forum Abc de la sécurité informatique

JokuHech · 10-07-2010 17:26:10

Si vous avez un ami qui dispose d'un liveCD Linux, qu'il passe, et vous vire ce fichier. Vous pouvez aussi essayer de voir un ami avec votre disque dur, mettre celui ci en esclave ou sur un sata, essayer là-aussi; ne pas oublier de vider le dossier C:\Windows\Prefetch
Vider la corbeille avant de retirer le disque.

Sinon, sauvegarder ce qui doit l'être, analyser cette sauvegarde, et formater.

Virgil · 10-07-2010 19:05:54

Très bien, je connais quelqu'un qui saura m'aider, je lui demanderais, je vous tiens au courant.

Merci.

cosmido · 11-07-2010 03:36:38

Les CD de démarrage issu des versions Linux, ne peuvent intervenir dans les systèmes de fichiers en NTFS, autrement qu'en lecture.

Ça prendrait plutôt, ce qui est toujours utile à avoir de coté, un CD multi-usage genre ; UBCD4Win, Hiren's ou autre.

Mais pourquoi ne pas simplement désinstaller DrWeb.
Pour ensuite vérifier/nettoyer correctement tout ses répertoires d'installation.. autant dans \Program Files\.., que dans les différents "compte utilisateur" de \Documents and Settings\.. Et s'il s'agit d'une version payante, .......alors réinstaller ce DrWeb.

Dernière modification par cosmido (11-07-2010 03:40:10)

JokuHech · 12-07-2010 16:11:04

Désolmé cosmido, mais là tu te trompes.
Le LiveCD Ubuntu 10.04 monte automatiquement le disque dur pour un accès en NTFS, lecture et écriture. Il utilise pour ça automount et NTFS3G associé à la lib fuse. Il en va de même avec le liveCD de Fedora 13 ou même 12.
Lecture et écritures ne posent plus problème depuis un bail pour GNU/Linux.

Si Fedora 13 est installé en dur, il faut juste monter le disque dur, et là aussi access is granted.

Ensuite rien ne dit que s'il désinstalle DrWeb, il pourra virer le fichier patché.
Sur l'image, on voit bien 2 fichiers

DRWEBSCD.exe et
DRWEBSCD .exe

cosmido · 12-07-2010 18:12:04

JokuHech a écrit:
Le LiveCD Ubuntu 10.04 monte automatiquement le disque dur pour un accès en NTFS, lecture et écriture.

Ah.., merci pour l'info !
J'avais installé qu'un CD Knoppix, pour en arriver ça cette conclusion.

Sans être au fait du contenu des outils d'Ubuntu, ..doit quand même y en avoir.
UBCD4Win contient plus d'une 100aines d'applications en tout genre, utiles et prévus pour réparer une installations Windows.

Ensuite rien ne dit que s'il désinstalle DrWeb, il pourra virer le fichier patché.
Sur l'image, on voit bien 2 fichiers

DRWEBSCD.exe et
DRWEBSCD .exe

Et pourtant c'est la procédure la plus expéditive et efficace, pour virer tout ce bazar.
Après que le désinstallateur ait fait sa job(..en sans échec si nécessaire). Ne resterait qu'à lancer une p'tite recherche avec "DrWeb" sur le C:\, pour supprimer tout les "probable" répertoires(traces) de l'installation, dans \Program Files\.. et les compte utilisateur de \Documents and Settings\..
Pour ensuite au besoin, lancer une réinstallation propre de DrWeb.

Dernière modification par cosmido (12-07-2010 18:15:23)

Virgil · 15-07-2010 20:12:44

Bonjour, et désolé pour le temps de réponse, mais je n'ai pas eu le temps ces derniers jours.

J'ai pas pu avoir le CDlive linux, alors j'ai essayé la méthode de cosmido, et ça a fonctionné, j'ai réussi à supprimer le fichier.

Alors pendant un temps le processus system a baissé à environ 15000Ko, mais après redémarrage de la machine le voilà de retour comme avant... Mais le fichier supprimé n'est pas réapparu.

