Dysfonctionnement windows dû à virus?
4 participants
Page 4 sur 4
Page 4 sur 4 • 
1, 2, 3, 4
Re: Dysfonctionnement windows dû à virus?
par gen-hackman Dim 12 Juin - 11:01
ok est-ce qu'on a un peu d'evolution ?
gen-hackman- Messages : 93
Date d'inscription : 24/06/2010
Age : 53
Localisation : Bouches du rhône
Re: Dysfonctionnement windows dû à virus?
par Perrine Lun 13 Juin - 7:01
Toujours rien pour l'affichage, je désespère!
Perrine- Messages : 41
Date d'inscription : 03/06/2011
Re: Dysfonctionnement windows dû à virus?
par gen-hackman Lun 13 Juin - 7:02
mouais moi aussi un peu....
supprime pre_scan , retelecharge-le et repasse-le
supprime pre_scan , retelecharge-le et repasse-le
gen-hackman- Messages : 93
Date d'inscription : 24/06/2010
Age : 53
Localisation : Bouches du rhône
Re: Dysfonctionnement windows dû à virus?
par Perrine Lun 13 Juin - 7:32
Non mais c'est pas trop grave, le plus gros problème c'était le son et c'est complètement réglé maintenant, merci beaucoup!
Par contre maintenant je n'ai plus le message "processus hôte windows a cessé de fonctionner", mais CLSched module a cessé de fonctionner" :\
Par contre maintenant je n'ai plus le message "processus hôte windows a cessé de fonctionner", mais CLSched module a cessé de fonctionner" :\
Dernière édition par Perrine le Lun 13 Juin - 9:58, édité 1 fois
Perrine- Messages : 41
Date d'inscription : 03/06/2011
Re: Dysfonctionnement windows dû à virus?
par Perrine Lun 13 Juin - 9:56
Mais voila le rapport!
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan 1.0.2.11 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤ XP | Vista | Seven - 32/64 bits ¤¤¤¤¤
Mis à jour le 13/06/2011 | 21.32 par g3n-h@ckm@n
Utilisateur : PePe (Administrateurs)
Ordinateur : PC-DE-PEPE
Système d'exploitation : Windows Vista (TM) Home Premium (32 bits) HomePremium Service Pack 2
Enregistré sous : PePe
Enregistré sous : Hewlett-Packard
Processeur : Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz
Identification : x86 Family 6 Model 15 Stepping 13
Internet Explorer : 9.0.8112.16421
Mozilla Firefox : 3.6.13 (fr)
Pare-feu windows : Actif
Windows Defender : Actif
Scan : 22:52:06 | 13/06/2011
¤¤¤¤¤¤¤¤¤¤ Sessions
[HKLM | ProfileList] | S-1-5-21-3956876567-296244258-997173700-1000 : ProfileImagePath -> C:\Users\PePe
[HKLM | ProfileList] | S-1-5-21-3956876567-296244258-997173700-1000 : RefCount -> 5
[HKLM | ProfileList] | S-1-5-21-3956876567-296244258-997173700-1000 : State -> 0
¤¤¤¤¤¤¤¤¤¤ Verification des Fichiers
C:\Windows\System32\hkcmd.exe........absent !!!!
C:\Windows\System32\hkcmd.exe........téléchargé et replacé
¤¤¤¤¤¤¤¤¤¤¤ Processus en cours
Demarrage : Normal
432 | C:\Windows\System32\smss.exe - SYSTEM - Normal - \SystemRoot\System32\smss.exe - 4
568 | C:\Windows\system32\csrss.exe - SYSTEM - Normal - C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 - 556
620 | C:\Windows\system32\wininit.exe - SYSTEM - High - wininit.exe - 556
628 | C:\Windows\system32\csrss.exe - SYSTEM - Normal - C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 - 612
668 | C:\Windows\system32\services.exe - SYSTEM - Normal - C:\Windows\system32\services.exe - 620
680 | C:\Windows\system32\lsass.exe - SYSTEM - Normal - C:\Windows\system32\lsass.exe - 620
688 | C:\Windows\system32\lsm.exe - SYSTEM - Normal - C:\Windows\system32\lsm.exe - 620
836 | C:\Windows\system32\svchost.exe - SYSTEM - Normal - C:\Windows\system32\svchost.exe -k DcomLaunch - 668
904 | C:\Windows\system32\nvvsvc.exe - SYSTEM - Normal - C:\Windows\system32\nvvsvc.exe - 668
932 | C:\Windows\system32\svchost.exe - SERVICE RÉSEAU - Normal - C:\Windows\system32\svchost.exe -k rpcss - 668
988 | C:\Windows\System32\svchost.exe - SYSTEM - Normal - C:\Windows\System32\svchost.exe -k secsvcs - 668
1020 | C:\Windows\System32\svchost.exe - SERVICE LOCAL - Normal - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted - 668
1052 | C:\Windows\System32\svchost.exe - SYSTEM - Normal - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted - 668
1064 | C:\Windows\system32\svchost.exe - SYSTEM - Normal - C:\Windows\system32\svchost.exe -k netsvcs - 668
1104 | C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe - SYSTEM - Normal - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe - 668
1208 | C:\Windows\system32\svchost.exe - SYSTEM - Normal - C:\Windows\system32\svchost.exe -k GPSvcGroup - 668
1236 | C:\Windows\system32\SLsvc.exe - SERVICE RÉSEAU - Normal - C:\Windows\system32\SLsvc.exe - 668
1272 | C:\Windows\system32\svchost.exe - SERVICE LOCAL - Normal - C:\Windows\system32\svchost.exe -k LocalService - 668
1348 | C:\Windows\system32\Hpservice.exe - SYSTEM - Normal - C:\Windows\system32\Hpservice.exe - 668
1392 | C:\Windows\system32\winlogon.exe - SYSTEM - High - winlogon.exe - 612
1468 | C:\Windows\system32\svchost.exe - SERVICE RÉSEAU - Normal - C:\Windows\system32\svchost.exe -k NetworkService - 668
1716 | C:\Windows\system32\WLANExt.exe - SYSTEM - Normal - C:\Windows\system32\WLANExt.exe 2477928 - 1052
1772 | C:\Windows\System32\spoolsv.exe - SYSTEM - Normal - C:\Windows\System32\spoolsv.exe - 668
1872 | C:\Program Files\Avira\AntiVir Desktop\sched.exe - SYSTEM - Normal - "C:\Program Files\Avira\AntiVir Desktop\sched.exe" - 668
1884 | C:\Windows\system32\svchost.exe - SERVICE LOCAL - Normal - C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork - 668
996 | C:\Program Files\Avira\AntiVir Desktop\avguard.exe - SYSTEM - Normal - "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" - 668
2060 | C:\Windows\system32\taskeng.exe - SYSTEM - Below Normal - taskeng.exe {5AF3040F-80B2-4013-9535-93E9BADA7569} - 1064
2120 | C:\Windows\system32\Dwm.exe - PePe - Normal - "C:\Windows\system32\Dwm.exe" - 1052
2156 | C:\Windows\system32\taskeng.exe - PePe - Normal - taskeng.exe {E33962CA-F8E6-473D-BCFB-DBA36A3BA1D6} - 1064
2264 | C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - SYSTEM - Normal - "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" - 668
2280 | C:\Program Files\Bonjour\mDNSResponder.exe - SYSTEM - Normal - "C:\Program Files\Bonjour\mDNSResponder.exe" - 668
2304 | C:\Windows\system32\svchost.exe - SERVICE LOCAL - Normal - C:\Windows\system32\svchost.exe -k bthsvcs - 668
2336 | C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe - SYSTEM - Normal - "C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe" - 668
2380 | C:\Program Files\Common Files\LightScribe\LSSrvc.exe - SYSTEM - Normal - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" - 668
2496 | C:\Windows\system32\svchost.exe - SERVICE RÉSEAU - Normal - C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted - 668
2508 | C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe - SYSTEM - Normal - "C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" - 668
2552 | C:\Windows\SMINST\BLService.exe - SYSTEM - Normal - C:\Windows\SMINST\BLService.exe - 668
2584 | C:\Program Files\CyberLink\Shared Files\RichVideo.exe - SYSTEM - Normal - "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" - 668
2696 | C:\Windows\system32\svchost.exe - SERVICE LOCAL - Normal - C:\Windows\system32\svchost.exe -k imgsvc - 668
2804 | C:\Windows\System32\svchost.exe - SYSTEM - Normal - C:\Windows\System32\svchost.exe -k WerSvcGroup - 668
2844 | C:\Windows\system32\SearchIndexer.exe - SYSTEM - Normal - C:\Windows\system32\SearchIndexer.exe /Embedding - 668
3020 | C:\Program Files\Avira\AntiVir Desktop\avshadow.exe - SYSTEM - Normal - "C:\Program Files\Avira\AntiVir Desktop\avshadow.exe" avshadowcontrol0_000003e4 - 996
3248 | C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - PePe - Above Normal - "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" - 2296
3268 | C:\Program Files\HP\QuickPlay\QPService.exe - PePe - Normal - "C:\Program Files\HP\QuickPlay\QPService.exe" - 2296
3276 | C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe - PePe - Normal - "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe" /Start - 2296
3284 | C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe - PePe - Normal - "C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" - 2296
3308 | C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe - PePe - Normal - "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" - 2296
3740 | C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe - PePe - Normal - "C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe" -Embedding - 836
3964 | C:\Program Files\Avira\AntiVir Desktop\avgnt.exe - PePe - Normal - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min - 2296
4024 | C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe - SYSTEM - Normal - "C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe" - 668
2184 | C:\Program Files\Windows Sidebar\sidebar.exe - PePe - Normal - "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun - 2296
2132 | C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe - PePe - Normal - "C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden - 2296
2580 | C:\Windows\ehome\ehtray.exe - PePe - Normal - "C:\Windows\ehome\ehtray.exe" - 2296
2912 | C:\Windows\ehome\ehmsas.exe - PePe - Normal - C:\Windows\ehome\ehmsas.exe -Embedding - 836
3092 | C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe - PePe - Normal - "C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe" - 2296
3164 | C:\Users\PePe\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe - PePe - Normal - "C:\Users\PePe\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe" - 2296
2772 | C:\Windows\system32\wbem\wmiprvse.exe - SYSTEM - Normal - C:\Windows\system32\wbem\wmiprvse.exe - 836
660 | C:\Program Files\Stardock\ObjectDock\ObjectDock.exe - PePe - Normal - "C:\Program Files\Stardock\ObjectDock\ObjectDock.exe" - 2296
3416 | C:\Users\PePe\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe - PePe - Normal - "C:\Users\PePe\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe" - 3164
3360 | C:\Windows\system32\wbem\unsecapp.exe - PePe - Normal - C:\Windows\system32\wbem\unsecapp.exe -Embedding - 836
3788 | C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE - PePe - Normal - "C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE" - 3308
3112 | C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe - SYSTEM - Normal - "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe" - 668
1712 | C:\Windows\system32\svchost.exe - SERVICE LOCAL - Normal - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation - 668
1560 | C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe - PePe - Normal - "C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe" -Embedding - 836
156 | C:\Program Files\Synaptics\SynTP\SynTPHelper.exe - PePe - Above Normal - "C:\Program Files\Synaptics\SynTP\SynTPHelper.exe" - 3248
3556 | c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe - SYSTEM - Normal - "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" - 668
3564 | C:\Windows\system32\wuauclt.exe - PePe - Normal - "C:\Windows\system32\wuauclt.exe" - 1064
3632 | C:\Windows\system32\taskeng.exe - PePe - Normal - taskeng.exe {F1DFA4A8-D4B0-46B4-9938-791B254C3E19} - 1064
4156 | C:\Program Files\Safari\Safari.exe - PePe - Normal - "C:\Program Files\Safari\Safari.exe" - 660
3700 | C:\Program Files\Safari\Safari.exe - PePe - Normal - SafariSnapshotHelper -snapshotFetcher "C:\Users\PePe\AppData\Local\Apple Computer\Safari\Webpage Previews\Incoming" - 4156
5792 | C:\Windows\system32\SearchProtocolHost.exe - SYSTEM - Idle - "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" - 2844
