Aidé moi a supprimé FORM1

lavermeil

20 Janvier 2010 09:58:25

bonjour la communauté .
j'ai fais un scanne de mon pc avec Random's System Information Tool (RSIT) ,mais je suis dans l'incapacite de continué l'operation .
quelqu'un peu m'aidé a suprimé form1 sur mon pc ?
merci .........

voici le scanne :

Logfile of random's system information tool 1.06 (written by random/random)
Run by limmois at 2010-01-20 10:48:21
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 12 GB (11%) free of 117 GB
Total RAM: 1023 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:45, on 20/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Multimedia Keyboard & Mouse Driver\V5\StartAutorun.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Multimedia Keyboard & Mouse Driver\V5\KMConfig.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Multimedia Keyboard & Mouse Driver\V5\KMProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\limmois\Local Settings\Temporary Internet Files\Content.IE5\A61V8Z5F\RSIT[1].exe
C:\Program Files\trend micro\limmois.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
R3 - URLSearchHook: RADIO LESTRADE Toolbar - {6b21520b-b7d9-4d6a-9c02-058dc019fcb6} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
O2 - BHO: RADIO LESTRADE Toolbar - {6b21520b-b7d9-4d6a-9c02-058dc019fcb6} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O3 - Toolbar: (no name) - {66886C4D-B307-4ECA-A228-52CA9B9851A4} - (no file)
O3 - Toolbar: RADIO LESTRADE Toolbar - {6b21520b-b7d9-4d6a-9c02-058dc019fcb6} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [KMConfig] "C:\Program Files\Multimedia Keyboard & Mouse Driver\V5\StartAutorun.exe" KMConfig.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [win-xp-7] C:\Program Files\Fichiers communs\windows\win-xp-7.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.ap...
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/F...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} (SayaTV Control) - http://www.sayatv.com/download/SayaTV.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.ma-config.com/activex/MaConfig_3_5_1_0.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} (RealPlayer G2 Control) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_d...
O23 - Service: AO0kjz - Unknown owner - C:\Program Files\CPUID\PC Wizard 2010\Data\pcwizntl.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NYfer0 - Unknown owner - C:\Program Files\CPUID\PC Wizard 2010\Data\pcwizntl.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 12600 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\PCConfidential.job
C:\WINDOWS\tasks\RegPowerClean.job
C:\WINDOWS\tasks\RPCReminder.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{B874544F-5331-4693-9E0C-5F38E28117BD}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF}]
PCCBHO.CPCCBHO

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - c:\program files\real\realplayer\rpbrowserrecordplugin.dll [2009-10-07 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}]
DealioBHO Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6b21520b-b7d9-4d6a-9c02-058dc019fcb6}]
RADIO LESTRADE Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-02 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-23 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
SearchSettings Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{66886C4D-B307-4ECA-A228-52CA9B9851A4}
{6b21520b-b7d9-4d6a-9c02-058dc019fcb6} - []
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-02 263280]
{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [2003-05-05 143360]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2004-10-08 221184]
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2005-01-18 458752]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2005-01-18 217088]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"SearchSettings"=C:\Program Files\Search Settings\SearchSettings.exe [2009-07-29 1024512]
"KMConfig"=C:\Program Files\Multimedia Keyboard & Mouse Driver\V5\StartAutorun.exe [2007-03-06 212992]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-10-07 198160]
"Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-12 417792]
"win-xp-7"=C:\Program Files\Fichiers communs\windows\win-xp-7.exe [2009-11-02 977408]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-08 39408]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [2009-01-03 20480]
"LogitechSoftwareUpdate"=C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-01-18 196608]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\adslTV\adsltv.exe"="C:\Program Files\adslTV\adsltv.exe:*:Enabled:adsltv"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\adslTV\vlc.exe"="C:\Program Files\adslTV\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Kantaris\Kantaris.exe"="C:\Program Files\Kantaris\Kantaris.exe:*:Enabled:Kantaris Media Player"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*

isabled:Java(TM) Platform SE binary"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Documents and Settings\limmois\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\limmois\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled

ctoshape add-in for Adobe Flash Player"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======File associations======

.js - edit -
.js - open -
.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 months======

2010-01-20 10:48:25 ----D---- C:\Program Files\trend micro
2010-01-20 10:48:21 ----D---- C:\rsit
2010-01-18 11:17:59 ----A---- C:\cleannavi.txt
2010-01-18 11:16:00 ----D---- C:\Program Files\Navilog1
2010-01-13 04:03:00 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 04:02:45 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-12 19:48:35 ----A---- C:\WINDOWS\system32\cutil32.dll
2010-01-12 19:48:35 ----A---- C:\WINDOWS\system32\cudart.dll
2010-01-04 17:15:55 ----A---- C:\WINDOWS\StiRegstFre.dll
2010-01-04 17:15:55 ----A---- C:\WINDOWS\IsUninst.exe
2010-01-04 17:15:55 ----A---- C:\WINDOWS\_IsRes.Dll
2010-01-04 17:15:54 ----A---- C:\WINDOWS\system32\rapi.dll
2010-01-04 17:15:54 ----A---- C:\WINDOWS\system32\ceutil.dll
2010-01-04 17:15:47 ----D---- C:\Program Files\NewSoft
2010-01-02 23:46:03 ----A---- C:\WINDOWS\iltwain.ini
2009-12-30 22:58:53 ----D---- C:\Program Files\Kantaris
2009-12-30 22:45:22 ----D---- C:\Documents and Settings\limmois\Application Data\vlc
2009-12-30 22:38:44 ----D---- C:\Program Files\Fichiers communs\windows
2009-12-26 20:53:22 ----D---- C:\Program Files\adslTV

======List of files/folders modified in the last 1 months======

2010-01-20 10:48:28 ----D---- C:\WINDOWS\Prefetch
2010-01-20 10:48:25 ----RD---- C:\Program Files
2010-01-20 10:40:31 ----SD---- C:\WINDOWS\Tasks
2010-01-20 10:40:27 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2010-01-20 10:09:24 ----D---- C:\Program Files\eMule
2010-01-20 09:47:36 ----D---- C:\WINDOWS\Temp
2010-01-20 01:26:15 ----D---- C:\Documents and Settings\limmois\Application Data\dvdcss
2010-01-19 21:54:25 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-19 21:36:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-19 21:36:22 ----D---- C:\Documents and Settings\limmois\Application Data\uTorrent
2010-01-18 23:30:12 ----D---- C:\Documents and Settings\limmois\Application Data\gtk-2.0
2010-01-18 16:07:36 ----D---- C:\Documents and Settings\limmois\Application Data\FileZilla
2010-01-18 10:09:13 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-17 10:15:47 ----SHD---- C:\WINDOWS\Installer
2010-01-17 10:15:47 ----D---- C:\WINDOWS\system32
2010-01-13 04:20:32 ----D---- C:\WINDOWS
2010-01-13 04:19:19 ----D---- C:\WINDOWS\AppPatch
2010-01-13 04:03:04 ----HD---- C:\WINDOWS\inf
2010-01-13 04:03:02 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-13 04:02:59 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-13 04:02:56 ----A---- C:\WINDOWS\imsins.BAK
2010-01-12 20:04:56 ----SD---- C:\Documents and Settings\limmois\Application Data\Microsoft
2010-01-08 11:50:00 ----D---- C:\Program Files\Free Easy Burner
2010-01-05 11:34:55 ----D---- C:\Program Files\Foxit Software
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-04 17:22:08 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-04 17:16:36 ----D---- C:\Program Files\epson
2010-01-04 17:00:45 ----AC---- C:\WINDOWS\epsswt_log.txt
2009-12-30 22:38:44 ----D---- C:\Program Files\Fichiers communs
2009-12-26 17:50:58 ----D---- C:\Program Files\Windows Live Safety Center

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2008-11-14 33408]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-01-31 22016]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2005-01-31 7104]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 PID_08A0;QuickCam IM(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2005-01-31 912768]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-07-17 109952]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-08-29 578304]
R3 tenCapture;tenCapture; C:\WINDOWS\system32\DRIVERS\tenCapture.sys [2007-04-21 9344]
R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2003-07-31 46976]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 MSSQL$RADIONOMY536765;SQL Server (RADIONOMY536765); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-05-14 272024]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;Enregistreur VSS SQL Server; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S3 AO0kjz;AO0kjz; C:\Program Files\CPUID\PC Wizard 2010\Data\pcwizntl.exe -s []
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-05-29 234864]
S3 NYfer0;NYfer0; C:\Program Files\CPUID\PC Wizard 2010\Data\pcwizntl.exe -s []
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2010-01-20 10:48:49

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A92000000001}
adsl TV-->C:\Program Files\adslTV\Uninstal.exe
Analyseur MSXML 6.0-->MsiExec.exe /I{5903C48B-E953-47B8-A651-B9222C483057}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoImpression 5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\SETUP.EXE" -l0x40c
Argente - Registry Cleaner 1.5.5.2-->"C:\Program Files\Argente Software\Argente - Registry Cleaner\unins000.exe"
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AXIS Camera Control 2.40-->"C:\Program Files\AXIS Communications\AXIS Camera Control\unins000.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Canon Camera Access Library-->"C:\Program Files\Fichiers communs\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Fichiers communs\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
CANON iMAGE GATEWAY Task for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon MOV Decoder-->"C:\Program Files\Fichiers communs\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\Canon MOV Decoder\CanonMOVDecoderUnInstall.ini"
Canon MOV Encoder-->"C:\Program Files\Fichiers communs\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\Canon MOV Encoder\CanonMOVEncoderUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Utilities CameraWindow-->"C:\Program Files\Fichiers communs\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
Canon Utilities Digital Photo Professional 3.6-->"C:\Program Files\Fichiers communs\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\Digital Photo Professional\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Fichiers communs\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities MyCamera-->"C:\Program Files\Fichiers communs\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities Original Data Security Tools-->"C:\Program Files\Fichiers communs\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\Original Data Security Tools\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Fichiers communs\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities Picture Style Editor-->"C:\Program Files\Fichiers communs\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\Picture Style Editor\Uninst.ini"
Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities WFT-E1/E2/E3/E4 Utility-->"C:\Program Files\Fichiers communs\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\WFT Utility\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files\Fichiers communs\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini"
CD_DRV_70-->C:\WINDOWS\unins000.exe
Codeur Windows Media Série 9-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Combined Community Codec Pack 2008-09-21 16:18-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Correctif pour Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Dealio Toolbar v4.0.1-->MsiExec.exe /X{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EasyCleaner-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly
eMule-->"C:\Program Files\eMule\Uninstall.exe"
EPSON Attach To Email-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall
EPSON File Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x40c UNINST
EPSON Image Clip Palette-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{314F6D08-A8B7-11D8-8446-0050BA1D384D}\Setup.exe" -l0x40c -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)-->MsiExec.exe /X{3380F354-C5F7-4E71-8F51-EEE6C3F06C62}
FileZilla Client 3.2.6.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
FormatFactory 2.20-->C:\Program Files\FreeTime\FormatFactory\uninst.exe
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Free Easy Burner V 3.8-->"C:\Program Files\Free Easy Burner\unins000.exe"
Free Mp3 Wma Converter V 1.81-->"C:\Program Files\Free Audio Pack\unins000.exe"
Free Video Converter V 2.3-->"C:\Program Files\Free Video Converter\unins000.exe"
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)-->C:\WINDOWS\SQL9_KB970892_ENU\Hotfix.exe /Uninstall
GIMP 2.6.7-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Documents and Settings\limmois\Local Settings\Temporary Internet Files\Content.IE5\UEILT5PI\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
IZArc 4.0 beta 1-->"C:\Program Files\IZArc\unins000.exe"
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Kantaris Media Player 0.6.4-->"C:\Program Files\Kantaris\unins000.exe"
K-Lite Codec Pack 4.2.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Logiciel d'archivage WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Logiciel QuickCam de Logitech-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x40c
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x40c UNINSTALL
Logitech Print Service-->C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Ma-Config.com-->MsiExec.exe /X{6C4D4FC0-467B-4BD7-8D11-50E49B2770D2}
Macromedia Flash Player 8 Plugin-->MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
MediaMonkey 3.0-->"C:\Program Files\MediaMonkey\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (RADIONOMY536765)-->MsiExec.exe /I{480DBB60-F0B6-45F2-B26F-1A2E11197791}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{A30179B7-997A-4D47-AA43-57AE59A9C78B}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB969497)-->"C:\WINDOWS\ie8updates\KB969497-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Motorola Driver Installation 3.9.0-->MsiExec.exe /I{FB068BA4-C6EA-4D47-A491-C40E23E77F89}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Multimedia Keyboard & Mouse Driver-->C:\Program Files\InstallShield Installation Information\{055A9D81-5E0A-4088-94B3-BAC849EC3C20}\setup.exe -runfromtemp -l0x040c
MyHeritage Family Tree Builder-->C:\Program Files\MyHeritage\Bin\Uninstall.exe
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NI Service Center-->C:\PROGRA~1\NATIVE~1\NISERV~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\NISERV~1\INSTALL.LOG
OpenOffice.org 3.0-->MsiExec.exe /I{6860B340-530D-46B3-91F8-1AE1F70F7C33}
Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Perf3490P_3590P Guide util.-->C:\Program Files\EPSON\TPMANUAL\Perf3490P_3590P\USE_G\DOCUNINS.EXE
Presto! BizCard 4.1 Fre-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NewSoft\BizCard 4.1 Fre\Uninst.isu" -c"C:\WINDOWS\StiRegstFre.dll"
Programme de gestion Camera de Logitech®-->"C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
REALTEK GbE & FE Ethernet PCI NIC Driver-->C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -l0x040c -removeonly
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\Setup.exe" -l0x40c REMOVE
Search Settings 1.2.2-->MsiExec.exe /X{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SopFilter 3.0.5-->C:\Program Files\SopFilter\uninst.exe
SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Switch Sound File Converter-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
Text-To-Speech-Runtime-->MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Virtual Magnifying Glass-->"C:\Program Files\Virtual Magnifying Glass\uninstall.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Security center information======

AV: avast! antivirus 4.8.1368 [VPS 100119-1]

======System event log======

Computer Name: LIMMOIS-FB6C125
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution.

Record Number: 33549
Source Name: Service Control Manager
Time Written: 20091205142454.000000+060
Event Type: Informations
User:

Computer Name: LIMMOIS-FB6C125
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI.

Record Number: 33548
Source Name: Service Control Manager
Time Written: 20091205142454.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: LIMMOIS-FB6C125
Event Code: 7036
Message: Le service avast! Web Scanner est entré dans l'état : en cours d'exécution.

Record Number: 33547
Source Name: Service Control Manager
Time Written: 20091205142453.000000+060
Event Type: Informations
User:

Computer Name: LIMMOIS-FB6C125
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service avast! Web Scanner.

Record Number: 33546
Source Name: Service Control Manager
Time Written: 20091205142453.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: LIMMOIS-FB6C125
Event Code: 7036
Message: Le service avast! Mail Scanner est entré dans l'état : en cours d'exécution.

Record Number: 33545
Source Name: Service Control Manager
Time Written: 20091205142453.000000+060
Event Type: Informations
User:

=====Application event log=====

Computer Name: LIMMOIS-FB6C125
Event Code: 1042
Message: Fin d'une transaction Windows Installer C:\Program Files\Fichiers communs\Windows Live\.cache\7a29fcfa1ca54da\SyncNative.msi. Id de processus client : 5776.

Record Number: 5367
Source Name: MsiInstaller
Time Written: 20091024205132.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: LIMMOIS-FB6C125
Event Code: 1033
Message: Windows Installer a installé le produit. Nom du produit : Microsoft Sync Framework Runtime Native v1.0 (x86). Version du produit : 1.0.1215.0. Langue du produit : 1033. Réussite de l’installation ou état d’erreur : 0.

Record Number: 5366
Source Name: MsiInstaller
Time Written: 20091024205132.000000+120
Event Type: Informations
User: LIMMOIS-FB6C125\limmois

Computer Name: LIMMOIS-FB6C125
Event Code: 11707
Message: Product: Microsoft Sync Framework Runtime Native v1.0 (x86) -- Installation completed successfully.

Record Number: 5365
Source Name: MsiInstaller
Time Written: 20091024205132.000000+120
Event Type: Informations
User: LIMMOIS-FB6C125\limmois

Computer Name: LIMMOIS-FB6C125
Event Code: 1040
Message: Commencement d'une transaction Windows Installer : C:\Program Files\Fichiers communs\Windows Live\.cache\7a29fcfa1ca54da\SyncNative.msi. Id de processus client : 5776.

Record Number: 5364
Source Name: MsiInstaller
Time Written: 20091024205126.000000+120
Event Type: Informations
User: LIMMOIS-FB6C125\limmois

Computer Name: LIMMOIS-FB6C125
Event Code: 1042
Message: Fin d'une transaction Windows Installer C:\Program Files\Fichiers communs\Windows Live\.cache\71a4754c1ca54da\MicrosoftSearchEnhancementPack.msi. Id de processus client : 5776.

