Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
23 replies to this topic

#1 didou

didou

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 09 December 2009 - 04:44 PM

Hello to everybody,
I'm totally new on this kind of forum..
My brother told me to write my problem here.....

Computer with windows XP....since several days, my PC has a strange behaviour..it seems some applications are running when nothing is open and I cannot open F secure to find any virus neither Malware...it seems because it is known by the virus which could be a Rootkit

I know this because after using GMER, the report indicated :
Module \systemroot\system32\drivers\H8SRTllrjqumoir.sys (*** hidden *** ) F3E5E000-F3E7A000 (114688 bytes)
Service C:\WINDOWS\system32\drivers\H8SRTllrjqumoir.sys (*** hidden *** ) [SYSTEM] H8SRTd.sys <-- ROOTKIT !!!
but nobody could tell me if I could kill these 2files without ahaving problem after with my PC. I'm afraid of doing it as they are .sys

So I followed the rules given on you web site to give you the logfile.
I'm not an expert, but I have seen svchost.exe...and I can remember it is a virus or something not good for a PC !? but I'm not sure.

So if anybody could help me by telling me what I have to do.

Thank you in advance

Bye bye

Didw


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:24:33, on 09/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Medion Info Display\MdionLCM.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Documents and Settings\Guss\Bureau\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/webhp?sourceid=navcli...fr&ie=UTF-8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www.photoweb.fr/telechargement/Photoweb_Uploader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129731383765
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1131096353671
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f009.mail.caramail.lycos.fr/app/upl...ileUploader.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: McAfee Firewall - Network Associates, Inc. - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 12244 bytes

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 didou

didou
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 09 December 2009 - 05:06 PM

It is me again
Just to add this scan....may be it could to help me!?
Thank you

Rapport de ZHPDiag v1.24.37 par Nicolas Coolman
Run by Guss at 09/12/2009 20:35:10
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Platform : Microsoft Windows XP (5.1.2600) Service Pack 3
MSIE: Internet Explorer v6.0.2900.5512

Boot mode: Normal (Normal boot)
Total RAM: 1022 MB (51% free)
System drive C: has 54 GB (46%) free of 116 GB

---\\ Processus lancés
[MD5.010B286E6437AE99E35BD2B234A93DA7] - C:\WINDOWS\system32\CmUCReye.exe
[MD5.1B17E09C1223F6D17336D2DD7A1AF4F4] - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
[MD5.3E4C03CEFAD8DE135263236B61A49C90] - C:\WINDOWS\system32\NeroCheck.exe
[MD5.484522F6C66CF654864BCDFE468295BD] - C:\Program Files\Medion Info Display\MdionLCM.exe
[MD5.805A0AA2F12890C8BEB836CE011BF9C3] - C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
[MD5.71BA6AFFB1DAE0D4BA490F8DB60F287F] - C:\Program Files\CA\Etrust Antivirus\Register.exe
[MD5.E01214917DE64BE64F5831C86F85EFD1] - C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe
[MD5.BD6F8EFA3D1856FFD88B9827DD33E875] - C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
[MD5.216B3ACC656CDA8A5A0C3071EC0A408B] - C:\Program Files\QuickTime\qttask.exe
[MD5.9A29592CD135F6262C429152F7A8DD4A] - C:\PROGRA~1\Wanadoo\Watch.exe
[MD5.69B16C7B7746BA5C642FC05B3561FC73] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
[MD5.0A7E9FDF3BF1980CA09FEEAC7F52EFBC] - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
[MD5.9CAB916797D8D39F78B8800C2A23ADD6] - C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
[MD5.E616A6A6E91B0A86F2F6217CDE835FFE] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[MD5.2BD5E1E68614DBC6B320597856ED6EA7] - C:\PROGRA~1\Wanadoo\Shell.exe
[MD5.5011A24AECF4D573473BDC15EE84C178] - C:\Program Files\Windows Media Player\WMPNSCFG.exe
[MD5.59DC5BB82E4C8E0B3EADCFDBC44BA6E4] - C:\WINDOWS\system32\CTFMON.EXE
[MD5.5DEBC3519D489411073FA7E56FFB4A93] - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[MD5.E4BDF223CD75478BF44567B4D5C2634D] - C:\WINDOWS\System32\svchost.exe
[MD5.0AAF6B848185899CF76AE04E62EAB3D2] - C:\Program Files\Alwil Software\Avast4\ashServ.exe
[MD5.B7F89868CFFCC19066FEBFCB4D45F6CE] - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
[MD5.DECEFC3632A14C60BC851631649F4ACE] - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
[MD5.0DCDAA9FD2A62E6121FF4C7AC453ADCD] - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
[MD5.1CFDCB99812C62E19C47896A5857D342] - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
[MD5.C3FB1D70CB88722267949694BA51759E] - C:\WINDOWS\system32\services.exe
[MD5.1EE42860D3922B2A634191A4B9BFDD9E] - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
[MD5.305687EB8C8E0A12A0B2BAE387B6E466] - C:\WINDOWS\system32\fxssvc.exe
[MD5.6A18B2E78F4DA72AB9295207FE629BB9] - C:\Program Files\F-Secure\Common\FSAA.EXE
[MD5.FB942E7CB27F6A04D03ECC159FCA64B7] - C:\Program Files\F-Secure\Common\FSMA32.EXE
[MD5.D1261099E03EEE90976EA19002995B89] - C:\WINDOWS\System32\FTRTSVC.exe
[MD5.575ED0F5DCB34E5C243D2A7EBC860484] - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
[MD5.FD306FBCCE7ADB1077B709742E7148E9] - C:\Program Files\CDBurnerXP\NMSAccessU.exe
[MD5.1BC6BCFC305270A73A91A2D2751E8FDB] - C:\WINDOWS\system32\nvsvc32.exe
[MD5.91E6024D6D4DCDECDB36C43ECF9BBECB] - C:\WINDOWS\system32\lsass.exe
[MD5.BD517C7FB119997EFFBE39D5E4B37B05] - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
[MD5.460E4CE148BD07218DA0B6A3D31885A9] - C:\WINDOWS\system32\spoolsv.exe
[MD5.C9BEA742CE225CC993C9465FDDAE4656] - C:\Program Files\Windows Media Player\WMPNetwk.exe

---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

---\\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Search Class - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - %SystemRoot%\system32\shdocvw.dll

---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} -
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {1E796980-9CC5-11D1-A83F-00C04FC99D61} -

---\\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MedionVFD] C:\Program Files\Medion Info Display\MdionLCM.exe
O4 - HKLM\..\Run: [PCMService] C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [InstantOn] C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c
O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Manager] C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data=1
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - Global Startup: Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe,302
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe,302

---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File - C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File - C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File - C:\WINDOWS\system32\mswsock.dll

---\\ Piratage de l'Option 'Rétablir les paramètres Web' (O14)
O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=http://www.aldi.com/

---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www.photoweb.fr/telechargement/Photoweb_Uploader.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://fpdownload.macromedia.com/get/shock...are/awswaxd.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shock...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129731383765
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1131096353671
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f009.mail.caramail.lycos.fr/app/upl...ileUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

---\\ Protocole additionnel et piratage de protocole (O18)
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll
O18 - Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Handler: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\FICHIE~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\system32\mshtml.dll
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O18 - Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\System32\dimsntfy.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\System32\WgaLogon.dll

---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %SystemRoot%\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll

---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! Antivirus) - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service (CyberLink Media Library Service) - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: F-Secure Gatekeeper Handler Starter (F-Secure Gatekeeper Handler Starter) - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: Fax (Fax) - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: McAfee Firewall (McAfee Firewall) - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE
O23 - Service: NMSAccessU (NMSAccessU) - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spouleur d'impression (Spooler) - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - C:\Program Files\Windows Media Player\WMPNetwk.exe

---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Microsoft Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE
O40 - ASIC: Outlook Express - >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
O40 - ASIC: Viewpoint Media Player - {03F998B2-0E00-11D3-A498-00104B6EB52E} - C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file)
O40 - ASIC: Rendu VML (Vector Graphics Rendering) - {10072CEC-8CC1-11D1-986E-00A0C955B42F} - (not file)
O40 - ASIC: Macromedia Shockwave Director 10.1 - {166B1BCA-3F9C-11CF-8075-444553540000} - C:\WINDOWS\system32\Macromed\Director\SwDir.dll
O40 - ASIC: Viewpoint Media Player - {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: Microsoft Windows Media Player 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: DirectAnimation - {283807B5-2C60-11D0-A31D-00AA00B92C03} - C:\WINDOWS\system32\danim.dll
O40 - ASIC: Macromedia Shockwave Director 10.1 - {2A202491-F00D-11cf-87CC-0020AFEECF20} - (not file)
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll
O40 - ASIC: Liaison de données Dynamic HTML pour Java - {36f8ec70-c29a-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Logiciel de navigation hors connexion - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Uniscribe - {3bf42070-b3b1-11d1-b5c5-0000f8051515} - (not file)
O40 - ASIC: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) - {411EDCF7-755D-414E-A74B-3DCD6583F589} - (not file)
O40 - ASIC: Création avancée - {4278c270-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
O40 - ASIC: DirectShow - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Aide sur Internet Explorer - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Classes Java DirectAnimation - {4f216970-c90c-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.6 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
O40 - ASIC: Outils d'installation Internet Explorer - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Améliorations pour la navigation - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
O40 - ASIC: Accès au site MSN - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: .NET Framework - {72AD53CC-CCC0-3757-8480-9EE176866A7C} - (not file)
O40 - ASIC: Dossiers Web - {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - (not file)
O40 - ASIC: Carnet d'adresses 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
O40 - ASIC: Mise à jour du Bureau Windows - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer 6 - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
O40 - ASIC: Fax - {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
O40 - ASIC: Liaison de données Dynamic HTML - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: Fax Provider - {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - (not file)
O40 - ASIC: .NET Framework - {9A394342-4A68-4EBA-85A6-55B559F4E700} - (not file)
O40 - ASIC: .NET Framework - {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - (not file)
O40 - ASIC: Polices de base Internet Explorer - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: .NET Framework - {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - (not file)
O40 - ASIC: Planificateur de tâches - {CC2A9BA0-3BDD-11D0-821E-444553540000} - (not file)
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx
O40 - ASIC: Microsoft .NET Framework 1.1 Security Update (KB953297) - {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - (not file)
O40 - ASIC: Aide HTML - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)