J'ai refais une analyse avec ComboFix (en mode sans échec), je vous poste le rapport :

ComboFix 10-07-06.01 - thomas 15/07/2010 19:39:17.7.2 - x86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1760 [GMT 2:00]
Lancé depuis: c:\documents and settings\thomas\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\thomas\Bureau\CFScript.txt
AV: Doctor Web Anti-Virus *On-access scanning enabled* (Updated) {3454C8F1-ECBC-4180-A6F4-04632FBA762B}

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
- Mode FONCTIONNALITES REDUITES -

FILE ::
"c:\documents and settings\thomas\Menu Démarrer\Programmes\Démarrage\Antimalware Doctor.lnk"
"c:\windows\pss\Antimalware Doctor.lnkStartup"
"c:\windows\Tasks\WGASetup.job"
.

((((((((((((((((((((((((((((( Fichiers créés du 2010-06-15 au 2010-07-15 ))))))))))))))))))))))))))))))))))))
.

2010-07-15 17:11 . 2010-07-15 17:11 -------- d-----w- C:\a52cf6b87c9cc1508e3a368a8981
2010-07-15 16:19 . 2010-04-20 13:43 107384 ----a-w- c:\windows\system32\drivers\dwprot.sys
2010-07-14 19:12 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-12 19:20 . 2010-07-12 19:20 -------- d-----w- c:\program files\iPod
2010-07-12 19:19 . 2010-07-12 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-12 19:01 . 2010-07-12 19:02 -------- d-----w- c:\program files\QuickTime
2010-07-12 18:58 . 2010-07-12 18:58 -------- d-----w- c:\program files\Apple Software Update
2010-07-12 18:53 . 2010-07-12 18:53 -------- d-----w- c:\program files\Bonjour
2010-07-10 13:17 . 2005-11-13 20:40 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2010-07-10 13:17 . 2010-07-10 13:27 -------- d-----w- c:\program files\Unreal Anthology
2010-07-09 18:16 . 2010-07-09 18:17 -------- d-----r- c:\documents and settings\NetworkService\Mes documents
2010-07-09 18:16 . 2010-07-09 18:16 -------- d--h--w- c:\documents and settings\NetworkService\Voisinage réseau
2010-07-09 18:16 . 2010-07-09 18:22 -------- d-----w- c:\documents and settings\NetworkService\Bureau
2010-07-09 18:16 . 2010-07-09 18:16 -------- d-----w- c:\documents and settings\NetworkService\Menu Démarrer
2010-07-01 13:04 . 2010-07-15 16:18 -------- d-----w- c:\program files\Fichiers communs\Doctor Web
2010-07-01 13:03 . 2010-07-15 16:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Doctor Web
2010-06-30 14:18 . 2010-06-30 14:18 -------- d--h--w- c:\windows\PIF
2010-06-30 07:48 . 2010-06-30 07:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit
2010-06-30 07:48 . 2010-07-09 18:17 -------- d-----r- c:\documents and settings\NetworkService\Favoris
2010-06-29 07:27 . 2010-06-29 07:27 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-06-28 10:19 . 2010-06-28 12:19 -------- d-----w- c:\windows\system32\NtmsData
2010-06-28 09:39 . 2010-06-28 09:39 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Conduit
2010-06-28 09:39 . 2010-06-28 09:39 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PHPNukeFR
2010-06-28 09:39 . 2010-06-28 09:39 -------- d-----r- c:\documents and settings\LocalService\Favoris
2010-06-28 06:44 . 2010-06-28 06:44 -------- d-----w- c:\documents and settings\thomas\Application Data\Malwarebytes
2010-06-28 06:44 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-28 06:44 . 2010-06-28 06:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-28 06:44 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-28 06:43 . 2010-06-28 06:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-26 14:51 . 2009-11-20 14:26 25984 ----a-w- c:\windows\system32\drivers\tap0901.sys
2010-06-26 13:04 . 2010-06-26 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-26 13:04 . 2010-06-26 13:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-26 12:49 . 2010-07-01 16:18 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2010-06-26 12:46 . 2010-07-15 17:21 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-26 12:46 . 2010-06-26 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2010-06-26 12:46 . 2010-07-06 20:54 -------- d-----w- c:\program files\DAP
2010-06-26 09:52 . 2010-06-26 09:52 -------- d-----w- c:\documents and settings\thomas\Application Data\Dofus-6.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2010-06-26 09:31 . 2010-06-26 09:31 -------- d-----w- c:\documents and settings\thomas\Application Data\Dofus-5.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2010-06-24 12:46 . 2010-06-24 12:46 -------- d-----w- c:\documents and settings\thomas\Application Data\Dofus-4.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2010-06-24 12:00 . 2010-06-24 12:00 -------- d-----w- c:\documents and settings\thomas\Application Data\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-15 17:19 . 2009-01-31 16:36 -------- d-----w- c:\program files\DrWeb
2010-07-14 23:07 . 2010-04-26 06:01 -------- d-----w- c:\program files\LogMeIn
2010-07-13 17:46 . 2008-11-03 11:24 -------- d-----w- c:\documents and settings\thomas\Application Data\Canon
2010-07-12 19:22 . 2008-12-31 16:18 -------- d-----w- c:\program files\iTunes
2010-07-12 19:20 . 2008-11-09 17:30 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-07-11 08:16 . 2010-04-24 11:59 -------- d-----w- c:\documents and settings\thomas\Application Data\uTorrent