3756 | C:\Windows\system32\SearchFilterHost.exe - SYSTEM - Idle - "C:\Windows\system32\SearchFilterHost.exe" 0 620 624 632 65536 628 - 2844
5004 | C:\Users\PePe\Desktop\Pre_scan.exe - PePe - High - "C:\Users\PePe\Desktop\Pre_scan.exe" - 2296
4952 | C:\Windows\System32\rundll32.exe - PePe - Normal - C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {3eef301f-b596-4c0b-bd92-013beafce793} -Embedding - 836
4484 | C:\Windows\system32\conime.exe - PePe - Normal - C:\Windows\system32\conime.exe - 4700
3196 | C:\Windows\system32\cmd.exe - PePe - Normal - cmd /c ""C:\Kill'em\Pv.bat" " - 5004
5332 | C:\Kill'em\Pv.exe - PePe - Normal - C:\Kill'em\pv.exe -o"%i | %f - %u - %p - %l - %r" - 3196
¤¤¤¤¤¤¤¤¤¤ Démarrage avant suppression ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"ehTray.exe"=C:\Windows\ehome\ehTray.exe
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe"
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"UpdatePDRShortCut"="C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
"ORAHSSSessionManager"="C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe"
"AdobeCS4ServiceManager"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
¤¤¤¤¤¤¤¤¤¤ Winlogon
[HKLM | Winlogon] | Shell : Explorer.exe
[HKLM | Winlogon] | AutoRestartShell : 1
[HKLM | Winlogon] | userinit : C:\Windows\system32\userinit.exe,
[HKLM | Winlogon] | PowerDownAfterShutdown : 1
[HKLM | Winlogon] | System :
¤¤¤¤¤¤¤¤¤¤ Associations
[.exe] : exefile
[exefile | command] : "%1" %*
[.com] : ComFile
[comfile | command] : "%1" %*
[.reg] : regfile
[regfile | command] : regedit.exe "%1"
[.scr] : scrfile
[scrfile | command] : "%1" /S
[.bat] : batfile
[batfile | command] : "%1" %*
[.cmd] : cmdfile
[cmdfile | command] : "%1" %*
[.pif] : piffile
[piffile | command] : "%1" %*
[.url] : InternetShortcut
[InternetShortcut | command] : "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l
[Application.Manifest | command] : rundll32.exe dfshim.dll,ShOpenVerbApplication %1
[Application.Reference | command] : rundll32.exe dfshim.dll,ShOpenVerbShortcut %1|%2
[Folder | command] : C:\Windows\explorer.exe
¤
[Firefox | Command] | @ : "C:\Program Files\Mozilla Firefox\Firefox.exe"
[Firefox - Safemode | Command] | @ : "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
[IE | Command] | @ : "C:\Program Files\Internet Explorer\iexplore.exe"
[Applications | IE | Command] | @ : "C:\Program Files\Internet Explorer\iexplore.exe" %1
[Safari | Command] | @ : "C:\Program Files\Safari\Safari.exe"
[Assoc | Applications] | @ : http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s
¤¤¤¤¤¤¤¤¤¤ Divers
[HKCU | HideDesktopIcons\NewStartPanel] | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> 0
[HKCU | HideDesktopIcons\NewStartPanel] | {F02C1A0D-BE21-4350-88B0-7367FC96EF3C} : 1 -> 0
[HKCU | HideDesktopIcons\ClassicStartMenu] | {F02C1A0D-BE21-4350-88B0-7367FC96EF3C} : 1 -> 0
[HKCU | HideDesktopIcons\ClassicStartMenu] | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> 0
[HKLM | HideDesktopIcons\ClassicStartMenu] | {9343812e-1c37-4a49-a12e-4b2d810d956b} : 0
[HKLM | HideDesktopIcons\ClassicStartMenu] | {4336a54d-038b-4685-ab02-99bb52d3fb8b} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {F02C1A0D-BE21-4350-88B0-7367FC96EF3C} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {208D2C60-3AEA-1069-A2D7-08002B30309D} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {871C5380-42A0-1069-A2EA-08002B30309D} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {9343812e-1c37-4a49-a12e-4b2d810d956b} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {4336a54d-038b-4685-ab02-99bb52d3fb8b} : 0
[HKCU | Desktop] | Wallpaper : C:\Users\PePe\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
[HKCU | policies\Explorer] | NoDriveTypeAutoRun : 145
[HKLM | policies\Explorer] | NoDriveTypeAutoRun : 145
¤¤¤¤¤¤¤¤¤¤ Services
[Ndisuio] | Start : 3 : Actif
[Profsvc] | Start : 2 : Actif
[PlugPlay] | Start : 2 : Actif
[PEAUTH] | Start : 2 : Actif
[Parvdm] | Start : 2 : Inactif
[NVSvc] | Start : 2 : Actif
[nsi] | Start : 2 : Actif
[NLASvc] | Start : 2 : Actif
[MPSsvc] | Start : 2 : Actif
[MMCSS] | Start : 2 : Actif
[luafv] | Start : 2 : Actif
[lltdio] | Start : 2 : Actif
[Iphlpsvc] | Start : 2 : Actif
[IKEEXT] | Start : 2 : Actif
[gpsvc] | Start : 2 : Actif
[lmhosts] | Start : 2 : Actif
[LanmanWorkstation] | Start : 2 : Actif
[LanmanServer] | Start : 2 : Actif
[agp440] | Start : 2 : Inactif
[AudioEndpointBuilder] | Start : 2 : Actif
[Audiosrv] | Start : 2 : Actif
[BFE] | Start : 2 : Actif
[Bits] | Start : 2 : Actif
[CryptSvc] | Start : 2 : Actif
[EapHost] | Start : 2 : Actif
[Wlansvc] | Start : 2 : Actif
[SharedAccess] | Start : 2 : Inactif
[windefend] | Start : 2 : Actif
[wuauserv] | Start : 2 : Actif
[WerSvc] | Start : 2 : Actif
[wscsvc] | Start : 2 : Actif
¤¤¤¤¤¤¤¤¤¤ Internet Explorer
[HKCU | Main] | Start Page : http://www.google.com/
[HKCU | Main] | Local Page : C:\Windows\system32\blank.htm
[HKCU | Main] | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[HKCU | SearchURL] | SearchAssistant : -> http://www.google.com
[HKLM | Main] | Start Page : http://go.microsoft.com/fwlink/?LinkId=69157
[HKLM | Main] | Local Page : C:\Windows\System32\blank.htm
[HKLM | Main] | Default_Search_URL : http://go.microsoft.com/fwlink/?LinkId=54896
[HKLM | Main] | Default_Page_URL : http://go.microsoft.com/fwlink/?LinkId=69157
[HKLM | Main] | Search Page : http://go.microsoft.com/fwlink/?LinkId=54896
¤
[HKCU | PhishingFilter] | Enabled : 2
[HKCU | PhishingFilter] | EnabledV8 : 0 -> 1
[HKCU | Internet Settings] | MigrateProxy : 1
[HKCU | Internet Settings] | WarnonBadCertRecving : 1
[HKCU | Internet Settings] | WarnOnHTTPSToHTTPRedirect : 1
[HKCU | Internet Settings] | WarnonZoneCrossing : 1
[HKCU | Internet Settings] | AutoConfigProxy : wininet.dll
¤¤¤¤¤¤¤¤¤¤ DNS
[HKLM | Tcpip\Parameters] | DhcpNameServer = 192.168.1.1
[HKLM\CCS | Interfaces\{37067C87-CB9D-4C46-9A7A-DA0214265D89}] | DhcpNameServer -> 192.168.1.1
[HKLM\CS1 | Interfaces\{37067C87-CB9D-4C46-9A7A-DA0214265D89}] | DhcpNameServer -> 192.168.1.1
[HKLM\CS3 | Interfaces\{37067C87-CB9D-4C46-9A7A-DA0214265D89}] | DhcpNameServer -> 192.168.1.1
¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Processus
C:\Windows\sttray.exe -> Processus stoppé
¤¤¤¤¤¤¤¤¤¤ Traitement Fichiers | Dossiers | Registre
Mise en quarantaine : C:\$Recycle.bin\S-1-5-21-3956876567-296244258-997173700-1000\desktop.ini
Mise en quarantaine : C:\Windows\Temp\Cab1E58.tmp
Mise en quarantaine : C:\Windows\Temp\CabF852.tmp
Mise en quarantaine : C:\Windows\Temp\Tar1E88.tmp
Mise en quarantaine : C:\Windows\Temp\TarF872.tmp
mise en quarantaine : C:\ProgramData\DVD.exe
mise en quarantaine : C:\ProgramData\Games.exe
mise en quarantaine : C:\ProgramData\Karaoke.exe
mise en quarantaine : C:\ProgramData\MobileTV.exe
mise en quarantaine : C:\ProgramData\MPV.exe
¤¤¤¤¤¤¤¤¤¤ IFEO
¤¤¤¤¤¤¤¤¤¤ Mountpoints2
¤¤¤¤¤¤¤¤¤¤ Listing %AppData%
[14/01/2009|21:44:20] | C:\Users\PePe\AppData\Roaming\AccurateRip
[27/12/2008|21:16:04] | C:\Users\PePe\AppData\Roaming\Adobe
[29/12/2008|21:23:15] | C:\Users\PePe\AppData\Roaming\Apple Computer
[09/06/2011|00:12:54] | C:\Users\PePe\AppData\Roaming\Avira
[22/01/2009|23:55:00] | C:\Users\PePe\AppData\Roaming\AVS4YOU
[26/05/2009|11:48:25] | C:\Users\PePe\AppData\Roaming\Corel
[28/12/2008|11:51:27] | C:\Users\PePe\AppData\Roaming\CyberLink
[19/06/2009|18:42:16] | C:\Users\PePe\AppData\Roaming\Download Manager
[28/02/2009|19:50:45] | C:\Users\PePe\AppData\Roaming\dvdcss
[03/06/2009|10:55:50] | C:\Users\PePe\AppData\Roaming\ESTsoft
[29/05/2010|20:13:22] | C:\Users\PePe\AppData\Roaming\Facebook
[12/02/2009|23:27:22] | C:\Users\PePe\AppData\Roaming\Fit3DLive
[15/05/2011|19:05:57] | C:\Users\PePe\AppData\Roaming\FreeFLVConverter
[05/04/2010|10:47:42] | C:\Users\PePe\AppData\Roaming\FreeVideoConverter
[15/07/2009|18:29:17] | C:\Users\PePe\AppData\Roaming\Google
[23/05/2009|13:18:13] | C:\Users\PePe\AppData\Roaming\gtk-2.0
[27/12/2008|21:15:54] | C:\Users\PePe\AppData\Roaming\Hewlett-Packard
[27/12/2008|21:20:47] | C:\Users\PePe\AppData\Roaming\Identities
[07/03/2009|22:39:31] | C:\Users\PePe\AppData\Roaming\InstallShield
[27/12/2008|21:16:29] | C:\Users\PePe\AppData\Roaming\Macromedia
[02/06/2011|11:05:16] | C:\Users\PePe\AppData\Roaming\Malwarebytes
[27/12/2008|21:12:35] | C:\Users\PePe\AppData\Roaming\Media Center Programs
[09/05/2009|22:43:39] | C:\Users\PePe\AppData\Roaming\Media Player Classic
[27/12/2008|21:12:35] | C:\Users\PePe\AppData\Roaming\Microsoft
[28/08/2010|22:08:07] | C:\Users\PePe\AppData\Roaming\Microsoft Games
[05/02/2009|23:54:22] | C:\Users\PePe\AppData\Roaming\Move Networks
[17/04/2009|00:52:51] | C:\Users\PePe\AppData\Roaming\Mozilla
[06/05/2010|13:40:35] | C:\Users\PePe\AppData\Roaming\Nokia
[08/05/2010|13:43:25] | C:\Users\PePe\AppData\Roaming\Nokia Ovi Suite
[31/12/2009|21:25:13] | C:\Users\PePe\AppData\Roaming\PC Suite
[02/01/2009|16:01:32] | C:\Users\PePe\AppData\Roaming\PeerNetworking
[28/12/2008|12:03:14] | C:\Users\PePe\AppData\Roaming\PlayFirst
[31/12/2009|21:22:21] | C:\Users\PePe\AppData\Roaming\Samsung
[28/12/2008|11:56:30] | C:\Users\PePe\AppData\Roaming\Skype
[04/01/2009|22:07:03] | C:\Users\PePe\AppData\Roaming\skypePM
[14/06/2010|17:44:34] | C:\Users\PePe\AppData\Roaming\Spotify
[27/12/2008|21:21:34] | C:\Users\PePe\AppData\Roaming\Symantec
[15/07/2009|19:32:37] | C:\Users\PePe\AppData\Roaming\Thinstall
[02/01/2009|16:01:32] | C:\Users\PePe\AppData\Roaming\UserTile.png
[03/10/2010|11:32:10] | C:\Users\PePe\AppData\Roaming\vlc
[28/12/2008|01:31:46] | C:\Users\PePe\AppData\Roaming\WildTangent
[23/02/2009|19:33:21] | C:\Users\PePe\AppData\Roaming\XnView
¤¤¤¤¤¤¤¤¤¤ Listing %CommonAppData%
[30/07/2008|01:58:56] | C:\ProgramData\Adobe
[03/06/2009|22:42:26] | C:\ProgramData\AOL
[03/06/2009|22:42:28] | C:\ProgramData\AOL OCP
[10/06/2009|11:18:51] | C:\ProgramData\Apowersoft
[29/12/2008|21:20:06] | C:\ProgramData\Apple
[29/12/2008|21:21:04] | C:\ProgramData\Apple Computer
[02/11/2006|15:02:03] | C:\ProgramData\Application Data
[09/06/2011|00:11:39] | C:\ProgramData\Avira
[22/01/2009|23:55:02] | C:\ProgramData\AVS4YOU
[27/12/2008|21:09:09] | C:\ProgramData\Bureau
[17/11/2008|06:53:02] | C:\ProgramData\CyberLink
[02/11/2006|15:02:03] | C:\ProgramData\Desktop
[02/11/2006|15:02:03] | C:\ProgramData\Documents
[28/02/2009|19:34:41] | C:\ProgramData\DVD Shrink
[14/06/2009|18:20:58] | C:\ProgramData\Electronic Arts
[03/06/2009|11:10:00] | C:\ProgramData\Estsoft
[07/06/2011|19:44:39] | C:\ProgramData\ezsid.dat
[27/12/2008|21:09:09] | C:\ProgramData\Favoris
[02/11/2006|15:02:03] | C:\ProgramData\Favorites
[20/06/2009|01:13:30] | C:\ProgramData\FLEXnet
[28/12/2008|11:25:33] | C:\ProgramData\FRA
[15/07/2009|18:27:53] | C:\ProgramData\Google
[11/03/2009|21:43:00] | C:\ProgramData\Google Updater
[30/07/2008|01:18:45] | C:\ProgramData\Hewlett-Packard
[17/11/2008|06:53:05] | C:\ProgramData\hpqp.ini
[28/12/2008|11:25:33] | C:\ProgramData\hpqp.txt
[06/05/2010|14:01:32] | C:\ProgramData\Installations
[26/05/2009|11:49:10] | C:\ProgramData\InstallShield
[30/05/2010|14:43:10] | C:\ProgramData\Last.fm
[27/12/2008|21:32:21] | C:\ProgramData\LightScribe
[02/06/2011|11:05:10] | C:\ProgramData\Malwarebytes
[20/10/2009|20:10:22] | C:\ProgramData\McAfee
[18/10/2009|11:30:10] | C:\ProgramData\McAfee Security Scan
[27/12/2008|21:09:09] | C:\ProgramData\Menu Démarrer
[03/03/2009|10:15:15] | C:\ProgramData\Messenger Plus!