---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: AFD (AFD) - C:\WINDOWS\System32\drivers\afd.sys
O41 - Driver: Pilote de CD-ROM (Cdrom) - C:\WINDOWS\system32\DRIVERS\cdrom.sys
O41 - Driver: Pilote pour clavier i8042 et souris sur port PS/2 (i8042prt) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
O41 - Driver: Pilote de filtre de gravure CD (Imapi) - C:\WINDOWS\system32\DRIVERS\imapi.sys
O41 - Driver: Pilote de processeur Intel (intelppm) - C:\WINDOWS\system32\DRIVERS\intelppm.sys
O41 - Driver: Pilote IPSEC (IPSec) - C:\WINDOWS\system32\DRIVERS\ipsec.sys
O41 - Driver: Pilote de la classe Clavier (Kbdclass) - C:\WINDOWS\system32\DRIVERS\kbdclass.sys
O41 - Driver: Pilote HID de clavier (kbdhid) - C:\WINDOWS\system32\DRIVERS\kbdhid.sys
O41 - Driver: Pilote de la classe Souris (Mouclass) - C:\WINDOWS\system32\DRIVERS\mouclass.sys
O41 - Driver: MRXSMB (MRxSmb) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
O41 - Driver: Interface NetBIOS (NetBIOS) - C:\WINDOWS\system32\DRIVERS\netbios.sys
O41 - Driver: NetBIOS sur TCP/IP (NetBT) - C:\WINDOWS\system32\DRIVERS\netbt.sys
O41 - Driver: Pilote de connexion automatique d'accès distant (RasAcd) - C:\WINDOWS\system32\DRIVERS\rasacd.sys
O41 - Driver: Rdbss (Rdbss) - C:\WINDOWS\system32\DRIVERS\rdbss.sys
O41 - Driver: (no object) (RDPCDD) - C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
O41 - Driver: Pilote de filtre de lecture digitale de CD audio (redbook) - C:\WINDOWS\system32\DRIVERS\redbook.sys
O41 - Driver: Pilote de port série (Serial) - C:\WINDOWS\system32\DRIVERS\serial.sys
O41 - Driver: Pilote du protocole TCP/IP (Tcpip) - C:\WINDOWS\system32\DRIVERS\tcpip.sys
O41 - Driver: Pilote de périphérique terminal (TermDD) - C:\WINDOWS\system32\DRIVERS\termdd.sys
O41 - Driver: Carte vidéo VGA. (VgaSave) - C:\WINDOWS\System32\drivers\vga.sys
O41 - Driver: Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0 (WS2IFSL) - C:\WINDOWS\System32\drivers\ws2ifsl.sys

---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player 10 ActiveX
O42 - Logiciel: Adobe Reader 9 - Français
O42 - Logiciel: Audacity 1.2.6
O42 - Logiciel: C-Media Card Reader Driver USB2.0
O42 - Logiciel: C-Media USB2.0 Card Reader
O42 - Logiciel: CDBurnerXP
O42 - Logiciel: Canon i865
O42 - Logiciel: Complément Microsoft Word pour Microsoft Works Suite
O42 - Logiciel: Creatix V.92 Data Fax Modem
O42 - Logiciel: DVD Shrink 3.2
O42 - Logiciel: DivX Player
O42 - Logiciel: DivX Pro
O42 - Logiciel: Encyclopédie Microsoft Encarta 2006
O42 - Logiciel: Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP
O42 - Logiciel: F-Secure Anti-Virus
O42 - Logiciel: F-Secure BackWeb
O42 - Logiciel: F-Secure Management Agent
O42 - Logiciel: Gestionnaire Internet
O42 - Logiciel: Google Toolbar for Internet Explorer
O42 - Logiciel: Guitar Pro 4.0
O42 - Logiciel: High Definition Audio Driver Package - KB888111
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399)
O42 - Logiciel: Hotfix for Windows Media Format SDK (KB902344)
O42 - Logiciel: Hotfix for Windows XP (KB954550-v5)
O42 - Logiciel: Information sur votre PC
O42 - Logiciel: J2SE Runtime Environment 5.0 Update 4
O42 - Logiciel: Learn2 Player (Uninstall Only)
O42 - Logiciel: Lecteur Windows Media 11
O42 - Logiciel: MSXML 4.0 SP2 (KB927978)
O42 - Logiciel: MSXML 4.0 SP2 (KB936181)
O42 - Logiciel: MSXML 4.0 SP2 (KB954430)
O42 - Logiciel: MSXML 4.0 SP2 (KB973688)
O42 - Logiciel: Macromedia Shockwave Player
O42 - Logiciel: McAfee Firewall
O42 - Logiciel: MediaShow 3.0
O42 - Logiciel: Medion Info Display
O42 - Logiciel: Microsoft .NET Framework 1.1
O42 - Logiciel: Microsoft .NET Framework 1.1 French Language Pack
O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB953297)
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft AutoRoute 2006
O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP
O42 - Logiciel: Microsoft Money
O42 - Logiciel: Microsoft Office XP Professional avec FrontPage
O42 - Logiciel: Microsoft Photo 2006 Standard Edition
O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable
O42 - Logiciel: Microsoft Word 2002
O42 - Logiciel: Microsoft Works
O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra
O42 - Logiciel: NVIDIA Drivers
O42 - Logiciel: Navigateur Orange
O42 - Logiciel: Nero Suite
O42 - Logiciel: Outil de téléchargement Windows Live
O42 - Logiciel: Package de base Microsoft de service de chiffrement pour cartes à puce
O42 - Logiciel: PhotoNow! 1.0
O42 - Logiciel: PowerCinema
O42 - Logiciel: PowerCinema Linux 4.7
O42 - Logiciel: PowerDVD
O42 - Logiciel: PowerDirector
O42 - Logiciel: PowerProducer
O42 - Logiciel: QuickTime
O42 - Logiciel: RT2500 USB Wireless LAN Card
O42 - Logiciel: Radio Fr Solo 2.1
O42 - Logiciel: RealPlayer
O42 - Logiciel: Realtek High Definition Audio Driver
O42 - Logiciel: SAMSUNG CDMA Modem Driver Set
O42 - Logiciel: SAMSUNG Mobile USB Modem 1.0 Software
O42 - Logiciel: SAMSUNG Mobile USB Modem Software
O42 - Logiciel: Samsung PC Studio
O42 - Logiciel: Samsung PC Studio 3 USB Driver Installer
O42 - Logiciel: Sélecteur d'installation de Microsoft Works 2006
O42 - Logiciel: USB Wireless Keyboard Driver
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
O42 - Logiciel: Utilitaire de sauvegarde Windows
O42 - Logiciel: VLC media player 0.9.8a
O42 - Logiciel: Viewpoint Media Player
O42 - Logiciel: Visionneuse Journal Windows Microsoft
O42 - Logiciel: WinRAR Archiveur
O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474)
O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130)
O42 - Logiciel: Windows Genuine Advantage v1.3.0254.0
O42 - Logiciel: Windows Media Connect
O42 - Logiciel: Windows Media Format 11 runtime
O42 - Logiciel: Windows Media Format SDK Hotfix - KB891122
O42 - Logiciel: Windows Media Player 11
O42 - Logiciel: Windows XP Service Pack 3
O42 - Logiciel: X10 Hardware™
O42 - Logiciel: XML Paper Specification Shared Components Language Pack 1.0
O42 - Logiciel: avast! Antivirus
O42 - Logiciel: e-Carte Bleue La Banque Postale
O42 - Logiciel: eTrust Registration
O42 - Logiciel: videon

---\\ Contenu des dossiers Fichiers Communs (O43)
O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\Ahead
O43 - CFD:Common File Directory ----D- C:\Program Files\Alwil Software
O43 - CFD:Common File Directory ----D- C:\Program Files\Audacity
O43 - CFD:Common File Directory ----D- C:\Program Files\C-Media USB2.0 Card Reader
O43 - CFD:Common File Directory ----D- C:\Program Files\CA
O43 - CFD:Common File Directory ----D- C:\Program Files\CDBurnerXP
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files
O43 - CFD:Common File Directory ----D- C:\Program Files\CyberLink
O43 - CFD:Common File Directory ----D- C:\Program Files\divers
O43 - CFD:Common File Directory ----D- C:\Program Files\DivX
O43 - CFD:Common File Directory ----D- C:\Program Files\DVD Shrink
O43 - CFD:Common File Directory ----D- C:\Program Files\e-Carte Bleue
O43 - CFD:Common File Directory ----D- C:\Program Files\e-Carte Bleue La Banque Postale
O43 - CFD:Common File Directory ----D- C:\Program Files\Easy Video Splitter
O43 - CFD:Common File Directory ----D- C:\Program Files\Encarta
O43 - CFD:Common File Directory ----D- C:\Program Files\F-Secure
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers communs
O43 - CFD:Common File Directory ----D- C:\Program Files\Free
O43 - CFD:Common File Directory ----D- C:\Program Files\Google
O43 - CFD:Common File Directory ----D- C:\Program Files\Guitar pro files
O43 - CFD:Common File Directory ----D- C:\Program Files\HighMAT CD Writing Wizard
O43 - CFD:Common File Directory ----D- C:\Program Files\Home Cinema
O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD:Common File Directory ----D- C:\Program Files\Intel
O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer
O43 - CFD:Common File Directory ----D- C:\Program Files\Inventel
O43 - CFD:Common File Directory ----D- C:\Program Files\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\Learn2.com
O43 - CFD:Common File Directory ----D- C:\Program Files\Ma musique
O43 - CFD:Common File Directory ----D- C:\Program Files\McAfee
O43 - CFD:Common File Directory ----D- C:\Program Files\Medion Info Display
O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft AutoRoute
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Digital Image 2006
O43 - CFD:Common File Directory ----D- C:\Program Files\microsoft frontpage
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Money 2005
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Works
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Works Suite 2006
O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker
O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild
O43 - CFD:Common File Directory ----D- C:\Program Files\MSN
O43 - CFD:Common File Directory ----D- C:\Program Files\MSN Gaming Zone
O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 4.0
O43 - CFD:Common File Directory ----D- C:\Program Files\muvee Technologies
O43 - CFD:Common File Directory ----D- C:\Program Files\NetMeeting
O43 - CFD:Common File Directory ----D- C:\Program Files\Online Services
O43 - CFD:Common File Directory ----D- C:\Program Files\Outlook Express
O43 - CFD:Common File Directory ----D- C:\Program Files\QuickTime
O43 - CFD:Common File Directory ----D- C:\Program Files\Radio Fr Solo
O43 - CFD:Common File Directory ----D- C:\Program Files\RALINK
O43 - CFD:Common File Directory ----D- C:\Program Files\Real
O43 - CFD:Common File Directory ----D- C:\Program Files\Realtek
O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies
O43 - CFD:Common File Directory ----D- C:\Program Files\Samsung
O43 - CFD:Common File Directory ----D- C:\Program Files\Securitoo
O43 - CFD:Common File Directory ----D- C:\Program Files\Services en ligne
O43 - CFD:Common File Directory ----D- C:\Program Files\SPCDROM
O43 - CFD:Common File Directory ----D- C:\Program Files\USB Wireless Keyboard Driver
O43 - CFD:Common File Directory ----D- C:\Program Files\Viewpoint
O43 - CFD:Common File Directory ----D- C:\Program Files\Wanadoo
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Journal Viewer
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live SkyDrive
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Connect
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Connect 2
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT
O43 - CFD:Common File Directory ----D- C:\Program Files\WinRAR
O43 - CFD:Common File Directory ----D- C:\Program Files\X10 Hardware
O43 - CFD:Common File Directory ----D- C:\Program Files\xerox
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Ahead
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\AOL
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Designer
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\InstallShield
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\LightScribe
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Microsoft Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\MSSoap
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\muvee Technologies
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Nero
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Nullsoft
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\ODBC
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Real
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Services
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\SpeechEngines
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\System
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Wise Installation Wizard
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\xing shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\X10

