE6000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 57344 bytes (Microsoft Corporation, Pilote de port i8042)
0xF8896000 VolSnap.sys 57344 bytes (Microsoft Corporation, Pilote de cliché instantané du volume)
0xF834D000 C:\WINDOWS\System32\DRIVERS\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0xF88B6000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF82FD000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB7E4B000 C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys 49152 bytes (-, -)
0xF82DD000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF88F6000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF89E6000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, Pilote de cryptographie FIPS)
0xB7521000 C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys 45056 bytes (-, -)
0xF833D000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF8886000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF82ED000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF8AB6000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
0xF8AD6000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Pilote de périphérique processeur)
0xF8876000 isapnp.sys 40960 bytes (Microsoft Corporation, Pilote de bus PNP ISA)
0xF8946000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF82BD000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF88E6000 ApsHM86.sys 36864 bytes (Lenovo., ThinkVantage Active Protection System HID Digitizer Activity Monitor Driver)
0xF88A6000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF82CD000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF89A6000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB7272000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF88D6000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF8A16000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF8BCE000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Pilote de périphérique modem)
0xF8C36000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF8C5E000 C:\WINDOWS\System32\drivers\Smapint.sys 32768 bytes (Microsoft Corporation, SMAPI I/O)
0xF8C46000 C:\WINDOWS\System32\drivers\Tppwr.sys 32768 bytes (IBM Corp., IBM ThinkPad Power Management Device Driver)
0xF8B96000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA4A9000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xF8BAE000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF8BC6000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 28672 bytes (GEAR Software Inc., CD/DVD Class Filter Driver)
0xF8C1E000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF8B9E000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Pilote de la classe Clavier)
0xF8BB6000 C:\WINDOWS\System32\DRIVERS\nscirda.sys 28672 bytes (National Semiconductor Corporation, NSC Fast Infrared Driver.)
0xF8AF6000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF8C16000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
0xF8BA6000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Pilote de la classe Souris)
0xF8BF6000 C:\WINDOWS\system32\DRIVERS\psadd.sys 24576 bytes (Lenovo (United States) Inc., SMBIOS Driver)
0xF8C56000 C:\WINDOWS\System32\drivers\TDSMAPI.SYS 24576 bytes
0xF8C3E000 C:\WINDOWS\System32\drivers\TSMAPIP.SYS 24576 bytes
0xF8B8E000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF8C26000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF8BBE000 C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys 20480 bytes (Lenovo., ThinkPad Power Management Driver)
0xF8C2E000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF8AFE000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF8BE6000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF8BD6000 C:\WINDOWS\System32\DRIVERS\rasirda.sys 20480 bytes (Microsoft Corporation, IrDA WAN Miniport Driver)
0xF8BEE000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF8BDE000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF8C4E000 C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys 20480 bytes (Lenovo Group Limited, ThinkPad Hotkey Driver)
0xF8C76000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF8C8E000 C:\WINDOWS\System32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF8621000 C:\WINDOWS\System32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xBA7B4000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xB76E6000 C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys 16384 bytes (-, -)
0xB7681000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface DRIVER)
0xF85FD000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB7CCB000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF8D6E000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF8C92000 ACPIEC.sys 12288 bytes (Microsoft Corporation, Pilote de contrôleur intégré ACPI)
0xF7A8B000 C:\WINDOWS\System32\drivers\ANC.SYS 12288 bytes (IBM Corp., IBM Access Connections - ANC)
0xF8C86000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF8C8A000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF79B1000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF8D4A000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xF8D72000 C:\WINDOWS\System32\DRIVERS\irenum.sys 12288 bytes (Microsoft Corporation, Infra-Red Bus Enumerator)
0xF8611000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF8D5A000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB7CC7000 C:\WINDOWS\system32\DRIVERS\s24trans.sys 12288 bytes (Intel Corporation, Intel WLAN Packet Driver)
0xF8DA0000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF8D98000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
0xF8DE8000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xF8D9E000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8DB0000 C:\WINDOWS\system32\Drivers\IBMBLDID.sys 8192 bytes
0xF8D76000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8DA2000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF8E10000 C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS 8192 bytes (Microsoft Corporation, Physical Memory Driver)
0xF8DA4000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8DAE000 C:\WINDOWS\system32\DRIVERS\smiif32.sys 8192 bytes (Lenovo Group Limited, SMI Driver for Lenovo system)
0xF8D9A000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8D96000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8D78000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8EEB000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8E99000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xF8FCD000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8F3B000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8E3F000 C:\WINDOWS\System32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF8E3E000 pciide.sys 4096 bytes (Microsoft Corporation, Pilote de bus générique PCI IDE)
!!!!!!!!!!!Hidden driver: 0x82144AEA ?_empty_? 1302 bytes
!!!!!!!!!!!Hidden driver: 0x8308AF38 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xF87C0000 WARNING: suspicious driver modification [atapi.sys::0x82144AEA]
0x03940000 Hidden Image-->mscorlib.Resources.dll [ EPROCESS 0xFF7E1020 ] PID: 2656, 323584 bytes
0x037B0000 Hidden Image-->System.ServiceProcess.Resources.dll [ EPROCESS 0xFF8BB460 ] PID: 2724, 53248 bytes
0xF8DA4000 WARNING: Virus alike driver modification [RDPCDD.sys], 8192 bytes
mae
 
Messages: 22
Inscription: 05 Oct 2010, 15:24

Messagede mae » 07 Oct 2010, 08:32

le rapport rkill.log

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Maeva Pop on 07/10/2010 at 9:21:15.


Services Stopped:


Processes terminated by Rkill or while it was running:


C:\Documents and Settings\Maeva Pop\Bureau\rkill.com


Rkill completed on 07/10/2010 at 9:21:24.
mae
 
Messages: 22
Inscription: 05 Oct 2010, 15:24

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 30 invités