2010-07-10 13:17 . 2008-10-08 12:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-04 10:01 . 2009-01-15 19:29 -------- d-----w- c:\documents and settings\thomas\Application Data\SolidWorks
2010-07-03 07:43 . 2009-01-09 17:14 -------- d-----w- c:\program files\PHPNukeFR
2010-07-02 22:39 . 2008-11-09 17:22 -------- d-----w- c:\documents and settings\thomas\Application Data\dvdcss
2010-07-02 06:33 . 2001-09-28 12:00 81386 ----a-w- c:\windows\system32\perfc00C.dat
2010-07-02 06:33 . 2001-09-28 12:00 503238 ----a-w- c:\windows\system32\perfh00C.dat
2010-07-01 16:18 . 2008-11-29 14:53 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-06-28 14:23 . 2009-12-05 19:06 -------- d-----w- c:\documents and settings\thomas\Application Data\Dofus 2
2010-06-25 21:47 . 2008-10-22 14:12 -------- d-----w- c:\documents and settings\thomas\Application Data\Skype
2010-06-25 17:18 . 2008-10-22 14:13 -------- d-----w- c:\documents and settings\thomas\Application Data\skypePM
2010-06-14 14:31 . 2008-10-08 12:46 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-11 20:42 . 2009-12-05 17:04 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
2010-06-11 20:30 . 2009-12-06 17:22 -------- d-----w- c:\documents and settings\thomas\Application Data\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2010-06-08 17:49 . 2010-06-08 17:48 -------- d-----w- c:\program files\ISOpen
2010-06-05 07:03 . 2009-11-06 09:48 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-31 16:02 . 2010-04-24 12:00 -------- d-----w- c:\program files\uTorrent
2010-05-23 21:49 . 2008-11-28 13:13 -------- d-----w- c:\documents and settings\thomas\Application Data\LimeWire
2010-05-23 10:13 . 2008-11-28 13:12 -------- d-----w- c:\program files\LimeWire
2010-05-21 17:57 . 2008-10-22 14:10 219128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-05-21 15:44 . 2008-10-22 14:11 138592 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-07 08:49 . 2009-08-11 22:09 46724 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-02 08:08 . 2004-08-19 14:00 1851392 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-19 14:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-19 18:47 . 2010-01-05 18:14 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-19 18:47 . 2008-12-31 16:17 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2006-05-03 09:06 . 2009-07-26 13:50 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-07-26 13:50 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-07-26 13:50 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-07-07_18.20.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-10 13:27 . 2002-12-11 22:14 46592 c:\windows\system32\dxdllreg.exe
+ 2010-07-12 18:54 . 2010-04-19 18:47 41984 c:\windows\system32\DRVSTORE\usbaapl_3822718F9E2E86C3752D30561ECA5A855A4A3F7D\usbaapl.sys
+ 2010-07-12 18:54 . 2010-04-19 18:29 18432 c:\windows\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\netaapl.sys
+ 2010-07-10 13:27 . 2004-07-09 02:26 52096 c:\windows\system32\drivers\msdv.sys
+ 2010-07-10 13:27 . 2004-07-09 02:26 15104 c:\windows\system32\drivers\mpe.sys
+ 2010-07-10 13:27 . 2004-07-09 02:26 11392 c:\windows\system32\drivers\bdasup.sys
+ 2010-07-10 13:27 . 2004-07-09 02:26 47104 c:\windows\system32\dllcache\wstdecod.dll
+ 2010-07-10 13:27 . 2002-08-29 01:41 31744 c:\windows\system32\dllcache\pid.dll
+ 2010-07-10 13:27 . 2004-07-09 02:26 52096 c:\windows\system32\dllcache\msdv.sys
+ 2010-07-10 13:27 . 2002-12-11 22:14 13312 c:\windows\system32\dllcache\msdmo.dll
+ 2010-07-10 13:27 . 2004-07-09 02:26 15104 c:\windows\system32\dllcache\mpe.sys
+ 2010-07-10 13:27 . 2002-12-11 22:14 34304 c:\windows\system32\dllcache\mciqtz32.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 18432 c:\windows\system32\dllcache\dswave.dll
+ 2010-07-10 13:27 . 2004-07-09 02:27 79360 c:\windows\system32\dllcache\dpwsockx.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 80896 c:\windows\system32\dllcache\dpvsetup.exe
+ 2010-07-10 13:27 . 2002-12-11 22:14 19968 c:\windows\system32\dllcache\dpvacm.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 16896 c:\windows\system32\dllcache\dpnsvr.exe
+ 2010-07-10 13:27 . 2003-03-24 07:00 68096 c:\windows\system32\dllcache\dpnhupnp.dll
+ 2010-07-10 13:27 . 2003-03-24 07:00 32768 c:\windows\system32\dllcache\dpnhpast.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 77824 c:\windows\system32\dllcache\dpmodemx.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 28160 c:\windows\system32\dllcache\dplaysvr.exe
+ 2010-07-10 13:27 . 2002-12-11 22:14 98816 c:\windows\system32\dllcache\dmstyle.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 76800 c:\windows\system32\dllcache\dmscript.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 33280 c:\windows\system32\dllcache\dmloader.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 58368 c:\windows\system32\dllcache\dmcompos.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 27136 c:\windows\system32\dllcache\dmband.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 24064 c:\windows\system32\dllcache\ddrawex.dll