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:Last File Created 02/12/2009 - 21:44:13 -SHA- C:\WINDOWS\Thumbs.db
O44 - LFC:Last File Created 04/12/2009 - 23:12:59 --HA- C:\WINDOWS\QTFont.qfn
O44 - LFC:Last File Created 06/12/2009 - 19:22:16 ---A- C:\WINDOWS\fsgk32.log
O44 - LFC:Last File Created 06/12/2009 - 19:22:16 ---A- C:\WINDOWS\fssm32.log
O44 - LFC:Last File Created 07/12/2009 - 20:35:45 ---A- C:\WINDOWS\System32\CONFIG.NT
O44 - LFC:Last File Created 08/12/2009 - 07:40:13 ---A- C:\WINDOWS\NeroDigital.ini
O44 - LFC:Last File Created 09/12/2009 - 00:25:08 ---A- C:\WINDOWS\SchedLgU.Txt
O44 - LFC:Last File Created 09/12/2009 - 20:25:28 -S-A- C:\WINDOWS\bootstat.dat
O44 - LFC:Last File Created 09/12/2009 - 20:25:32 ---A- C:\WINDOWS\System32\nvapps.xml
O44 - LFC:Last File Created 09/12/2009 - 20:25:38 ---A- C:\WINDOWS\wiaservc.log
O44 - LFC:Last File Created 09/12/2009 - 20:25:39 ---A- C:\WINDOWS\ModemLog_Creatix V.92 Data Fax Modem.txt
O44 - LFC:Last File Created 09/12/2009 - 20:25:39 ---A- C:\WINDOWS\wiadebug.log
O44 - LFC:Last File Created 09/12/2009 - 20:25:41 ---A- C:\WINDOWS\0.log
O44 - LFC:Last File Created 09/12/2009 - 20:25:44 ---A- C:\WINDOWS\System32\wpa.dbl
O44 - LFC:Last File Created 09/12/2009 - 20:26:29 ---A- C:\WINDOWS\System32\srcr.dat
O44 - LFC:Last File Created 09/12/2009 - 20:30:48 ---A- C:\WINDOWS\KB971737.log
O44 - LFC:Last File Created 09/12/2009 - 20:30:50 ---A- C:\WINDOWS\WindowsUpdate.log
O44 - LFC:Last File Created 11/11/2009 - 09:38:28 ---A- C:\WINDOWS\KB969947.log
O44 - LFC:Last File Created 11/11/2009 - 09:41:45 ---A- C:\WINDOWS\System32\FNTCACHE.DAT
O44 - LFC:Last File Created 15/11/2009 - 00:42:24 ---A- C:\WINDOWS\QTFont.for
O44 - LFC:Last File Created 24/11/2009 - 20:00:10 ---A- C:\WINDOWS\msxml4-KB973688-enu.LOG
O44 - LFC:Last File Created 24/11/2009 - 20:00:58 ---A- C:\WINDOWS\updspapi.log
O44 - LFC:Last File Created 24/11/2009 - 20:01:03 ---A- C:\WINDOWS\KB973687.log
O44 - LFC:Last File Created 24/11/2009 - 20:01:03 ---A- C:\WINDOWS\imsins.BAK
O44 - LFC:Last File Created 24/11/2009 - 20:01:08 ---A- C:\WINDOWS\FaxSetup.log
O44 - LFC:Last File Created 24/11/2009 - 20:01:08 ---A- C:\WINDOWS\KB976098-v2.log
O44 - LFC:Last File Created 24/11/2009 - 20:01:08 ---A- C:\WINDOWS\System32\TZLog.log
O44 - LFC:Last File Created 24/11/2009 - 20:01:08 ---A- C:\WINDOWS\comsetup.log
O44 - LFC:Last File Created 24/11/2009 - 20:01:08 ---A- C:\WINDOWS\iis6.log
O44 - LFC:Last File Created 24/11/2009 - 20:01:08 ---A- C:\WINDOWS\imsins.log
O44 - LFC:Last File Created 24/11/2009 - 20:01:08 ---A- C:\WINDOWS\msgsocm.log
O44 - LFC:Last File Created 24/11/2009 - 20:01:08 ---A- C:\WINDOWS\ntdtcsetup.log
O44 - LFC:Last File Created 24/11/2009 - 20:01:08 ---A- C:\WINDOWS\ocgen.log
O44 - LFC:Last File Created 24/11/2009 - 20:01:08 ---A- C:\WINDOWS\ocmsn.log
O44 - LFC:Last File Created 24/11/2009 - 20:01:08 ---A- C:\WINDOWS\setupapi.log
O44 - LFC:Last File Created 24/11/2009 - 20:01:08 ---A- C:\WINDOWS\tsoc.log
O44 - LFC:Last File Created 25/11/2009 - 00:47:28 ---A- C:\WINDOWS\System32\AvastSS.scr
O44 - LFC:Last File Created 25/11/2009 - 00:47:54 ---A- C:\WINDOWS\System32\drivers\aavmker4.sys
O44 - LFC:Last File Created 25/11/2009 - 00:48:57 ---A- C:\WINDOWS\System32\drivers\aswRdr.sys
O44 - LFC:Last File Created 25/11/2009 - 00:49:07 ---A- C:\WINDOWS\System32\drivers\aswTdi.sys
O44 - LFC:Last File Created 25/11/2009 - 00:50:00 ---A- C:\WINDOWS\System32\drivers\aswFsBlk.sys
O44 - LFC:Last File Created 25/11/2009 - 00:50:12 ---A- C:\WINDOWS\System32\drivers\aswSP.sys
O44 - LFC:Last File Created 25/11/2009 - 00:50:59 ---A- C:\WINDOWS\System32\drivers\aswmon2.sys
O44 - LFC:Last File Created 25/11/2009 - 00:51:09 ---A- C:\WINDOWS\System32\drivers\aswmon.sys
O44 - LFC:Last File Created 25/11/2009 - 00:54:29 ---A- C:\WINDOWS\System32\aswBoot.exe
O44 - LFC:Last File Created 27/11/2009 - 23:32:56 ---A- C:\WINDOWS\wmsetup.log

---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - McAfee Internet Security Library - {20d8bda1-1958-11d6-b00f-00b0d0c6b6a5} - C:\Program Files\McAfee\McAfee Internet Security\GDSHEXT.DLL

---\\ Export de clé d'application autorisée (ECAA)(O47)
O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:enabled:Assistance à distance"
O47 - AAKE:Key Export SP - "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:enabled:Windows Messenger"
O47 - AAKE:Key Export SP - "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:enabled:MSN Messenger"
O47 - AAKE:Key Export SP - "C:\Program Files\AOL 9.0\AOL.exe"="C:\Program Files\AOL 9.0\AOL.exe:*:enabled:AOL 9.0"
O47 - AAKE:Key Export SP - "C:\Program Files\AOL 9.0\WAOL.exe"="C:\Program Files\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0"
O47 - AAKE:Key Export SP - "C:\Program Files\Fichiers communs\AOL\ACS\AOLACSD.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)"
O47 - AAKE:Key Export SP - "C:\Program Files\Fichiers communs\AOL\ACS\AOLDIAL.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)"
O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax Console"
O47 - AAKE:Key Export SP - "C:\Program Files\divers\eMulev046b\emule.exe"="C:\Program Files\divers\eMulev046b\emule.exe:*:Enabled:eMule"
O47 - AAKE:Key Export SP - "C:\Program Files\divers\eMule\emule.exe"="C:\Program Files\divers\eMule\emule.exe:*:Enabled:eMule"
O47 - AAKE:Key Export SP - "C:\Program Files\CA\Etrust Antivirus\InocIT.exe"="C:\Program Files\CA\Etrust Antivirus\InocIT.exe:*:Enabled:InocIT"
O47 - AAKE:Key Export SP - "C:\Program Files\e-Carte Bleue\LA POSTE\CVD VISA\ECB.exe"="C:\Program Files\e-Carte Bleue\LA POSTE\CVD VISA\ECB.exe:*:Enabled:ECB.exe"
O47 - AAKE:Key Export SP - "C:\Program Files\divers\eMulev046c\eMule\emule.exe"="C:\Program Files\divers\eMulev046c\eMule\emule.exe:*:Enabled:eMule"
O47 - AAKE:Key Export SP - "C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
O47 - AAKE:Key Export SP - "C:\U.exe"="C:\U.exe:*:Enabled:Enabled"
O47 - AAKE:Key Export SP - "C:\Program Files\divers\eMulev048a\eMule\emule.exe"="C:\Program Files\divers\eMulev048a\eMule\emule.exe:*:Enabled:eMule"
O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export DP - "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:enabled:Assistance à distance"
O47 - AAKE:Key Export DP - "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:enabled:Windows Messenger"
O47 - AAKE:Key Export DP - "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:enabled:MSN Messenger"
O47 - AAKE:Key Export DP - "C:\Program Files\AOL 9.0\AOL.exe"="C:\Program Files\AOL 9.0\AOL.exe:*:enabled:AOL 9.0"
O47 - AAKE:Key Export DP - "C:\Program Files\AOL 9.0\WAOL.exe"="C:\Program Files\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0"
O47 - AAKE:Key Export DP - "C:\Program Files\Fichiers communs\AOL\ACS\AOLACSD.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)"
O47 - AAKE:Key Export DP - "C:\Program Files\Fichiers communs\AOL\ACS\AOLDIAL.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)"
O47 - AAKE:Key Export DP - "C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax Console"
O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