Record Number: 5363
Source Name: MsiInstaller
Time Written: 20091024205122.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\WINDOWS\System32\Wbem;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\WbemC:\Program Files\DMV\MaxTV4\plugins;C:\Program Files\Fichiers communs\Ulead Systems\MPEG;c:\Program Files\Microsoft SQL Server\90\Tools\binn\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"XRS_PLUGIN_PATH"=C:\PROGRA~1\WINRADIO\PLUGINS

-----------------EOF-----------------

Autres pages sur : aide supprime form1

| Etre averti des réponses
| Alerter

Répondre à lavermeil

sKe69

20 Janvier 2010 10:06:31

hello,

plusieurs infections ! ....

/!\ Pour le bon déroulement de la désinfection :

Ne pas utiliser ce PC autrement que pour venir ici poursuivre la désinfection .

N'entreprends rien avec le PC sans mon autorisation et suis à la lettre les procédures qui vont suivre .

Prends bien connaisance de l'ensemble de ces procédures avant de te lancer .

Si tu as un quelconque problème, n' hésite pas à m'en faire part ( évite les prises de décision hasardeuses ).

=============================================================

commence par ceci dans l'ordre :

1- Télécharge ToolBar S&D ( de Eric_71/Team IDN ) sur ton bureau :
http://eric.71.mespages.googlepages.com/ToolBarSD.exe
ou ici http://eric71.geekstogo.com/tools/ToolBarSD.exe

( Tuto : http://toolbarsd.googlepages.com/aideenimages )

!! Déconnecte toi et ferme toutes tes applications en cours le temps de la manipe ( navigateurs compris ) !!

* Double clique sur ToolBar SD.exe pour lancer l'outil et laisse toi guider ...
--> Tapes directement sur 2 ( option " suppression " ) puis tape sur [Entrée].

Le nettoyage commence .

! ne touche à rien lors de la suppression !

Un rapport sera généré à la fin du processus : poste son contenu dans ta prochaine réponse pour analyse ...

( le rapport est en outre sauvegardé ici -> C:\TB.txt )

====================================

2- Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau :

-> http://telechargement.zebulon.fr/zhpdiag.html

!! déconnecte toi et ferme toutes tes applications en cours !!

> double-clique sur "ZHPDiag.exe" pour lancer l'installation de l'outil et laisse toi guider ( ne modifie pas les paramètres d'installe et coche bien la case "créer une icone sur le bureau" afin d'avoir les raccourcis "ZHPDiag" et "ZHPFix" ) .

> Lance ZHPDiag depuis le raccourci du bureau .

> Une fois ZHPDiag ouvert, clique sur le bouton "option" en haut sur la droite .
( celui avec le tournevis )

Une liste apparait dans l'encadré principal > vérifie que toutes les lignes soient bien cochées sauf les 045 et 061 ( important ! ) .

> Puis clique sur le bouton de "la loupe" ( en haut à gauche ) pour lancer le scan .

Laisses travailler l'outil ...

> Une fois terminé , le rapport s'affiche : clique sur bouton "disquette" pour sauvegarder le rapport obtenu ...

Enregistre bien ZHPDiag.txt de façon à le retrouver facilement ( sur le bureau par exemple ).

( Sinon le rapport sera en outre sauvegardé dans ce dossier > C:\Program files\ZHPDiag)

Puis ferme le programme ...

> rends toi ensuite sur ce site : http://www.cijoint.fr/

Clique sur "parcourir" et va jusqu'au rapport que tu as sauvegardé .
Clique ensuite sur "cliquer ici pour déposer le fichier" et patiente ...
Une fois l'upload finit , un lien apparait > copie/colle le dans ta prochaine réponse stp ....

====================

3- Lance de nouveau ZHPDiag ,

!! déconnecte toi et ferme toutes tes applications en cours !!

* Tu vas faire une " analyse détaillée/MD5 " en procédant ainsi :

> tu cliques cette fois ci sur le bouton " dossier+loupe " ( en haut à droite ) pour lancer le scan.

Laisse travailler l'outil et ne touche à rien ( cela peut-être relativement long ) .

* Une fois terminé , le rapport s'affiche : clique sur bouton "disquette" pour sauvegarder le rapport obtenu ...

Enregistre le de façon à le retrouver facilement ( sur le bureau par exemple ).

* Fais moi parvenir ce rapport via " Cijoint " dans ta prochaine réponse pour analyse ...

| Alerter

Répondre à sKe69

lavermeil

20 Janvier 2010 11:01:39

salut Sce69.
Merci que tu m'es repondu.
j'ai fait exactement ce que tu ma demande et voila les raports (les scannes)les differents logiciels :

1 ) -----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.40GHz )
BIOS : BIOS Date: 09/25/04 18:38:39 Ver: 08.00.09
USER : limmois ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1368 [VPS 100120-0] 4.8.1368 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:114 Go (Free:12 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 20/01/2010|11:18 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\DOCUME~1\limmois\APPLIC~1\Dealio
C:\DOCUME~1\limmois\APPLIC~1\Dealio\res
C:\DOCUME~1\limmois\APPLIC~1\Dealio\temp
C:\DOCUME~1\limmois\APPLIC~1\Dealio\res\widgets.xml
C:\DOCUME~1\limmois\APPLIC~1\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-253CB611.pf
C:\DOCUME~1\limmois\APPLIC~1\Search Settings
C:\DOCUME~1\limmois\APPLIC~1\Search Settings\kb128
C:\DOCUME~1\limmois\APPLIC~1\Search Settings\kb128\temp
C:\DOCUME~1\limmois\APPLIC~1\Search Settings\kb128\temp\ws-14626.log
C:\DOCUME~1\limmois\APPLIC~1\Search Settings\kb128\temp\ws-14627.log
C:\DOCUME~1\limmois\APPLIC~1\Search Settings\kb128\temp\ws-14629.log
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb128
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\kb128\res
C:\Program Files\Search Settings\kb128\SearchSettings.dll
C:\Program Files\Search Settings\kb128\SearchSettingsRes409.dll
C:\Program Files\Search Settings\kb128\temp
C:\WINDOWS\iun6002.exe

-----------\\ Extensions

(limmois) - {70292c40-9ecb-4356-8613-72c2a02514bf} => kmt_television

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.fr/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."
"Search Bar"="http://search.msn.fr/spbasic.htm"
"SearchMigratedDefaultURL"="http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\limmois\Application Data\uTorrent\Advanced System Care Pro 3.2.0.633 + Keygen Patch (Exclusive)[GLADRAG_MANHUNT] [H33T].torrent
C:\DOCUME~1\limmois\Bureau\Virtual DJ 6.0.1\Crack
C:\DOCUME~1\limmois\Mes documents\Virtual DJ 6.0.1 + Crack.rar
C:\DOCUME~1\limmois\Mes documents\Ma musique\dance hall\Dj Bryton - Raggamuffin Come Back Mixtape - Partit 1\06 - Metal Sound - Ladje Crack La.mp3

1 - "C:\ToolBar SD\TB_1.txt" - 20/01/2010|11:20 - Option : [1]

-----------\\ Fin du rapport a 11:20:25,06

2 ) voici l'adresse que tu m'a demandé .

http://www.cijoint.fr/cjlink.php?file=cj201001/cijEA7KG...

3 )Rapport de ZHPDiag v1.24.45 par Nicolas Coolman

Run by limmois at 20/01/2010 11:47:00
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.h...
Platform : Microsoft Windows XP (5.1.2600) Service Pack 3
MSIE: Internet Explorer v8.0.6001.18702

Boot mode: Normal (Normal boot)
Total RAM: 1023 MB (62% free)
System drive C: has 12 GB (10%) free of 114 GB

---\\ DOS/Devices
A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
C:\ Hard drive, Flash drive, Thumb drive (Free 12 Go of 114 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ CD-ROM drive (Not Inserted)

---\\ Processus lancés
[MD5.2D765E811B6FFEA9F91D4425E34B8461] - C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
[MD5.5BA8A7DA5D0573F7923E02B260AAD2F1] - C:\WINDOWS\system32\LVCOMSX.EXE
[MD5.93C8B9C6FD3D243D4B2C8C03C44B18E9] - C:\Program Files\Logitech\Video\ISStart.exe
[MD5.F433926BBEC782B603BA3BE0D4E92B7B] - C:\Program Files\Logitech\Video\LogiTray.exe
[MD5.0A7E9FDF3BF1980CA09FEEAC7F52EFBC] - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
[MD5.33E5A8FC8EB0EE42478F8538D0215D8F] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
[MD5.099353D3B19A2B9FA4664E04872AC49A] - C:\Program Files\Search Settings\SearchSettings.exe
[MD5.E6DEED311D830678E1A0B4889F3C2F0E] - C:\Program Files\Multimedia Keyboard & Mouse Driver\V5\StartAutorun.exe
[MD5.4C784423B8F0DAE1392398356C9BE1FC] - C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[MD5.3103FE27C967675B019E880AA6DA3D6D] - C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
[MD5.8CBD57D84729DEBEE1E83CB5FA3E3D7A] - C:\Program Files\QuickTime\qttask.exe
[MD5.95DA0F9F8B9EC3E067D8F06E54BE6CA1] - C:\Program Files\Fichiers communs\windows\win-xp-7.exe
[MD5.6AB4C021FBD36DC6764924C312428D97] - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[MD5.59DC5BB82E4C8E0B3EADCFDBC44BA6E4] - C:\WINDOWS\system32\ctfmon.exe
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[MD5.B9B7084F7DB3D1B036C0B9178472E96A] - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
[MD5.660B6158BC2BC5D7CB1FF18D148C17AA] - C:\Program Files\Logitech\Video\ManifestEngine.exe
[MD5.5DEBC3519D489411073FA7E56FFB4A93] - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[MD5.E4BDF223CD75478BF44567B4D5C2634D] - C:\WINDOWS\System32\svchost.exe
[MD5.0AAF6B848185899CF76AE04E62EAB3D2] - C:\Program Files\Alwil Software\Avast4\ashServ.exe
[MD5.3F56903E124E820AEECE6D471583C6C1] - C:\Program Files\Bonjour\mDNSResponder.exe
[MD5.8EF654045E518AC00E52E7A1E2D3AD70] - C:\Program Files\Canon\CAL\CALMAIN.exe
[MD5.C3FB1D70CB88722267949694BA51759E] - C:\WINDOWS\system32\services.exe
[MD5.5467F1FF0AF264566740F67E8B810735] - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[MD5.00E36BEEA22C92D1030C6D8F80BC0F6A] - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
[MD5.0C41C4ACFE00D826DB479C40C1D9EDC8] - C:\WINDOWS\system32\nvsvc32.exe
[MD5.91E6024D6D4DCDECDB36C43ECF9BBECB] - C:\WINDOWS\system32\lsass.exe
[MD5.06A49B7BDC36CFBF97DD90804F833369] - C:\Program Files\CyberLink\Shared files\RichVideo.exe
[MD5.271077B91D7AD1B616F8AFDFE8E3F981] - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
[MD5.3978F082274F723AD5A0A8058C2417DD] - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
[MD5.460E4CE148BD07218DA0B6A3D31885A9] - C:\WINDOWS\system32\spoolsv.exe
[MD5.B2EC3E1DEAC5F0A764BD3486D213A0AF] - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
[MD5.D2F4F32B59440011174B4F8137AF4E0C] - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;localhost

---\\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll
R3 - URLSearchHook: Microsoft Url Search Hook - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (not file)
R3 - URLSearchHook: Microsoft Url Search Hook - {6b21520b-b7d9-4d6a-9c02-058dc019fcb6} - (not file)

---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - (not file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (not file)
O2 - BHO: RADIO LESTRADE Toolbar - {6b21520b-b7d9-4d6a-9c02-058dc019fcb6} - (not file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (not file)

---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - {66886C4D-B307-4ECA-A228-52CA9B9851A4} -
O3 - Toolbar: RADIO LESTRADE Toolbar - {6b21520b-b7d9-4d6a-9c02-058dc019fcb6} -
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -

---\\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [KMConfig] C:\Program Files\Multimedia Keyboard & Mouse Driver\V5\StartAutorun.exe" KMConfig.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [win-xp-7] C:\Program Files\Fichiers communs\windows\win-xp-7.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data=1
O4 - HKLM\..\policies\Explorer: [LinkResolveIgnoreLinkInfo] Data=0
O4 - HKLM\..\policies\Explorer: [NoResolveSearch] Data=1
O4 - HKCU\..\policies\Explorer: [NoDriveTypeAutoRun] Data=145
O4 - HKCU\..\policies\Explorer: [LinkResolveIgnoreLinkInfo] Data=0
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll,201

---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File - C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File - C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File - C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000004\Winsock LSP File - C:\Program Files\Bonjour\mdnsNSP.dll

---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.ap...
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/F...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} (SayaTV Control) - http://www.sayatv.com/download/SayaTV.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.ma-config.com/activex/MaConfig_3_5_1_0.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/curren...
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} (RealPlayer G2 Control) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} () - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_d...

---\\ Protocole additionnel et piratage de protocole (O18)
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll
O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\system32\mshtml.dll
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\System32\dimsntfy.dll

---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll

---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! Antivirus) - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Service Bonjour (Bonjour Service) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Software Updater (gusvc) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SQL Server (RADIONOMY536765) (MSSQL$RADIONOMY536765) - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sRADIONOMY536765
O23 - Service: NVIDIA Display Driver Service (NVSvc) - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SeaPort (SeaPort) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spouleur d'impression (Spooler) - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: SQL Server Browser (SQLBrowser) - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
O23 - Service: Enregistreur VSS SQL Server (SQLWriter) - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Google Software Updater.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\PCConfidential.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\RegPowerClean.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\RPCReminder.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{B874544F-5331-4693-9E0C-5F38E28117BD}.job

---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Mise à jour de la version d’Internet Explorer - <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
O40 - ASIC: Microsoft Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
O40 - ASIC: Personnalisation du navigateur - >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Outlook Express - >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file)
O40 - ASIC: Rendu VML (Vector Graphics Rendering) - {10072CEC-8CC1-11D1-986E-00A0C955B42F} - (not file)
O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: Microsoft Windows Media Player 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: DirectAnimation - {283807B5-2C60-11D0-A31D-00AA00B92C03} - (not file)
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll
O40 - ASIC: Liaison de données Dynamic HTML pour Java - {36f8ec70-c29a-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Uniscribe - {3bf42070-b3b1-11d1-b5c5-0000f8051515} - (not file)
O40 - ASIC: Création avancée - {4278c270-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP

E /CALLER:WINNT /user /install
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
O40 - ASIC: DirectShow - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Classes Java DirectAnimation - {4f216970-c90c-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.6 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: .NET Framework - {72AD53CC-CCC0-3757-8480-9EE176866A7C} - (not file)
O40 - ASIC: Carnet d'adresses 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
O40 - ASIC: Mise à jour du Bureau Windows - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: .NET Framework - {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - (not file)
O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: Planificateur de tâches - {CC2A9BA0-3BDD-11D0-821E-444553540000} - (not file)
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash10d.ocx
O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)
O40 - ASIC: Microsoft Windows Media Player 6.4 - {F3061E1E-6B8F-2824-3212-5D9923F406A8} - (not file)

---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: AFD (AFD) - C:\WINDOWS\System32\drivers\afd.sys
O41 - Driver: Pilote de CD-ROM (Cdrom) - C:\WINDOWS\system32\DRIVERS\cdrom.sys
O41 - Driver: Pilote pour clavier i8042 et souris sur port PS/2 (i8042prt) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
O41 - Driver: Pilote de filtre de gravure CD (Imapi) - C:\WINDOWS\system32\DRIVERS\imapi.sys
O41 - Driver: Pilote de processeur Intel (intelppm) - C:\WINDOWS\system32\DRIVERS\intelppm.sys
O41 - Driver: Pilote IPSEC (IPSec) - C:\WINDOWS\system32\DRIVERS\ipsec.sys
O41 - Driver: Pilote de la classe Clavier (Kbdclass) - C:\WINDOWS\system32\DRIVERS\kbdclass.sys
O41 - Driver: Pilote HID de clavier (kbdhid) - C:\WINDOWS\system32\DRIVERS\kbdhid.sys
O41 - Driver: Pilote de la classe Souris (Mouclass) - C:\WINDOWS\system32\DRIVERS\mouclass.sys
O41 - Driver: MRXSMB (MRxSmb) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
O41 - Driver: Interface NetBIOS (NetBIOS) - C:\WINDOWS\system32\DRIVERS\netbios.sys
O41 - Driver: NetBIOS sur TCP/IP (NetBT) - C:\WINDOWS\system32\DRIVERS\netbt.sys
O41 - Driver: Pilote de connexion automatique d'accès distant (RasAcd) - C:\WINDOWS\system32\DRIVERS\rasacd.sys
O41 - Driver: Rdbss (Rdbss) - C:\WINDOWS\system32\DRIVERS\rdbss.sys
O41 - Driver: (no object) (RDPCDD) - C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
O41 - Driver: Pilote de filtre de lecture digitale de CD audio (redbook) - C:\WINDOWS\system32\DRIVERS\redbook.sys
O41 - Driver: Pilote de port série (Serial) - C:\WINDOWS\system32\DRIVERS\serial.sys
O41 - Driver: Pilote du protocole TCP/IP (Tcpip) - C:\WINDOWS\system32\DRIVERS\tcpip.sys
O41 - Driver: Pilote de périphérique terminal (TermDD) - C:\WINDOWS\system32\DRIVERS\termdd.sys
O41 - Driver: Carte vidéo VGA. (VgaSave) - C:\WINDOWS\System32\drivers\vga.sys