+ 2010-07-10 13:27 . 2004-07-09 02:26 11392 c:\windows\system32\dllcache\bdasup.sys
+ 2010-07-10 13:27 . 2002-12-11 22:14 64512 c:\windows\system32\dllcache\amstream.dll
+ 2010-07-10 13:27 . 2004-07-09 02:26 47104 c:\windows\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\wstdecod.dll
+ 2010-07-10 13:27 . 2004-07-09 02:26 18688 c:\windows\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\wstcodec.sys
+ 2010-07-10 13:27 . 2004-07-09 02:26 14976 c:\windows\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\streamip.sys
+ 2010-07-10 13:27 . 2004-07-09 02:26 10880 c:\windows\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\slip.sys
+ 2010-07-10 13:27 . 2004-07-09 02:26 10112 c:\windows\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\ndisip.sys
+ 2010-07-10 13:27 . 2004-07-09 02:26 83968 c:\windows\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\nabtsfec.sys
+ 2010-07-10 13:27 . 2004-07-09 02:26 16896 c:\windows\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\msyuv.dll
+ 2010-07-10 13:27 . 2004-07-09 02:26 15104 c:\windows\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\mpe.sys
+ 2010-07-10 13:27 . 2004-07-09 02:26 16384 c:\windows\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\ccdecode.sys
+ 2010-07-10 13:27 . 2004-07-09 02:26 11392 c:\windows\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\bdasup.sys
+ 2010-07-10 13:27 . 2004-07-09 02:27 48512 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\stream.sys
+ 2010-07-10 13:27 . 2002-12-11 22:14 13312 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\msdmo.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 34304 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\mciqtz32.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 18944 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\encapi.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 46592 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dxdllreg.exe
+ 2010-07-10 13:27 . 2002-12-11 22:14 18432 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dswave.dll
+ 2010-07-10 13:27 . 2004-07-09 02:27 79360 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpwsockx.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 80896 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpvsetup.exe
+ 2010-07-10 13:27 . 2002-12-11 22:14 19968 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpvacm.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 16896 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpnsvr.exe
+ 2010-07-10 13:27 . 2003-03-24 07:00 68096 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpnhupnp.dll
+ 2010-07-10 13:27 . 2003-03-24 07:00 32768 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpnhpast.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 77824 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpmodemx.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 28160 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dplaysvr.exe
+ 2010-07-10 13:27 . 2002-12-11 22:14 98816 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmstyle.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 76800 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmscript.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 33280 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmloader.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 58368 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmcompos.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 27136 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmband.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 24064 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddrawex.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 64512 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\amstream.dll
- 2010-07-01 13:04 . 2010-07-01 13:04 32038 c:\windows\Installer\{E96B3169-86F4-415E-8E87-F0B6251167FB}\ARPPRODUCTICON.exe
+ 2010-07-15 16:19 . 2010-07-15 16:19 32038 c:\windows\Installer\{E96B3169-86F4-415E-8E87-F0B6251167FB}\ARPPRODUCTICON.exe
+ 2010-07-12 18:58 . 2010-07-12 18:58 27136 c:\windows\Installer\{C41300B9-185D-475E-BFEC-39EF732F19B1}\AppleSoftwareUpdateIco.exe
+ 2008-10-08 15:07 . 2010-07-15 17:18 23040 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-10-08 15:07 . 2010-06-10 17:16 23040 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-10-08 15:07 . 2010-06-10 17:16 61440 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-10-08 15:07 . 2010-07-15 17:18 61440 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-10-08 15:07 . 2010-07-15 17:18 27136 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-10-08 15:07 . 2010-06-10 17:16 27136 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-10-08 15:07 . 2010-06-10 17:16 11264 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-10-08 15:07 . 2010-07-15 17:18 11264 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-10-08 15:07 . 2010-07-15 17:18 86016 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-10-08 15:07 . 2010-06-10 17:16 86016 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-10-08 15:07 . 2010-06-10 17:16 12288 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-10-08 15:07 . 2010-07-15 17:18 12288 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-07-10 13:27 . 2004-07-09 02:26 18688 c:\windows\Driver Cache\i386\wstcodec.sys