---\\ Déni du service (Local Security Authority) (LSA) (O48)
O48 - LSA:Local Security Authority Authentication Packages - C:\WINDOWS\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages - C:\WINDOWS\System32\scecli.dll

---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vgasave.sys

---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d

---\\ Trojan Driver Search Data (TDSD) (O52)
O52 - TDSD:HKLM\...\Drivers\"timer"="timer.drv"
O52 - TDSD:HKLM\...\Drivers32\"midimapper"="midimap.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.imaadpcm"="imaadp32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msadpcm"="msadp32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msg711"="msg711.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msgsm610"="msgsm32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.trspch"="tssoft32.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.cvid"="iccvid.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.I420"="msh263.drv"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv31"="ir32_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv32"="ir32_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv41"="ir41_32.ax"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.IYUV"="iyuv_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.mrle"="msrle32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.msvc"="msvidc32.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.UYVY"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YUY2"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YVU9"="tsbyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YVYU"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"wavemapper"="msacm32.drv"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msg723"="msg723.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.M263"="msh263.drv"
O52 - TDSD:HKLM\...\Drivers32\"vidc.M261"="msh261.drv"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msaudio1"="msaud32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.sl_anet"="sl_anet.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv50"="ir50_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.l3acm"="L3CODECA.ACM"
O52 - TDSD:HKLM\...\Drivers32\"wave"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"midi"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"mixer"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"aux"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"MSVideo8"="VfWWDM32.dll"
O52 - TDSD:HKLM\...\Drivers32\"wave1"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"mixer1"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"wave2"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"mixer2"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"vidc.DIVX"="DivX.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.l3codecp"=""
O52 - TDSD:HKLM\...\Drivers32\"vidc.tscc"="tsccvid.dll"
O52 - TDSD:HKLM\...\drivers.desc\"msaud32.acm"="Windows Media Audio Codec"
O52 - TDSD:HKLM\...\drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec"
O52 - TDSD:HKLM\...\drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software"
O52 - TDSD:HKLM\...\drivers.desc\"ir50_32.dll"="Indeo® video 5.10"
O52 - TDSD:HKLM\...\drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec"
O52 - TDSD:HKLM\...\drivers.desc\"wdmaud.drv"="Europa audio capture device"
O52 - TDSD:HKLM\...\drivers.desc\"vfwwdm32.dll"="Vidéo WDM pour le pilote de capture Windows (Win32)"
O52 - TDSD:HKLM\...\drivers.desc\"DivX.dll"="DivX 5.2.1 Codec"
O52 - TDSD:HKLM\...\drivers.desc\"L3CODECA.ACM"="Fraunhofer IIS MPEG Layer-3 Codec"
O52 - TDSD:HKLM\...\drivers.desc\"l3codecp.acm"=""
O52 - TDSD:HKLM\...\drivers.desc\"tsccvid.dll"="TechSmith Screen Capture Codec"

---\\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1

---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoDriveTypeAutoRun"=145
O56 - MWPE:[HKLM\...\Policies\Explorer] - "HonorAutoRunSetting"=1

---\\ Liste des Drivers Système (SDL) (O58)
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\1394bus.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\3xHybrid.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\61883.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\aavmker4.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\acpi.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\acpiec.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\aec.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\AegisP.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\afd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\AGRSM.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\amdk6.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\amdk7.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\arp1394.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\aswFsBlk.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\aswmon.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\aswmon2.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\aswRdr.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\aswSP.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\aswTdi.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\asyncmac.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\atapi.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\atmarpc.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\atmepvc.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\atmlane.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\atmuni.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\audstub.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\avc.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\bdasup.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\beep.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\bridge.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\cbidf2k.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ccdecode.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\cdaudio.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\cdfs.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\cdrom.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\cinemst2.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\classpnp.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\cmiucr.SYS
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\cpqdap01.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\crusoe.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\disk.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\diskdump.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\dmboot.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\dmio.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\dmload.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\dmusic.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\drmk.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\drmkaud.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\dxapi.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\dxg.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\dxgthk.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\enum1394.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\fastfat.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\fdc.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\fips.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\flpydisk.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\fltmgr.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\fsvga.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\fs_rec.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ftdisk.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\fw220.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\hdaudbus.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\Hdaudio.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\hidclass.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\hidparse.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\hidusb.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\http.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\i8042prt.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\imapi.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\intelppm.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ip6fw.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ipfltdrv.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ipinip.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ipnat.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ipsec.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\irenum.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\isapnp.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\kbdclass.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\kbdhid.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\kmixer.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ks.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ksecdd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mcd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mf.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mnmdd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\modem.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mouclass.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mouhid.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mountmgr.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mpe.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mrxdav.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mrxsmb.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\msdv.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\msfs.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\msgpc.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mskssrv.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mspclock.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mspqm.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mssmbios.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mstee.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\mup.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\nabtsfec.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ndis.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ndisip.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ndistapi.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ndisuio.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ndiswan.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ndproxy.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\netbios.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\netbt.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\nic1394.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\nikedrv.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\nmnt.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\npfs.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ntfs.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\null.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\nv4_mini.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\nwlnkflt.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\nwlnkfwd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\nwlnkipx.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\nwlnknb.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\nwlnkspx.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ohci1394.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\oprghdlr.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\p3.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\parport.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\partmgr.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\parvdm.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\pci.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\pciide.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\pciidex.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\pcmcia.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\portcls.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\processr.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\psched.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ptilink.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\rasacd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\rasl2tp.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\raspppoe.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\raspptp.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\raspti.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\rawwan.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\rdbss.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\rdpcdd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\rdpdr.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\rdpwd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\redbook.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\rio8drv.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\riodrv.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\rmcast.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\rndismp.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\rootmdm.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\rt2500usb.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\RtkHDAud.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\RTL8139.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\scsiport.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\sdbus.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\secdrv.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\serenum.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\serial.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\sffdisk.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\sffp_sd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\sfloppy.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\slip.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\smclib.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\sonydcam.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\splitter.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\sr.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\srv.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\sscdbus.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\sscdcm.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\sscdcmnt.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\sscdmdfl.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\sscdmdm.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\sscdwh.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\sscdwhnt.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\stream.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\streamip.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\swenum.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\swmidi.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\sysaudio.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\tape.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\tcpip.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\tcpip6.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\tdi.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\tdpipe.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\tdtcp.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\termdd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\tosdvd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\tsbvcap.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\tunmp.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\udfs.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\update.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usb8023.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbcamd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbcamd2.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbccgp.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbehci.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbhub.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbintel.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbport.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbprint.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbscan.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbstor.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\usbuhci.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\vdmindvd.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\vga.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\videoprt.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\volsnap.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\wanarp.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\wdmaud.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\wmilib.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\wpdusb.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\ws2ifsl.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\wstcodec.sys
O58 - SDL:System Drivers List - C:\WINDOWS\system32\drivers\x10ufx2.sys