[02/11/2006|13:18:33] | C:\ProgramData\Microsoft
[28/08/2010|22:04:00] | C:\ProgramData\Microsoft Games
[30/07/2008|01:55:05] | C:\ProgramData\Microsoft Help
[27/12/2008|21:09:10] | C:\ProgramData\Modèles
[30/07/2008|01:44:04] | C:\ProgramData\muvee Technologies
[06/05/2010|14:00:26] | C:\ProgramData\Nokia
[06/05/2010|12:51:10] | C:\ProgramData\NokiaMusic
[19/01/2010|18:11:25] | C:\ProgramData\NOS
[06/06/2011|09:42:44] | C:\ProgramData\ntuser.pol
[17/11/2008|06:54:30] | C:\ProgramData\NVIDIA
[27/12/2008|21:14:39] | C:\ProgramData\nvModes.001
[27/12/2008|21:12:39] | C:\ProgramData\nvModes.dat
[06/05/2010|12:33:52] | C:\ProgramData\OviInstallerCache
[31/12/2009|21:25:13] | C:\ProgramData\PC Suite
[15/07/2009|20:10:19] | C:\ProgramData\Pinnacle
[15/07/2009|20:13:14] | C:\ProgramData\Pinnacle VideoSpin
[28/12/2008|19:36:32] | C:\ProgramData\PlayFirst
[28/12/2008|11:30:56] | C:\ProgramData\Skype
[22/02/2009|23:33:03] | C:\ProgramData\SmartSound Software Inc
[02/11/2006|15:02:03] | C:\ProgramData\Start Menu
[30/07/2008|00:42:34] | C:\ProgramData\Symantec
[22/02/2009|23:24:08] | C:\ProgramData\Temp
[02/11/2006|15:02:04] | C:\ProgramData\Templates
[09/02/2009|01:22:14] | C:\ProgramData\TVU Networks
[25/07/2009|12:00:11] | C:\ProgramData\Ulead Systems
[30/07/2008|01:18:45] | C:\ProgramData\WildTangent
[11/02/2009|19:12:09] | C:\ProgramData\WindowsSearch
[15/07/2009|18:28:57] | C:\ProgramData\WinZip
[04/01/2009|21:52:19] | C:\ProgramData\WLInstaller
[24/03/2009|00:05:11] | C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[30/07/2008|01:57:31] | C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[05/04/2010|21:22:26] | C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[11/10/2009|23:13:43] | C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[31/08/2009|22:06:59] | C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
¤¤¤¤¤¤¤¤¤¤ Listing %LocalAppData%
[05/01/2009|15:43:11] | C:\Users\PePe\AppData\Local\Adobe
[29/12/2008|21:20:50] | C:\Users\PePe\AppData\Local\Apple
[29/12/2008|21:23:15] | C:\Users\PePe\AppData\Local\Apple Computer
[27/12/2008|21:12:36] | C:\Users\PePe\AppData\Local\Application Data
[27/12/2008|21:21:49] | C:\Users\PePe\AppData\Local\AtStart.txt
[27/05/2009|21:52:46] | C:\Users\PePe\AppData\Local\Corel
[28/12/2008|11:51:43] | C:\Users\PePe\AppData\Local\d3d9caps.dat
[28/12/2008|01:34:11] | C:\Users\PePe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[15/06/2010|22:27:09] | C:\Users\PePe\AppData\Local\DOSBox
[27/12/2008|21:21:49] | C:\Users\PePe\AppData\Local\DSwitch.txt
[08/09/2009|09:30:42] | C:\Users\PePe\AppData\Local\FnF4.txt
[27/12/2008|21:21:36] | C:\Users\PePe\AppData\Local\GDIPFONTCACHEV1.DAT
[12/01/2009|22:08:27] | C:\Users\PePe\AppData\Local\Google
[27/12/2008|21:26:10] | C:\Users\PePe\AppData\Local\Hewlett-Packard
[27/12/2008|21:12:36] | C:\Users\PePe\AppData\Local\Historique
[02/06/2011|15:09:20] | C:\Users\PePe\AppData\Local\IconCache.db
[06/05/2010|13:44:49] | C:\Users\PePe\AppData\Local\IsolatedStorage
[29/05/2010|20:27:28] | C:\Users\PePe\AppData\Local\Last.fm
[27/12/2008|21:12:35] | C:\Users\PePe\AppData\Local\Microsoft
[27/12/2008|21:47:47] | C:\Users\PePe\AppData\Local\Microsoft Games
[27/07/2009|09:05:14] | C:\Users\PePe\AppData\Local\Microsoft Help
[17/04/2009|00:52:51] | C:\Users\PePe\AppData\Local\Mozilla
[06/05/2010|12:51:31] | C:\Users\PePe\AppData\Local\Nokia
[06/05/2010|13:41:08] | C:\Users\PePe\AppData\Local\NokiaAccount
[27/12/2008|21:21:49] | C:\Users\PePe\AppData\Local\QSwitch.txt
[28/12/2008|11:25:31] | C:\Users\PePe\AppData\Local\QuickPlay
[14/06/2010|17:44:34] | C:\Users\PePe\AppData\Local\Spotify
[08/12/2009|01:01:59] | C:\Users\PePe\AppData\Local\Stardock
[06/06/2011|00:50:39] | C:\Users\PePe\AppData\Local\temp
[27/12/2008|21:12:36] | C:\Users\PePe\AppData\Local\Temporary Internet Files
[09/02/2009|01:22:14] | C:\Users\PePe\AppData\Local\TVU Networks
[27/12/2008|21:12:38] | C:\Users\PePe\AppData\Local\VirtualStore
[29/05/2011|20:05:22] | C:\Users\PePe\AppData\Local\{C9E82244-02DF-4628-A3DA-028F2AC3523B}
¤¤¤¤¤¤¤¤¤¤ Listing %CommonFiles%
[30/07/2008|01:58:51] | C:\Program Files\Common Files\Adobe
[20/06/2009|01:00:50] | C:\Program Files\Common Files\Adobe AIR
[29/12/2008|21:20:06] | C:\Program Files\Common Files\Apple
[22/01/2009|23:54:13] | C:\Program Files\Common Files\AVSMedia
[30/07/2008|01:56:38] | C:\Program Files\Common Files\DESIGNER
[11/09/2009|18:18:23] | C:\Program Files\Common Files\DVDVideoSoft
[14/06/2009|22:18:01] | C:\Program Files\Common Files\France Telecom
[30/07/2008|00:30:42] | C:\Program Files\Common Files\InstallShield
[30/07/2008|02:18:01] | C:\Program Files\Common Files\Java
[17/11/2008|06:48:35] | C:\Program Files\Common Files\LightScribe
[20/06/2009|00:54:55] | C:\Program Files\Common Files\Macrovision Shared
[02/11/2006|13:18:33] | C:\Program Files\Common Files\microsoft shared
[30/07/2008|01:44:08] | C:\Program Files\Common Files\muvee Technologies
[06/05/2010|12:46:53] | C:\Program Files\Common Files\Nokia
[12/01/2009|22:08:42] | C:\Program Files\Common Files\PX Storage Engine
[02/11/2006|13:18:33] | C:\Program Files\Common Files\Services
[28/12/2008|11:31:01] | C:\Program Files\Common Files\Skype
[02/11/2006|13:18:33] | C:\Program Files\Common Files\SpeechEngines
[06/12/2009|21:14:25] | C:\Program Files\Common Files\Stardock
[30/07/2008|00:42:33] | C:\Program Files\Common Files\Symantec Shared
[02/11/2006|13:18:33] | C:\Program Files\Common Files\System
[12/01/2009|16:29:47] | C:\Program Files\Common Files\Windows Live
[04/01/2009|21:52:53] | C:\Program Files\Common Files\WindowsLiveInstaller
[15/07/2009|20:13:18] | C:\Program Files\Common Files\Yahoo!
¤¤¤¤¤¤¤¤¤¤ Listing Tasks
[11/03/2009 | 21:42:59] | C:\Windows\Tasks\Google Software Updater.job
[01/07/2009 | 09:48:02] | C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[01/07/2009 | 09:48:03] | C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[15/05/2011 | 10:37:46] | C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3956876567-296244258-997173700-1000Core.job
[15/05/2011 | 10:37:47] | C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3956876567-296244258-997173700-1000UA.job
¤¤¤¤¤¤¤¤¤¤ Drivers | Services | R0 : Boot | R1 : System | R2 : Auto
R0 - ACPI (Pilote ACPI Microsoft) -> system32\drivers\acpi.sys
R2 - adfs () -> (?)
R0 - adp94xx () -> system32\drivers\adp94xx.sys
R0 - adpahci () -> system32\drivers\adpahci.sys
R0 - adpu160m () -> system32\drivers\adpu160m.sys
R0 - adpu320 () -> system32\drivers\adpu320.sys
R2 - AeLookupSvc (@%SystemRoot%\system32\aelupsvc.dll,-1) -> %systemroot%\system32\svchost.exe -k netsvcs
R1 - AFD (Ancilliary Function Driver for Winsock) -> \SystemRoot\system32\drivers\afd.sys
R0 - aic78xx () -> system32\drivers\djsvs.sys
R0 - aliide () -> system32\drivers\aliide.sys
R0 - amdide () -> system32\drivers\amdide.sys
R2 - AntiVirSchedulerService (Avira AntiVir Planificateur) -> "C:\Program Files\Avira\AntiVir Desktop\sched.exe"
R2 - AntiVirService (Avira AntiVir Guard) -> "C:\Program Files\Avira\AntiVir Desktop\avguard.exe"
R2 - Apple Mobile Device (Apple Mobile Device) -> "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
R0 - arc () -> system32\drivers\arc.sys
R0 - arcsas () -> system32\drivers\arcsas.sys
R0 - atapi (Canal IDE) -> system32\drivers\atapi.sys
R2 - AudioEndpointBuilder (@%SystemRoot%\system32\audiosrv.dll,-204) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
R2 - Audiosrv (@%SystemRoot%\system32\audiosrv.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
R2 - avgntflt (avgntflt) -> system32\DRIVERS\avgntflt.sys
R1 - avipbb (avipbb) -> system32\DRIVERS\avipbb.sys
R1 - Beep (Beep) -> (?)
R2 - BFE (@%SystemRoot%\system32\bfe.dll,-1001) -> %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
R2 - BITS (@%SystemRoot%\system32\qmgr.dll,-1000) -> %SystemRoot%\system32\svchost.exe -k netsvcs
R2 - Bonjour Service (Service Bonjour) -> "C:\Program Files\Bonjour\mDNSResponder.exe"
R2 - BthServ (@%SystemRoot%\System32\bthserv.dll,-101) -> %SystemRoot%\system32\svchost.exe -k bthsvcs
R1 - cdrom (Pilote de CD-ROM) -> system32\DRIVERS\cdrom.sys
R0 - CLFS (Common Log (CLFS)) -> System32\CLFS.sys
R0 - cmdide () -> system32\drivers\cmdide.sys
R0 - Compbatt (Pilote de batterie composite Microsoft) -> system32\DRIVERS\compbatt.sys
R0 - crcdisk (Crcdisk Filter Driver) -> system32\drivers\crcdisk.sys
R2 - CryptSvc (@%SystemRoot%\system32\cryptsvc.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k NetworkService
R2 - DcomLaunch (@oleres.dll,-5012) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch
R1 - DfsC (@%systemroot%\system32\drivers\dfsc.sys,-101) -> System32\Drivers\dfsc.sys
R2 - Dhcp (@%SystemRoot%\system32\dhcpcsvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
R0 - disk (Pilote de disque) -> system32\drivers\disk.sys
R2 - Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101) -> %SystemRoot%\system32\svchost.exe -k NetworkService
R2 - DPS (@%systemroot%\system32\dps.dll,-500) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
R2 - EapHost (@%systemroot%\system32\eapsvc.dll,-1) -> %SystemRoot%\System32\svchost.exe -k netsvcs
R0 - Ecache (ReadyBoost Caching Driver) -> System32\drivers\ecache.sys
R0 - elxstor () -> system32\drivers\elxstor.sys
R2 - EMDMgmt (@%SystemRoot%\system32\emdmgmt.dll,-1000) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 - Eventlog (@%SystemRoot%\system32\wevtsvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
R2 - EventSystem (@comres.dll,-2450) -> %SystemRoot%\system32\svchost.exe -k LocalService
R2 - FDResPub (@%systemroot%\system32\fdrespub.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalService
R0 - FileInfo (File Information FS MiniFilter) -> system32\drivers\fileinfo.sys
R0 - FltMgr (FltMgr) -> system32\drivers\fltmgr.sys
R2 - FontCache (@%systemroot%\system32\FntCache.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
R2 - FTRTSVC (France Telecom Routing Table Service) -> "C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe"
R2 - gpsvc (@gpapi.dll,-112) -> %windir%\system32\svchost.exe -k GPSvcGroup
R2 - hidserv (@%SystemRoot%\System32\hidserv.dll,-101) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 - HP Health Check Service (HP Health Check Service) -> "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe"
R0 - HpCISSs () -> system32\drivers\hpcisss.sys
R0 - hpdskflt (HP Filter) -> system32\DRIVERS\hpdskflt.sys
R2 - hpsrv (HP Service) -> %SystemRoot%\system32\Hpservice.exe
R0 - i2omp () -> system32\drivers\i2omp.sys
R1 - i8042prt (Pilote pour clavier i8042 et souris sur port PS/2) -> system32\DRIVERS\i8042prt.sys
R0 - iaStorV (Intel RAID Controller Vista) -> system32\drivers\iastorv.sys
R0 - iirsp () -> system32\drivers\iirsp.sys
R2 - IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501) -> %systemroot%\system32\svchost.exe -k netsvcs
R0 - intelide () -> system32\drivers\intelide.sys
R2 - iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k NetSvcs
R0 - isapnp (PnP ISA/EISA Bus Driver) -> system32\drivers\isapnp.sys
R0 - iteatapi (ITEATAPI_Service_Install) -> system32\drivers\iteatapi.sys
R0 - iteraid (ITERAID_Service_Install) -> system32\drivers\iteraid.sys
R1 - kbdclass (Pilote de la classe Clavier) -> system32\DRIVERS\kbdclass.sys
R1 - kbdhid (Pilote HID de clavier) -> system32\DRIVERS\kbdhid.sys
R0 - KSecDD () -> System32\Drivers\ksecdd.sys
R2 - KtmRm (@comres.dll,-2946) -> %SystemRoot%\System32\svchost.exe -k NetworkService
R2 - LanmanServer (@%systemroot%\system32\srvsvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs
R2 - LanmanWorkstation (@%systemroot%\system32\wkssvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k LocalService
R2 - LightScribeService (LightScribeService Direct Disc Labeling Service) -> "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
R2 - lltdio (Link-Layer Topology Discovery Mapper I/O Driver) -> system32\DRIVERS\lltdio.sys
R2 - lmhosts (@%SystemRoot%\system32\lmhsvc.dll,-101) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
R0 - LSI_FC () -> system32\drivers\lsi_fc.sys
R0 - LSI_SAS () -> system32\drivers\lsi_sas.sys
R0 - LSI_SCSI () -> system32\drivers\lsi_scsi.sys
R2 - luafv (UAC File Virtualization) -> \SystemRoot\system32\drivers\luafv.sys
R0 - megasas () -> system32\drivers\megasas.sys
R0 - MegaSR () -> system32\drivers\megasr.sys
R2 - MMCSS (@%systemroot%\system32\mmcss.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs
R1 - mouclass (Pilote de la classe Souris) -> system32\DRIVERS\mouclass.sys
R0 - MountMgr (Mount Point Manager) -> System32\drivers\mountmgr.sys
R0 - mpio (Microsoft Multi-Path Bus Driver) -> system32\drivers\mpio.sys
R2 - MpsSvc (@%SystemRoot%\system32\FirewallAPI.dll,-23090) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
R0 - Mraid35x () -> system32\drivers\mraid35x.sys
R0 - msahci () -> system32\drivers\msahci.sys
R0 - msdsm (Microsoft Multi-Path Device Specific Module) -> system32\drivers\msdsm.sys
R1 - Msfs () -> (?)