+ 2010-07-10 13:27 . 2004-07-09 02:26 14976 c:\windows\Driver Cache\i386\streamip.sys
+ 2010-07-10 13:27 . 2004-07-09 02:27 48512 c:\windows\Driver Cache\i386\stream.sys
+ 2010-07-10 13:27 . 2004-07-09 02:26 10880 c:\windows\Driver Cache\i386\slip.sys
+ 2010-07-10 13:27 . 2002-08-29 01:41 31744 c:\windows\Driver Cache\i386\pid.dll
+ 2010-07-10 13:27 . 2004-07-09 02:26 10112 c:\windows\Driver Cache\i386\ndisip.sys
+ 2010-07-10 13:27 . 2004-07-09 02:26 83968 c:\windows\Driver Cache\i386\nabtsfec.sys
+ 2010-07-10 13:27 . 2004-07-09 02:26 52096 c:\windows\Driver Cache\i386\msdv.sys
+ 2010-07-10 13:27 . 2004-07-09 02:26 15104 c:\windows\Driver Cache\i386\mpe.sys
+ 2010-07-10 13:27 . 2004-07-09 02:26 16384 c:\windows\Driver Cache\i386\ccdecode.sys
+ 2010-07-10 13:27 . 2004-07-09 02:26 11392 c:\windows\Driver Cache\i386\bdasup.sys
+ 2010-07-10 13:27 . 2002-12-11 22:14 3072 c:\windows\system32\dllcache\dpnlobby.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 3072 c:\windows\system32\dllcache\dpnaddr.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 8192 c:\windows\system32\dllcache\d3d8thk.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 4096 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\swenum.sys
+ 2010-07-10 13:27 . 2002-12-11 22:14 5504 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\mstee.sys
+ 2010-07-10 13:27 . 2001-08-23 03:00 4608 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\mspqm.sys
+ 2010-07-10 13:27 . 2002-12-11 22:14 5248 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\mspclock.sys
+ 2010-07-10 13:27 . 2002-12-11 22:14 7424 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\mskssrv.sys
+ 2010-07-10 13:27 . 2002-12-11 22:14 4096 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ksuser.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 3072 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpnlobby.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 3072 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpnaddr.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 8192 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\d3d8thk.dll
+ 2008-10-08 15:07 . 2010-07-15 17:18 4096 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-10-08 15:07 . 2010-06-10 17:16 4096 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2010-07-10 13:27 . 2002-12-11 22:14 4096 c:\windows\Driver Cache\i386\swenum.sys
+ 2010-07-10 13:27 . 2002-12-11 22:14 5504 c:\windows\Driver Cache\i386\mstee.sys
+ 2010-07-10 13:27 . 2001-08-23 03:00 4608 c:\windows\Driver Cache\i386\mspqm.sys
+ 2010-07-10 13:27 . 2002-12-11 22:14 5248 c:\windows\Driver Cache\i386\mspclock.sys
+ 2010-07-10 13:27 . 2002-12-11 22:14 7424 c:\windows\Driver Cache\i386\mskssrv.sys
+ 2010-07-10 13:27 . 2002-12-11 22:14 4096 c:\windows\Driver Cache\i386\ksuser.dll
+ 2010-07-10 13:27 . 2004-07-09 02:26 354816 c:\windows\system32\psisdecd.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 733184 c:\windows\system32\dllcache\qedwipes.dll
+ 2010-07-10 13:27 . 2004-07-09 02:27 470528 c:\windows\system32\dllcache\qdvd.dll
+ 2010-07-10 13:27 . 2004-07-09 02:27 316928 c:\windows\system32\dllcache\qdv.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 257024 c:\windows\system32\dllcache\qcap.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 173056 c:\windows\system32\dllcache\qasf.dll
+ 2010-07-10 13:27 . 2004-07-09 02:26 354816 c:\windows\system32\dllcache\psisdecd.dll
+ 2010-07-10 13:27 . 2004-07-09 02:27 974848 c:\windows\system32\dllcache\dxdiag.exe
+ 2010-07-10 13:27 . 2002-12-11 22:14 602624 c:\windows\system32\dllcache\dx7vb.dll
+ 2010-07-10 13:27 . 2004-07-09 02:27 381952 c:\windows\system32\dllcache\dsound.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 491520 c:\windows\system32\dllcache\dsdmoprp.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 186880 c:\windows\system32\dllcache\dsdmo.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 112128 c:\windows\system32\dllcache\dpvvox.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 381952 c:\windows\system32\dllcache\dpvoice.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 723968 c:\windows\system32\dllcache\dpnet.dll
+ 2010-07-10 13:27 . 2004-07-09 02:27 230400 c:\windows\system32\dllcache\dplayx.dll
+ 2010-07-10 13:27 . 2004-07-09 02:27 122880 c:\windows\system32\dllcache\dmusic.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 100864 c:\windows\system32\dllcache\dmsynth.dll
+ 2010-07-10 13:27 . 2004-07-09 02:27 181248 c:\windows\system32\dllcache\dmime.dll
+ 2010-07-10 13:27 . 2002-08-29 01:40 667648 c:\windows\system32\dllcache\dinput8.dll
+ 2010-07-10 13:27 . 2002-08-29 01:40 648704 c:\windows\system32\dllcache\dinput.dll
+ 2010-07-10 13:27 . 2003-05-30 07:00 132608 c:\windows\system32\dllcache\devenum.dll
+ 2010-07-10 13:27 . 2004-07-09 02:27 292864 c:\windows\system32\dllcache\ddraw.dll