---\\ Liste des services Legacy (LALS) (O64)
O64 - Services: CurCS - avast! Asynchronous Virus Monitor (Aavmker4) - LEGACY_AAVMKER4
O64 - Services: CurCS - AEGIS Protocol (IEEE 802.1x) v3.4.0.1 (AegisP) - LEGACY_AEGISP
O64 - Services: CurCS - AFD (AFD) - LEGACY_AFD
O64 - Services: CurCS - agrcapod (agrcapod) - LEGACY_AGRCAPOD
O64 - Services: CurCS - Service de la passerelle de la couche Application (ALG) - LEGACY_ALG
O64 - Services: CurCS - Gestion d'applications (AppMgmt) - LEGACY_APPMGMT
O64 - Services: CurCS - Protocole client ARP 1394 (Arp1394) - LEGACY_ARP1394
O64 - Services: CurCS - aswFsBlk (aswFsBlk) - LEGACY_ASWFSBLK
O64 - Services: CurCS - avast! Standard Shield Support (aswMon2) - LEGACY_ASWMON2
O64 - Services: CurCS - avast! Self Protection (aswSP) - LEGACY_ASWSP
O64 - Services: CurCS - avast! Network Shield Support (aswTdi) - LEGACY_ASWTDI
O64 - Services: CurCS - avast! iAVS4 Control Service (aswUpdSv) - LEGACY_ASWUPDSV
O64 - Services: CurCS - Audio Windows (AudioSrv) - LEGACY_AUDIOSRV
O64 - Services: CurCS - avast! Antivirus (avast! Antivirus) - LEGACY_AVAST!_ANTIVIRUS
O64 - Services: CurCS - F-Secure BackWeb (BackWeb Client - 7681197) - LEGACY_BACKWEB_CLIENT_-_7681197
O64 - Services: CurCS - Beep (Beep) - LEGACY_BEEP
O64 - Services: CurCS - Service de transfert intelligent en arrière-plan (BITS) - LEGACY_BITS
O64 - Services: CurCS - Explorateur d'ordinateur (Browser) - LEGACY_BROWSER
O64 - Services: CurCS - cdfs (cdfs) - LEGACY_CDFS
O64 - Services: CurCS - CyberLink Background Capture Service (CBCS) (CLCapSvc) - LEGACY_CLCAPSVC
O64 - Services: CurCS - .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - LEGACY_CLR_OPTIMIZATION_V2.0.50727_32
O64 - Services: CurCS - CyberLink Task Scheduler (CTS) (CLSched) - LEGACY_CLSCHED
O64 - Services: CurCS - Application système COM+ (COMSysApp) - LEGACY_COMSYSAPP
O64 - Services: CurCS - Services de cryptographie (CryptSvc) - LEGACY_CRYPTSVC
O64 - Services: CurCS - CyberLink Media Library Service (CyberLink Media Library Service) - LEGACY_CYBERLINK_MEDIA_LIBRARY_SERVICE
O64 - Services: CurCS - Lanceur de processus serveur DCOM (DcomLaunch) - LEGACY_DCOMLAUNCH
O64 - Services: CurCS - Client DHCP (Dhcp) - LEGACY_DHCP
O64 - Services: CurCS - dmboot (dmboot) - LEGACY_DMBOOT
O64 - Services: CurCS - dmload (dmload) - LEGACY_DMLOAD
O64 - Services: CurCS - Client DNS (Dnscache) - LEGACY_DNSCACHE
O64 - Services: CurCS - Service de rapport d'erreurs (ERSvc) - LEGACY_ERSVC
O64 - Services: CurCS - Système d'événements de COM+ (EventSystem) - LEGACY_EVENTSYSTEM
O64 - Services: CurCS - F-Secure File System Filter (F-Secure Filter) - LEGACY_F-SECURE_FILTER
O64 - Services: CurCS - F-Secure Gatekeeper (F-Secure Gatekeeper) - LEGACY_F-SECURE_GATEKEEPER
O64 - Services: CurCS - F-Secure Gatekeeper Handler Starter (F-Secure Gatekeeper Handler Starter) - LEGACY_F-SECURE_GATEKEEPER_HANDLER_STARTER
O64 - Services: CurCS - F-Secure Network Request Broker (F-Secure Network Request Broker) - LEGACY_F-SECURE_NETWORK_REQUEST_BROKER
O64 - Services: CurCS - F-Secure File System Recognizer (F-Secure Recognizer) - LEGACY_F-SECURE_RECOGNIZER
O64 - Services: CurCS - fastfat (fastfat) - LEGACY_FASTFAT
O64 - Services: CurCS - Compatibilité avec le Changement rapide d'utilisateur (FastUserSwitchingCompatibility) - LEGACY_FASTUSERSWITCHINGCOMPATIBILITY
O64 - Services: CurCS - Fax (Fax) - LEGACY_FAX
O64 - Services: CurCS - Fips (Fips) - LEGACY_FIPS
O64 - Services: CurCS - FltMgr (FltMgr) - LEGACY_FLTMGR
O64 - Services: CurCS - Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) - LEGACY_FONTCACHE3.0.0.0
O64 - Services: CurCS - F-Secure Authentication Agent (FSAA) - LEGACY_FSAA
O64 - Services: CurCS - F-Secure Management Agent (FSMA) - LEGACY_FSMA
O64 - Services: CurCS - F-Secure Policy Manager (FSpm) - LEGACY_FSPM
O64 - Services: CurCS - Fs_Rec (Fs_Rec) - LEGACY_FS_REC
O64 - Services: CurCS - France Telecom Routing Table Service (FTRTSVC) - LEGACY_FTRTSVC
O64 - Services: CurCS - Filtre McAfee Internet Security (GdFsHook) - LEGACY_GDFSHOOK
O64 - Services: CurCS - GDNP (GDNP) - LEGACY_GDNP
O64 - Services: CurCS - Classificateur de paquets générique (Gpc) - LEGACY_GPC
O64 - Services: CurCS - Google Updater Service (gusvc) - LEGACY_GUSVC
O64 - Services: CurCS - Aide et support (helpsvc) - LEGACY_HELPSVC
O64 - Services: CurCS - HID Input Service (HidServ) - LEGACY_HIDSERV
O64 - Services: CurCS - HTTP (HTTP) - LEGACY_HTTP
O64 - Services: CurCS - HTTP SSL (HTTPFilter) - LEGACY_HTTPFILTER
O64 - Services: CurCS - InstallDriver Table Manager (IDriverT) - LEGACY_IDRIVERT
O64 - Services: CurCS - Service COM de gravage de CD IMAPI (ImapiService) - LEGACY_IMAPISERVICE
O64 - Services: CurCS - INO_FLPY (INO_FLPY) - LEGACY_INO_FLPY
O64 - Services: CurCS - INO_FLTR (INO_FLTR) - LEGACY_INO_FLTR
O64 - Services: CurCS - Traducteur d'adresses réseau IP (IpNat) - LEGACY_IPNAT
O64 - Services: CurCS - Pilote IPSEC (IPSec) - LEGACY_IPSEC
O64 - Services: CurCS - ksecdd (ksecdd) - LEGACY_KSECDD
O64 - Services: CurCS - Serveur (lanmanserver) - LEGACY_LANMANSERVER
O64 - Services: CurCS - Station de travail (LanmanWorkstation) - LEGACY_LANMANWORKSTATION
O64 - Services: CurCS - LightScribeService Direct Disc Labeling Service (LightScribeService) - LEGACY_LIGHTSCRIBESERVICE
O64 - Services: CurCS - Assistance TCP/IP NetBIOS (LmHosts) - LEGACY_LMHOSTS
O64 - Services: CurCS - McAfee Firewall (McAfee Firewall) - LEGACY_MCAFEE_FIREWALL
O64 - Services: CurCS - mnmdd (mnmdd) - LEGACY_MNMDD
O64 - Services: CurCS - mountmgr (mountmgr) - LEGACY_MOUNTMGR
O64 - Services: CurCS - Redirecteur client WebDav (MRxDAV) - LEGACY_MRXDAV
O64 - Services: CurCS - MRXSMB (MRxSmb) - LEGACY_MRXSMB
O64 - Services: CurCS - Distributed Transaction Coordinator (MSDTC) - LEGACY_MSDTC
O64 - Services: CurCS - Msfs (Msfs) - LEGACY_MSFS
O64 - Services: CurCS - Windows Installer (MSIServer) - LEGACY_MSISERVER
O64 - Services: CurCS - Mup (Mup) - LEGACY_MUP
O64 - Services: CurCS - Pilote système NDIS (NDIS) - LEGACY_NDIS
O64 - Services: CurCS - Pilote TAPI NDIS d'accès distant (NdisTapi) - LEGACY_NDISTAPI
O64 - Services: CurCS - NDIS mode utilisateur E/S Protocole (Ndisuio) - LEGACY_NDISUIO
O64 - Services: CurCS - NDProxy (NDProxy) - LEGACY_NDPROXY
O64 - Services: CurCS - Interface NetBIOS (NetBIOS) - LEGACY_NETBIOS
O64 - Services: CurCS - NetBIOS sur TCP/IP (NetBT) - LEGACY_NETBT
O64 - Services: CurCS - Connexions réseau (Netman) - LEGACY_NETMAN
O64 - Services: CurCS - NLA (Network Location Awareness) (Nla) - LEGACY_NLA
O64 - Services: CurCS - NMSAccessU (NMSAccessU) - LEGACY_NMSACCESSU
O64 - Services: CurCS - Npfs (Npfs) - LEGACY_NPFS
O64 - Services: CurCS - ntfs (ntfs) - LEGACY_NTFS
O64 - Services: CurCS - Null (Null) - LEGACY_NULL
O64 - Services: CurCS - NVIDIA Display Driver Service (NVSvc) - LEGACY_NVSVC
O64 - Services: CurCS - PartMgr (PartMgr) - LEGACY_PARTMGR
O64 - Services: CurCS - ParVdm (ParVdm) - LEGACY_PARVDM
O64 - Services: CurCS - PCANDIS5 NDIS Protocol Driver (PCANDIS5) - LEGACY_PCANDIS5
O64 - Services: CurCS - Services IPSEC (PolicyAgent) - LEGACY_POLICYAGENT
O64 - Services: CurCS - Emplacement protégé (ProtectedStorage) - LEGACY_PROTECTEDSTORAGE
O64 - Services: CurCS - Pilote de connexion automatique d'accès distant (RasAcd) - LEGACY_RASACD
O64 - Services: CurCS - Gestionnaire de connexion automatique d'accès distant (RasAuto) - LEGACY_RASAUTO
O64 - Services: CurCS - Gestionnaire de connexions d'accès distant (RasMan) - LEGACY_RASMAN
O64 - Services: CurCS - Rdbss (Rdbss) - LEGACY_RDBSS
O64 - Services: CurCS - RDPCDD (RDPCDD) - LEGACY_RDPCDD
O64 - Services: CurCS - RDPNP (RDPNP) - LEGACY_RDPNP
O64 - Services: CurCS - Cyberlink RichVideo Service(CRVS) (RichVideo) - LEGACY_RICHVIDEO
O64 - Services: CurCS - Appel de procédure distante (RPC) (RpcSs) - LEGACY_RPCSS
O64 - Services: CurCS - Gestionnaire de comptes de sécurité (SamSs) - LEGACY_SAMSS
O64 - Services: CurCS - Planificateur de tâches (Schedule) - LEGACY_SCHEDULE
O64 - Services: CurCS - Connexion secondaire (seclogon) - LEGACY_SECLOGON
O64 - Services: CurCS - Notification d'événement système (SENS) - LEGACY_SENS
O64 - Services: CurCS - Pare-feu Windows / Partage de connexion Internet (SharedAccess) - LEGACY_SHAREDACCESS
O64 - Services: CurCS - Détection matériel noyau (ShellHWDetection) - LEGACY_SHELLHWDETECTION
O64 - Services: CurCS - Spouleur d'impression (Spooler) - LEGACY_SPOOLER
O64 - Services: CurCS - Pilote de filtre de restauration système (sr) - LEGACY_SR
O64 - Services: CurCS - Service de restauration système (srservice) - LEGACY_SRSERVICE
O64 - Services: CurCS - Srv (Srv) - LEGACY_SRV
O64 - Services: CurCS - Service de découvertes SSDP (SSDPSRV) - LEGACY_SSDPSRV
O64 - Services: CurCS - Acquisition d'image Windows (WIA) (stisvc) - LEGACY_STISVC
O64 - Services: CurCS - Téléphonie (TapiSrv) - LEGACY_TAPISRV
O64 - Services: CurCS - Pilote du protocole TCP/IP (Tcpip) - LEGACY_TCPIP
O64 - Services: CurCS - Services Terminal Server (TermService) - LEGACY_TERMSERVICE
O64 - Services: CurCS - Thèmes (Themes) - LEGACY_THEMES
O64 - Services: CurCS - Client de suivi de lien distribué (TrkWks) - LEGACY_TRKWKS
O64 - Services: CurCS - Udfs (Udfs) - LEGACY_UDFS
O64 - Services: CurCS - Hôte de périphérique universel Plug-and-Play (upnphost) - LEGACY_UPNPHOST
O64 - Services: CurCS - vga (vga) - LEGACY_VGA
O64 - Services: CurCS - VgaSave (VgaSave) - LEGACY_VGASAVE
O64 - Services: CurCS - VolSnap (VolSnap) - LEGACY_VOLSNAP
O64 - Services: CurCS - Horloge Windows (W32Time) - LEGACY_W32TIME
O64 - Services: CurCS - Pilote ARP IP d'accès distant (Wanarp) - LEGACY_WANARP
O64 - Services: CurCS - WebClient (WebClient) - LEGACY_WEBCLIENT
O64 - Services: CurCS - Infrastructure de gestion Windows (winmgmt) - LEGACY_WINMGMT
O64 - Services: CurCS - Carte de performance WMI (WmiApSrv) - LEGACY_WMIAPSRV
O64 - Services: CurCS - Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - LEGACY_WMPNETWORKSVC
O64 - Services: CurCS - Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0 (WS2IFSL) - LEGACY_WS2IFSL
O64 - Services: CurCS - Centre de sécurité (wscsvc) - LEGACY_WSCSVC
O64 - Services: CurCS - Mises à jour automatiques (wuauserv) - LEGACY_WUAUSERV
O64 - Services: CurCS - Configuration automatique sans fil (WZCSVC) - LEGACY_WZCSVC
O64 - Services: CurCS - X10 Device Network Service (x10nets) - LEGACY_X10NETS