---\\ Logiciels installés (O42)
O42 - Logiciel: ABBYY FineReader 6.0 Sprint
O42 - Logiciel: AXIS Camera Control 2.40
O42 - Logiciel: Adobe Flash Player 10 ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin
O42 - Logiciel: Adobe Reader 9.2 - Français
O42 - Logiciel: Analyseur MSXML 6.0
O42 - Logiciel: Apple Software Update
O42 - Logiciel: ArcSoft PhotoImpression 5
O42 - Logiciel: Argente - Registry Cleaner 1.5.5.2
O42 - Logiciel: Assistant de connexion Windows Live
O42 - Logiciel: Audacity 1.2.6
O42 - Logiciel: Bonjour
O42 - Logiciel: CANON iMAGE GATEWAY Task for ZoomBrowser EX
O42 - Logiciel: CD_DRV_70
O42 - Logiciel: Canon Camera Access Library
O42 - Logiciel: Canon Camera Support Core Library
O42 - Logiciel: Canon Internet Library for ZoomBrowser EX
O42 - Logiciel: Canon MOV Decoder
O42 - Logiciel: Canon MOV Encoder
O42 - Logiciel: Canon MovieEdit Task for ZoomBrowser EX
O42 - Logiciel: Canon Utilities CameraWindow
O42 - Logiciel: Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
O42 - Logiciel: Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
O42 - Logiciel: Canon Utilities Digital Photo Professional 3.6
O42 - Logiciel: Canon Utilities EOS Utility
O42 - Logiciel: Canon Utilities MyCamera
O42 - Logiciel: Canon Utilities Original Data Security Tools
O42 - Logiciel: Canon Utilities PhotoStitch
O42 - Logiciel: Canon Utilities Picture Style Editor
O42 - Logiciel: Canon Utilities RemoteCapture Task for ZoomBrowser EX
O42 - Logiciel: Canon Utilities WFT-E1/E2/E3/E4 Utility
O42 - Logiciel: Canon Utilities ZoomBrowser EX
O42 - Logiciel: Canon ZoomBrowser EX Memory Card Utility
O42 - Logiciel: Codeur Windows Media Série 9
O42 - Logiciel: Combined Community Codec Pack 2008-09-21 16:18
O42 - Logiciel: Dealio Toolbar v4.0.1
O42 - Logiciel: DivX Web Player
O42 - Logiciel: EPSON Attach To Email
O42 - Logiciel: EPSON Copy Utility 3
O42 - Logiciel: EPSON File Manager
O42 - Logiciel: EPSON Image Clip Palette
O42 - Logiciel: EPSON Scan
O42 - Logiciel: EasyCleaner
O42 - Logiciel: Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)
O42 - Logiciel: FileZilla Client 3.2.6.1
O42 - Logiciel: FormatFactory 2.20
O42 - Logiciel: Foxit Reader
O42 - Logiciel: Free Easy Burner V 3.8
O42 - Logiciel: Free Mp3 Wma Converter V 1.81
O42 - Logiciel: Free Video Converter V 2.3
O42 - Logiciel: GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
O42 - Logiciel: GIMP 2.6.7
O42 - Logiciel: Google Toolbar for Internet Explorer
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
O42 - Logiciel: IZArc 4.0 beta 1
O42 - Logiciel: Installation Windows Live
O42 - Logiciel: Java(TM) 6 Update 7
O42 - Logiciel: Junk Mail filter update
O42 - Logiciel: K-Lite Codec Pack 4.2.5 (Full)
O42 - Logiciel: Kantaris Media Player 0.6.4
O42 - Logiciel: Lecteur Windows Media 11
O42 - Logiciel: Logiciel QuickCam de Logitech
O42 - Logiciel: Logiciel d'archivage WinRAR
O42 - Logiciel: Logitech Desktop Messenger
O42 - Logiciel: Logitech Print Service
O42 - Logiciel: MSVCRT
O42 - Logiciel: MSXML 4.0 SP2 (KB954430)
O42 - Logiciel: MSXML 4.0 SP2 (KB973688)
O42 - Logiciel: Ma-Config.com
O42 - Logiciel: Macromedia Flash Player 8 Plugin
O42 - Logiciel: MediaMonkey 3.0
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft Choice Guard
O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP
O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs
O42 - Logiciel: Microsoft National Language Support Downlevel APIs
O42 - Logiciel: Microsoft SQL Server 2005
O42 - Logiciel: Microsoft SQL Server 2005 Express Edition (RADIONOMY536765)
O42 - Logiciel: Microsoft SQL Server VSS Writer
O42 - Logiciel: Microsoft Search Enhancement Pack
O42 - Logiciel: Microsoft Silverlight
O42 - Logiciel: Microsoft Sync Framework Runtime Native v1.0 (x86)
O42 - Logiciel: Microsoft Sync Framework Services Native v1.0 (x86)
O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable
O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra
O42 - Logiciel: Motorola Driver Installation 3.9.0
O42 - Logiciel: Multimedia Keyboard & Mouse Driver
O42 - Logiciel: MyHeritage Family Tree Builder
O42 - Logiciel: NI Service Center
O42 - Logiciel: OpenOffice.org 3.0
O42 - Logiciel: Outil de téléchargement Windows Live
O42 - Logiciel: Perf3490P_3590P Guide util.
O42 - Logiciel: Presto! BizCard 4.1 Fre
O42 - Logiciel: Programme de gestion Camera de Logitech®
O42 - Logiciel: REALTEK GbE & FE Ethernet PCI NIC Driver
O42 - Logiciel: RealPlayer
O42 - Logiciel: Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
O42 - Logiciel: Search Settings 1.2.2
O42 - Logiciel: Security Update for CAPICOM (KB931906)
O42 - Logiciel: Segoe UI
O42 - Logiciel: SopFilter 3.0.5
O42 - Logiciel: SoundMAX
O42 - Logiciel: Spelling Dictionaries Support For Adobe Reader 9
O42 - Logiciel: Switch Sound File Converter
O42 - Logiciel: Text-To-Speech-Runtime
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
O42 - Logiciel: VC80CRTRedist - 8.0.50727.762
O42 - Logiciel: VCRedistSetup
O42 - Logiciel: Virtual DJ - Atomix Productions
O42 - Logiciel: Virtual Magnifying Glass
O42 - Logiciel: Windows Internet Explorer 7
O42 - Logiciel: Windows Internet Explorer 8
O42 - Logiciel: Windows Live Call
O42 - Logiciel: Windows Live Communications Platform
O42 - Logiciel: Windows Live Mail
O42 - Logiciel: Windows Live Messenger
O42 - Logiciel: Windows Live OneCare safety scanner
O42 - Logiciel: Windows Live Toolbar
O42 - Logiciel: Windows Live Writer
O42 - Logiciel: Windows Media Format 11 runtime
O42 - Logiciel: Windows Media Player 11
O42 - Logiciel: XML Paper Specification Shared Components Language Pack 1.0
O42 - Logiciel: adsl TV
O42 - Logiciel: avast! Antivirus
O42 - Logiciel: eMule
O42 - Logiciel: neroxml
O42 - Logiciel: µTorrent

---\\ Contenu des dossiers Fichiers Communs (O43)
O43 - CFD:Common File Directory ----D- C:\Program Files\ABBYY FineReader 6.0 Sprint
O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\adslTV
O43 - CFD:Common File Directory ----D- C:\Program Files\Alwil Software
O43 - CFD:Common File Directory ----D- C:\Program Files\Analog Devices
O43 - CFD:Common File Directory ----D- C:\Program Files\Argente Software
O43 - CFD:Common File Directory ----D- C:\Program Files\Audacity
O43 - CFD:Common File Directory ----D- C:\Program Files\AXIS Communications
O43 - CFD:Common File Directory ----D- C:\Program Files\Bonjour
O43 - CFD:Common File Directory ----D- C:\Program Files\Canon
O43 - CFD:Common File Directory ----D- C:\Program Files\Combined Community Codec Pack
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files
O43 - CFD:Common File Directory ----D- C:\Program Files\Corel
O43 - CFD:Common File Directory ----D- C:\Program Files\CyberLink
O43 - CFD:Common File Directory ----D- C:\Program Files\DivX
O43 - CFD:Common File Directory ----D- C:\Program Files\eMule
O43 - CFD:Common File Directory ----D- C:\Program Files\epson
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers communs
O43 - CFD:Common File Directory ----D- C:\Program Files\FileZilla FTP Client
O43 - CFD:Common File Directory ----D- C:\Program Files\Foxit Software
O43 - CFD:Common File Directory ----D- C:\Program Files\Free Audio Pack
O43 - CFD:Common File Directory ----D- C:\Program Files\Free Easy Burner
O43 - CFD:Common File Directory ----D- C:\Program Files\Free Offers from Freeze.com
O43 - CFD:Common File Directory ----D- C:\Program Files\Free Video Converter
O43 - CFD:Common File Directory ----D- C:\Program Files\FreeTime
O43 - CFD:Common File Directory ----D- C:\Program Files\GE.SOFT
O43 - CFD:Common File Directory ----D- C:\Program Files\GIMP-2.0
O43 - CFD:Common File Directory ----D- C:\Program Files\Google
O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD:Common File Directory ----D- C:\Program Files\Intel
O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer
O43 - CFD:Common File Directory ----D- C:\Program Files\IZArc
O43 - CFD:Common File Directory ----D- C:\Program Files\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\JRE
O43 - CFD:Common File Directory ----D- C:\Program Files\K-Lite Codec Pack
O43 - CFD:Common File Directory ----D- C:\Program Files\Kantaris
O43 - CFD:Common File Directory ----D- C:\Program Files\Logitech
O43 - CFD:Common File Directory ----D- C:\Program Files\ma-config.com
O43 - CFD:Common File Directory ----D- C:\Program Files\Macromedia
O43 - CFD:Common File Directory ----D- C:\Program Files\MediaMonkey
O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft CAPICOM 2.1.0.2
O43 - CFD:Common File Directory ----D- C:\Program Files\microsoft frontpage
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft SQL Server
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Sync Framework
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft.NET
O43 - CFD:Common File Directory ----D- C:\Program Files\Motorola
O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker
O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild
O43 - CFD:Common File Directory ----D- C:\Program Files\msn gaming zone
O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 6.0
O43 - CFD:Common File Directory ----D- C:\Program Files\Multimedia Keyboard & Mouse Driver
O43 - CFD:Common File Directory ----D- C:\Program Files\MyHeritage
O43 - CFD:Common File Directory ----D- C:\Program Files\Native Instruments
O43 - CFD:Common File Directory ----D- C:\Program Files\Navilog1
O43 - CFD:Common File Directory ----D- C:\Program Files\NCH Software
O43 - CFD:Common File Directory ----D- C:\Program Files\NCH Swift Sound
O43 - CFD:Common File Directory ----D- C:\Program Files\NetMeeting
O43 - CFD:Common File Directory ----D- C:\Program Files\NewSoft
O43 - CFD:Common File Directory ----D- C:\Program Files\OpenLibraries
O43 - CFD:Common File Directory ----D- C:\Program Files\OpenOffice.org 3
O43 - CFD:Common File Directory ----D- C:\Program Files\Outlook Express
O43 - CFD:Common File Directory ----D- C:\Program Files\Outsim
O43 - CFD:Common File Directory ----D- C:\Program Files\Personal Voice Changer Driver
O43 - CFD:Common File Directory ----D- C:\Program Files\Planning Manager
O43 - CFD:Common File Directory ----D- C:\Program Files\PSCS2Updater
O43 - CFD:Common File Directory ----D- C:\Program Files\QuickTime
O43 - CFD:Common File Directory ----D- C:\Program Files\Real
O43 - CFD:Common File Directory ----D- C:\Program Files\Realtek
O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies
O43 - CFD:Common File Directory ----D- C:\Program Files\Search Settings
O43 - CFD:Common File Directory ----D- C:\Program Files\Services en ligne
O43 - CFD:Common File Directory ----D- C:\Program Files\Sony Setup
O43 - CFD:Common File Directory ----D- C:\Program Files\SopFilter
O43 - CFD:Common File Directory ----D- C:\Program Files\tfsys
O43 - CFD:Common File Directory ----D- C:\Program Files\ToniArts
O43 - CFD:Common File Directory ----D- C:\Program Files\trend micro
O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information
O43 - CFD:Common File Directory ----D- C:\Program Files\uTorrent
O43 - CFD:Common File Directory ----D- C:\Program Files\Virtual Magnifying Glass
O43 - CFD:Common File Directory ----D- C:\Program Files\VirtualDJ
O43 - CFD:Common File Directory ----D- C:\Program Files\VstPlugins
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live Safety Center
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live SkyDrive
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Components
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Connect 2
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT
O43 - CFD:Common File Directory --H-D- C:\Program Files\WindowsUpdate
O43 - CFD:Common File Directory ----D- C:\Program Files\WinRAR
O43 - CFD:Common File Directory ----D- C:\Program Files\wLite
O43 - CFD:Common File Directory ----D- C:\Program Files\xerox
O43 - CFD:Common File Directory ----D- C:\Program Files\ZHPDiag
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Canon
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\DivX Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\FotoWire
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\InstallShield
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Logitech
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Microsoft Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Motorola Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\MSSoap
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Nullsoft
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\ODBC
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Real
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Services
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\SpeechEngines
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\System
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Ulead
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\windows
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Windows Live
O43 - CFD:Common File Directory -SH-D- C:\Program Files\Fichiers Communs\WindowsLiveInstaller
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\xing shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Motorola Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Winferno

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.DB712DA3F2572F5D9BE0AA6F4C14DC6E] - 20/01/2010 - 11:45:11 ---A- C:\WINDOWS\setupapi.log
O44 - LFC:[MD5.00000000000000000000000000000000] - 20/01/2010 - 11:30:49 ---A- C:\WINDOWS\WindowsUpdate.log
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 20/01/2010 - 11:30:03 ---A- C:\WINDOWS\0.log
O44 - LFC:[MD5.00000000000000000000000000000000] - 20/01/2010 - 11:29:39 ---A- C:\WINDOWS\wiadebug.log
O44 - LFC:[MD5.00000000000000000000000000000000] - 20/01/2010 - 11:29:37 ---A- C:\WINDOWS\wiaservc.log
O44 - LFC:[MD5.2CC08F1BB3BC648EC4E4809C0F2A2CE4] - 20/01/2010 - 11:29:17 ---A- C:\WINDOWS\System32\wpa.dbl
O44 - LFC:[MD5.790D838FBD0F151E65C79959184CBD3F] - 20/01/2010 - 11:29:13 -S-A- C:\WINDOWS\bootstat.dat
O44 - LFC:[MD5.F86A00740BE06BE4416AD125153D6F7F] - 20/01/2010 - 11:20:25 ---A- C:\TB.txt
O44 - LFC:[MD5.00000000000000000000000000000000] - 20/01/2010 - 11:05:17 ---A- C:\WINDOWS\SchedLgU.Txt
O44 - LFC:[MD5.0AC118887E64B270E4BF81C843FBCED3] - 18/01/2010 - 11:21:51 ---A- C:\cleannavi.txt
O44 - LFC:[MD5.5439A6DEC1C6D3EACDE0B7533B0928D7] - 13/01/2010 - 04:03:04 ---A- C:\WINDOWS\FaxSetup.log
O44 - LFC:[MD5.711BDDAF5FFD859493B41729AE5C922E] - 13/01/2010 - 04:03:04 ---A- C:\WINDOWS\KB955759.log
O44 - LFC:[MD5.8883DB195CD6EBBAF5D552C7DD838F8A] - 13/01/2010 - 04:03:04 ---A- C:\WINDOWS\comsetup.log
O44 - LFC:[MD5.2BB87AEAB5449FA283A896AA86CFA0AC] - 13/01/2010 - 04:03:04 ---A- C:\WINDOWS\iis6.log
O44 - LFC:[MD5.A7670267F9E9755067849D66E42B5FF4] - 13/01/2010 - 04:03:04 ---A- C:\WINDOWS\imsins.log
O44 - LFC:[MD5.42E3F5996217CA2526D398F010FE58A9] - 13/01/2010 - 04:03:04 ---A- C:\WINDOWS\msgsocm.log
O44 - LFC:[MD5.6B80452DE1A064142440848C5D849AB9] - 13/01/2010 - 04:03:04 ---A- C:\WINDOWS\ntdtcsetup.log
O44 - LFC:[MD5.3A599D9F1DBD86AA2190694A9DEC9678] - 13/01/2010 - 04:03:04 ---A- C:\WINDOWS\ocgen.log
O44 - LFC:[MD5.2FFB112421F1E20C3DC34DB5DD5209E6] - 13/01/2010 - 04:03:04 ---A- C:\WINDOWS\ocmsn.log
O44 - LFC:[MD5.1C0545FE5670CAE33DFE87294584B681] - 13/01/2010 - 04:03:04 ---A- C:\WINDOWS\tsoc.log
O44 - LFC:[MD5.A162D52450AB100592647CCF7D884C81] - 13/01/2010 - 04:03:02 ---A- C:\WINDOWS\updspapi.log
O44 - LFC:[MD5.42A005617260FAFD2CE7291B2C624161] - 13/01/2010 - 04:02:56 ---A- C:\WINDOWS\KB972270.log
O44 - LFC:[MD5.D92DDB2F2FB916D1DBE99006A7E9DBA3] - 13/01/2010 - 04:02:56 ---A- C:\WINDOWS\imsins.BAK
O44 - LFC:[MD5.762EA6EC1A600B25812C12CD28692674] - 05/01/2010 - 22:52:46 ---A- C:\WINDOWS\$_hpcst$.hpc
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 05/01/2010 - 11:37:10 ---A- C:\WINDOWS\System32\FOXIT_PDF
O44 - LFC:[MD5.6626F8DF052DF5252673E9380CEEFEC8] - 05/01/2010 - 01:17:46 ---A- C:\WINDOWS\System32\MRT.exe
O44 - LFC:[MD5.FEAF852F34E3DF4F5FC81956CC9E7A96] - 04/01/2010 - 17:00:45 ---A- C:\WINDOWS\epsswt_log.txt
O44 - LFC:[MD5.9B33363910950751F479992ACB8D9288] - 02/01/2010 - 23:46:05 ---A- C:\WINDOWS\iltwain.ini