R0 - msisadrv (Pilote de classe ISA/EISA) -> system32\drivers\msisadrv.sys
R0 - Mup (Mup) -> System32\Drivers\mup.sys
R0 - NDIS (NDIS System Driver) -> system32\drivers\ndis.sys
R1 - NetBIOS (NetBIOS Interface) -> system32\DRIVERS\netbios.sys
R1 - netbt (NETBT) -> System32\DRIVERS\netbt.sys
R2 - netprofm (@%SystemRoot%\system32\netprof.dll,-246) -> %SystemRoot%\System32\svchost.exe -k LocalService
R0 - nfrd960 () -> system32\drivers\nfrd960.sys
R2 - NlaSvc (@%SystemRoot%\System32\nlasvc.dll,-1) -> %SystemRoot%\System32\svchost.exe -k NetworkService
R1 - Npfs () -> (?)
R2 - nsi (@%SystemRoot%\system32\nsisvc.dll,-200) -> %systemroot%\system32\svchost.exe -k LocalService
R1 - nsiproxy (NSI proxy service) -> system32\drivers\nsiproxy.sys
R1 - Null () -> (?)
R0 - nvraid (NVIDIA nForce RAID Driver ) -> system32\drivers\nvraid.sys
R0 - nvstor () -> system32\drivers\nvstor.sys
R2 - nvsvc (NVIDIA Display Driver Service) -> %SystemRoot%\system32\nvvsvc.exe
R0 - partmgr (Partition Manager) -> System32\drivers\partmgr.sys
R2 - PcaSvc (@%SystemRoot%\system32\pcasvc.dll,-1) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R0 - pci (Pilote de bus PCI) -> system32\drivers\pci.sys
R0 - pciide () -> system32\drivers\pciide.sys
R2 - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys
R2 - PlugPlay (@%SystemRoot%\system32\umpnpmgr.dll,-100) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch
R2 - PolicyAgent (@%SystemRoot%\System32\polstore.dll,-5010) -> %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted
R2 - ProfSvc (@%systemroot%\system32\profsvc.dll,-300) -> %systemroot%\system32\svchost.exe -k netsvcs
R1 - PSched (@%SystemRoot%\System32\drivers\pacer.sys,-101) -> system32\DRIVERS\pacer.sys
R0 - ql2300 (QLogic Fibre Channel Miniport Driver) -> system32\drivers\ql2300.sys
R0 - ql40xx (QLogic iSCSI Miniport Driver) -> system32\drivers\ql40xx.sys
R2 - QPCapSvc (QuickPlay Background Capture Service (QBCS)) -> "C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe"
R1 - RasAcd (Remote Access Auto Connection Driver) -> System32\DRIVERS\rasacd.sys
R1 - rdbss (Redirected Buffering Sub Sysytem) -> system32\DRIVERS\rdbss.sys
R1 - RDPCDD (RDPCDD) -> System32\DRIVERS\RDPCDD.sys
R1 - RDPENCDD (RDP Encoder Mirror Driver) -> system32\drivers\rdpencdd.sys
R2 - Recovery Service for Windows (Recovery Service for Windows) -> C:\Windows\SMINST\BLService.exe
R2 - RichVideo (Cyberlink RichVideo Service(CRVS)) -> "C:\Program Files\CyberLink\Shared Files\RichVideo.exe"
R2 - RpcSs (@oleres.dll,-5010) -> %SystemRoot%\system32\svchost.exe -k rpcss
R2 - rspndr (Link-Layer Topology Discovery Responder) -> system32\DRIVERS\rspndr.sys
R2 - SamSs (@%SystemRoot%\system32\samsrv.dll,-1) -> %SystemRoot%\system32\lsass.exe
R0 - sbp2port (SBP-2 Transport/Protocol Bus Driver) -> system32\drivers\sbp2port.sys
R2 - Schedule (@%SystemRoot%\system32\schedsvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k netsvcs
R2 - secdrv (Security Driver) -> (?)
R2 - seclogon (@%SystemRoot%\system32\seclogon.dll,-7001) -> %windir%\system32\svchost.exe -k netsvcs
R2 - SENS (@%SystemRoot%\system32\Sens.dll,-200) -> %SystemRoot%\system32\svchost.exe -k netsvcs
R2 - ShellHWDetection (@%SystemRoot%\System32\shsvcs.dll,-12288) -> %SystemRoot%\System32\svchost.exe -k netsvcs
R0 - SiSRaid2 () -> system32\drivers\sisraid2.sys
R0 - SiSRaid4 () -> system32\drivers\sisraid4.sys
R2 - slsvc (@%SystemRoot%\system32\SLsvc.exe,-101) -> %SystemRoot%\system32\SLsvc.exe
R1 - Smb (@%SystemRoot%\system32\tcpipcfg.dll,-50005) -> system32\DRIVERS\smb.sys
R0 - spldr (Security Processor Loader Driver) -> (?)
R2 - Spooler (@%systemroot%\system32\spoolsv.exe,-1) -> %SystemRoot%\System32\spoolsv.exe
R1 - ssmdrv (ssmdrv) -> system32\DRIVERS\ssmdrv.sys
R2 - STacSV (Audio Service) -> C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
R2 - stisvc (@%SystemRoot%\system32\wiaservc.dll,-9) -> %SystemRoot%\system32\svchost.exe -k imgsvc
R0 - Symc8xx () -> system32\drivers\symc8xx.sys
R0 - Sym_hi () -> system32\drivers\sym_hi.sys
R0 - Sym_u3 () -> system32\drivers\sym_u3.sys
R2 - SysMain (@%SystemRoot%\system32\sysmain.dll,-1000) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 - TabletInputService (@%SystemRoot%\system32\TabSvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
R0 - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys
R2 - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys
R1 - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> system32\DRIVERS\tdx.sys
R1 - TermDD (Pilote de périphérique terminal) -> system32\DRIVERS\termdd.sys
R2 - TermService (@%SystemRoot%\System32\termsrv.dll,-268) -> %SystemRoot%\System32\svchost.exe -k NetworkService
R2 - Themes (@%SystemRoot%\System32\shsvcs.dll,-8192) -> %SystemRoot%\System32\svchost.exe -k netsvcs
R2 - TrkWks (@%SystemRoot%\system32\trkwks.dll,-1) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
R0 - uliahci () -> system32\drivers\uliahci.sys
R0 - UlSata () -> system32\drivers\ulsata.sys
R0 - ulsata2 () -> system32\drivers\ulsata2.sys
R2 - UxSms (@%SystemRoot%\system32\dwm.exe,-2000) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
R1 - VgaSave () -> \SystemRoot\System32\drivers\vga.sys
R0 - viaide () -> system32\drivers\viaide.sys
R0 - volmgr (Pilote du Gestionnaire de volume) -> system32\drivers\volmgr.sys
R0 - volmgrx (Dynamic Volume Manager) -> System32\drivers\volmgrx.sys
R0 - volsnap (Volumes de stockage) -> system32\drivers\volsnap.sys
R0 - vsmraid () -> system32\drivers\vsmraid.sys
R2 - W32Time (@%SystemRoot%\system32\w32time.dll,-200) -> %SystemRoot%\system32\svchost.exe -k LocalService
R1 - Wanarpv6 (Remote Access IPv6 ARP Driver) -> system32\DRIVERS\wanarp.sys
R0 - Wd (Microsoft Watchdog Timer Driver) -> system32\drivers\wd.sys
R0 - Wdf01000 (Kernel Mode Driver Frameworks service) -> system32\drivers\Wdf01000.sys
R2 - WebClient (@%systemroot%\system32\webclnt.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalService
R2 - WerSvc (@%SystemRoot%\System32\wersvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k WerSvcGroup
R2 - WinDefend (@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103) -> %SystemRoot%\System32\svchost.exe -k secsvcs
R2 - Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205) -> %systemroot%\system32\svchost.exe -k netsvcs
R2 - Wlansvc (@%SystemRoot%\System32\wlansvc.dll,-257) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 - WPDBusEnum (@%SystemRoot%\system32\wpdbusenum.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 - wscsvc (@%SystemRoot%\System32\wscsvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
R2 - WSearch (@%systemroot%\system32\SearchIndexer.exe,-103) -> %systemroot%\system32\SearchIndexer.exe /Embedding
R2 - wuauserv (@%systemroot%\system32\wuaueng.dll,-105) -> %systemroot%\system32\svchost.exe -k netsvcs
R2 - wudfsvc (@%SystemRoot%\system32\wudfsvc.dll,-1000) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
¤¤¤¤¤¤¤¤¤¤ Security
[HKLM | Security Center] | AntiVirusDisableNotify : 0
[HKLM | Security Center] | FirewallDisableNotify : 0
[HKLM | Security Center] | UpdatesDisableNotify : 0
[HKLM | Security Center\Svc] | AntispywareOverride : 0
[HKLM | Security Center\Svc] | AntiVirusOverride : 0
[HKLM | Security Center\Svc] | FirewallOverride : 0
¤¤¤
C:\Windows\explorer.exe -> Processus redémarré
Pre_Script.exe : Pour le faire apparaitre , glisser-déposer une icone sur Pre_scan
Fin : 22:54:41
¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan 1.0.2.11 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤ XP | Vista | Seven - 32/64 bits ¤¤¤¤¤
Mis à jour le 13/06/2011 | 21.32 par g3n-h@ckm@n
Utilisateur : PePe (Administrateurs)
Ordinateur : PC-DE-PEPE
Système d'exploitation : Windows Vista (TM) Home Premium (32 bits) HomePremium Service Pack 2
Enregistré sous : PePe
Enregistré sous : Hewlett-Packard
Processeur : Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz
Identification : x86 Family 6 Model 15 Stepping 13
Internet Explorer : 9.0.8112.16421
Mozilla Firefox : 3.6.13 (fr)
Pare-feu windows : Actif
Windows Defender : Actif
Scan : 22:52:06 | 13/06/2011
¤¤¤¤¤¤¤¤¤¤ Sessions
[HKLM | ProfileList] | S-1-5-21-3956876567-296244258-997173700-1000 : ProfileImagePath -> C:\Users\PePe
[HKLM | ProfileList] | S-1-5-21-3956876567-296244258-997173700-1000 : RefCount -> 5
[HKLM | ProfileList] | S-1-5-21-3956876567-296244258-997173700-1000 : State -> 0
¤¤¤¤¤¤¤¤¤¤ Verification des Fichiers
C:\Windows\System32\hkcmd.exe........absent !!!!