+ 2010-07-10 13:27 . 2003-05-30 07:00 797184 c:\windows\system32\dllcache\d3dim700.dll
+ 2010-07-10 13:27 . 2004-07-09 02:26 354816 c:\windows\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\psisdecd.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 733184 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\qedwipes.dll
+ 2010-07-10 13:27 . 2004-07-09 02:27 470528 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\qdvd.dll
+ 2010-07-10 13:27 . 2004-07-09 02:27 316928 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\qdv.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 257024 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\qcap.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 173056 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\qasf.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 324096 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\mswebdvd.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 130304 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ks.sys
+ 2010-07-10 13:27 . 2004-07-09 02:27 974848 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dxdiag.exe
+ 2010-07-10 13:27 . 2002-12-11 22:14 602624 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dx7vb.dll
+ 2010-07-10 13:27 . 2004-07-09 02:27 381952 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 491520 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsdmoprp.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 186880 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsdmo.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 112128 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpvvox.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 381952 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpvoice.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 723968 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpnet.dll
+ 2010-07-10 13:27 . 2004-07-09 02:27 230400 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dplayx.dll
+ 2010-07-10 13:27 . 2004-07-09 02:27 122880 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmusic.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 100864 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmsynth.dll
+ 2010-07-10 13:27 . 2004-07-09 02:27 181248 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmime.dll
+ 2010-07-10 13:27 . 2003-05-30 07:00 132608 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\devenum.dll
+ 2010-07-10 13:27 . 2004-07-09 02:27 292864 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddraw.dll
+ 2010-07-10 13:27 . 2003-05-30 07:00 797184 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\d3dim700.dll
+ 2010-07-12 18:52 . 2010-07-12 18:52 807424 c:\windows\Installer\2e2ff23.msi
+ 2008-10-08 15:07 . 2010-07-15 17:18 409600 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-10-08 15:07 . 2010-06-10 17:16 409600 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-10-08 15:07 . 2010-06-10 17:16 286720 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-10-08 15:07 . 2010-07-15 17:18 286720 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-10-08 15:07 . 2010-07-15 17:18 249856 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-10-08 15:07 . 2010-06-10 17:16 249856 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-10-08 15:07 . 2010-07-15 17:18 794624 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-10-08 15:07 . 2010-06-10 17:16 794624 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-10-08 15:07 . 2010-06-10 17:16 135168 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-10-08 15:07 . 2010-07-15 17:18 135168 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-10-08 15:07 . 2010-06-10 17:16 593920 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-10-08 15:07 . 2010-07-15 17:18 593920 c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2010-07-12 19:23 . 2010-07-12 19:23 372736 c:\windows\Installer\{7AB3A249-FB81-416B-917A-A2A10E74C503}\iTunesIco.exe
+ 2007-04-19 12:01 . 2007-04-19 12:01 238424 c:\windows\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\MSCDM.DLL
+ 2007-01-16 18:32 . 2007-01-16 18:32 136032 c:\windows\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\MSAEXP30.DLL
+ 2007-04-19 11:54 . 2007-04-19 11:54 169312 c:\windows\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\ACCWIZ.DLL
+ 2010-07-10 13:27 . 2004-07-09 02:26 354816 c:\windows\Driver Cache\i386\psisdecd.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 130304 c:\windows\Driver Cache\i386\ks.sys
+ 2010-07-12 18:54 . 2010-04-19 18:47 3062048 c:\windows\system32\DRVSTORE\usbaapl_3822718F9E2E86C3752D30561ECA5A855A4A3F7D\usbaaplrc.dll
+ 2010-07-12 18:54 . 2010-04-19 18:29 1461992 c:\windows\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\wdfcoinstaller01009.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 1798144 c:\windows\system32\dllcache\qedit.dll
+ 2010-07-10 13:27 . 2004-07-09 02:26 1230336 c:\windows\system32\dllcache\msvidctl.dll
+ 2010-07-10 13:27 . 2003-05-30 07:00 1189888 c:\windows\system32\dllcache\dx8vb.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 1294336 c:\windows\system32\dllcache\dsound3d.dll