---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll

---\\ Export de clé d'application autorisée (ECAA)(O47)
O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export SP - "C:\Program Files\adslTV\adsltv.exe"="C:\Program Files\adslTV\adsltv.exe:*:Enabled:adsltv"
O47 - AAKE:Key Export SP - "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
O47 - AAKE:Key Export SP - "C:\Program Files\adslTV\vlc.exe"="C:\Program Files\adslTV\vlc.exe:*:Enabled:VLC media player"
O47 - AAKE:Key Export SP - "C:\Program Files\Kantaris\Kantaris.exe"="C:\Program Files\Kantaris\Kantaris.exe:*:Enabled:Kantaris Media Player"
O47 - AAKE:Key Export SP - "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
O47 - AAKE:Key Export SP - "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
O47 - AAKE:Key Export SP - "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Enabled:Logitech Desktop Messenger"
O47 - AAKE:Key Export SP - "C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*

isabled:Java(TM) Platform SE binary"
O47 - AAKE:Key Export SP - "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
O47 - AAKE:Key Export SP - "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
O47 - AAKE:Key Export SP - "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
O47 - AAKE:Key Export SP - "C:\Documents and Settings\limmois\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\limmois\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled

ctoshape add-in for Adobe Flash Player"
O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

---\\ Déni du service (Local Security Authority) (LSA) (O48)
O48 - LSA:Local Security Authority Authentication Packages - C:\WINDOWS\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages - C:\WINDOWS\System32\scecli.dll

---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vgasave.sys

---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d

---\\ MountPoints2 Shell Key (MPSK) (O51)
O51 - MPSK:{bc0f8f03-4c1c-11de-bd7d-00112fe7d792}\Shell\open\command -

---\\ Trojan Driver Search Data (TDSD) (O52)
O52 - TDSD:HKLM\...\Drivers\"timer"="timer.drv"
O52 - TDSD:HKLM\...\Drivers32\"midimapper"="midimap.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.imaadpcm"="imaadp32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msadpcm"="msadp32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msg711"="msg711.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msgsm610"="msgsm32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.trspch"="tssoft32.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.cvid"="iccvid.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.I420"="lvcodec2.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv31"="ir32_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv32"="ir32_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv41"="ir41_32.ax"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.IYUV"="iyuv_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.mrle"="msrle32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.msvc"="msvidc32.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.UYVY"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YUY2"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YVU9"="tsbyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YVYU"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"wavemapper"="msacm32.drv"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msg723"="msg723.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.M263"="msh263.drv"
O52 - TDSD:HKLM\...\Drivers32\"vidc.M261"="msh261.drv"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msaudio1"="msaud32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.sl_anet"="sl_anet.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.iac2"="C:\PROGRA~1\tfsys\Decoder\others\iac25_32.ax"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv50"="ir50_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm"
O52 - TDSD:HKLM\...\Drivers32\"wave1"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"midi1"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"mixer1"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"MIDI2"="SYNCOR11.DLL"
O52 - TDSD:HKLM\...\Drivers32\"msacm.siren"="sirenacm.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.ac3acm"="AC3ACM.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.lameacm"="lameACM.acm"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.FFDS"="C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.voxacm160"="vct3216.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.scg726"="scg726.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.alf2cd"="alf2cd.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.dvsd"="mcdvd_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.DIVX"="DivX.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.mpg4"="mpg4c32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.mp42"="mpg4c32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.mp43"="mpg4c32.dll"
O52 - TDSD:HKLM\...\Drivers32\"MSVideo"="vfwwdm32.dll"
O52 - TDSD:HKLM\...\Drivers32\"MSVideo8"="VfWWDM32.dll"
O52 - TDSD:HKLM\...\Drivers32\"wave"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"midi"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"mixer"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"aux"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YV12"="xvidvfw.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.vorbis"="vorbis.acm"
O52 - TDSD:HKLM\...\Drivers32\"wave2"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"mixer2"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"wave3"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"mixer3"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"vidc.xvid"="xvidvfw.dll"
O52 - TDSD:HKLM\...\drivers.desc\"wdmaud.drv"="Personal Voice Changer Device"
O52 - TDSD:HKLM\...\drivers.desc\"msaud32.acm"="Windows Media Audio"
O52 - TDSD:HKLM\...\drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec"
O52 - TDSD:HKLM\...\drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software"
O52 - TDSD:HKLM\...\drivers.desc\"ir50_32.dll"="Indeo® video 5.10"
O52 - TDSD:HKLM\...\drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec"
O52 - TDSD:HKLM\...\drivers.desc\"SYNCOR11.DLL"="SoundMAX Wavetable Synth"
O52 - TDSD:HKLM\...\drivers.desc\"sirenacm.dll"="Messenger Audio Codec"
O52 - TDSD:HKLM\...\drivers.desc\"xvidvfw.dll"="XviD MPEG-4 Video Codec"
O52 - TDSD:HKLM\...\drivers.desc\"lameACM.acm"="Lame ACM MP3 CODEC v3.98"
O52 - TDSD:HKLM\...\drivers.desc\"ac3acm.acm"="AC-3 ACM Decompressor"
O52 - TDSD:HKLM\...\drivers.desc\"ff_vfw.dll"="ffdshow video encoder"
O52 - TDSD:HKLM\...\drivers.desc\"C:\PROGRA~1\tfsys\Decoder\others\iac25_32.ax"="Indeo® audio software"
O52 - TDSD:HKLM\...\drivers.desc\"vct3216.acm"="Voxware Compression Toolkit"
O52 - TDSD:HKLM\...\drivers.desc\"scg726.acm"="Sharp G.726 Audio Decoder"
O52 - TDSD:HKLM\...\drivers.desc\"alf2cd.acm"="alf2cd.acm"
O52 - TDSD:HKLM\...\drivers.desc\"mcdvd_32.dll"="mcdvd_32.dll"
O52 - TDSD:HKLM\...\drivers.desc\"divx.dll"="DivX 5.0.5 Codec"
O52 - TDSD:HKLM\...\drivers.desc\"mpg4c32.dll"="MS MPEG-4 v1,2,3 driver 4.1.0.3927"
O52 - TDSD:HKLM\...\drivers.desc\"ir32_32.dll"="Indeo® video R3.2 by Intel"
O52 - TDSD:HKLM\...\drivers.desc\"ir41_32.ax"="Indeo® video interactive R4.3 by Intel"
O52 - TDSD:HKLM\...\drivers.desc\"iyvu9_32.dll"="Indeo® video Raw YVU9 by Intel"
O52 - TDSD:HKLM\...\drivers.desc\"vfwwdm32.dll"="Vidéo WDM pour le pilote de capture Windows (Win32)"
O52 - TDSD:HKLM\...\drivers.desc\"C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll"="ffdshow Video Codec"
O52 - TDSD:HKLM\...\drivers.desc\"vorbis.acm"="Ogg Vorbis Audio CODEC"

---\\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1

---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoDriveTypeAutoRun"=145
O56 - MWPE:[HKCU\...\Policies\Explorer] - "LinkResolveIgnoreLinkInfo"=0
O56 - MWPE:[HKLM\...\Policies\Explorer] - "HonorAutoRunSetting"=1
O56 - MWPE:[HKLM\...\Policies\Explorer] - "LinkResolveIgnoreLinkInfo"=0
O56 - MWPE:[HKLM\...\Policies\Explorer] - "NoResolveSearch"=1

---\\ Liste des Drivers Système (SDL) (O58)
O58 - SDL:[MD5.2CCFA74242741CA22A4267CCE9B586F4] - 25/11/2009 - 00:47:54 ---A- C:\WINDOWS\system32\drivers\aavmker4.sys
O58 - SDL:[MD5.E5E6DBFC41EA8AAD005CB9A57A96B43B] - 14/04/2008 - 02:52:42 ---A- C:\WINDOWS\system32\drivers\acpi.sys
O58 - SDL:[MD5.E4ABC1212B70BB03D35E60681C447210] - 05/08/2004 - 13:00:00 ---A- C:\WINDOWS\system32\drivers\acpiec.sys
O58 - SDL:[MD5.11C04B17ED2ABBB4833694BCD644AC90] - 01/04/2002 - 07:15:00 ---A- C:\WINDOWS\system32\drivers\aeaudio.sys
O58 - SDL:[MD5.8BED39E3C35D6A489438B8141717A557] - 13/04/2008 - 17:39:23 ---A- C:\WINDOWS\system32\drivers\aec.sys
O58 - SDL:[MD5.7E775010EF291DA96AD17CA4B17137D7] - 14/08/2008 - 11:04:36 ---A- C:\WINDOWS\system32\drivers\afd.sys
O58 - SDL:[MD5.08FD04AA961BDC77FB983F328334E3D7] - 13/04/2008 - 19:36:38 ---A- C:\WINDOWS\system32\drivers\agp440.sys
O58 - SDL:[MD5.C6C0F974AB7E825813F8E6B4E5581750] - 14/04/2008 - 02:54:28 ---A- C:\WINDOWS\system32\drivers\amdk6.sys
O58 - SDL:[MD5.D3DABC57BE6D456DFD4BC026CFA582FF] - 14/04/2008 - 02:54:29 ---A- C:\WINDOWS\system32\drivers\amdk7.sys
O58 - SDL:[MD5.B5B8A80875C1DEDEDA8B02765642C32F] - 13/04/2008 - 19:51:25 ---A- C:\WINDOWS\system32\drivers\arp1394.sys
O58 - SDL:[MD5.DE91D0D73C3E61E6826D98FAC2FAC729] - 29/03/2000 - 07:17:42 ---A- C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
O58 - SDL:[MD5.B4079A98F294A3E262872CB76F4849F0] - 25/11/2009 - 00:50:00 ---A- C:\WINDOWS\system32\drivers\aswFsBlk.sys
O58 - SDL:[MD5.F5296ECFCBFE5935253AE6C29E6D086E] - 25/11/2009 - 00:51:09 ---A- C:\WINDOWS\system32\drivers\aswmon.sys
O58 - SDL:[MD5.DBEE7B5ECB50FC2CF9323F52CBF41141] - 25/11/2009 - 00:50:59 ---A- C:\WINDOWS\system32\drivers\aswmon2.sys
O58 - SDL:[MD5.8080D683489C99CBACE813F6FA4069CC] - 25/11/2009 - 00:48:57 ---A- C:\WINDOWS\system32\drivers\aswRdr.sys
O58 - SDL:[MD5.2E5A2AD5004B55DF39B7606130A88142] - 25/11/2009 - 00:50:12 ---A- C:\WINDOWS\system32\drivers\aswSP.sys
O58 - SDL:[MD5.D4C83A37EFADFA2C398362E0776E3773] - 25/11/2009 - 00:49:07 ---A- C:\WINDOWS\system32\drivers\aswTdi.sys
O58 - SDL:[MD5.B153AFFAC761E7F5FCFA822B9C4E97BC] - 13/04/2008 - 19:57:27 ---A- C:\WINDOWS\system32\drivers\asyncmac.sys
O58 - SDL:[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - 13/04/2008 - 19:40:30 ---A- C:\WINDOWS\system32\drivers\atapi.sys
O58 - SDL:[MD5.9916C1225104BA14794209CFA8012159] - 13/04/2008 - 19:51:25 ---A- C:\WINDOWS\system32\drivers\atmarpc.sys
O58 - SDL:[MD5.39A0A59180F19946374275745B21AEBA] - 05/08/2004 - 13:00:00 ---A- C:\WINDOWS\system32\drivers\atmepvc.sys
O58 - SDL:[MD5.AE76348A2605FB197FA8FF1D6F547836] - 13/04/2008 - 19:51:30 ---A- C:\WINDOWS\system32\drivers\atmlane.sys
O58 - SDL:[MD5.E7EF69B38D17BA01F914AE8F66216A38] - 05/08/2004 - 13:00:00 ---A- C:\WINDOWS\system32\drivers\atmuni.sys
O58 - SDL:[MD5.D9F724AA26C010A217C97606B160ED68] - 17/08/2001 - 22:59:44 ---A- C:\WINDOWS\system32\drivers\audstub.sys
O58 - SDL:[MD5.DA1F27D85E0D1525F6621372E7B685E9] - 05/08/2004 - 13:00:00 ---A- C:\WINDOWS\system32\drivers\beep.sys
O58 - SDL:[MD5.F934D1B230F84E1D19DD00AC5A7A83ED] - 13/04/2008 - 19:53:23 ---A- C:\WINDOWS\system32\drivers\bridge.sys
O58 - SDL:[MD5.90A673FC8E12A79AFBED2576F6A7AAF9] - 05/08/2004 - 13:00:00 ---A- C:\WINDOWS\system32\drivers\cbidf2k.sys
O58 - SDL:[MD5.0BE5AEF125BE881C4F854C554F2B025C] - 13/04/2008 - 19:46:24 ---A- C:\WINDOWS\system32\drivers\CCDECODE.sys
O58 - SDL:[MD5.C1B486A7658353D33A10CC15211A873B] - 05/08/2004 - 13:00:00 ---A- C:\WINDOWS\system32\drivers\cdaudio.sys
O58 - SDL:[MD5.C885B02847F5D2FD45A24E219ED93B32] - 13/04/2008 - 20:14:21 ---A- C:\WINDOWS\system32\drivers\cdfs.sys
O58 - SDL:[MD5.E0042BD5BEF17A6A3EF1DF576BDE24D1] - 14/11/2008 - 11:08:19 ---A- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS
O58 - SDL:[MD5.1F4260CC5B42272D71F79E570A27A4FE] - 13/04/2008 - 19:40:46 ---A- C:\WINDOWS\system32\drivers\cdrom.sys
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 05/08/2004 - 13:00:00 ---A- C:\WINDOWS\system32\drivers\cinemst2.sys
O58 - SDL:[MD5.FE47DD8FE6D7768FF94EBEC6C74B2719] - 13/04/2008 - 20:16:22 ---A- C:\WINDOWS\system32\drivers\classpnp.sys
O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 05/08/2004 - 13:00:00 ---A- C:\WINDOWS\system32\drivers\cpqdap01.sys
O58 - SDL:[MD5.D68AE021109A74E491B83F3F69FB92CD] - 14/04/2008 - 03:02:47 ---A- C:\WINDOWS\system32\drivers\crusoe.sys
O58 - SDL:[MD5.044452051F3E02E7963599FC8F4F3E25] - 13/04/2008 - 19:40:47 ---A- C:\WINDOWS\system32\drivers\disk.sys
O58 - SDL:[MD5.E65E2353A5D74EA89971CB918EEEB2F6] - 13/04/2008 - 19:40:44 ---A- C:\WINDOWS\system32\drivers\diskdump.sys
O58 - SDL:[MD5.F5DEADD42335FB33EDCA74ECB2F36CBA] - 14/04/2008 - 03:05:07 ---A- C:\WINDOWS\system32\drivers\dmboot.sys
O58 - SDL:[MD5.5A7C47C9B3F9FB92A66410A7509F0C71] - 14/04/2008 - 03:05:12 ---A- C:\WINDOWS\system32\drivers\dmio.sys
O58 - SDL:[MD5.E9317282A63CA4D188C0DF5E09C6AC5F] - 05/08/2004 - 13:00:00 ---A- C:\WINDOWS\system32\drivers\dmload.sys
O58 - SDL:[MD5.8A208DFCF89792A484E76C40E5F50B45] - 13/04/2008 - 19:45:01 ---A- C:\WINDOWS\system32\drivers\dmusic.sys
O58 - SDL:[MD5.6CB08593487F5701D2D2254E693EAFCE] - 13/04/2008 - 19:45:14 ---A- C:\WINDOWS\system32\drivers\drmk.sys

| Alerter

Répondre à lavermeil

sKe69

20 Janvier 2010 11:15:30

re,

Citation :

j'ai fait exactement ce que tu ma demande et voila les raports

pas tout à fait ! ... j'ai demande l'option 2 avec Toolbar S&D ! ...

donc recommence avec cet outil stp et poste le nouveau rapport obtenu ....

une fois ceci fait ( et pas avant ! ) , tu enchaines :

1- Avoir accès aux fichiers cachés :

Va dans Menu Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
* "Afficher les fichiers et dossiers cachés" ---> coché
* "Masquer les extensions des fichiers dont le type est connu" ---> décoché
* "masquer les fichiers du système" ---> décoché
-> valide la modif ( "appliquer" puis "ok" ).
( tu remetteras les paramètres de départ une fois la désinfection terminée , pas avant ... )

2- Rends toi sur ce site :

http://www.virustotal.com/

Copies ce qui suit et colles le dans l'espace pour la recherche ( ou clique sur "parcourir" et va jusqu'au fichier demandé ) :
C:\WINDOWS\iltwain.ini

Clique sur Send File ( = " Envoyer le fichier " ).