C:\Windows\System32\hkcmd.exe........téléchargé et replacé
¤¤¤¤¤¤¤¤¤¤¤ Processus en cours
Demarrage : Normal
432 | C:\Windows\System32\smss.exe - SYSTEM - Normal - \SystemRoot\System32\smss.exe - 4
568 | C:\Windows\system32\csrss.exe - SYSTEM - Normal - C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 - 556
620 | C:\Windows\system32\wininit.exe - SYSTEM - High - wininit.exe - 556
628 | C:\Windows\system32\csrss.exe - SYSTEM - Normal - C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 - 612
668 | C:\Windows\system32\services.exe - SYSTEM - Normal - C:\Windows\system32\services.exe - 620
680 | C:\Windows\system32\lsass.exe - SYSTEM - Normal - C:\Windows\system32\lsass.exe - 620
688 | C:\Windows\system32\lsm.exe - SYSTEM - Normal - C:\Windows\system32\lsm.exe - 620
836 | C:\Windows\system32\svchost.exe - SYSTEM - Normal - C:\Windows\system32\svchost.exe -k DcomLaunch - 668
904 | C:\Windows\system32\nvvsvc.exe - SYSTEM - Normal - C:\Windows\system32\nvvsvc.exe - 668
932 | C:\Windows\system32\svchost.exe - SERVICE RÉSEAU - Normal - C:\Windows\system32\svchost.exe -k rpcss - 668
988 | C:\Windows\System32\svchost.exe - SYSTEM - Normal - C:\Windows\System32\svchost.exe -k secsvcs - 668
1020 | C:\Windows\System32\svchost.exe - SERVICE LOCAL - Normal - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted - 668
1052 | C:\Windows\System32\svchost.exe - SYSTEM - Normal - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted - 668
1064 | C:\Windows\system32\svchost.exe - SYSTEM - Normal - C:\Windows\system32\svchost.exe -k netsvcs - 668
1104 | C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe - SYSTEM - Normal - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe - 668
1208 | C:\Windows\system32\svchost.exe - SYSTEM - Normal - C:\Windows\system32\svchost.exe -k GPSvcGroup - 668
1236 | C:\Windows\system32\SLsvc.exe - SERVICE RÉSEAU - Normal - C:\Windows\system32\SLsvc.exe - 668
1272 | C:\Windows\system32\svchost.exe - SERVICE LOCAL - Normal - C:\Windows\system32\svchost.exe -k LocalService - 668
1348 | C:\Windows\system32\Hpservice.exe - SYSTEM - Normal - C:\Windows\system32\Hpservice.exe - 668
1392 | C:\Windows\system32\winlogon.exe - SYSTEM - High - winlogon.exe - 612
1468 | C:\Windows\system32\svchost.exe - SERVICE RÉSEAU - Normal - C:\Windows\system32\svchost.exe -k NetworkService - 668
1716 | C:\Windows\system32\WLANExt.exe - SYSTEM - Normal - C:\Windows\system32\WLANExt.exe 2477928 - 1052
1772 | C:\Windows\System32\spoolsv.exe - SYSTEM - Normal - C:\Windows\System32\spoolsv.exe - 668
1872 | C:\Program Files\Avira\AntiVir Desktop\sched.exe - SYSTEM - Normal - "C:\Program Files\Avira\AntiVir Desktop\sched.exe" - 668
1884 | C:\Windows\system32\svchost.exe - SERVICE LOCAL - Normal - C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork - 668
996 | C:\Program Files\Avira\AntiVir Desktop\avguard.exe - SYSTEM - Normal - "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" - 668
2060 | C:\Windows\system32\taskeng.exe - SYSTEM - Below Normal - taskeng.exe {5AF3040F-80B2-4013-9535-93E9BADA7569} - 1064
2120 | C:\Windows\system32\Dwm.exe - PePe - Normal - "C:\Windows\system32\Dwm.exe" - 1052
2156 | C:\Windows\system32\taskeng.exe - PePe - Normal - taskeng.exe {E33962CA-F8E6-473D-BCFB-DBA36A3BA1D6} - 1064
2264 | C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - SYSTEM - Normal - "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" - 668
2280 | C:\Program Files\Bonjour\mDNSResponder.exe - SYSTEM - Normal - "C:\Program Files\Bonjour\mDNSResponder.exe" - 668
2304 | C:\Windows\system32\svchost.exe - SERVICE LOCAL - Normal - C:\Windows\system32\svchost.exe -k bthsvcs - 668
2336 | C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe - SYSTEM - Normal - "C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe" - 668
2380 | C:\Program Files\Common Files\LightScribe\LSSrvc.exe - SYSTEM - Normal - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" - 668
2496 | C:\Windows\system32\svchost.exe - SERVICE RÉSEAU - Normal - C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted - 668
2508 | C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe - SYSTEM - Normal - "C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" - 668
2552 | C:\Windows\SMINST\BLService.exe - SYSTEM - Normal - C:\Windows\SMINST\BLService.exe - 668
2584 | C:\Program Files\CyberLink\Shared Files\RichVideo.exe - SYSTEM - Normal - "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" - 668
2696 | C:\Windows\system32\svchost.exe - SERVICE LOCAL - Normal - C:\Windows\system32\svchost.exe -k imgsvc - 668
2804 | C:\Windows\System32\svchost.exe - SYSTEM - Normal - C:\Windows\System32\svchost.exe -k WerSvcGroup - 668
2844 | C:\Windows\system32\SearchIndexer.exe - SYSTEM - Normal - C:\Windows\system32\SearchIndexer.exe /Embedding - 668
3020 | C:\Program Files\Avira\AntiVir Desktop\avshadow.exe - SYSTEM - Normal - "C:\Program Files\Avira\AntiVir Desktop\avshadow.exe" avshadowcontrol0_000003e4 - 996
3248 | C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - PePe - Above Normal - "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" - 2296
3268 | C:\Program Files\HP\QuickPlay\QPService.exe - PePe - Normal - "C:\Program Files\HP\QuickPlay\QPService.exe" - 2296
3276 | C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe - PePe - Normal - "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe" /Start - 2296
3284 | C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe - PePe - Normal - "C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" - 2296
3308 | C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe - PePe - Normal - "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" - 2296
3740 | C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe - PePe - Normal - "C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe" -Embedding - 836
3964 | C:\Program Files\Avira\AntiVir Desktop\avgnt.exe - PePe - Normal - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min - 2296
4024 | C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe - SYSTEM - Normal - "C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe" - 668
2184 | C:\Program Files\Windows Sidebar\sidebar.exe - PePe - Normal - "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun - 2296
2132 | C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe - PePe - Normal - "C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden - 2296
2580 | C:\Windows\ehome\ehtray.exe - PePe - Normal - "C:\Windows\ehome\ehtray.exe" - 2296
2912 | C:\Windows\ehome\ehmsas.exe - PePe - Normal - C:\Windows\ehome\ehmsas.exe -Embedding - 836
3092 | C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe - PePe - Normal - "C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe" - 2296
3164 | C:\Users\PePe\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe - PePe - Normal - "C:\Users\PePe\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe" - 2296
2772 | C:\Windows\system32\wbem\wmiprvse.exe - SYSTEM - Normal - C:\Windows\system32\wbem\wmiprvse.exe - 836
660 | C:\Program Files\Stardock\ObjectDock\ObjectDock.exe - PePe - Normal - "C:\Program Files\Stardock\ObjectDock\ObjectDock.exe" - 2296
3416 | C:\Users\PePe\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe - PePe - Normal - "C:\Users\PePe\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe" - 3164
3360 | C:\Windows\system32\wbem\unsecapp.exe - PePe - Normal - C:\Windows\system32\wbem\unsecapp.exe -Embedding - 836
3788 | C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE - PePe - Normal - "C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE" - 3308
3112 | C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe - SYSTEM - Normal - "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe" - 668
1712 | C:\Windows\system32\svchost.exe - SERVICE LOCAL - Normal - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation - 668
1560 | C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe - PePe - Normal - "C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe" -Embedding - 836
156 | C:\Program Files\Synaptics\SynTP\SynTPHelper.exe - PePe - Above Normal - "C:\Program Files\Synaptics\SynTP\SynTPHelper.exe" - 3248
3556 | c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe - SYSTEM - Normal - "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" - 668
3564 | C:\Windows\system32\wuauclt.exe - PePe - Normal - "C:\Windows\system32\wuauclt.exe" - 1064
3632 | C:\Windows\system32\taskeng.exe - PePe - Normal - taskeng.exe {F1DFA4A8-D4B0-46B4-9938-791B254C3E19} - 1064
4156 | C:\Program Files\Safari\Safari.exe - PePe - Normal - "C:\Program Files\Safari\Safari.exe" - 660
3700 | C:\Program Files\Safari\Safari.exe - PePe - Normal - SafariSnapshotHelper -snapshotFetcher "C:\Users\PePe\AppData\Local\Apple Computer\Safari\Webpage Previews\Incoming" - 4156
5792 | C:\Windows\system32\SearchProtocolHost.exe - SYSTEM - Idle - "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" - 2844
3756 | C:\Windows\system32\SearchFilterHost.exe - SYSTEM - Idle - "C:\Windows\system32\SearchFilterHost.exe" 0 620 624 632 65536 628 - 2844
5004 | C:\Users\PePe\Desktop\Pre_scan.exe - PePe - High - "C:\Users\PePe\Desktop\Pre_scan.exe" - 2296
4952 | C:\Windows\System32\rundll32.exe - PePe - Normal - C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {3eef301f-b596-4c0b-bd92-013beafce793} -Embedding - 836
4484 | C:\Windows\system32\conime.exe - PePe - Normal - C:\Windows\system32\conime.exe - 4700
3196 | C:\Windows\system32\cmd.exe - PePe - Normal - cmd /c ""C:\Kill'em\Pv.bat" " - 5004
5332 | C:\Kill'em\Pv.exe - PePe - Normal - C:\Kill'em\pv.exe -o"%i | %f - %u - %p - %l - %r" - 3196
¤¤¤¤¤¤¤¤¤¤ Démarrage avant suppression ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"ehTray.exe"=C:\Windows\ehome\ehTray.exe
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe"
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"UpdatePDRShortCut"="C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
"ORAHSSSessionManager"="C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe"
"AdobeCS4ServiceManager"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
¤¤¤¤¤¤¤¤¤¤ Winlogon
[HKLM | Winlogon] | Shell : Explorer.exe