O64 - Services: CS003 - avast! Asynchronous Virus Monitor (Aavmker4) - LEGACY_AAVMKER4
O64 - Services: CS003 - AEGIS Protocol (IEEE 802.1x) v3.4.0.1 (AegisP) - LEGACY_AEGISP
O64 - Services: CS003 - AFD (AFD) - LEGACY_AFD
O64 - Services: CS003 - agrcapod (agrcapod) - LEGACY_AGRCAPOD
O64 - Services: CS003 - Service de la passerelle de la couche Application (ALG) - LEGACY_ALG
O64 - Services: CS003 - Gestion d'applications (AppMgmt) - LEGACY_APPMGMT
O64 - Services: CS003 - Protocole client ARP 1394 (Arp1394) - LEGACY_ARP1394
O64 - Services: CS003 - aswFsBlk (aswFsBlk) - LEGACY_ASWFSBLK
O64 - Services: CS003 - avast! Standard Shield Support (aswMon2) - LEGACY_ASWMON2
O64 - Services: CS003 - avast! Self Protection (aswSP) - LEGACY_ASWSP
O64 - Services: CS003 - avast! Network Shield Support (aswTdi) - LEGACY_ASWTDI
O64 - Services: CS003 - avast! iAVS4 Control Service (aswUpdSv) - LEGACY_ASWUPDSV
O64 - Services: CS003 - Audio Windows (AudioSrv) - LEGACY_AUDIOSRV
O64 - Services: CS003 - avast! Antivirus (avast! Antivirus) - LEGACY_AVAST!_ANTIVIRUS
O64 - Services: CS003 - F-Secure BackWeb (BackWeb Client - 7681197) - LEGACY_BACKWEB_CLIENT_-_7681197
O64 - Services: CS003 - Beep (Beep) - LEGACY_BEEP
O64 - Services: CS003 - Service de transfert intelligent en arrière-plan (BITS) - LEGACY_BITS
O64 - Services: CS003 - Explorateur d'ordinateur (Browser) - LEGACY_BROWSER
O64 - Services: CS003 - cdfs (cdfs) - LEGACY_CDFS
O64 - Services: CS003 - CyberLink Background Capture Service (CBCS) (CLCapSvc) - LEGACY_CLCAPSVC
O64 - Services: CS003 - .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - LEGACY_CLR_OPTIMIZATION_V2.0.50727_32
O64 - Services: CS003 - CyberLink Task Scheduler (CTS) (CLSched) - LEGACY_CLSCHED
O64 - Services: CS003 - Application système COM+ (COMSysApp) - LEGACY_COMSYSAPP
O64 - Services: CS003 - Services de cryptographie (CryptSvc) - LEGACY_CRYPTSVC
O64 - Services: CS003 - CyberLink Media Library Service (CyberLink Media Library Service) - LEGACY_CYBERLINK_MEDIA_LIBRARY_SERVICE
O64 - Services: CS003 - Lanceur de processus serveur DCOM (DcomLaunch) - LEGACY_DCOMLAUNCH
O64 - Services: CS003 - Client DHCP (Dhcp) - LEGACY_DHCP
O64 - Services: CS003 - dmboot (dmboot) - LEGACY_DMBOOT
O64 - Services: CS003 - dmload (dmload) - LEGACY_DMLOAD
O64 - Services: CS003 - Client DNS (Dnscache) - LEGACY_DNSCACHE
O64 - Services: CS003 - Service de rapport d'erreurs (ERSvc) - LEGACY_ERSVC
O64 - Services: CS003 - Système d'événements de COM+ (EventSystem) - LEGACY_EVENTSYSTEM
O64 - Services: CS003 - F-Secure File System Filter (F-Secure Filter) - LEGACY_F-SECURE_FILTER
O64 - Services: CS003 - F-Secure Gatekeeper (F-Secure Gatekeeper) - LEGACY_F-SECURE_GATEKEEPER
O64 - Services: CS003 - F-Secure Gatekeeper Handler Starter (F-Secure Gatekeeper Handler Starter) - LEGACY_F-SECURE_GATEKEEPER_HANDLER_STARTER
O64 - Services: CS003 - F-Secure Network Request Broker (F-Secure Network Request Broker) - LEGACY_F-SECURE_NETWORK_REQUEST_BROKER
O64 - Services: CS003 - F-Secure File System Recognizer (F-Secure Recognizer) - LEGACY_F-SECURE_RECOGNIZER
O64 - Services: CS003 - fastfat (fastfat) - LEGACY_FASTFAT
O64 - Services: CS003 - Compatibilité avec le Changement rapide d'utilisateur (FastUserSwitchingCompatibility) - LEGACY_FASTUSERSWITCHINGCOMPATIBILITY
O64 - Services: CS003 - Fax (Fax) - LEGACY_FAX
O64 - Services: CS003 - Fips (Fips) - LEGACY_FIPS
O64 - Services: CS003 - FltMgr (FltMgr) - LEGACY_FLTMGR
O64 - Services: CS003 - Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) - LEGACY_FONTCACHE3.0.0.0
O64 - Services: CS003 - F-Secure Authentication Agent (FSAA) - LEGACY_FSAA
O64 - Services: CS003 - F-Secure Management Agent (FSMA) - LEGACY_FSMA
O64 - Services: CS003 - F-Secure Policy Manager (FSpm) - LEGACY_FSPM
O64 - Services: CS003 - Fs_Rec (Fs_Rec) - LEGACY_FS_REC
O64 - Services: CS003 - France Telecom Routing Table Service (FTRTSVC) - LEGACY_FTRTSVC
O64 - Services: CS003 - Filtre McAfee Internet Security (GdFsHook) - LEGACY_GDFSHOOK
O64 - Services: CS003 - GDNP (GDNP) - LEGACY_GDNP
O64 - Services: CS003 - Classificateur de paquets générique (Gpc) - LEGACY_GPC
O64 - Services: CS003 - Google Updater Service (gusvc) - LEGACY_GUSVC
O64 - Services: CS003 - Aide et support (helpsvc) - LEGACY_HELPSVC
O64 - Services: CS003 - HID Input Service (HidServ) - LEGACY_HIDSERV
O64 - Services: CS003 - HTTP (HTTP) - LEGACY_HTTP
O64 - Services: CS003 - HTTP SSL (HTTPFilter) - LEGACY_HTTPFILTER
O64 - Services: CS003 - InstallDriver Table Manager (IDriverT) - LEGACY_IDRIVERT
O64 - Services: CS003 - Service COM de gravage de CD IMAPI (ImapiService) - LEGACY_IMAPISERVICE
O64 - Services: CS003 - INO_FLPY (INO_FLPY) - LEGACY_INO_FLPY
O64 - Services: CS003 - INO_FLTR (INO_FLTR) - LEGACY_INO_FLTR
O64 - Services: CS003 - Traducteur d'adresses réseau IP (IpNat) - LEGACY_IPNAT
O64 - Services: CS003 - Pilote IPSEC (IPSec) - LEGACY_IPSEC
O64 - Services: CS003 - ksecdd (ksecdd) - LEGACY_KSECDD
O64 - Services: CS003 - Serveur (lanmanserver) - LEGACY_LANMANSERVER
O64 - Services: CS003 - Station de travail (LanmanWorkstation) - LEGACY_LANMANWORKSTATION
O64 - Services: CS003 - LightScribeService Direct Disc Labeling Service (LightScribeService) - LEGACY_LIGHTSCRIBESERVICE
O64 - Services: CS003 - Assistance TCP/IP NetBIOS (LmHosts) - LEGACY_LMHOSTS
O64 - Services: CS003 - McAfee Firewall (McAfee Firewall) - LEGACY_MCAFEE_FIREWALL
O64 - Services: CS003 - mnmdd (mnmdd) - LEGACY_MNMDD
O64 - Services: CS003 - mountmgr (mountmgr) - LEGACY_MOUNTMGR
O64 - Services: CS003 - Redirecteur client WebDav (MRxDAV) - LEGACY_MRXDAV
O64 - Services: CS003 - MRXSMB (MRxSmb) - LEGACY_MRXSMB
O64 - Services: CS003 - Distributed Transaction Coordinator (MSDTC) - LEGACY_MSDTC
O64 - Services: CS003 - Msfs (Msfs) - LEGACY_MSFS
O64 - Services: CS003 - Windows Installer (MSIServer) - LEGACY_MSISERVER
O64 - Services: CS003 - Mup (Mup) - LEGACY_MUP
O64 - Services: CS003 - Pilote système NDIS (NDIS) - LEGACY_NDIS
O64 - Services: CS003 - Pilote TAPI NDIS d'accès distant (NdisTapi) - LEGACY_NDISTAPI
O64 - Services: CS003 - NDIS mode utilisateur E/S Protocole (Ndisuio) - LEGACY_NDISUIO
O64 - Services: CS003 - NDProxy (NDProxy) - LEGACY_NDPROXY
O64 - Services: CS003 - Interface NetBIOS (NetBIOS) - LEGACY_NETBIOS
O64 - Services: CS003 - NetBIOS sur TCP/IP (NetBT) - LEGACY_NETBT
O64 - Services: CS003 - Connexions réseau (Netman) - LEGACY_NETMAN
O64 - Services: CS003 - NLA (Network Location Awareness) (Nla) - LEGACY_NLA
O64 - Services: CS003 - NMSAccessU (NMSAccessU) - LEGACY_NMSACCESSU
O64 - Services: CS003 - Npfs (Npfs) - LEGACY_NPFS
O64 - Services: CS003 - ntfs (ntfs) - LEGACY_NTFS
O64 - Services: CS003 - Null (Null) - LEGACY_NULL
O64 - Services: CS003 - NVIDIA Display Driver Service (NVSvc) - LEGACY_NVSVC
O64 - Services: CS003 - PartMgr (PartMgr) - LEGACY_PARTMGR
O64 - Services: CS003 - ParVdm (ParVdm) - LEGACY_PARVDM
O64 - Services: CS003 - PCANDIS5 NDIS Protocol Driver (PCANDIS5) - LEGACY_PCANDIS5
O64 - Services: CS003 - Services IPSEC (PolicyAgent) - LEGACY_POLICYAGENT
O64 - Services: CS003 - Emplacement protégé (ProtectedStorage) - LEGACY_PROTECTEDSTORAGE
O64 - Services: CS003 - Pilote de connexion automatique d'accès distant (RasAcd) - LEGACY_RASACD
O64 - Services: CS003 - Gestionnaire de connexion automatique d'accès distant (RasAuto) - LEGACY_RASAUTO
O64 - Services: CS003 - Gestionnaire de connexions d'accès distant (RasMan) - LEGACY_RASMAN
O64 - Services: CS003 - Rdbss (Rdbss) - LEGACY_RDBSS
O64 - Services: CS003 - RDPCDD (RDPCDD) - LEGACY_RDPCDD
O64 - Services: CS003 - RDPNP (RDPNP) - LEGACY_RDPNP
O64 - Services: CS003 - Cyberlink RichVideo Service(CRVS) (RichVideo) - LEGACY_RICHVIDEO
O64 - Services: CS003 - Appel de procédure distante (RPC) (RpcSs) - LEGACY_RPCSS
O64 - Services: CS003 - Gestionnaire de comptes de sécurité (SamSs) - LEGACY_SAMSS
O64 - Services: CS003 - Planificateur de tâches (Schedule) - LEGACY_SCHEDULE
O64 - Services: CS003 - Connexion secondaire (seclogon) - LEGACY_SECLOGON
O64 - Services: CS003 - Notification d'événement système (SENS) - LEGACY_SENS
O64 - Services: CS003 - Pare-feu Windows / Partage de connexion Internet (SharedAccess) - LEGACY_SHAREDACCESS
O64 - Services: CS003 - Détection matériel noyau (ShellHWDetection) - LEGACY_SHELLHWDETECTION
O64 - Services: CS003 - Spouleur d'impression (Spooler) - LEGACY_SPOOLER
O64 - Services: CS003 - Pilote de filtre de restauration système (sr) - LEGACY_SR
O64 - Services: CS003 - Service de restauration système (srservice) - LEGACY_SRSERVICE
O64 - Services: CS003 - Srv (Srv) - LEGACY_SRV
O64 - Services: CS003 - Service de découvertes SSDP (SSDPSRV) - LEGACY_SSDPSRV
O64 - Services: CS003 - Acquisition d'image Windows (WIA) (stisvc) - LEGACY_STISVC
O64 - Services: CS003 - Téléphonie (TapiSrv) - LEGACY_TAPISRV
O64 - Services: CS003 - Pilote du protocole TCP/IP (Tcpip) - LEGACY_TCPIP
O64 - Services: CS003 - Services Terminal Server (TermService) - LEGACY_TERMSERVICE
O64 - Services: CS003 - Thèmes (Themes) - LEGACY_THEMES
O64 - Services: CS003 - Client de suivi de lien distribué (TrkWks) - LEGACY_TRKWKS
O64 - Services: CS003 - Udfs (Udfs) - LEGACY_UDFS
O64 - Services: CS003 - Hôte de périphérique universel Plug-and-Play (upnphost) - LEGACY_UPNPHOST
O64 - Services: CS003 - vga (vga) - LEGACY_VGA
O64 - Services: CS003 - VgaSave (VgaSave) - LEGACY_VGASAVE
O64 - Services: CS003 - VolSnap (VolSnap) - LEGACY_VOLSNAP
O64 - Services: CS003 - Horloge Windows (W32Time) - LEGACY_W32TIME
O64 - Services: CS003 - Pilote ARP IP d'accès distant (Wanarp) - LEGACY_WANARP
O64 - Services: CS003 - WebClient (WebClient) - LEGACY_WEBCLIENT
O64 - Services: CS003 - Infrastructure de gestion Windows (winmgmt) - LEGACY_WINMGMT
O64 - Services: CS003 - Carte de performance WMI (WmiApSrv) - LEGACY_WMIAPSRV
O64 - Services: CS003 - Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - LEGACY_WMPNETWORKSVC
O64 - Services: CS003 - Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0 (WS2IFSL) - LEGACY_WS2IFSL
O64 - Services: CS003 - Centre de sécurité (wscsvc) - LEGACY_WSCSVC
O64 - Services: CS003 - Mises à jour automatiques (wuauserv) - LEGACY_WUAUSERV
O64 - Services: CS003 - Configuration automatique sans fil (WZCSVC) - LEGACY_WZCSVC
O64 - Services: CS003 - X10 Device Network Service (x10nets) - LEGACY_X10NETS