Un rapport va s'élaborer ligne à ligne.

Attends bien la fin ... Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note .

Copie le dans ta prochaine réponse ...

( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton "Ré-analyse le fichier maintenant" )

petit tuto > http://www.commentcamarche.net/faq/sujet-8633-legitimit...

==========================

3- Télécharge UsbFix ( de C_XX, Chimay8 & Chiquitine29 ) sur ton bureau :

ici http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFi...
ou ici http://chiquitine.changelog.fr/UsbFix.exe

! Déconnecte toi d'internet et ferme toutes applications en cours !

Impératif :
Branche toutes tes unités externes à ton PC (clé USB, DD externe, flash disk, lecteur MP3,carte SD, etc...) succeptibles d'avoir été infectés ( mais sans les ouvrir ! ) .

# Double clique sur UsbFix.exe présent sur ton bureau pour lancer l'outil.

# Choisis l' option 1 ( Recherche )

# Laisse travailler l'outil et ne touche à rien pendant le scan .

# Une fois terminé, poste le rapport UsbFix.txt qui apparaitra.

Le rapport est en outre sauvegardé à la racine du disque maitre ( C:\UsbFix.txt ).

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Site de l'auteur > http://pagesperso-orange.fr/NosTools/usbfix.html

| Alerter

Répondre à sKe69

lavermeil

20 Janvier 2010 21:05:34

salut Ske69 ,
j'ai refais les annalyses et voila les raports:

1 )

-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.40GHz )
BIOS : BIOS Date: 09/25/04 18:38:39 Ver: 08.00.09
USER : limmois ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1368 [VPS 100120-1] 4.8.1368 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:114 Go (Free:11 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 20/01/2010|21:30 )

-----------\\ SUPPRESSION

Supprime! - C:\DOCUME~1\limmois\APPLIC~1\Dealio\res
Supprime! - C:\DOCUME~1\limmois\APPLIC~1\Dealio\temp
Supprime! - C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-253CB611.pf
Supprime! - C:\DOCUME~1\limmois\APPLIC~1\Search Settings\kb128
Supprime! - C:\Program Files\Search Settings\kb128
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\DOCUME~1\limmois\APPLIC~1\Dealio
Supprime! - C:\DOCUME~1\limmois\APPLIC~1\Search Settings
Supprime! - C:\Program Files\Search Settings

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ Extensions

(limmois) - {70292c40-9ecb-4356-8613-72c2a02514bf} => kmt_television

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.fr/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."
"Search Bar"="http://search.msn.fr/spbasic.htm"
"SearchMigratedDefaultURL"="http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.msn.com/"

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\limmois\Application Data\uTorrent\Advanced System Care Pro 3.2.0.633 + Keygen Patch (Exclusive)[GLADRAG_MANHUNT] [H33T].torrent
C:\DOCUME~1\limmois\Bureau\Virtual DJ 6.0.1\Crack
C:\DOCUME~1\limmois\Mes documents\Virtual DJ 6.0.1 + Crack.rar
C:\DOCUME~1\limmois\Mes documents\Ma musique\dance hall\Dj Bryton - Raggamuffin Come Back Mixtape - Partit 1\06 - Metal Sound - Ladje Crack La.mp3

1 - "C:\ToolBar SD\TB_1.txt" - 20/01/2010|11:20 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 20/01/2010|21:32 - Option : [2]

-----------\\ Fin du rapport a 21:32:51,46

2)
le lien sur le site www.cijoint.fr :
http://www.cijoint.fr/cjlink.php?file=cj201001/cijBSpe0...

3)

Rapport de ZHPDiag v1.24.45 par Nicolas Coolman
Run by limmois at 20/01/2010 21:54:38
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.h...
Platform : Microsoft Windows XP (5.1.2600) Service Pack 3
MSIE: Internet Explorer v8.0.6001.18702

Boot mode: Normal (Normal boot)
Total RAM: 1023 MB (54% free)
System drive C: has 12 GB (10%) free of 114 GB

---\\ DOS/Devices
A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
C:\ Hard drive, Flash drive, Thumb drive (Free 12 Go of 114 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ CD-ROM drive (Not Inserted)

---\\ Processus lancés
[MD5.2D765E811B6FFEA9F91D4425E34B8461] - C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
[MD5.5BA8A7DA5D0573F7923E02B260AAD2F1] - C:\WINDOWS\system32\LVCOMSX.EXE
[MD5.93C8B9C6FD3D243D4B2C8C03C44B18E9] - C:\Program Files\Logitech\Video\ISStart.exe
[MD5.F433926BBEC782B603BA3BE0D4E92B7B] - C:\Program Files\Logitech\Video\LogiTray.exe
[MD5.0A7E9FDF3BF1980CA09FEEAC7F52EFBC] - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
[MD5.33E5A8FC8EB0EE42478F8538D0215D8F] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
[MD5.E6DEED311D830678E1A0B4889F3C2F0E] - C:\Program Files\Multimedia Keyboard & Mouse Driver\V5\StartAutorun.exe
[MD5.4C784423B8F0DAE1392398356C9BE1FC] - C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[MD5.3103FE27C967675B019E880AA6DA3D6D] - C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
[MD5.8CBD57D84729DEBEE1E83CB5FA3E3D7A] - C:\Program Files\QuickTime\qttask.exe
[MD5.95DA0F9F8B9EC3E067D8F06E54BE6CA1] - C:\Program Files\Fichiers communs\windows\win-xp-7.exe
[MD5.6AB4C021FBD36DC6764924C312428D97] - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[MD5.59DC5BB82E4C8E0B3EADCFDBC44BA6E4] - C:\WINDOWS\system32\ctfmon.exe
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[MD5.B9B7084F7DB3D1B036C0B9178472E96A] - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
[MD5.660B6158BC2BC5D7CB1FF18D148C17AA] - C:\Program Files\Logitech\Video\ManifestEngine.exe
[MD5.5DEBC3519D489411073FA7E56FFB4A93] - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[MD5.E4BDF223CD75478BF44567B4D5C2634D] - C:\WINDOWS\System32\svchost.exe
[MD5.0AAF6B848185899CF76AE04E62EAB3D2] - C:\Program Files\Alwil Software\Avast4\ashServ.exe
[MD5.3F56903E124E820AEECE6D471583C6C1] - C:\Program Files\Bonjour\mDNSResponder.exe
[MD5.8EF654045E518AC00E52E7A1E2D3AD70] - C:\Program Files\Canon\CAL\CALMAIN.exe
[MD5.C3FB1D70CB88722267949694BA51759E] - C:\WINDOWS\system32\services.exe
[MD5.5467F1FF0AF264566740F67E8B810735] - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[MD5.00E36BEEA22C92D1030C6D8F80BC0F6A] - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
[MD5.0C41C4ACFE00D826DB479C40C1D9EDC8] - C:\WINDOWS\system32\nvsvc32.exe
[MD5.91E6024D6D4DCDECDB36C43ECF9BBECB] - C:\WINDOWS\system32\lsass.exe
[MD5.06A49B7BDC36CFBF97DD90804F833369] - C:\Program Files\CyberLink\Shared files\RichVideo.exe
[MD5.271077B91D7AD1B616F8AFDFE8E3F981] - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
[MD5.3978F082274F723AD5A0A8058C2417DD] - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
[MD5.460E4CE148BD07218DA0B6A3D31885A9] - C:\WINDOWS\system32\spoolsv.exe
[MD5.B2EC3E1DEAC5F0A764BD3486D213A0AF] - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
[MD5.D2F4F32B59440011174B4F8137AF4E0C] - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;localhost

---\\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: RADIO LESTRADE Toolbar - {6b21520b-b7d9-4d6a-9c02-058dc019fcb6} - (not file)

---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - (not file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: RADIO LESTRADE Toolbar - {6b21520b-b7d9-4d6a-9c02-058dc019fcb6} - (not file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - {66886C4D-B307-4ECA-A228-52CA9B9851A4} -
O3 - Toolbar: RADIO LESTRADE Toolbar - {6b21520b-b7d9-4d6a-9c02-058dc019fcb6} -
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -

---\\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [KMConfig] C:\Program Files\Multimedia Keyboard & Mouse Driver\V5\StartAutorun.exe" KMConfig.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [win-xp-7] C:\Program Files\Fichiers communs\windows\win-xp-7.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data=1
O4 - HKLM\..\policies\Explorer: [LinkResolveIgnoreLinkInfo] Data=0
O4 - HKLM\..\policies\Explorer: [NoResolveSearch] Data=1
O4 - HKCU\..\policies\Explorer: [NoDriveTypeAutoRun] Data=145
O4 - HKCU\..\policies\Explorer: [LinkResolveIgnoreLinkInfo] Data=0
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll,201

---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File - C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File - C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File - C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000004\Winsock LSP File - C:\Program Files\Bonjour\mdnsNSP.dll

---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.ap...
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/F...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} (SayaTV Control) - http://www.sayatv.com/download/SayaTV.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.ma-config.com/activex/MaConfig_3_5_1_0.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/curren...
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} (RealPlayer G2 Control) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} () - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_d...

---\\ Protocole additionnel et piratage de protocole (O18)
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll
O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\system32\mshtml.dll
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\System32\dimsntfy.dll

---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll

---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! Antivirus) - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Service Bonjour (Bonjour Service) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Software Updater (gusvc) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SQL Server (RADIONOMY536765) (MSSQL$RADIONOMY536765) - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sRADIONOMY536765
O23 - Service: NVIDIA Display Driver Service (NVSvc) - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SeaPort (SeaPort) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spouleur d'impression (Spooler) - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: SQL Server Browser (SQLBrowser) - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
O23 - Service: Enregistreur VSS SQL Server (SQLWriter) - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Google Software Updater.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\PCConfidential.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\RegPowerClean.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\RPCReminder.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{B874544F-5331-4693-9E0C-5F38E28117BD}.job

---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Mise à jour de la version d’Internet Explorer - <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
O40 - ASIC: Microsoft Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
O40 - ASIC: Personnalisation du navigateur - >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Outlook Express - >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file)
O40 - ASIC: Rendu VML (Vector Graphics Rendering) - {10072CEC-8CC1-11D1-986E-00A0C955B42F} - (not file)
O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: Microsoft Windows Media Player 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: DirectAnimation - {283807B5-2C60-11D0-A31D-00AA00B92C03} - (not file)
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll
O40 - ASIC: Liaison de données Dynamic HTML pour Java - {36f8ec70-c29a-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Uniscribe - {3bf42070-b3b1-11d1-b5c5-0000f8051515} - (not file)
O40 - ASIC: Création avancée - {4278c270-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP

E /CALLER:WINNT /user /install
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
O40 - ASIC: DirectShow - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Classes Java DirectAnimation - {4f216970-c90c-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.6 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: .NET Framework - {72AD53CC-CCC0-3757-8480-9EE176866A7C} - (not file)
O40 - ASIC: Carnet d'adresses 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
O40 - ASIC: Mise à jour du Bureau Windows - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: .NET Framework - {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - (not file)
O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: Planificateur de tâches - {CC2A9BA0-3BDD-11D0-821E-444553540000} - (not file)
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash10d.ocx
O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)
O40 - ASIC: Microsoft Windows Media Player 6.4 - {F3061E1E-6B8F-2824-3212-5D9923F406A8} - (not file)

---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: AFD (AFD) - C:\WINDOWS\System32\drivers\afd.sys
O41 - Driver: Pilote de CD-ROM (Cdrom) - C:\WINDOWS\system32\DRIVERS\cdrom.sys
O41 - Driver: Pilote pour clavier i8042 et souris sur port PS/2 (i8042prt) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
O41 - Driver: Pilote de filtre de gravure CD (Imapi) - C:\WINDOWS\system32\DRIVERS\imapi.sys
O41 - Driver: Pilote de processeur Intel (intelppm) - C:\WINDOWS\system32\DRIVERS\intelppm.sys
O41 - Driver: Pilote IPSEC (IPSec) - C:\WINDOWS\system32\DRIVERS\ipsec.sys
O41 - Driver: Pilote de la classe Clavier (Kbdclass) - C:\WINDOWS\system32\DRIVERS\kbdclass.sys
O41 - Driver: Pilote HID de clavier (kbdhid) - C:\WINDOWS\system32\DRIVERS\kbdhid.sys
O41 - Driver: Pilote de la classe Souris (Mouclass) - C:\WINDOWS\system32\DRIVERS\mouclass.sys
O41 - Driver: MRXSMB (MRxSmb) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
O41 - Driver: Interface NetBIOS (NetBIOS) - C:\WINDOWS\system32\DRIVERS\netbios.sys
O41 - Driver: NetBIOS sur TCP/IP (NetBT) - C:\WINDOWS\system32\DRIVERS\netbt.sys
O41 - Driver: Pilote de connexion automatique d'accès distant (RasAcd) - C:\WINDOWS\system32\DRIVERS\rasacd.sys
O41 - Driver: Rdbss (Rdbss) - C:\WINDOWS\system32\DRIVERS\rdbss.sys
O41 - Driver: (no object) (RDPCDD) - C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
O41 - Driver: Pilote de filtre de lecture digitale de CD audio (redbook) - C:\WINDOWS\system32\DRIVERS\redbook.sys
O41 - Driver: Pilote de port série (Serial) - C:\WINDOWS\system32\DRIVERS\serial.sys
O41 - Driver: Pilote du protocole TCP/IP (Tcpip) - C:\WINDOWS\system32\DRIVERS\tcpip.sys
O41 - Driver: Pilote de périphérique terminal (TermDD) - C:\WINDOWS\system32\DRIVERS\termdd.sys
O41 - Driver: Carte vidéo VGA. (VgaSave) - C:\WINDOWS\System32\drivers\vga.sys