+ 2010-07-10 13:27 . 2004-07-09 02:27 1201152 c:\windows\system32\dllcache\d3d8.dll
+ 2010-07-10 13:27 . 2004-07-09 02:26 1230336 c:\windows\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\msvidctl.dll
+ 2010-07-10 13:27 . 2003-05-30 07:00 1962496 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\quartz.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 1798144 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\qedit.dll
+ 2010-07-10 13:27 . 2003-05-30 07:00 1189888 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dx8vb.dll
+ 2010-07-10 13:27 . 2002-12-11 22:14 1294336 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound3d.dll
+ 2010-07-10 13:27 . 2004-07-09 02:27 1201152 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\d3d8.dll
+ 2010-07-15 16:19 . 2010-07-15 16:19 2178560 c:\windows\Installer\3e2b4.msi
+ 2010-07-12 19:22 . 2010-07-12 19:22 4820480 c:\windows\Installer\2e30ed8.msi
+ 2010-07-12 19:02 . 2010-07-12 19:02 9472000 c:\windows\Installer\2e3073c.msi
+ 2010-07-12 18:58 . 2010-07-12 18:58 1554944 c:\windows\Installer\2e3048c.msi
+ 2010-07-12 18:54 . 2010-07-12 18:54 3089408 c:\windows\Installer\2e2ff89.msi
+ 2010-07-12 18:53 . 2010-07-12 18:53 1984000 c:\windows\Installer\2e2ff4b.msi
+ 2010-05-25 09:45 . 2010-05-25 09:45 8445440 c:\windows\Installer\2cfca.msp
+ 2010-06-11 15:55 . 2010-06-11 15:55 1827328 c:\windows\Installer\2cfb2.msp
+ 2010-06-30 20:52 . 2010-06-30 20:52 5522944 c:\windows\Installer\20bc44.msp
+ 2007-05-10 11:43 . 2007-05-10 11:43 6688096 c:\windows\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\MSACCESS.EXE
+ 2008-10-22 13:15 . 2010-07-02 19:39 34045896 c:\windows\system32\MRT.exe
+ 2010-06-11 15:52 . 2010-06-11 15:52 45542912 c:\windows\Installer\2cfb3.msp
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2010-06-26 2819584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-03-18 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"SpIDerAgent"="c:\program files\DrWeb\SpIDerAgent.exe" [2010-02-15 447728]
"SpIDerMail"="c:\program files\DrWeb\spiderml.exe" [2009-06-30 644336]
"SpIDerGate"="c:\program files\DrWeb\spidergate.exe" [2009-11-23 1471728]
"SpIDerNT"="c:\progra~1\DrWeb\spiderui.exe" [2010-04-07 231816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 17:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^thomas^Menu Démarrer^Programmes^Démarrage^MSN Pictures Displayer.lnk]
path=c:\documents and settings\thomas\Menu Démarrer\Programmes\Démarrage\MSN Pictures Displayer.lnk
backup=c:\windows\pss\MSN Pictures Displayer.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^thomas^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]
path=c:\documents and settings\thomas\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-08-08 12:11 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-03-05 15:32 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
2010-06-26 12:46 2819584 ----a-w- c:\program files\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 14:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-08-11 10:41 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-18 18:20 202256 ----a-w- c:\program files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-05-29 15:38 322352 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
2004-08-23 12:50 122880 ----a-w- c:\progra~1\Wanadoo\Shell.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
2004-10-14 14:55 32768 ----a-w- c:\progra~1\Wanadoo\GestMAJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
2004-08-23 12:49 20480 ----a-w- c:\progra~1\Wanadoo\Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Boonty Games"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Klient\\Klient.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Unreal Anthology\\UT2004\\System\\UT2004.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [15/07/2010 18:19 107384]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [27/06/2009 20:43 33792]
S2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);c:\program files\Fichiers communs\Doctor Web\Scanning Engine\dwengine.exe [21/01/2009 16:09 869688]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11/08/2008 12:41 12856]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20/10/2009 20:19 50704]
S2 SPIDER;SpIDer Guard File System Monitor;c:\progra~1\DrWeb\spider.sys [16/04/2009 10:40 312504]
S2 SPIDERNT;SpIDer Guard for Windows;c:\progra~1\DrWeb\spidernt.exe [16/04/2009 10:40 231816]
S3 avshws;YouUp Simulated Hardware;c:\windows\system32\drivers\youup.sys [27/04/2009 16:57 57472]
S3 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
S4 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19/02/2010 20:09 135664]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29/11/2008 16:51 717296]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\AUTORUN.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fcbd126-2d05-11de-9c52-001c253fa7b7}]
\Shell\AutoRun\command - J:\nqdymj.exe
\Shell\open\Command - J:\nqdymj.exe
.
Contenu du dossier 'Tâches planifiées'