End of the scan: 1173 lines

#3 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:10 AM

Posted 09 December 2009 - 07:00 PM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please copy and paste the contents of C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#4 didou

didou
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 10 December 2009 - 03:19 AM

Hello Sam,
Thank you for your prompt reply.
I will try to follow your recommended instructions but as now in France it is time to work (it is 9am), I will do it this evening...
But in advance I can describe the strange behaviour of my PC.
Last week end, when I started it, the starting was blocked. I had on my screen my usual desktop, and I could move the mouse but to click on any icons what impossible (no effect)
So I started it again several times and then it worked as usual.
I wanted to use F secure (my current antivirus) but no effect, It couldn't start !?
I downloaded Avast and after scaning it detected a Rootkit. The report showed C:\WINDOWS\system32\drivers\H8SRTllrjqumoir.sys
I tried to find some info on the web and after I downloaded GMER applicable and after scaning, the report showed similar things :
Module \systemroot\system32\drivers\H8SRTllrjqumoir.sys (*** hidden *** ) F3E5E000-F3E7A000 (114688 bytes)
Service C:\WINDOWS\system32\drivers\H8SRTllrjqumoir.sys (*** hidden *** ) [SYSTEM] H8SRTd.sys <-- ROOTKIT !!!
But I was afraid to delete these files because they are .sys.
I couldn't delete them with AVAST.
Finally my brother told me to try the bleepingcomputer web site andto use HIjackThis and to send the Log to anybody and may be some nice person would help.

Generally, my computer is running well, I mean everything seems to be OK.
Except, when I write a message on a website page, I have the impression that another application is running, because the website page becomes invalid (the color of the window become light blue)
Then, yesterday, I couldn't close properly windows.
And it seems also that all applications .exe as F secure or Malware couldn't start. It seems the virus knows these applications and I stops the running because it knows it will be killed by them.

I hope this could help you to solve my problem.

Best regards and thank you again for your help

Didou

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:10 AM

Posted 10 December 2009 - 08:51 AM

Ok, just post back when you have time to run Combofix and we'll take it from there.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 didou

didou
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 10 December 2009 - 02:40 PM

Hello Sam
Ouf....the report is issued..
I hope with this you can tell me what is wrong
For your information druing scanning, ComboFix deleted the following files. The first one, I know him..the rest ?

c:\windows\system32\drivers\H8SRTllrjqumoir.sys
c:\windows\system32\h8srtcfg.dat
c:\windows\system32\H8SRTgflxewsntq.dat
c:\windows\system32\H8SRTsnvwixvapr.dll
c:\windows\system32\H8SRTxnsdpqpajd.dll
c:\windows\system32\srcr.dat
c:\windows\TEMP\IadHide3.dll

Thank you again for your help

Waiting for your news

Didou

ComboFix 09-12-09.04 - Guss 10/12/2009 20:22:43.1.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1022.598 [GMT 1:00]
Lancé depuis: c:\documents and settings\Guss\Bureau\ComboFix1.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\H8SRTllrjqumoir.sys
c:\windows\system32\h8srtcfg.dat
c:\windows\system32\H8SRTgflxewsntq.dat
c:\windows\system32\H8SRTsnvwixvapr.dll
c:\windows\system32\H8SRTxnsdpqpajd.dll
c:\windows\system32\srcr.dat
c:\windows\TEMP\IadHide3.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys


((((((((((((((((((((((((((((( Fichiers créés du 2009-11-10 au 2009-12-10 ))))))))))))))))))))))))))))))))))))
.