---\\ Logiciels installés (O42)
O42 - Logiciel: ABBYY FineReader 6.0 Sprint
O42 - Logiciel: AXIS Camera Control 2.40
O42 - Logiciel: Adobe Flash Player 10 ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin
O42 - Logiciel: Adobe Reader 9.2 - Français
O42 - Logiciel: Analyseur MSXML 6.0
O42 - Logiciel: Apple Software Update
O42 - Logiciel: ArcSoft PhotoImpression 5
O42 - Logiciel: Argente - Registry Cleaner 1.5.5.2
O42 - Logiciel: Assistant de connexion Windows Live
O42 - Logiciel: Audacity 1.2.6
O42 - Logiciel: Bonjour
O42 - Logiciel: CANON iMAGE GATEWAY Task for ZoomBrowser EX
O42 - Logiciel: CD_DRV_70
O42 - Logiciel: Canon Camera Access Library
O42 - Logiciel: Canon Camera Support Core Library
O42 - Logiciel: Canon Internet Library for ZoomBrowser EX
O42 - Logiciel: Canon MOV Decoder
O42 - Logiciel: Canon MOV Encoder
O42 - Logiciel: Canon MovieEdit Task for ZoomBrowser EX
O42 - Logiciel: Canon Utilities CameraWindow
O42 - Logiciel: Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
O42 - Logiciel: Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
O42 - Logiciel: Canon Utilities Digital Photo Professional 3.6
O42 - Logiciel: Canon Utilities EOS Utility
O42 - Logiciel: Canon Utilities MyCamera
O42 - Logiciel: Canon Utilities Original Data Security Tools
O42 - Logiciel: Canon Utilities PhotoStitch
O42 - Logiciel: Canon Utilities Picture Style Editor
O42 - Logiciel: Canon Utilities RemoteCapture Task for ZoomBrowser EX
O42 - Logiciel: Canon Utilities WFT-E1/E2/E3/E4 Utility
O42 - Logiciel: Canon Utilities ZoomBrowser EX
O42 - Logiciel: Canon ZoomBrowser EX Memory Card Utility
O42 - Logiciel: Codeur Windows Media Série 9
O42 - Logiciel: Combined Community Codec Pack 2008-09-21 16:18
O42 - Logiciel: Dealio Toolbar v4.0.1
O42 - Logiciel: DivX Web Player
O42 - Logiciel: EPSON Attach To Email
O42 - Logiciel: EPSON Copy Utility 3
O42 - Logiciel: EPSON File Manager
O42 - Logiciel: EPSON Image Clip Palette
O42 - Logiciel: EPSON Scan
O42 - Logiciel: EasyCleaner
O42 - Logiciel: Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)
O42 - Logiciel: FileZilla Client 3.2.6.1
O42 - Logiciel: FormatFactory 2.20
O42 - Logiciel: Foxit Reader
O42 - Logiciel: Free Easy Burner V 3.8
O42 - Logiciel: Free Mp3 Wma Converter V 1.81
O42 - Logiciel: Free Video Converter V 2.3
O42 - Logiciel: GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
O42 - Logiciel: GIMP 2.6.7
O42 - Logiciel: Google Toolbar for Internet Explorer
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
O42 - Logiciel: IZArc 4.0 beta 1
O42 - Logiciel: Installation Windows Live
O42 - Logiciel: Java(TM) 6 Update 7
O42 - Logiciel: Junk Mail filter update
O42 - Logiciel: K-Lite Codec Pack 4.2.5 (Full)
O42 - Logiciel: Kantaris Media Player 0.6.4
O42 - Logiciel: Lecteur Windows Media 11
O42 - Logiciel: Logiciel QuickCam de Logitech
O42 - Logiciel: Logiciel d'archivage WinRAR
O42 - Logiciel: Logitech Desktop Messenger
O42 - Logiciel: Logitech Print Service
O42 - Logiciel: MSVCRT
O42 - Logiciel: MSXML 4.0 SP2 (KB954430)
O42 - Logiciel: MSXML 4.0 SP2 (KB973688)
O42 - Logiciel: Ma-Config.com
O42 - Logiciel: Macromedia Flash Player 8 Plugin
O42 - Logiciel: MediaMonkey 3.0
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft Choice Guard
O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP
O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs
O42 - Logiciel: Microsoft National Language Support Downlevel APIs
O42 - Logiciel: Microsoft SQL Server 2005
O42 - Logiciel: Microsoft SQL Server 2005 Express Edition (RADIONOMY536765)
O42 - Logiciel: Microsoft SQL Server VSS Writer
O42 - Logiciel: Microsoft Search Enhancement Pack
O42 - Logiciel: Microsoft Silverlight
O42 - Logiciel: Microsoft Sync Framework Runtime Native v1.0 (x86)
O42 - Logiciel: Microsoft Sync Framework Services Native v1.0 (x86)
O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable
O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra
O42 - Logiciel: Motorola Driver Installation 3.9.0
O42 - Logiciel: Multimedia Keyboard & Mouse Driver
O42 - Logiciel: MyHeritage Family Tree Builder
O42 - Logiciel: NI Service Center
O42 - Logiciel: OpenOffice.org 3.0
O42 - Logiciel: Outil de téléchargement Windows Live
O42 - Logiciel: Perf3490P_3590P Guide util.
O42 - Logiciel: Presto! BizCard 4.1 Fre
O42 - Logiciel: Programme de gestion Camera de Logitech®
O42 - Logiciel: REALTEK GbE & FE Ethernet PCI NIC Driver
O42 - Logiciel: RealPlayer
O42 - Logiciel: Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
O42 - Logiciel: Search Settings 1.2.2
O42 - Logiciel: Security Update for CAPICOM (KB931906)
O42 - Logiciel: Segoe UI
O42 - Logiciel: SopFilter 3.0.5
O42 - Logiciel: SoundMAX
O42 - Logiciel: Spelling Dictionaries Support For Adobe Reader 9
O42 - Logiciel: Switch Sound File Converter
O42 - Logiciel: Text-To-Speech-Runtime
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
O42 - Logiciel: VC80CRTRedist - 8.0.50727.762
O42 - Logiciel: VCRedistSetup
O42 - Logiciel: Virtual DJ - Atomix Productions
O42 - Logiciel: Virtual Magnifying Glass
O42 - Logiciel: Windows Internet Explorer 7
O42 - Logiciel: Windows Internet Explorer 8
O42 - Logiciel: Windows Live Call
O42 - Logiciel: Windows Live Communications Platform
O42 - Logiciel: Windows Live Mail
O42 - Logiciel: Windows Live Messenger
O42 - Logiciel: Windows Live OneCare safety scanner
O42 - Logiciel: Windows Live Toolbar
O42 - Logiciel: Windows Live Writer
O42 - Logiciel: Windows Media Format 11 runtime
O42 - Logiciel: Windows Media Player 11
O42 - Logiciel: XML Paper Specification Shared Components Language Pack 1.0
O42 - Logiciel: adsl TV
O42 - Logiciel: avast! Antivirus
O42 - Logiciel: eMule
O42 - Logiciel: neroxml
O42 - Logiciel: µTorrent

---\\ Contenu des dossiers Fichiers Communs (O43)
O43 - CFD:Common File Directory ----D- C:\Program Files\ABBYY FineReader 6.0 Sprint
O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\adslTV
O43 - CFD:Common File Directory ----D- C:\Program Files\Alwil Software
O43 - CFD:Common File Directory ----D- C:\Program Files\Analog Devices
O43 - CFD:Common File Directory ----D- C:\Program Files\Argente Software
O43 - CFD:Common File Directory ----D- C:\Program Files\Audacity
O43 - CFD:Common File Directory ----D- C:\Program Files\AXIS Communications
O43 - CFD:Common File Directory ----D- C:\Program Files\Bonjour
O43 - CFD:Common File Directory ----D- C:\Program Files\Canon
O43 - CFD:Common File Directory ----D- C:\Program Files\Combined Community Codec Pack
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files
O43 - CFD:Common File Directory ----D- C:\Program Files\Corel
O43 - CFD:Common File Directory ----D- C:\Program Files\CyberLink
O43 - CFD:Common File Directory ----D- C:\Program Files\DivX
O43 - CFD:Common File Directory ----D- C:\Program Files\eMule
O43 - CFD:Common File Directory ----D- C:\Program Files\epson
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers communs
O43 - CFD:Common File Directory ----D- C:\Program Files\FileZilla FTP Client
O43 - CFD:Common File Directory ----D- C:\Program Files\Foxit Software
O43 - CFD:Common File Directory ----D- C:\Program Files\Free Audio Pack
O43 - CFD:Common File Directory ----D- C:\Program Files\Free Easy Burner
O43 - CFD:Common File Directory ----D- C:\Program Files\Free Offers from Freeze.com
O43 - CFD:Common File Directory ----D- C:\Program Files\Free Video Converter
O43 - CFD:Common File Directory ----D- C:\Program Files\FreeTime
O43 - CFD:Common File Directory ----D- C:\Program Files\GE.SOFT
O43 - CFD:Common File Directory ----D- C:\Program Files\GIMP-2.0
O43 - CFD:Common File Directory ----D- C:\Program Files\Google
O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD:Common File Directory ----D- C:\Program Files\Intel
O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer
O43 - CFD:Common File Directory ----D- C:\Program Files\IZArc
O43 - CFD:Common File Directory ----D- C:\Program Files\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\JRE
O43 - CFD:Common File Directory ----D- C:\Program Files\K-Lite Codec Pack
O43 - CFD:Common File Directory ----D- C:\Program Files\Kantaris
O43 - CFD:Common File Directory ----D- C:\Program Files\Logitech
O43 - CFD:Common File Directory ----D- C:\Program Files\ma-config.com
O43 - CFD:Common File Directory ----D- C:\Program Files\Macromedia
O43 - CFD:Common File Directory ----D- C:\Program Files\MediaMonkey
O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft CAPICOM 2.1.0.2
O43 - CFD:Common File Directory ----D- C:\Program Files\microsoft frontpage
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft SQL Server
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Sync Framework
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft.NET
O43 - CFD:Common File Directory ----D- C:\Program Files\Motorola
O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker
O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild
O43 - CFD:Common File Directory ----D- C:\Program Files\msn gaming zone
O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 6.0
O43 - CFD:Common File Directory ----D- C:\Program Files\Multimedia Keyboard & Mouse Driver
O43 - CFD:Common File Directory ----D- C:\Program Files\MyHeritage
O43 - CFD:Common File Directory ----D- C:\Program Files\Native Instruments
O43 - CFD:Common File Directory ----D- C:\Program Files\Navilog1
O43 - CFD:Common File Directory ----D- C:\Program Files\NCH Software
O43 - CFD:Common File Directory ----D- C:\Program Files\NCH Swift Sound
O43 - CFD:Common File Directory ----D- C:\Program Files\NetMeeting
O43 - CFD:Common File Directory ----D- C:\Program Files\NewSoft
O43 - CFD:Common File Directory ----D- C:\Program Files\OpenLibraries
O43 - CFD:Common File Directory ----D- C:\Program Files\OpenOffice.org 3
O43 - CFD:Common File Directory ----D- C:\Program Files\Outlook Express
O43 - CFD:Common File Directory ----D- C:\Program Files\Outsim
O43 - CFD:Common File Directory ----D- C:\Program Files\Personal Voice Changer Driver
O43 - CFD:Common File Directory ----D- C:\Program Files\Planning Manager
O43 - CFD:Common File Directory ----D- C:\Program Files\PSCS2Updater
O43 - CFD:Common File Directory ----D- C:\Program Files\QuickTime
O43 - CFD:Common File Directory ----D- C:\Program Files\Real
O43 - CFD:Common File Directory ----D- C:\Program Files\Realtek
O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies
O43 - CFD:Common File Directory ----D- C:\Program Files\Services en ligne
O43 - CFD:Common File Directory ----D- C:\Program Files\Sony Setup
O43 - CFD:Common File Directory ----D- C:\Program Files\SopFilter
O43 - CFD:Common File Directory ----D- C:\Program Files\tfsys
O43 - CFD:Common File Directory ----D- C:\Program Files\ToniArts
O43 - CFD:Common File Directory ----D- C:\Program Files\trend micro
O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information
O43 - CFD:Common File Directory ----D- C:\Program Files\uTorrent
O43 - CFD:Common File Directory ----D- C:\Program Files\Virtual Magnifying Glass
O43 - CFD:Common File Directory ----D- C:\Program Files\VirtualDJ
O43 - CFD:Common File Directory ----D- C:\Program Files\VstPlugins
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live Safety Center
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live SkyDrive
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Components
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Connect 2
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT
O43 - CFD:Common File Directory --H-D- C:\Program Files\WindowsUpdate
O43 - CFD:Common File Directory ----D- C:\Program Files\WinRAR
O43 - CFD:Common File Directory ----D- C:\Program Files\wLite
O43 - CFD:Common File Directory ----D- C:\Program Files\xerox
O43 - CFD:Common File Directory ----D- C:\Program Files\ZHPDiag
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Canon
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\DivX Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\FotoWire
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\InstallShield
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Logitech
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Microsoft Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Motorola Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\MSSoap
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Nullsoft
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\ODBC
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Real
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Services
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\SpeechEngines
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\System
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Ulead
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\windows
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Windows Live
O43 - CFD:Common File Directory -SH-D- C:\Program Files\Fichiers Communs\WindowsLiveInstaller
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\xing shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Motorola Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Winferno

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.41C60488803735491675B6297B5A7B26] - 20/01/2010 - 21:53:43 ---A- C:\WINDOWS\setupapi.log
O44 - LFC:[MD5.1E32CF8AD5EE39164C04F8AC1B9C1F80] - 20/01/2010 - 21:32:51 ---A- C:\TB.txt
O44 - LFC:[MD5.00000000000000000000000000000000] - 20/01/2010 - 15:11:41 ---A- C:\WINDOWS\WindowsUpdate.log
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 20/01/2010 - 11:30:03 ---A- C:\WINDOWS\0.log
O44 - LFC:[MD5.00000000000000000000000000000000] - 20/01/2010 - 11:29:39 ---A- C:\WINDOWS\wiadebug.log
O44 - LFC:[MD5.00000000000000000000000000000000] - 20/01/2010 - 11:29:37 ---A- C:\WINDOWS\wiaservc.log
O44 - LFC:[MD5.2CC08F1BB3BC648EC4E4809C0F2A2CE4] - 20/01/2010 - 11:29:17 ---A- C:\WINDOWS\System32\wpa.dbl
O44 - LFC:[MD5.790D838FBD0F151E65C79959184CBD3F] - 20/01/2010 - 11:29:13 -S-A- C:\WINDOWS\bootstat.dat
O44 - LFC:[MD5.00000000000000000000000000000000] - 20/01/2010 - 11:05:17 ---A- C:\WINDOWS\SchedLgU.Txt
O44 - LFC:[MD5.0AC118887E64B270E4BF81C843FBCED3] - 18/01/2010 - 11:21:51 ---A- C:\cleannavi.txt
O44 - LFC:[MD5.5439A6DEC1C6D3EACDE0B7533B0928D7] - 13/01/2010 - 04:03:04 ---A- C:\WINDOWS\FaxSetup.log
O44 - LFC:[MD5.711BDDAF5FFD859493B41729AE5C922E] - 13/01/2010 - 04:03:04 ---A- C:\WINDOWS\KB955759.log
O44 - LFC:[MD5.8883DB195CD6EBBAF5D552C7DD838F8A] - 13/01/2010 - 04:03:04 ---A- C:\WINDOWS\comsetup.log
O44 - LFC:[MD5.2BB87AEAB5449FA283A896AA86CFA0AC] - 13/01/2010 - 04:03:04 ---A- C:\WINDOWS\iis6.log
O44 - LFC:[MD5.A7670267F9E9755067849D66E42B5FF4] - 13/01/2010 - 04:03:04 ---A- C:\WINDOWS\imsins.log
O44 - LFC:[MD5.42E3F5996217CA2526D398F010FE58A9] - 13/01/2010 - 04:03:04 ---A- C:\WINDOWS\msgsocm.log
O44 - LFC:[MD5.6B80452DE1A064142440848C5D849AB9] - 13/01/2010 - 04:03:04 ---A- C:\WINDOWS\ntdtcsetup.log
O44 - LFC:[MD5.3A599D9F1DBD86AA2190694A9DEC9678] - 13/01/2010 - 04:03:04 ---A- C:\WINDOWS\ocgen.log
O44 - LFC:[MD5.2FFB112421F1E20C3DC34DB5DD5209E6] - 13/01/2010 - 04:03:04 ---A- C:\WINDOWS\ocmsn.log
O44 - LFC:[MD5.1C0545FE5670CAE33DFE87294584B681] - 13/01/2010 - 04:03:04 ---A- C:\WINDOWS\tsoc.log
O44 - LFC:[MD5.A162D52450AB100592647CCF7D884C81] - 13/01/2010 - 04:03:02 ---A- C:\WINDOWS\updspapi.log
O44 - LFC:[MD5.42A005617260FAFD2CE7291B2C624161] - 13/01/2010 - 04:02:56 ---A- C:\WINDOWS\KB972270.log
O44 - LFC:[MD5.D92DDB2F2FB916D1DBE99006A7E9DBA3] - 13/01/2010 - 04:02:56 ---A- C:\WINDOWS\imsins.BAK
O44 - LFC:[MD5.762EA6EC1A600B25812C12CD28692674] - 05/01/2010 - 22:52:46 ---A- C:\WINDOWS\$_hpcst$.hpc
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 05/01/2010 - 11:37:10 ---A- C:\WINDOWS\System32\FOXIT_PDF
O44 - LFC:[MD5.6626F8DF052DF5252673E9380CEEFEC8] - 05/01/2010 - 01:17:46 ---A- C:\WINDOWS\System32\MRT.exe
O44 - LFC:[MD5.FEAF852F34E3DF4F5FC81956CC9E7A96] - 04/01/2010 - 17:00:45 ---A- C:\WINDOWS\epsswt_log.txt
O44 - LFC:[MD5.9B33363910950751F479992ACB8D9288] - 02/01/2010 - 23:46:05 ---A- C:\WINDOWS\iltwain.ini