[HKLM | Winlogon] | AutoRestartShell : 1
[HKLM | Winlogon] | userinit : C:\Windows\system32\userinit.exe,
[HKLM | Winlogon] | PowerDownAfterShutdown : 1
[HKLM | Winlogon] | System :
¤¤¤¤¤¤¤¤¤¤ Associations
[.exe] : exefile
[exefile | command] : "%1" %*
[.com] : ComFile
[comfile | command] : "%1" %*
[.reg] : regfile
[regfile | command] : regedit.exe "%1"
[.scr] : scrfile
[scrfile | command] : "%1" /S
[.bat] : batfile
[batfile | command] : "%1" %*
[.cmd] : cmdfile
[cmdfile | command] : "%1" %*
[.pif] : piffile
[piffile | command] : "%1" %*
[.url] : InternetShortcut
[InternetShortcut | command] : "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l
[Application.Manifest | command] : rundll32.exe dfshim.dll,ShOpenVerbApplication %1
[Application.Reference | command] : rundll32.exe dfshim.dll,ShOpenVerbShortcut %1|%2
[Folder | command] : C:\Windows\explorer.exe
¤
[Firefox | Command] | @ : "C:\Program Files\Mozilla Firefox\Firefox.exe"
[Firefox - Safemode | Command] | @ : "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
[IE | Command] | @ : "C:\Program Files\Internet Explorer\iexplore.exe"
[Applications | IE | Command] | @ : "C:\Program Files\Internet Explorer\iexplore.exe" %1
[Safari | Command] | @ : "C:\Program Files\Safari\Safari.exe"
[Assoc | Applications] | @ : http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s
¤¤¤¤¤¤¤¤¤¤ Divers
[HKCU | HideDesktopIcons\NewStartPanel] | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> 0
[HKCU | HideDesktopIcons\NewStartPanel] | {F02C1A0D-BE21-4350-88B0-7367FC96EF3C} : 1 -> 0
[HKCU | HideDesktopIcons\ClassicStartMenu] | {F02C1A0D-BE21-4350-88B0-7367FC96EF3C} : 1 -> 0
[HKCU | HideDesktopIcons\ClassicStartMenu] | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> 0
[HKLM | HideDesktopIcons\ClassicStartMenu] | {9343812e-1c37-4a49-a12e-4b2d810d956b} : 0
[HKLM | HideDesktopIcons\ClassicStartMenu] | {4336a54d-038b-4685-ab02-99bb52d3fb8b} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {F02C1A0D-BE21-4350-88B0-7367FC96EF3C} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {208D2C60-3AEA-1069-A2D7-08002B30309D} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {871C5380-42A0-1069-A2EA-08002B30309D} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {9343812e-1c37-4a49-a12e-4b2d810d956b} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {4336a54d-038b-4685-ab02-99bb52d3fb8b} : 0
[HKCU | Desktop] | Wallpaper : C:\Users\PePe\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
[HKCU | policies\Explorer] | NoDriveTypeAutoRun : 145
[HKLM | policies\Explorer] | NoDriveTypeAutoRun : 145
¤¤¤¤¤¤¤¤¤¤ Services
[Ndisuio] | Start : 3 : Actif
[Profsvc] | Start : 2 : Actif
[PlugPlay] | Start : 2 : Actif
[PEAUTH] | Start : 2 : Actif
[Parvdm] | Start : 2 : Inactif
[NVSvc] | Start : 2 : Actif
[nsi] | Start : 2 : Actif
[NLASvc] | Start : 2 : Actif
[MPSsvc] | Start : 2 : Actif
[MMCSS] | Start : 2 : Actif
[luafv] | Start : 2 : Actif
[lltdio] | Start : 2 : Actif
[Iphlpsvc] | Start : 2 : Actif
[IKEEXT] | Start : 2 : Actif
[gpsvc] | Start : 2 : Actif
[lmhosts] | Start : 2 : Actif
[LanmanWorkstation] | Start : 2 : Actif
[LanmanServer] | Start : 2 : Actif
[agp440] | Start : 2 : Inactif
[AudioEndpointBuilder] | Start : 2 : Actif
[Audiosrv] | Start : 2 : Actif
[BFE] | Start : 2 : Actif
[Bits] | Start : 2 : Actif
[CryptSvc] | Start : 2 : Actif
[EapHost] | Start : 2 : Actif
[Wlansvc] | Start : 2 : Actif
[SharedAccess] | Start : 2 : Inactif
[windefend] | Start : 2 : Actif
[wuauserv] | Start : 2 : Actif
[WerSvc] | Start : 2 : Actif
[wscsvc] | Start : 2 : Actif
¤¤¤¤¤¤¤¤¤¤ Internet Explorer
[HKCU | Main] | Start Page : http://www.google.com/
[HKCU | Main] | Local Page : C:\Windows\system32\blank.htm
[HKCU | Main] | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[HKCU | SearchURL] | SearchAssistant : -> http://www.google.com
[HKLM | Main] | Start Page : http://go.microsoft.com/fwlink/?LinkId=69157
[HKLM | Main] | Local Page : C:\Windows\System32\blank.htm
[HKLM | Main] | Default_Search_URL : http://go.microsoft.com/fwlink/?LinkId=54896
[HKLM | Main] | Default_Page_URL : http://go.microsoft.com/fwlink/?LinkId=69157
[HKLM | Main] | Search Page : http://go.microsoft.com/fwlink/?LinkId=54896
¤
[HKCU | PhishingFilter] | Enabled : 2
[HKCU | PhishingFilter] | EnabledV8 : 0 -> 1
[HKCU | Internet Settings] | MigrateProxy : 1
[HKCU | Internet Settings] | WarnonBadCertRecving : 1
[HKCU | Internet Settings] | WarnOnHTTPSToHTTPRedirect : 1
[HKCU | Internet Settings] | WarnonZoneCrossing : 1
[HKCU | Internet Settings] | AutoConfigProxy : wininet.dll
¤¤¤¤¤¤¤¤¤¤ DNS
[HKLM | Tcpip\Parameters] | DhcpNameServer = 192.168.1.1
[HKLM\CCS | Interfaces\{37067C87-CB9D-4C46-9A7A-DA0214265D89}] | DhcpNameServer -> 192.168.1.1
[HKLM\CS1 | Interfaces\{37067C87-CB9D-4C46-9A7A-DA0214265D89}] | DhcpNameServer -> 192.168.1.1
[HKLM\CS3 | Interfaces\{37067C87-CB9D-4C46-9A7A-DA0214265D89}] | DhcpNameServer -> 192.168.1.1
¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Processus
C:\Windows\sttray.exe -> Processus stoppé
¤¤¤¤¤¤¤¤¤¤ Traitement Fichiers | Dossiers | Registre
Mise en quarantaine : C:\$Recycle.bin\S-1-5-21-3956876567-296244258-997173700-1000\desktop.ini
Mise en quarantaine : C:\Windows\Temp\Cab1E58.tmp
Mise en quarantaine : C:\Windows\Temp\CabF852.tmp
Mise en quarantaine : C:\Windows\Temp\Tar1E88.tmp
Mise en quarantaine : C:\Windows\Temp\TarF872.tmp
mise en quarantaine : C:\ProgramData\DVD.exe
mise en quarantaine : C:\ProgramData\Games.exe
mise en quarantaine : C:\ProgramData\Karaoke.exe
mise en quarantaine : C:\ProgramData\MobileTV.exe
mise en quarantaine : C:\ProgramData\MPV.exe
¤¤¤¤¤¤¤¤¤¤ IFEO
¤¤¤¤¤¤¤¤¤¤ Mountpoints2
¤¤¤¤¤¤¤¤¤¤ Listing %AppData%
[14/01/2009|21:44:20] | C:\Users\PePe\AppData\Roaming\AccurateRip
[27/12/2008|21:16:04] | C:\Users\PePe\AppData\Roaming\Adobe
[29/12/2008|21:23:15] | C:\Users\PePe\AppData\Roaming\Apple Computer
[09/06/2011|00:12:54] | C:\Users\PePe\AppData\Roaming\Avira
[22/01/2009|23:55:00] | C:\Users\PePe\AppData\Roaming\AVS4YOU
[26/05/2009|11:48:25] | C:\Users\PePe\AppData\Roaming\Corel
[28/12/2008|11:51:27] | C:\Users\PePe\AppData\Roaming\CyberLink
[19/06/2009|18:42:16] | C:\Users\PePe\AppData\Roaming\Download Manager
[28/02/2009|19:50:45] | C:\Users\PePe\AppData\Roaming\dvdcss
[03/06/2009|10:55:50] | C:\Users\PePe\AppData\Roaming\ESTsoft
[29/05/2010|20:13:22] | C:\Users\PePe\AppData\Roaming\Facebook
[12/02/2009|23:27:22] | C:\Users\PePe\AppData\Roaming\Fit3DLive
[15/05/2011|19:05:57] | C:\Users\PePe\AppData\Roaming\FreeFLVConverter
[05/04/2010|10:47:42] | C:\Users\PePe\AppData\Roaming\FreeVideoConverter
[15/07/2009|18:29:17] | C:\Users\PePe\AppData\Roaming\Google
[23/05/2009|13:18:13] | C:\Users\PePe\AppData\Roaming\gtk-2.0
[27/12/2008|21:15:54] | C:\Users\PePe\AppData\Roaming\Hewlett-Packard
[27/12/2008|21:20:47] | C:\Users\PePe\AppData\Roaming\Identities
[07/03/2009|22:39:31] | C:\Users\PePe\AppData\Roaming\InstallShield
[27/12/2008|21:16:29] | C:\Users\PePe\AppData\Roaming\Macromedia
[02/06/2011|11:05:16] | C:\Users\PePe\AppData\Roaming\Malwarebytes
[27/12/2008|21:12:35] | C:\Users\PePe\AppData\Roaming\Media Center Programs
[09/05/2009|22:43:39] | C:\Users\PePe\AppData\Roaming\Media Player Classic
[27/12/2008|21:12:35] | C:\Users\PePe\AppData\Roaming\Microsoft
[28/08/2010|22:08:07] | C:\Users\PePe\AppData\Roaming\Microsoft Games
[05/02/2009|23:54:22] | C:\Users\PePe\AppData\Roaming\Move Networks
[17/04/2009|00:52:51] | C:\Users\PePe\AppData\Roaming\Mozilla
[06/05/2010|13:40:35] | C:\Users\PePe\AppData\Roaming\Nokia
[08/05/2010|13:43:25] | C:\Users\PePe\AppData\Roaming\Nokia Ovi Suite
[31/12/2009|21:25:13] | C:\Users\PePe\AppData\Roaming\PC Suite
[02/01/2009|16:01:32] | C:\Users\PePe\AppData\Roaming\PeerNetworking
[28/12/2008|12:03:14] | C:\Users\PePe\AppData\Roaming\PlayFirst
[31/12/2009|21:22:21] | C:\Users\PePe\AppData\Roaming\Samsung
[28/12/2008|11:56:30] | C:\Users\PePe\AppData\Roaming\Skype
[04/01/2009|22:07:03] | C:\Users\PePe\AppData\Roaming\skypePM
[14/06/2010|17:44:34] | C:\Users\PePe\AppData\Roaming\Spotify
[27/12/2008|21:21:34] | C:\Users\PePe\AppData\Roaming\Symantec
[15/07/2009|19:32:37] | C:\Users\PePe\AppData\Roaming\Thinstall
[02/01/2009|16:01:32] | C:\Users\PePe\AppData\Roaming\UserTile.png
[03/10/2010|11:32:10] | C:\Users\PePe\AppData\Roaming\vlc
[28/12/2008|01:31:46] | C:\Users\PePe\AppData\Roaming\WildTangent
[23/02/2009|19:33:21] | C:\Users\PePe\AppData\Roaming\XnView
¤¤¤¤¤¤¤¤¤¤ Listing %CommonAppData%
[30/07/2008|01:58:56] | C:\ProgramData\Adobe
[03/06/2009|22:42:26] | C:\ProgramData\AOL
[03/06/2009|22:42:28] | C:\ProgramData\AOL OCP
[10/06/2009|11:18:51] | C:\ProgramData\Apowersoft
[29/12/2008|21:20:06] | C:\ProgramData\Apple
[29/12/2008|21:21:04] | C:\ProgramData\Apple Computer
[02/11/2006|15:02:03] | C:\ProgramData\Application Data
[09/06/2011|00:11:39] | C:\ProgramData\Avira
[22/01/2009|23:55:02] | C:\ProgramData\AVS4YOU
[27/12/2008|21:09:09] | C:\ProgramData\Bureau
[17/11/2008|06:53:02] | C:\ProgramData\CyberLink
[02/11/2006|15:02:03] | C:\ProgramData\Desktop
[02/11/2006|15:02:03] | C:\ProgramData\Documents
[28/02/2009|19:34:41] | C:\ProgramData\DVD Shrink
[14/06/2009|18:20:58] | C:\ProgramData\Electronic Arts
[03/06/2009|11:10:00] | C:\ProgramData\Estsoft
[07/06/2011|19:44:39] | C:\ProgramData\ezsid.dat
[27/12/2008|21:09:09] | C:\ProgramData\Favoris
[02/11/2006|15:02:03] | C:\ProgramData\Favorites
[20/06/2009|01:13:30] | C:\ProgramData\FLEXnet
[28/12/2008|11:25:33] | C:\ProgramData\FRA
[15/07/2009|18:27:53] | C:\ProgramData\Google
[11/03/2009|21:43:00] | C:\ProgramData\Google Updater
[30/07/2008|01:18:45] | C:\ProgramData\Hewlett-Packard
[17/11/2008|06:53:05] | C:\ProgramData\hpqp.ini
[28/12/2008|11:25:33] | C:\ProgramData\hpqp.txt
[06/05/2010|14:01:32] | C:\ProgramData\Installations
[26/05/2009|11:49:10] | C:\ProgramData\InstallShield
[30/05/2010|14:43:10] | C:\ProgramData\Last.fm
[27/12/2008|21:32:21] | C:\ProgramData\LightScribe
[02/06/2011|11:05:10] | C:\ProgramData\Malwarebytes
[20/10/2009|20:10:22] | C:\ProgramData\McAfee
[18/10/2009|11:30:10] | C:\ProgramData\McAfee Security Scan
[27/12/2008|21:09:09] | C:\ProgramData\Menu Démarrer
[03/03/2009|10:15:15] | C:\ProgramData\Messenger Plus!