2010-07-15 c:\windows\Tasks\Dr.Web Daily scan.job
- c:\program files\DrWeb\DrWeb32w.exe [2009-06-30 10:26]

2010-07-15 c:\windows\Tasks\Dr.Web Update.job
- c:\program files\DrWeb\DrWebUpW.exe [2009-06-30 11:47]

2010-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 18:09]

2010-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 18:09]

2010-07-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-07-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1993962763-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-07-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-07-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1993962763-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Tout t&élécharger avec NetTransport - c:\program files\Xi\NetTransport 2\NTAddList.html
LSP: c:\program files\DrWeb\drwebsp.dll
LSP: c:\progra~1\SPEEDB~1\sblsp.dll
FF - ProfilePath - c:\documents and settings\thomas\Application Data\Mozilla\Firefox\Profiles\pptz5l99.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Rechercher
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - prefs.js: keyword.URL - hxxp://mystart.hiyo.com/?loc=ff_address&search=
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdrmv2.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-15 19:42
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e1,a2,fa,72,e9,53,e9,fe,09,63,bb,be,76,85,19,35,d4,ed,d3,fd,1f,
b0,7e,ad,9f,bb,87,cc,eb,c5,58,28,a2,89,82,2d,48,96,06,02,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e6208e62-2e45-4fdf-9c66-f2a750a2eaaf}]
@Denied: (Full) (Everyone)
"Model"=dword:00000009
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,ab,9e,50,1b,eb,77,d1,ab,5d,45,9e,1b,b3,2e,50,a1,83,e0,8b,c5,07,bb,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(232)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
.
Heure de fin: 2010-07-15 19:53:14
ComboFix-quarantined-files.txt 2010-07-15 17:53
ComboFix2.txt 2010-07-08 17:57
ComboFix3.txt 2010-07-07 18:25
ComboFix4.txt 2010-07-06 21:24

Avant-CF: 96 060 649 472 octets libres
Après-CF: 96 074 547 200 octets libres

- - End Of File - - BCA70B85F2B91772374BB271154DE66D