---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll

---\\ Export de clé d'application autorisée (ECAA)(O47)
O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export SP - "C:\Program Files\adslTV\adsltv.exe"="C:\Program Files\adslTV\adsltv.exe:*:Enabled:adsltv"
O47 - AAKE:Key Export SP - "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
O47 - AAKE:Key Export SP - "C:\Program Files\adslTV\vlc.exe"="C:\Program Files\adslTV\vlc.exe:*:Enabled:VLC media player"
O47 - AAKE:Key Export SP - "C:\Program Files\Kantaris\Kantaris.exe"="C:\Program Files\Kantaris\Kantaris.exe:*:Enabled:Kantaris Media Player"
O47 - AAKE:Key Export SP - "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
O47 - AAKE:Key Export SP - "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
O47 - AAKE:Key Export SP - "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Enabled:Logitech Desktop Messenger"
O47 - AAKE:Key Export SP - "C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*

isabled:Java(TM) Platform SE binary"
O47 - AAKE:Key Export SP - "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
O47 - AAKE:Key Export SP - "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
O47 - AAKE:Key Export SP - "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
O47 - AAKE:Key Export SP - "C:\Documents and Settings\limmois\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\limmois\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled

ctoshape add-in for Adobe Flash Player"
O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

---\\ Déni du service (Local Security Authority) (LSA) (O48)
O48 - LSA:Local Security Authority Authentication Packages - C:\WINDOWS\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages - C:\WINDOWS\System32\scecli.dll

---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vgasave.sys

---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d

---\\ MountPoints2 Shell Key (MPSK) (O51)
O51 - MPSK:{bc0f8f03-4c1c-11de-bd7d-00112fe7d792}\Shell\open\command -

---\\ Trojan Driver Search Data (TDSD) (O52)
O52 - TDSD:HKLM\...\Drivers\"timer"="timer.drv"
O52 - TDSD:HKLM\...\Drivers32\"midimapper"="midimap.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.imaadpcm"="imaadp32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msadpcm"="msadp32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msg711"="msg711.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msgsm610"="msgsm32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.trspch"="tssoft32.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.cvid"="iccvid.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.I420"="lvcodec2.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv31"="ir32_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv32"="ir32_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv41"="ir41_32.ax"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.IYUV"="iyuv_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.mrle"="msrle32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.msvc"="msvidc32.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.UYVY"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YUY2"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YVU9"="tsbyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YVYU"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"wavemapper"="msacm32.drv"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msg723"="msg723.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.M263"="msh263.drv"
O52 - TDSD:HKLM\...\Drivers32\"vidc.M261"="msh261.drv"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msaudio1"="msaud32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.sl_anet"="sl_anet.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.iac2"="C:\PROGRA~1\tfsys\Decoder\others\iac25_32.ax"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv50"="ir50_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm"
O52 - TDSD:HKLM\...\Drivers32\"wave1"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"midi1"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"mixer1"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"MIDI2"="SYNCOR11.DLL"
O52 - TDSD:HKLM\...\Drivers32\"msacm.siren"="sirenacm.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.ac3acm"="AC3ACM.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.lameacm"="lameACM.acm"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.FFDS"="C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.voxacm160"="vct3216.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.scg726"="scg726.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.alf2cd"="alf2cd.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.dvsd"="mcdvd_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.DIVX"="DivX.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.mpg4"="mpg4c32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.mp42"="mpg4c32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.mp43"="mpg4c32.dll"
O52 - TDSD:HKLM\...\Drivers32\"MSVideo"="vfwwdm32.dll"
O52 - TDSD:HKLM\...\Drivers32\"MSVideo8"="VfWWDM32.dll"
O52 - TDSD:HKLM\...\Drivers32\"wave"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"midi"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"mixer"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"aux"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YV12"="xvidvfw.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.vorbis"="vorbis.acm"
O52 - TDSD:HKLM\...\Drivers32\"wave2"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"mixer2"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"wave3"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"mixer3"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"vidc.xvid"="xvidvfw.dll"
O52 - TDSD:HKLM\...\drivers.desc\"wdmaud.drv"="Personal Voice Changer Device"
O52 - TDSD:HKLM\...\drivers.desc\"msaud32.acm"="Windows Media Audio"
O52 - TDSD:HKLM\...\drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec"
O52 - TDSD:HKLM\...\drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software"
O52 - TDSD:HKLM\...\drivers.desc\"ir50_32.dll"="Indeo® video 5.10"
O52 - TDSD:HKLM\...\drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec"
O52 - TDSD:HKLM\...\drivers.desc\"SYNCOR11.DLL"="SoundMAX Wavetable Synth"
O52 - TDSD:HKLM\...\drivers.desc\"sirenacm.dll"="Messenger Audio Codec"
O52 - TDSD:HKLM\...\drivers.desc\"xvidvfw.dll"="XviD MPEG-4 Video Codec"
O52 - TDSD:HKLM\...\drivers.desc\"lameACM.acm"="Lame ACM MP3 CODEC v3.98"
O52 - TDSD:HKLM\...\drivers.desc\"ac3acm.acm"="AC-3 ACM Decompressor"
O52 - TDSD:HKLM\...\drivers.desc\"ff_vfw.dll"="ffdshow video encoder"
O52 - TDSD:HKLM\...\drivers.desc\"C:\PROGRA~1\tfsys\Decoder\others\iac25_32.ax"="Indeo® audio software"
O52 - TDSD:HKLM\...\drivers.desc\"vct3216.acm"="Voxware Compression Toolkit"
O52 - TDSD:HKLM\...\drivers.desc\"scg726.acm"="Sharp G.726 Audio Decoder"
O52 - TDSD:HKLM\...\drivers.desc\"alf2cd.acm"="alf2cd.acm"
O52 - TDSD:HKLM\...\drivers.desc\"mcdvd_32.dll"="mcdvd_32.dll"
O52 - TDSD:HKLM\...\drivers.desc\"divx.dll"="DivX 5.0.5 Codec"
O52 - TDSD:HKLM\...\drivers.desc\"mpg4c32.dll"="MS MPEG-4 v1,2,3 driver 4.1.0.3927"
O52 - TDSD:HKLM\...\drivers.desc\"ir32_32.dll"="Indeo® video R3.2 by Intel"
O52 - TDSD:HKLM\...\drivers.desc\"ir41_32.ax"="Indeo® video interactive R4.3 by Intel"
O52 - TDSD:HKLM\...\drivers.desc\"iyvu9_32.dll"="Indeo® video Raw YVU9 by Intel"
O52 - TDSD:HKLM\...\drivers.desc\"vfwwdm32.dll"="Vidéo WDM pour le pilote de capture Windows (Win32)"
O52 - TDSD:HKLM\...\drivers.desc\"C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll"="ffdshow Video Codec"
O52 - TDSD:HKLM\...\drivers.desc\"vorbis.acm"="Ogg Vorbis Audio CODEC"

---\\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1

---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoDriveTypeAutoRun"=145
O56 - MWPE:[HKCU\...\Policies\Explorer] - "LinkResolveIgnoreLinkInfo"=0
O56 - MWPE:[HKLM\...\Policies\Explorer] - "HonorAutoRunSetting"=1
O56 - MWPE:[HKLM\...\Policies\Explorer] - "LinkResolveIgnoreLinkInfo"=0
O56 - MWPE:[HKLM\...\Policies\Explorer] - "NoResolveSearch"=1

---\\ Liste des Drivers Système (SDL) (O58)
O58 - SDL:[MD5.2CCFA74242741CA22A4267CCE9B586F4] - 25/11/2009 - 00:47:54 ---A- C:\WINDOWS\system32\drivers\aavmker4.sys
O58 - SDL:[MD5.E5E6DBFC41EA8AAD005CB9A57A96B43B] - 14/04/2008 - 02:52:42 ---A- C:\WINDOWS\system32\drivers\acpi.sys
O58 - SDL:[MD5.E4ABC1212B70BB03D35E60681C447210] - 05/08/2004 - 13:00:00 ---A- C:\WINDOWS\system32\drivers\acpiec.sys
O58 - SDL:[MD5.11C04B17ED2ABBB4833694BCD644AC90] - 01/04/2002 - 07:15:00 ---A- C:\WINDOWS\system32\drivers\aeaudio.sys
O58 - SDL:[MD5.8BED39E3C35D6A489438B8141717A557] - 13/04/2008 - 17:39:23 ---A- C:\WINDOWS\system32\drivers\aec.sys
O58 - SDL:[MD5.7E775010EF291DA96AD17CA4B17137D7] - 14/08/2008 - 11:04:36 ---A- C:\WINDOWS\system32\drivers\afd.sys
O58 - SDL:[MD5.08FD04AA961BDC77FB983F328334E3D7] - 13/04/2008 - 19:36:38 ---A- C:\WINDOWS\system32\drivers\agp440.sys
O58 - SDL:[MD5.C6C0F974AB7E825813F8E6B4E5581750] - 14/04/2008 - 02:54:28 ---A- C:\WINDOWS\system32\drivers\amdk6.sys
O58 - SDL:[MD5.D3DABC57BE6D456DFD4BC026CFA582FF] - 14/04/2008 - 02:54:29 ---A- C:\WINDOWS\system32\drivers\amdk7.sys
O58 - SDL:[MD5.B5B8A80875C1DEDEDA8B02765642C32F] - 13/04/2008 - 19:51:25 ---A- C:\WINDOWS\system32\drivers\arp1394.sys
O58 - SDL:[MD5.DE91D0D73C3E61E6826D98FAC2FAC729] - 29/03/2000 - 07:17:42 ---A- C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
O58 - SDL:[MD5.B4079A98F294A3E262872CB76F4849F0] - 25/11/2009 - 00:50:00 ---A- C:\WINDOWS\system32\drivers\aswFsBlk.sys
O58 - SDL:[MD5.F5296ECFCBFE5935253AE6C29E6D086E] - 25/11/2009 - 00:51:09 ---A- C:\WINDOWS\system32\drivers\aswmon.sys
O58 - SDL:[MD5.DBEE7B5ECB50FC2CF9323F52CBF41141] - 25/11/2009 - 00:50:59 ---A- C:\WINDOWS\system32\drivers\aswmon2.sys
O58 - SDL:[MD5.8080D683489C99CBACE813F6FA4069CC] - 25/11/2009 - 00:48:57 ---A- C:\WINDOWS\system32\drivers\aswRdr.sys
O58 - SDL:[MD5.2E5A2AD5004B55DF39B7606130A88142] - 25/11/2009 - 00:50:12 ---A- C:\WINDOWS\system32\drivers\aswSP.sys
O58 - SDL:[MD5.D4C83A37EFADFA2C398362E0776E3773] - 25/11/2009 - 00:49:07 ---A- C:\WINDOWS\system32\drivers\aswTdi.sys
O58 - SDL:[MD5.B153AFFAC761E7F5FCFA822B9C4E97BC] - 13/04/2008 - 19:57:27 ---A- C:\WINDOWS\system32\drivers\asyncmac.sys
O58 - SDL:[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - 13/04/2008 - 19:40:30 ---A- C:\WINDOWS\system32\drivers\atapi.sys
O58 - SDL:[MD5.9916C1225104BA14794209CFA8012159] - 13/04/2008 - 19:51:25 ---A- C:\WINDOWS\system32\drivers\atmarpc.sys
O58 - SDL:[MD5.39A0A59180F19946374275745B21AEBA] - 05/08/2004 - 13:00:00 ---A- C:\WINDOWS\system32\drivers\atmepvc.sys
O58 - SDL:[MD5.AE76348A2605FB197FA8FF1D6F547836] - 13/04/2008 - 19:51:30 ---A- C:\WINDOWS\system32\drivers\atmlane.sys
O58 - SDL:[MD5.E7EF69B38D17BA01F914AE8F66216A38] - 05/08/2004 - 13:00:00 ---A- C:\WINDOWS\system32\drivers\atmuni.sys
O58 - SDL:[MD5.D9F724AA26C010A217C97606B160ED68] - 17/08/2001 - 22:59:44 ---A- C:\WINDOWS\system32\drivers\audstub.sys
O58 - SDL:[MD5.DA1F27D85E0D1525F6621372E7B685E9] - 05/08/2004 - 13:00:00 ---A- C:\WINDOWS\system32\drivers\beep.sys
O58 - SDL:[MD5.F934D1B230F84E1D19DD00AC5A7A83ED] - 13/04/2008 - 19:53:23 ---A- C:\WINDOWS\system32\drivers\bridge.sys
O58 - SDL:[MD5.90A673FC8E12A79AFBED2576F6A7AAF9] - 05/08/2004 - 13:00:00 ---A- C:\WINDOWS\system32\drivers\cbidf2k.sys
O58 - SDL:[MD5.0BE5AEF125BE881C4F854C554F2B025C] - 13/04/2008 - 19:46:24 ---A- C:\WINDOWS\system32\drivers\CCDECODE.sys
O58 - SDL:[MD5.C1B486A7658353D33A10CC15211A873B] - 05/08/2004 - 13:00:00 ---A- C:\WINDOWS\system32\drivers\cdaudio.sys
O58 - SDL:[MD5.C885B02847F5D2FD45A24E219ED93B32] - 13/04/2008 - 20:14:21 ---A- C:\WINDOWS\system32\drivers\cdfs.sys
O58 - SDL:[MD5.E0042BD5BEF17A6A3EF1DF576BDE24D1] - 14/11/2008 - 11:08:19 ---A- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS
O58 - SDL:[MD5.1F4260CC5B42272D71F79E570A27A4FE] - 13/04/2008 - 19:40:46 ---A- C:\WINDOWS\system32\drivers\cdrom.sys
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 05/08/2004 - 13:00:00 ---A- C:\WINDOWS\system32\drivers\cinemst2.sys
O58 - SDL:[MD5.FE47DD8FE6D7768FF94EBEC6C74B2719] - 13/04/2008 - 20:16:22 ---A- C:\WINDOWS\system32\drivers\classpnp.sys
O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 05/08/2004 - 13:00:00 ---A- C:\WINDOWS\system32\drivers\cpqdap01.sys
O58 - SDL:[MD5.D68AE021109A74E491B83F3F69FB92CD] - 14/04/2008 - 03:02:47 ---A- C:\WINDOWS\system32\drivers\crusoe.sys
O58 - SDL:[MD5.044452051F3E02E7963599FC8F4F3E25] - 13/04/2008 - 19:40:47 ---A- C:\WINDOWS\system32\drivers\disk.sys
O58 - SDL:[MD5.E65E2353A5D74EA89971CB918EEEB2F6] - 13/04/2008 - 19:40:44 ---A- C:\WINDOWS\system32\drivers\diskdump.sys
O58 - SDL:[MD5.F5DEADD42335FB33EDCA74ECB2F36CBA] - 14/04/2008 - 03:05:07 ---A- C:\WINDOWS\system32\drivers\dmboot.sys
O58 - SDL:[MD5.5A7C47C9B3F9FB92A66410A7509F0C71] - 14/04/2008 - 03:05:12 ---A- C:\WINDOWS\system32\drivers\dmio.sys
O58 - SDL:[MD5.E9317282A63CA4D188C0DF5E09C6AC5F] - 05/08/2004 - 13:00:00 ---A- C:\WINDOWS\system32\drivers\dmload.sys
O58 - SDL:[MD5.8A208DFCF89792A484E76C40E5F50B45] - 13/04/2008 - 19:45:01 ---A- C:\WINDOWS\system32\drivers\dmusic.sys
O58 - SDL:[MD5.6CB08593487F5701D2D2254E693EAFCE] - 13/04/2008 - 19:45:14 ---A- C:\WINDOWS\system32\drivers\drmk.sys
O58 - SDL:[MD5.8F5FCFF8E8848AFAC920905FBD9D33C8] - 13/04/2008 - 19:45:13 ---A- C:\WINDOWS\system32\drivers\drmkaud.sys
O58 - SDL:[MD5.FE97D0343ACFDEBDD578FC67CC91FA87] - 05/08/2004 - 13:00:00 ---A- C:\WINDOWS\system32\drivers\dxapi.sys
O58 - SDL:[MD5.AC7280566A7BB85CB3291F04DDC1198E] - 13/04/2008 - 19:38:29 ---A- C:\WINDOWS\system32\drivers\dxg.sys
O58 - SDL:[MD5.A73F5D6705B1D820C19B18782E176EFD] - 05/08/2004 - 13:00:00 ---A- C:\WINDOWS\system32\drivers\dxgthk.sys
O58 - SDL:[MD5.38D332A6D56AF32635675F132548343E] - 13/04/2008 - 20:14:29 ---A- C:\WINDOWS\system32\drivers\fastfat.sys
O58 - SDL:[MD5.92CDD60B6730B9F50F6A1A0C1F8CDC81] - 13/04/2008 - 19:40:25 ---A- C:\WINDOWS\system32\drivers\fdc.sys
O58 - SDL:[MD5.31F923EB2170FC172C81ABDA0045D18C] - 14/04/2008 - 02:57:38 ---A- C:\WINDOWS\system32\drivers\fips.sys
O58 - SDL:[MD5.9D27E7B80BFCDF1CDD9B555862D5E7F0] - 13/04/2008 - 19:40:25 ---A- C:\WINDOWS\system32\drivers\flpydisk.sys
O58 - SDL:[MD5.B2CF4B0786F8212CB92ED2B50C6DB6B0] - 13/04/2008 - 19:32:59 ---A- C:\WINDOWS\system32\drivers\fltmgr.sys
O58 - SDL:[MD5.B71A69BB9CC88803F455341BD3992E0C] - 05/08/2004 - 13:00:00 ---A- C:\WINDOWS\system32\drivers\fsvga.sys
O58 - SDL:[MD5.3E1E2BD4F39B0E2B7DC4F4D2BCC2779A] - 05/08/2004 - 13:00:00 ---A- C:\WINDOWS\system32\drivers\fs_rec.sys
O58 - SDL:[MD5.A86859B77B908C18C2657F284AA29FE3] - 05/08/2004 - 13:00:00 ---A- C:\WINDOW

| Alerter

Répondre à lavermeil

sKe69

20 Janvier 2010 21:46:22

heu ....

faut faire ce que je demande correctement sinon on ne va pas s'en sortir ! ... :sweat:

j'attends donc la suite de ce que j'ai demandé ici > http://www.infos-du-net.com/forum/291351-11-aide-suppri...

c'est à dire le rapport VT et UsbFix ...