[02/11/2006|13:18:33] | C:\ProgramData\Microsoft
[28/08/2010|22:04:00] | C:\ProgramData\Microsoft Games
[30/07/2008|01:55:05] | C:\ProgramData\Microsoft Help
[27/12/2008|21:09:10] | C:\ProgramData\Modèles
[30/07/2008|01:44:04] | C:\ProgramData\muvee Technologies
[06/05/2010|14:00:26] | C:\ProgramData\Nokia
[06/05/2010|12:51:10] | C:\ProgramData\NokiaMusic
[19/01/2010|18:11:25] | C:\ProgramData\NOS
[06/06/2011|09:42:44] | C:\ProgramData\ntuser.pol
[17/11/2008|06:54:30] | C:\ProgramData\NVIDIA
[27/12/2008|21:14:39] | C:\ProgramData\nvModes.001
[27/12/2008|21:12:39] | C:\ProgramData\nvModes.dat
[06/05/2010|12:33:52] | C:\ProgramData\OviInstallerCache
[31/12/2009|21:25:13] | C:\ProgramData\PC Suite
[15/07/2009|20:10:19] | C:\ProgramData\Pinnacle
[15/07/2009|20:13:14] | C:\ProgramData\Pinnacle VideoSpin
[28/12/2008|19:36:32] | C:\ProgramData\PlayFirst
[28/12/2008|11:30:56] | C:\ProgramData\Skype
[22/02/2009|23:33:03] | C:\ProgramData\SmartSound Software Inc
[02/11/2006|15:02:03] | C:\ProgramData\Start Menu
[30/07/2008|00:42:34] | C:\ProgramData\Symantec
[22/02/2009|23:24:08] | C:\ProgramData\Temp
[02/11/2006|15:02:04] | C:\ProgramData\Templates
[09/02/2009|01:22:14] | C:\ProgramData\TVU Networks
[25/07/2009|12:00:11] | C:\ProgramData\Ulead Systems
[30/07/2008|01:18:45] | C:\ProgramData\WildTangent
[11/02/2009|19:12:09] | C:\ProgramData\WindowsSearch
[15/07/2009|18:28:57] | C:\ProgramData\WinZip
[04/01/2009|21:52:19] | C:\ProgramData\WLInstaller
[24/03/2009|00:05:11] | C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[30/07/2008|01:57:31] | C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[05/04/2010|21:22:26] | C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[11/10/2009|23:13:43] | C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[31/08/2009|22:06:59] | C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
¤¤¤¤¤¤¤¤¤¤ Listing %LocalAppData%
[05/01/2009|15:43:11] | C:\Users\PePe\AppData\Local\Adobe
[29/12/2008|21:20:50] | C:\Users\PePe\AppData\Local\Apple
[29/12/2008|21:23:15] | C:\Users\PePe\AppData\Local\Apple Computer
[27/12/2008|21:12:36] | C:\Users\PePe\AppData\Local\Application Data
[27/12/2008|21:21:49] | C:\Users\PePe\AppData\Local\AtStart.txt
[27/05/2009|21:52:46] | C:\Users\PePe\AppData\Local\Corel
[28/12/2008|11:51:43] | C:\Users\PePe\AppData\Local\d3d9caps.dat
[28/12/2008|01:34:11] | C:\Users\PePe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[15/06/2010|22:27:09] | C:\Users\PePe\AppData\Local\DOSBox
[27/12/2008|21:21:49] | C:\Users\PePe\AppData\Local\DSwitch.txt
[08/09/2009|09:30:42] | C:\Users\PePe\AppData\Local\FnF4.txt
[27/12/2008|21:21:36] | C:\Users\PePe\AppData\Local\GDIPFONTCACHEV1.DAT
[12/01/2009|22:08:27] | C:\Users\PePe\AppData\Local\Google
[27/12/2008|21:26:10] | C:\Users\PePe\AppData\Local\Hewlett-Packard
[27/12/2008|21:12:36] | C:\Users\PePe\AppData\Local\Historique
[02/06/2011|15:09:20] | C:\Users\PePe\AppData\Local\IconCache.db
[06/05/2010|13:44:49] | C:\Users\PePe\AppData\Local\IsolatedStorage
[29/05/2010|20:27:28] | C:\Users\PePe\AppData\Local\Last.fm
[27/12/2008|21:12:35] | C:\Users\PePe\AppData\Local\Microsoft
[27/12/2008|21:47:47] | C:\Users\PePe\AppData\Local\Microsoft Games
[27/07/2009|09:05:14] | C:\Users\PePe\AppData\Local\Microsoft Help
[17/04/2009|00:52:51] | C:\Users\PePe\AppData\Local\Mozilla
[06/05/2010|12:51:31] | C:\Users\PePe\AppData\Local\Nokia
[06/05/2010|13:41:08] | C:\Users\PePe\AppData\Local\NokiaAccount
[27/12/2008|21:21:49] | C:\Users\PePe\AppData\Local\QSwitch.txt
[28/12/2008|11:25:31] | C:\Users\PePe\AppData\Local\QuickPlay
[14/06/2010|17:44:34] | C:\Users\PePe\AppData\Local\Spotify
[08/12/2009|01:01:59] | C:\Users\PePe\AppData\Local\Stardock
[06/06/2011|00:50:39] | C:\Users\PePe\AppData\Local\temp
[27/12/2008|21:12:36] | C:\Users\PePe\AppData\Local\Temporary Internet Files
[09/02/2009|01:22:14] | C:\Users\PePe\AppData\Local\TVU Networks
[27/12/2008|21:12:38] | C:\Users\PePe\AppData\Local\VirtualStore
[29/05/2011|20:05:22] | C:\Users\PePe\AppData\Local\{C9E82244-02DF-4628-A3DA-028F2AC3523B}
¤¤¤¤¤¤¤¤¤¤ Listing %CommonFiles%
[30/07/2008|01:58:51] | C:\Program Files\Common Files\Adobe
[20/06/2009|01:00:50] | C:\Program Files\Common Files\Adobe AIR
[29/12/2008|21:20:06] | C:\Program Files\Common Files\Apple
[22/01/2009|23:54:13] | C:\Program Files\Common Files\AVSMedia
[30/07/2008|01:56:38] | C:\Program Files\Common Files\DESIGNER
[11/09/2009|18:18:23] | C:\Program Files\Common Files\DVDVideoSoft
[14/06/2009|22:18:01] | C:\Program Files\Common Files\France Telecom
[30/07/2008|00:30:42] | C:\Program Files\Common Files\InstallShield
[30/07/2008|02:18:01] | C:\Program Files\Common Files\Java
[17/11/2008|06:48:35] | C:\Program Files\Common Files\LightScribe
[20/06/2009|00:54:55] | C:\Program Files\Common Files\Macrovision Shared
[02/11/2006|13:18:33] | C:\Program Files\Common Files\microsoft shared
[30/07/2008|01:44:08] | C:\Program Files\Common Files\muvee Technologies
[06/05/2010|12:46:53] | C:\Program Files\Common Files\Nokia
[12/01/2009|22:08:42] | C:\Program Files\Common Files\PX Storage Engine
[02/11/2006|13:18:33] | C:\Program Files\Common Files\Services
[28/12/2008|11:31:01] | C:\Program Files\Common Files\Skype
[02/11/2006|13:18:33] | C:\Program Files\Common Files\SpeechEngines
[06/12/2009|21:14:25] | C:\Program Files\Common Files\Stardock
[30/07/2008|00:42:33] | C:\Program Files\Common Files\Symantec Shared
[02/11/2006|13:18:33] | C:\Program Files\Common Files\System
[12/01/2009|16:29:47] | C:\Program Files\Common Files\Windows Live
[04/01/2009|21:52:53] | C:\Program Files\Common Files\WindowsLiveInstaller
[15/07/2009|20:13:18] | C:\Program Files\Common Files\Yahoo!
¤¤¤¤¤¤¤¤¤¤ Listing Tasks
[11/03/2009 | 21:42:59] | C:\Windows\Tasks\Google Software Updater.job
[01/07/2009 | 09:48:02] | C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[01/07/2009 | 09:48:03] | C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[15/05/2011 | 10:37:46] | C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3956876567-296244258-997173700-1000Core.job
[15/05/2011 | 10:37:47] | C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3956876567-296244258-997173700-1000UA.job
¤¤¤¤¤¤¤¤¤¤ Drivers | Services | R0 : Boot | R1 : System | R2 : Auto
R0 - ACPI (Pilote ACPI Microsoft) -> system32\drivers\acpi.sys
R2 - adfs () -> (?)
R0 - adp94xx () -> system32\drivers\adp94xx.sys
R0 - adpahci () -> system32\drivers\adpahci.sys
R0 - adpu160m () -> system32\drivers\adpu160m.sys
R0 - adpu320 () -> system32\drivers\adpu320.sys
R2 - AeLookupSvc (@%SystemRoot%\system32\aelupsvc.dll,-1) -> %systemroot%\system32\svchost.exe -k netsvcs
R1 - AFD (Ancilliary Function Driver for Winsock) -> \SystemRoot\system32\drivers\afd.sys
R0 - aic78xx () -> system32\drivers\djsvs.sys
R0 - aliide () -> system32\drivers\aliide.sys
R0 - amdide () -> system32\drivers\amdide.sys
R2 - AntiVirSchedulerService (Avira AntiVir Planificateur) -> "C:\Program Files\Avira\AntiVir Desktop\sched.exe"
R2 - AntiVirService (Avira AntiVir Guard) -> "C:\Program Files\Avira\AntiVir Desktop\avguard.exe"
R2 - Apple Mobile Device (Apple Mobile Device) -> "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
R0 - arc () -> system32\drivers\arc.sys
R0 - arcsas () -> system32\drivers\arcsas.sys
R0 - atapi (Canal IDE) -> system32\drivers\atapi.sys
R2 - AudioEndpointBuilder (@%SystemRoot%\system32\audiosrv.dll,-204) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
R2 - Audiosrv (@%SystemRoot%\system32\audiosrv.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
R2 - avgntflt (avgntflt) -> system32\DRIVERS\avgntflt.sys
R1 - avipbb (avipbb) -> system32\DRIVERS\avipbb.sys
R1 - Beep (Beep) -> (?)
R2 - BFE (@%SystemRoot%\system32\bfe.dll,-1001) -> %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
R2 - BITS (@%SystemRoot%\system32\qmgr.dll,-1000) -> %SystemRoot%\system32\svchost.exe -k netsvcs
R2 - Bonjour Service (Service Bonjour) -> "C:\Program Files\Bonjour\mDNSResponder.exe"
R2 - BthServ (@%SystemRoot%\System32\bthserv.dll,-101) -> %SystemRoot%\system32\svchost.exe -k bthsvcs
R1 - cdrom (Pilote de CD-ROM) -> system32\DRIVERS\cdrom.sys
R0 - CLFS (Common Log (CLFS)) -> System32\CLFS.sys
R0 - cmdide () -> system32\drivers\cmdide.sys
R0 - Compbatt (Pilote de batterie composite Microsoft) -> system32\DRIVERS\compbatt.sys
R0 - crcdisk (Crcdisk Filter Driver) -> system32\drivers\crcdisk.sys
R2 - CryptSvc (@%SystemRoot%\system32\cryptsvc.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k NetworkService
R2 - DcomLaunch (@oleres.dll,-5012) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch
R1 - DfsC (@%systemroot%\system32\drivers\dfsc.sys,-101) -> System32\Drivers\dfsc.sys
R2 - Dhcp (@%SystemRoot%\system32\dhcpcsvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
R0 - disk (Pilote de disque) -> system32\drivers\disk.sys
R2 - Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101) -> %SystemRoot%\system32\svchost.exe -k NetworkService
R2 - DPS (@%systemroot%\system32\dps.dll,-500) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
R2 - EapHost (@%systemroot%\system32\eapsvc.dll,-1) -> %SystemRoot%\System32\svchost.exe -k netsvcs
R0 - Ecache (ReadyBoost Caching Driver) -> System32\drivers\ecache.sys
R0 - elxstor () -> system32\drivers\elxstor.sys
R2 - EMDMgmt (@%SystemRoot%\system32\emdmgmt.dll,-1000) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 - Eventlog (@%SystemRoot%\system32\wevtsvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
R2 - EventSystem (@comres.dll,-2450) -> %SystemRoot%\system32\svchost.exe -k LocalService
R2 - FDResPub (@%systemroot%\system32\fdrespub.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalService
R0 - FileInfo (File Information FS MiniFilter) -> system32\drivers\fileinfo.sys
R0 - FltMgr (FltMgr) -> system32\drivers\fltmgr.sys
R2 - FontCache (@%systemroot%\system32\FntCache.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
R2 - FTRTSVC (France Telecom Routing Table Service) -> "C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe"
R2 - gpsvc (@gpapi.dll,-112) -> %windir%\system32\svchost.exe -k GPSvcGroup
R2 - hidserv (@%SystemRoot%\System32\hidserv.dll,-101) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 - HP Health Check Service (HP Health Check Service) -> "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe"
R0 - HpCISSs () -> system32\drivers\hpcisss.sys
R0 - hpdskflt (HP Filter) -> system32\DRIVERS\hpdskflt.sys
R2 - hpsrv (HP Service) -> %SystemRoot%\system32\Hpservice.exe
R0 - i2omp () -> system32\drivers\i2omp.sys
R1 - i8042prt (Pilote pour clavier i8042 et souris sur port PS/2) -> system32\DRIVERS\i8042prt.sys
R0 - iaStorV (Intel RAID Controller Vista) -> system32\drivers\iastorv.sys
R0 - iirsp () -> system32\drivers\iirsp.sys
R2 - IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501) -> %systemroot%\system32\svchost.exe -k netsvcs
R0 - intelide () -> system32\drivers\intelide.sys
R2 - iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k NetSvcs
R0 - isapnp (PnP ISA/EISA Bus Driver) -> system32\drivers\isapnp.sys
R0 - iteatapi (ITEATAPI_Service_Install) -> system32\drivers\iteatapi.sys
R0 - iteraid (ITERAID_Service_Install) -> system32\drivers\iteraid.sys
R1 - kbdclass (Pilote de la classe Clavier) -> system32\DRIVERS\kbdclass.sys
R1 - kbdhid (Pilote HID de clavier) -> system32\DRIVERS\kbdhid.sys
R0 - KSecDD () -> System32\Drivers\ksecdd.sys
R2 - KtmRm (@comres.dll,-2946) -> %SystemRoot%\System32\svchost.exe -k NetworkService
R2 - LanmanServer (@%systemroot%\system32\srvsvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs
R2 - LanmanWorkstation (@%systemroot%\system32\wkssvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k LocalService
R2 - LightScribeService (LightScribeService Direct Disc Labeling Service) -> "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
R2 - lltdio (Link-Layer Topology Discovery Mapper I/O Driver) -> system32\DRIVERS\lltdio.sys
R2 - lmhosts (@%SystemRoot%\system32\lmhsvc.dll,-101) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
R0 - LSI_FC () -> system32\drivers\lsi_fc.sys
R0 - LSI_SAS () -> system32\drivers\lsi_sas.sys
R0 - LSI_SCSI () -> system32\drivers\lsi_scsi.sys
R2 - luafv (UAC File Virtualization) -> \SystemRoot\system32\drivers\luafv.sys
R0 - megasas () -> system32\drivers\megasas.sys
R0 - MegaSR () -> system32\drivers\megasr.sys
R2 - MMCSS (@%systemroot%\system32\mmcss.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs
R1 - mouclass (Pilote de la classe Souris) -> system32\DRIVERS\mouclass.sys
R0 - MountMgr (Mount Point Manager) -> System32\drivers\mountmgr.sys
R0 - mpio (Microsoft Multi-Path Bus Driver) -> system32\drivers\mpio.sys
R2 - MpsSvc (@%SystemRoot%\system32\FirewallAPI.dll,-23090) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
R0 - Mraid35x () -> system32\drivers\mraid35x.sys
R0 - msahci () -> system32\drivers\msahci.sys
R0 - msdsm (Microsoft Multi-Path Device Specific Module) -> system32\drivers\msdsm.sys
R1 - Msfs () -> (?)
R0 - msisadrv (Pilote de classe ISA/EISA) -> system32\drivers\msisadrv.sys
R0 - Mup (Mup) -> System32\Drivers\mup.sys
R0 - NDIS (NDIS System Driver) -> system32\drivers\ndis.sys
R1 - NetBIOS (NetBIOS Interface) -> system32\DRIVERS\netbios.sys
R1 - netbt (NETBT) -> System32\DRIVERS\netbt.sys
R2 - netprofm (@%SystemRoot%\system32\netprof.dll,-246) -> %SystemRoot%\System32\svchost.exe -k LocalService
R0 - nfrd960 () -> system32\drivers\nfrd960.sys
R2 - NlaSvc (@%SystemRoot%\System32\nlasvc.dll,-1) -> %SystemRoot%\System32\svchost.exe -k NetworkService
R1 - Npfs () -> (?)