2009-12-09 20:01 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-09 20:01 . 2009-12-09 20:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-09 20:01 . 2009-12-09 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-09 20:01 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-07 19:35 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-07 19:35 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-07 19:35 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-07 19:35 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-07 19:35 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-07 19:35 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-07 19:35 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-07 19:35 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-07 19:35 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-07 19:35 . 2009-12-07 22:42 -------- d-----w- c:\program files\Alwil Software

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-10 18:42 . 2007-11-29 21:01 -------- d-----w- c:\program files\Wanadoo
2009-12-09 22:42 . 2005-10-19 20:41 82886 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-09 22:42 . 2005-10-19 20:41 505774 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-09 22:00 . 2005-11-29 19:14 25658 ----a-w- c:\documents and settings\Guss\Application Data\wklnhst.dat
2009-12-07 21:33 . 2005-11-29 19:48 -------- d-----w- c:\program files\divers
2009-10-29 05:25 . 2005-10-19 20:41 671232 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:39 . 2005-10-19 20:41 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:39 . 2005-10-19 20:41 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 23:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-15 18:40 . 2005-10-19 19:40 -------- d-----w- c:\program files\Microsoft Works
2009-10-13 10:33 . 2005-10-19 20:41 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:39 . 2005-10-19 20:41 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:39 . 2005-10-19 20:41 150528 ----a-w- c:\windows\system32\rastls.dll
2009-09-25 05:36 . 2005-10-19 20:41 81920 ----a-w- c:\windows\system32\ieencode.dll
2005-11-04 12:00 . 2005-11-04 11:59 56 --sh--r- c:\windows\system32\07E9BADCB3.sys
2005-10-19 19:19 . 2005-10-19 19:19 8 --sh--r- c:\windows\system32\CFE20AE075.sys
2005-11-04 12:00 . 2005-10-19 19:19 5642 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx" [X]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 1957888]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-14 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe -atboottime" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-22 7282688]
"nwiz"="nwiz.exe" [2005-09-22 1519616]
"NvMediaCenter"="NvMCTray.dll" [2005-09-22 86016]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 14820864]
"CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2005-10-12 241664]
"CHotkey"="mHotkey.exe" [2004-06-03 549376]
"ledpointer"="CNYHKey.exe" [2005-11-04 5577216]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"MedionVFD"="c:\program files\Medion Info Display\MdionLCM.exe" [2005-10-11 126976]
"PCMService"="c:\program files\Home Cinema\PowerCinema\PCMService.exe" [2005-11-01 139264]
"AntivirusRegistration"="c:\program files\CA\Etrust Antivirus\Register.exe" [2005-08-22 258048]
"InstantOn"="c:\program files\CyberLink\PowerCinema Linux\ion_install.exe" [2005-09-22 93640]
"McAfee Guardian"="c:\program files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" [2003-01-29 147456]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2002-12-05 106571]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\e-Carte Bleue\\LA POSTE\\CVD VISA\\ECB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [07/12/2009 20:35 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [07/12/2009 20:35 20560]
R2 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\FSfilter.sys [25/02/2006 23:38 47280]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\win2k\fsgk.sys [25/02/2006 23:38 37456]
R2 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\FSrec.sys [25/02/2006 23:38 15984]
R2 FSpm;F-Secure Policy Manager;c:\program files\F-Secure\Common\FSpm.sys [25/02/2006 23:38 65328]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [18/10/2005 14:01 826112]
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [19/10/2005 15:13 72320]
R3 McAfeePF;McAfee Firewall Network Filter Miniport;c:\windows\system32\drivers\fw220.sys [05/08/2002 04:00 33280]
S0 rseb;rseb; [x]
S2 BackWeb Client - 7681197;F-Secure BackWeb;c:\progra~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [25/02/2006 23:38 16384]
S3 adiusbae;USB ADSL LAN Adapter;c:\windows\system32\DRIVERS\adiusbae.sys --> c:\windows\system32\DRIVERS\adiusbae.sys [?]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - ASWRDR
*NewlyCreated* - AVAST!_MAIL_SCANNER
*NewlyCreated* - AVAST!_WEB_SCANNER
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Recherche AOL Toolbar - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Traduire à partir de l'anglais - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Pages liées - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Pages similaires - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Recherche &Google - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: Version de la page actuelle disponible dans le cache Google - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: { - c:\program files\Messenger\msmsgs.exe
LSP: c:\windows\system32\CSLSP.DLL
DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} - hxxp://www.photoweb.fr/telechargement/Photoweb_Uploader.cab
DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} - hxxp://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} - hxxp://f009.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
ShellExecuteHooks-{20d8bda1-1958-11d6-b00f-00b0d0c6b6a5} - c:\program files\McAfee\McAfee Internet Security\GDSHEXT.DLL
AddRemove-FranceTelecomUninstall_FTBrowser - c:\progra~1\Wanadoo\Shell.exe inst\uninst_FTBrowser.shl
AddRemove-Guitar Pro 4.0 - c:\progra~1\GUITAR~2\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-10 20:34
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'lsass.exe'(620)
c:\windows\system32\CSLSP.DLL
.
Heure de fin: 2009-12-10 20:36:22
ComboFix-quarantined-files.txt 2009-12-10 19:36

Avant-CF: 58 983 321 600 octets libres
Après-CF: 69 065 830 400 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

- - End Of File - - 0C96D5A71DABA0A89A262E5D00F8EAD2

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:10 AM

Posted 10 December 2009 - 05:30 PM

That was the rootkit infection that Combofix removed.

I see you are running two antivirus programs, Avast and FSecure. This can cause conflicts and other issues. Please uninstall one of them so you are only running one antivirus program at a time.


Please update Malwarebytes and run a full scan.
  • Open Malwarebytes and select the Update tab.
  • Click on the Check for Updates button and allow the program to download the latest updates.
  • Once you have the latest updates, select the Scanner tab.
  • Select "Perform full scan" and click the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Let me know how your computer is behaving now.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 didou

didou
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 10 December 2009 - 05:38 PM

Hi again Sam
Here after the Malwarebytes report...it takes around one hour to run (I did it also this afternoon for another forum helpers)
Sorry it is in french but I think this is not the first time you will ceck this kind of report and it should be the same presentation..if you need help for translating please ask...I can do it for you when I see all you are doing for me

See you

Didou

Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3340
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

10/12/2009 21:55:19
mbam-log-2009-12-10 (21-55-09).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 211258
Temps écoulé: 59 minute(s), 18 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTsnvwixvapr.dll.vir (Trojan.FakeAlert) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTxnsdpqpajd.dll.vir (Trojan.FakeAlert) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\H8SRTllrjqumoir.sys.vir (Malware.Packer) -> No action taken.
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP913\A0059613.dll (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP913\A0059614.dll (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP913\A0059669.sys (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP913\A0059612.sys (Malware.Packer) -> No action taken.

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:10 AM

Posted 11 December 2009 - 08:03 AM

Looks good to me.
How is your computer running now? Any problems?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 didou

didou
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 11 December 2009 - 01:23 PM

Hello Sam
Thank you for your quick answer.

My computer seems to run better than before...it seems also dowloading of the web site pages goes faster than before.
Are you sure the Rootkit H8SRTllrjqumoir.sys has been killed ?
I have seen that 7 files are infected but that no action was taken, do you recommend I start again a scan with Malwarebytes and at the end, to kill these 7 files ?

And then could please recommend any application which would block such infection in the future, because I do not want to repeat all the "job I did this week" to kill virus every 2 weeks.


Thank you again for your great help...it is nice to see, there's still some people around the world who are ready to help others.

Best regards from France and have a nice weekend

Didou

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:10 AM

Posted 11 December 2009 - 06:55 PM

The files that malwarebytes detected are either already quarantined by Combofix, or in your system restore files. Neither represents a risk and we can remove all of that easily once we're done here.

You can run a new Gmer scan and that will confirm if the rootkit infection is gone.

Let me know if it comes back clean and I'll post some final steps and recommendations for you.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 didou

didou
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 15 December 2009 - 04:08 PM

Hello Sam
Here is the last GMER scan I did.
It seems it is OK.
What do you think about ?
Thank you and best regards

Did

GMER 1.0.15.15273 - http://www.gmer.net
Rootkit scan 2009-12-15 22:04:06
Windows 5.1.2600 Service Pack 3
Running: n79mdg5w.exe; Driver: C:\DOCUME~1\Guss\LOCALS~1\Temp\agrcapod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF3D936B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF3D93574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF3D93A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF3D9314C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF3D9364E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF3D9308C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF3D930F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF3D9376E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF3D9372E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF3D938AE]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF67D8360, 0x2032FD, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[604] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
IAT C:\WINDOWS\system32\services.exe[604] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- EOF - GMER 1.0.15 ----

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:10 AM

Posted 15 December 2009 - 05:29 PM

Let's double check something real quick.
Download this file, save it to your desktop, and run it.

http://www2.gmer.net/mbr/mbr.exe

It will create a small log.
Please post that log for me.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 didou

didou
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 16 December 2009 - 04:22 AM

Hello Sam
I will do it this evening as I'm working now
And may be a last information regarding the behaviour of my PC.
Usually, it is easy to switch off the computer and last time, I had to use the button because the computer was blocekd ..the screen stayed open (blue color screen....with "Fermeture de Windows" (= Windows Closing Process).
May be something is still wrong because except this, everything seems ok (and even better than before)

I will post the required log...

Thank you again for your help

Best regards
Didou

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:10 AM

Posted 16 December 2009 - 10:10 AM

Ok, just post it when you can. I'll be around. :(
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users