( PS : pour les rapports ZHPDiag , utilise systématiquement et uniquement le site d'uplaod "Cijoint" pour me les faire parvenir .)

| Alerter

Répondre à sKe69

lavermeil

20 Janvier 2010 22:49:57

1 ).................

voici le raport de http://www.virustotal.com/

Fichier raport_numero_1_TB.txt reçu le 2010.01.20 22:11:49 (UTC)
Situation actuelle: terminé

Résultat: 0/40 (0.00%)
Formaté Impression des résultats Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.01.20 -
AhnLab-V3 5.0.0.2 2010.01.20 -
AntiVir 7.9.1.146 2010.01.20 -
Antiy-AVL 2.0.3.7 2010.01.20 -
Authentium 5.2.0.5 2010.01.20 -
Avast 4.8.1351.0 2010.01.20 -
AVG 9.0.0.730 2010.01.19 -
BitDefender 7.2 2010.01.20 -
CAT-QuickHeal 10.00 2010.01.20 -
ClamAV 0.94.1 2010.01.20 -
Comodo 3650 2010.01.20 -
DrWeb 5.0.1.12222 2010.01.20 -
eSafe 7.0.17.0 2010.01.20 -
eTrust-Vet 35.2.7249 2010.01.20 -
F-Prot 4.5.1.85 2010.01.20 -
F-Secure 9.0.15370.0 2010.01.20 -
Fortinet 4.0.14.0 2010.01.20 -
GData 19 2010.01.20 -
Ikarus T3.1.1.80.0 2010.01.20 -
Jiangmin 13.0.900 2010.01.20 -
K7AntiVirus 7.10.951 2010.01.20 -
Kaspersky 7.0.0.125 2010.01.20 -
McAfee 5867 2010.01.20 -
McAfee+Artemis 5867 2010.01.20 -
McAfee-GW-Edition 6.8.5 2010.01.20 -
Microsoft 1.5302 2010.01.20 -
NOD32 4791 2010.01.20 -
Norman 6.04.03 2010.01.20 -
nProtect 2009.1.8.0 2010.01.20 -
Panda 10.0.2.2 2010.01.20 -
PCTools 7.0.3.5 2010.01.19 -
Rising 22.31.02.04 2010.01.20 -
Sophos 4.50.0 2010.01.20 -
Sunbelt 3.2.1858.2 2010.01.20 -
Symantec 20091.2.0.41 2010.01.20 -
TheHacker 6.5.0.7.157 2010.01.20 -
TrendMicro 9.120.0.1004 2010.01.20 -
VBA32 3.12.12.1 2010.01.20 -
ViRobot 2010.1.20.2146 2010.01.20 -
VirusBuster 5.0.21.0 2010.01.20 -
Information additionnelle
File size: 2772 bytes
MD5 : 1e32cf8ad5ee39164c04f8ac1b9c1f80
SHA1 : d64c2901e246e86953941c966cdf57a398aa5eae
SHA256: 80eb30cff40be3c8d5dee9381a1372686e0fa85ac219107371e0337342807d25
TrID : File type identification
Unknown!
ssdeep: 48:aenvTUcokDcRdYOI9RTl9q/z++gZue1e1FAukXRGE8vA48H3ToYoW0lj3zjnicRG:a0vTUcVD0dCTfq/sEe1e1pkhfuA48XTn
PEiD : -
RDS : NSRL Reference Data Set
-
2 )................

Et voici le raport de UsbFix

############################## | UsbFix V6.075 |

User : limmois (Administrateurs) # LIMMOIS-FB6C125
Update on 19/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 23:21:47 | 20/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Pentium(R) 4 CPU 2.40GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1368 [VPS 100120-1] 4.8.1368 [ Enabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 114,48 Go (11,92 Go free) # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe 400
C:\WINDOWS\system32\csrss.exe 448
C:\WINDOWS\system32\winlogon.exe 472
C:\WINDOWS\system32\services.exe 516
C:\WINDOWS\system32\lsass.exe 528
C:\WINDOWS\system32\svchost.exe 676
C:\WINDOWS\system32\svchost.exe 740
C:\WINDOWS\System32\svchost.exe 780
C:\WINDOWS\system32\svchost.exe 812
C:\WINDOWS\system32\svchost.exe 952
C:\WINDOWS\system32\svchost.exe 1000
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1136
C:\Program Files\Alwil Software\Avast4\ashServ.exe 1192
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe 1336
C:\WINDOWS\system32\RUNDLL32.EXE 1360
C:\WINDOWS\system32\LVCOMSX.EXE 1368
C:\Program Files\Logitech\Video\LogiTray.exe 1380
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 1388
C:\Program Files\Multimedia Keyboard & Mouse Driver\V5\StartAutorun.exe 1428
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe 1440
C:\Program Files\Multimedia Keyboard & Mouse Driver\V5\KMConfig.exe 1464
C:\Program Files\Fichiers communs\windows\win-xp-7.exe 1480
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe 1508
C:\WINDOWS\system32\ctfmon.exe 1516
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe 1544
C:\Program Files\Multimedia Keyboard & Mouse Driver\V5\KMProcess.exe 1784
C:\Program Files\Logitech\Video\FxSvr2.exe 1808
C:\WINDOWS\system32\spoolsv.exe 200
C:\Program Files\Bonjour\mDNSResponder.exe 252
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe 392
C:\WINDOWS\system32\nvsvc32.exe 704
C:\Program Files\CyberLink\Shared files\RichVideo.exe 864
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 576
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe 1112
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe 844
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 1312
C:\WINDOWS\system32\svchost.exe 1328
C:\Program Files\Canon\CAL\CALMAIN.exe 2140
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 2648
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 2684
C:\WINDOWS\System32\alg.exe 2860
C:\WINDOWS\system32\wuauclt.exe 2116
C:\WINDOWS\explorer.exe 3784
C:\WINDOWS\system32\wbem\wmiprvse.exe 2480

################## | Elements infectieux |

################## | Registre |

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoResolveSearch"

################## | Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{bc0f8f03-4c1c-11de-bd7d-00112fe7d792}
Shell\AutoRun\command =
Shell\open\command =

HKCU\..\..\Explorer\MountPoints2\{e896db9a-c60a-11dd-bd29-00112fe7d792}
Shell\AutoRun\command =

################## | ! Fin du rapport # UsbFix V6.075 ! |

3 ).............
Lien du fichier ZHPDiag
http://www.cijoint.fr/cjlink.php?file=cj201001/cijOkypy...

j'espere que j'ai bien fais .
j'ai suivi avec dexterité tes recommantions.
merci encors .

| Alerter

Répondre à lavermeil

sKe69

20 Janvier 2010 22:55:59

oki ....

la suite dans l'ordre :

1- ! Déconnecte toi d'internet et ferme toutes applications en cours !

Impératif :
Branche toutes tes unités externes à ton PC (clé USB, DD externe, flash disk, lecteur MP3,carte SD, etc...) succeptibles d'avoir été infectés ( mais sans les ouvrir ! ) .

# Double clique sur UsbFix.exe présent sur ton bureau pour lancer l'outil .

# Cette fois ci , tu choisis l' option 2 ( Suppression ) .

> Ton bureau disparaitra et le pc redémarrera ( c'est normal ).

# Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil et ne touche à rien .

# Une fois terminé, poste le nouveau rapport UsbFix.txt qui apparaitra avec le bureau .

( Le rapport est en outre sauvegardé à la racine du disque maitre > C:\UsbFix.txt ).

/!\ Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr pour ouvrir le Gestionnaire des Tâches > Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide ) /!\

=========================

2- Télécharge Malwarebytes :
ici http://www.commentcamarche.net/telecharger/telecharger-...
ou ici : http://www.malwarebytes.org/mbam.php
ou ici : http://www.malwarebytes.org/mbam/program/mbam-setup.exe

* Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'instale ) et mets le à jour .

(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : http://www.malekal.com/download/comctl32.ocx )

* Potasse ce tuto pour te familiariser avec le prg :
http://forum.pcastuces.com/sujet.asp?f=31&s=3
( cela dis, il est très simple d'utilisation ).

! Déconnecte toi et ferme toutes applications en cours !

* Lance 'Malwarebytes' .

Fais un examen dit " RAPIDE " .

--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifie que tous les objets infectés soient validés, puis clique sur "suppression".

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes', le dernier en date) pour analyse ...

=====================

3- Télécharge CCleaner :
ici http://www.infos-du-net.com/telecharger/CCleaner,0301-1...
ou ici http://www.commentcamarche.net/telecharger/telecharger-...

Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corriger ton registre .
Lors de l'installation:
-choisis bien "français" en langue .
-avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 premières.

Un tuto ( aide ):
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.h...

---> Utilisation :
*Décocher dans le menu Options - sous-menu Avancé :
Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures .

! déconnecte toi et ferme toutes applications en cours !

* va dans "nettoyeur" : fais -analyse- puis -nettoyage-
* va dans "registre" : fais -chercher les erreurs- et -réparer toutes les erreurs-
( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) .

( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )

==================

4- Refais un scan ZHPDiag, coche bien toutes les options ( sauf la 045 et 061 ), poste le nouveau rapport obtenu ( via Cijoint ) pour analyse et attends la suite ...

| Alerter

Répondre à sKe69

lavermeil

21 Janvier 2010 10:52:31

salut Ske69 ,
voici le dernier raport de ZHPDiag que vous m'avez demande.
j'ai suivi a la lettre tout vos conseils .et merci
Avec tout ces logiciels que vous m'avez demande de telecharger ,dite moi les quels que je dois gardé sur mon pc pour une eventuelle annalyse.
ah c'est vrai !!! je ne suis pas tiré d'affaire tant que vous me l'avez pas dis:
merci.

| Alerter

Répondre à lavermeil

lavermeil

21 Janvier 2010 10:53:25

le raport d'annalyse :
http://www.cijoint.fr/cjlink.php?file=cj201001/cijP4rF8...

| Alerter

Répondre à lavermeil

sKe69

21 Janvier 2010 11:25:32

re,

dis moi , tu le fais exprès ??? ...

tu lis entièrement les manipes ????!!!!

Il me faut également le rapport du scan de Malwarebytes !
(dans l'onglet "rapport/log"de Malwarebytes', le dernier en date)

fait moi un copier / coller de se rapport ....

| Alerter

Répondre à sKe69

lavermeil

21 Janvier 2010 11:41:08

excuse .
le raport/log de Malwarebytes :

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3607
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21/01/2010 11:08:07
mbam-log-2010-01-21 (11-08-07).txt

Type de recherche: Examen rapide
Eléments examinés: 116907
Temps écoulé: 6 minute(s), 12 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QUAD Registry Cleaner v2 (Adware.QUADRegClean) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\win-xp-7 (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\Fichiers communs\windows\win-xp-7.exe (Trojan.FakeAlert.H) -> Delete on reboot.

| Alerter

Répondre à lavermeil

sKe69

21 Janvier 2010 12:31:37

Re,

la suite :

1- Télécharge GenProc (de Jean-Chretien1 et Narco4) sur ton bureau :
http://www.genproc.com/GenProc.exe

!! ferme tes applications en cours !!

* double-clique sur GenProc.exe pour lancer le scan et laisse faire ...

* A la question "faites vous aidez sur un forum..." > clique sur "oui" .

-> poste le contenu du rapport qui s'ouvre ...

Aide en images ici : http://www.alt-shift-return.org/Info/GenProc-HowTo.html

IMPORTANT : poste le rapport uniquement ! Ne suis pas les éventuelles consignes qu'il mentionne pour le moment ...

================

2- Télécharge Ad-remover ( de C_XX ) sur ton bureau :

ici http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe
ou ici http://forum-aide-contre-virus.be/download/C_XX/AD-R.ex...

! Déconnecte toi et ferme toutes applications en cours (Navigateur compris) !

• Double clique sur Ad-remover.exe qui est sur ton bureau pour lancer l'outil .

• Au menu principal choisis l'option "S" et tape sur [entrée] .

• le scan démarre , laisse travailler l'outil et ne touche à rien ...

/!\ l'outil donne l'impression qu'il a planté et qu'il ne se passe rien , mais ce n'est pas le cas ! ( le scan est très discret et assez long , donc patience ... )

--> Poste le rapport qui apparait à la fin dans ta prochaine pour analyse ...

( Le rapport est sauvegardé aussi sous C:\Ad-report-SCAN.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus :
(AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Aides en images (Installation) : http://pagesperso-orange.fr/NosTools/tuto_ad_r1.html
Aides en images (Recherche) : http://pagesperso-orange.fr/NosTools/tuto_ad_r2.html

| Alerter

Répondre à sKe69

lavermeil

21 Janvier 2010 21:23:52

salut .
voici les liens des deux raports :

- raport GenProc : http://www.cijoint.fr/cjlink.php?file=cj201001/cijIS4Fj...

- raport Ad-remover : http://www.cijoint.fr/cjlink.php?file=cj201001/cijwOaBx...

| Alerter

Répondre à lavermeil

sKe69

21 Janvier 2010 21:26:21

Impec ....

la suite :

1- ! Déconnecte toi et ferme toutes applications en cours (Navigateur compris) !

• Double clique sur Ad-remover.exe qui est sur ton bureau pour lancer l'outil .

• Au menu principal choisis cette fois l'option "L" et tape sur [entrée] .

• Le nettoyage débute > Laisse travailler l'outil et ne touche à rien !...

/!\ l'outil donne l'impression qu'il a planté et qu'il ne se passe rien , mais ce n'est pas le cas ! ( le scan est très discret et assez long , donc patience ... )

--> Poste le rapport qui apparait à la fin dans ta prochaine réponse pour analyse ...

( Le rapport est sauvegardé aussi sous C:\Ad-Report-CLEAN.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

==============================

2- Refais un scan ZHPDiag, coche bien toutes les options ( sauf la 045 et 061 ), poste le nouveau rapport obtenu ( via Cijoint ) pour analyse et attends la suite ...

| Alerter

Répondre à sKe69

lavermeil

21 Janvier 2010 23:57:10

lien raport AD-R
http://www.cijoint.fr/cjlink.php?file=cj201001/cijb5E79...
lien raport ZHPDiag
http://www.cijoint.fr/cjlink.php?file=cj201001/cijPnBvT...

| Alerter

Répondre à lavermeil

sKe69

22 Janvier 2010 07:38:59

bien ,

encore un truc ou deux louches à contrôler et on finalise ...

fait ceci :

Télécharge SystemLook de jpshortstuff sur ton bureau :

http://images.malwareremoval.com/jpshortstuff/SystemLoo...

* Double-clique sur "SystemLook.exe" pour lancer l'outil .

-> Copies/colle le texte ci-dessous dans la fenêtre :

:dir
C:\Program Files\Fichiers Communs\windows

* Clique sur le bouton [Look] pour lancer l'examen .

Laisse travailler ...

* Quand il est terminé, une fenêtre du Bloc-notes s'ouvre avec le résultat du scan.

-> Poste ce rapport dans ta prochaine réponse pour analyse ...

( Note : Le rapport est en outre sauvegardé sur ton bureau / "SystemLook.txt" )

| Alerter

Répondre à sKe69

Tom's guide dans le monde