R2 - nsi (@%SystemRoot%\system32\nsisvc.dll,-200) -> %systemroot%\system32\svchost.exe -k LocalService
R1 - nsiproxy (NSI proxy service) -> system32\drivers\nsiproxy.sys
R1 - Null () -> (?)
R0 - nvraid (NVIDIA nForce RAID Driver ) -> system32\drivers\nvraid.sys
R0 - nvstor () -> system32\drivers\nvstor.sys
R2 - nvsvc (NVIDIA Display Driver Service) -> %SystemRoot%\system32\nvvsvc.exe
R0 - partmgr (Partition Manager) -> System32\drivers\partmgr.sys
R2 - PcaSvc (@%SystemRoot%\system32\pcasvc.dll,-1) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R0 - pci (Pilote de bus PCI) -> system32\drivers\pci.sys
R0 - pciide () -> system32\drivers\pciide.sys
R2 - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys
R2 - PlugPlay (@%SystemRoot%\system32\umpnpmgr.dll,-100) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch
R2 - PolicyAgent (@%SystemRoot%\System32\polstore.dll,-5010) -> %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted
R2 - ProfSvc (@%systemroot%\system32\profsvc.dll,-300) -> %systemroot%\system32\svchost.exe -k netsvcs
R1 - PSched (@%SystemRoot%\System32\drivers\pacer.sys,-101) -> system32\DRIVERS\pacer.sys
R0 - ql2300 (QLogic Fibre Channel Miniport Driver) -> system32\drivers\ql2300.sys
R0 - ql40xx (QLogic iSCSI Miniport Driver) -> system32\drivers\ql40xx.sys
R2 - QPCapSvc (QuickPlay Background Capture Service (QBCS)) -> "C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe"
R1 - RasAcd (Remote Access Auto Connection Driver) -> System32\DRIVERS\rasacd.sys
R1 - rdbss (Redirected Buffering Sub Sysytem) -> system32\DRIVERS\rdbss.sys
R1 - RDPCDD (RDPCDD) -> System32\DRIVERS\RDPCDD.sys
R1 - RDPENCDD (RDP Encoder Mirror Driver) -> system32\drivers\rdpencdd.sys
R2 - Recovery Service for Windows (Recovery Service for Windows) -> C:\Windows\SMINST\BLService.exe
R2 - RichVideo (Cyberlink RichVideo Service(CRVS)) -> "C:\Program Files\CyberLink\Shared Files\RichVideo.exe"
R2 - RpcSs (@oleres.dll,-5010) -> %SystemRoot%\system32\svchost.exe -k rpcss
R2 - rspndr (Link-Layer Topology Discovery Responder) -> system32\DRIVERS\rspndr.sys
R2 - SamSs (@%SystemRoot%\system32\samsrv.dll,-1) -> %SystemRoot%\system32\lsass.exe
R0 - sbp2port (SBP-2 Transport/Protocol Bus Driver) -> system32\drivers\sbp2port.sys
R2 - Schedule (@%SystemRoot%\system32\schedsvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k netsvcs
R2 - secdrv (Security Driver) -> (?)
R2 - seclogon (@%SystemRoot%\system32\seclogon.dll,-7001) -> %windir%\system32\svchost.exe -k netsvcs
R2 - SENS (@%SystemRoot%\system32\Sens.dll,-200) -> %SystemRoot%\system32\svchost.exe -k netsvcs
R2 - ShellHWDetection (@%SystemRoot%\System32\shsvcs.dll,-12288) -> %SystemRoot%\System32\svchost.exe -k netsvcs
R0 - SiSRaid2 () -> system32\drivers\sisraid2.sys
R0 - SiSRaid4 () -> system32\drivers\sisraid4.sys
R2 - slsvc (@%SystemRoot%\system32\SLsvc.exe,-101) -> %SystemRoot%\system32\SLsvc.exe
R1 - Smb (@%SystemRoot%\system32\tcpipcfg.dll,-50005) -> system32\DRIVERS\smb.sys
R0 - spldr (Security Processor Loader Driver) -> (?)
R2 - Spooler (@%systemroot%\system32\spoolsv.exe,-1) -> %SystemRoot%\System32\spoolsv.exe
R1 - ssmdrv (ssmdrv) -> system32\DRIVERS\ssmdrv.sys
R2 - STacSV (Audio Service) -> C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
R2 - stisvc (@%SystemRoot%\system32\wiaservc.dll,-9) -> %SystemRoot%\system32\svchost.exe -k imgsvc
R0 - Symc8xx () -> system32\drivers\symc8xx.sys
R0 - Sym_hi () -> system32\drivers\sym_hi.sys
R0 - Sym_u3 () -> system32\drivers\sym_u3.sys
R2 - SysMain (@%SystemRoot%\system32\sysmain.dll,-1000) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 - TabletInputService (@%SystemRoot%\system32\TabSvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
R0 - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys
R2 - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys
R1 - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> system32\DRIVERS\tdx.sys
R1 - TermDD (Pilote de périphérique terminal) -> system32\DRIVERS\termdd.sys
R2 - TermService (@%SystemRoot%\System32\termsrv.dll,-268) -> %SystemRoot%\System32\svchost.exe -k NetworkService
R2 - Themes (@%SystemRoot%\System32\shsvcs.dll,-8192) -> %SystemRoot%\System32\svchost.exe -k netsvcs
R2 - TrkWks (@%SystemRoot%\system32\trkwks.dll,-1) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
R0 - uliahci () -> system32\drivers\uliahci.sys
R0 - UlSata () -> system32\drivers\ulsata.sys
R0 - ulsata2 () -> system32\drivers\ulsata2.sys
R2 - UxSms (@%SystemRoot%\system32\dwm.exe,-2000) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
R1 - VgaSave () -> \SystemRoot\System32\drivers\vga.sys
R0 - viaide () -> system32\drivers\viaide.sys
R0 - volmgr (Pilote du Gestionnaire de volume) -> system32\drivers\volmgr.sys
R0 - volmgrx (Dynamic Volume Manager) -> System32\drivers\volmgrx.sys
R0 - volsnap (Volumes de stockage) -> system32\drivers\volsnap.sys
R0 - vsmraid () -> system32\drivers\vsmraid.sys
R2 - W32Time (@%SystemRoot%\system32\w32time.dll,-200) -> %SystemRoot%\system32\svchost.exe -k LocalService
R1 - Wanarpv6 (Remote Access IPv6 ARP Driver) -> system32\DRIVERS\wanarp.sys
R0 - Wd (Microsoft Watchdog Timer Driver) -> system32\drivers\wd.sys
R0 - Wdf01000 (Kernel Mode Driver Frameworks service) -> system32\drivers\Wdf01000.sys
R2 - WebClient (@%systemroot%\system32\webclnt.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalService
R2 - WerSvc (@%SystemRoot%\System32\wersvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k WerSvcGroup
R2 - WinDefend (@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103) -> %SystemRoot%\System32\svchost.exe -k secsvcs
R2 - Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205) -> %systemroot%\system32\svchost.exe -k netsvcs
R2 - Wlansvc (@%SystemRoot%\System32\wlansvc.dll,-257) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 - WPDBusEnum (@%SystemRoot%\system32\wpdbusenum.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 - wscsvc (@%SystemRoot%\System32\wscsvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
R2 - WSearch (@%systemroot%\system32\SearchIndexer.exe,-103) -> %systemroot%\system32\SearchIndexer.exe /Embedding
R2 - wuauserv (@%systemroot%\system32\wuaueng.dll,-105) -> %systemroot%\system32\svchost.exe -k netsvcs
R2 - wudfsvc (@%SystemRoot%\system32\wudfsvc.dll,-1000) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
¤¤¤¤¤¤¤¤¤¤ Security
[HKLM | Security Center] | AntiVirusDisableNotify : 0
[HKLM | Security Center] | FirewallDisableNotify : 0
[HKLM | Security Center] | UpdatesDisableNotify : 0
[HKLM | Security Center\Svc] | AntispywareOverride : 0
[HKLM | Security Center\Svc] | AntiVirusOverride : 0
[HKLM | Security Center\Svc] | FirewallOverride : 0
¤¤¤
C:\Windows\explorer.exe -> Processus redémarré
Pre_Script.exe : Pour le faire apparaitre , glisser-déposer une icone sur Pre_scan
Fin : 22:54:41
¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤
Perrine- Messages : 41
Date d'inscription : 03/06/2011
Re: Dysfonctionnement windows dû à virus?
par gen-hackman Lun 13 Juin - 12:18
fais glisser une icone sur pre_scan pour faire apparaitre pre_script
selectionne ce texte sans les lignes :
___________________________________________________
folder::
C:\Users\PePe\AppData\Roaming\Symantec
C:\ProgramData\McAfee
C:\ProgramData\Symantec
C:\ProgramData\McAfee Security Scan
C:\Program Files\Common Files\Symantec Shared
___________________________________________________
copie-le (ctrl+c) puis lance Pre_Script qui est sur ton bureau
colle dans le document texte qui s'ouvre, puis onglet fichier => enregistrer (et pas enregistrer sous...) => puis tu fermes
poste Pre_Script.txt qui apparaitra à coté de l'executable en fin de travail
selectionne ce texte sans les lignes :
___________________________________________________
folder::
C:\Users\PePe\AppData\Roaming\Symantec
C:\ProgramData\McAfee
C:\ProgramData\Symantec
C:\ProgramData\McAfee Security Scan
C:\Program Files\Common Files\Symantec Shared
___________________________________________________
copie-le (ctrl+c) puis lance Pre_Script qui est sur ton bureau
colle dans le document texte qui s'ouvre, puis onglet fichier => enregistrer (et pas enregistrer sous...) => puis tu fermes
poste Pre_Script.txt qui apparaitra à coté de l'executable en fin de travail
gen-hackman- Messages : 93
Date d'inscription : 24/06/2010
Age : 53
Localisation : Bouches du rhône
Re: Dysfonctionnement windows dû à virus?
par Perrine Mer 15 Juin - 0:19
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Script ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤ XP | Vista | Seven - 32/64 bits ¤¤¤¤¤
Utilisateur : PePe (Administrateurs)
Ordinateur : PC-DE-PEPE
Système d'exploitation : Windows Vista (TM) Home Premium (32 bits)
Internet Explorer : 9.0.8112.16421
Mozilla Firefox : 3.6.13 (fr)
Switchs possibles :
processes:: | file:: | folder::
Registry:: | Driver:: | replace::
txt:: | Host:: | DNS:: | NsLook::
Command:: | list:: | attrib::
Script : 13:17:51
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
switchs :
folder::
C:\Users\PePe\AppData\Roaming\Symantec
C:\ProgramData\McAfee
C:\ProgramData\Symantec
C:\ProgramData\McAfee Security Scan
C:\Program Files\Common Files\Symantec Shared
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Supprimé : C:\Users\PePe\AppData\Roaming\Symantec
Supprimé : C:\ProgramData\McAfee
Supprimé : C:\ProgramData\Symantec
Supprimé : C:\ProgramData\McAfee Security Scan
non Supprimé : C:\Program Files\Common Files\Symantec Shared
¤
explorer.exe -> Processus redémarré
Fin : 13:17:54
¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤ XP | Vista | Seven - 32/64 bits ¤¤¤¤¤
Utilisateur : PePe (Administrateurs)
Ordinateur : PC-DE-PEPE
Système d'exploitation : Windows Vista (TM) Home Premium (32 bits)
Internet Explorer : 9.0.8112.16421
Mozilla Firefox : 3.6.13 (fr)
Switchs possibles :
processes:: | file:: | folder::
Registry:: | Driver:: | replace::
txt:: | Host:: | DNS:: | NsLook::
Command:: | list:: | attrib::
Script : 13:17:51
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
switchs :
folder::
C:\Users\PePe\AppData\Roaming\Symantec
C:\ProgramData\McAfee
C:\ProgramData\Symantec
C:\ProgramData\McAfee Security Scan
C:\Program Files\Common Files\Symantec Shared
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Supprimé : C:\Users\PePe\AppData\Roaming\Symantec
Supprimé : C:\ProgramData\McAfee
Supprimé : C:\ProgramData\Symantec
Supprimé : C:\ProgramData\McAfee Security Scan
non Supprimé : C:\Program Files\Common Files\Symantec Shared
¤
explorer.exe -> Processus redémarré
Fin : 13:17:54
¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤
Perrine- Messages : 41
Date d'inscription : 03/06/2011
Re: Dysfonctionnement windows dû à virus?
par juju666 Mar 21 Juin - 0:07
Bonjour,
Plus de nouvelles ni de flo, ni de gen, ni de perrine ?
Sujet classé ?
Plus de nouvelles ni de flo, ni de gen, ni de perrine ?
Sujet classé ?
juju666- Messages : 75
Date d'inscription : 24/06/2010
Age : 30
Localisation : Belgique
Page 4 sur 4 • 1, 2, 3, 4
Sujets similaires» probleme de virus
» virus publicitaire
» TDL-4 un virus futuriste?
» Comprendre la clé de Windows
» où trouver la clé de windows installé
» virus publicitaire
» TDL-4 un virus futuriste?
» Comprendre la clé de Windows
» où trouver la clé de windows installé
Page 4 sur 4
Permission de ce forum:
Vous ne pouvez pas répondre aux sujets dans ce forum|
|
|