Votre question

Problème pour supprimer un virus [résolu]

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
29 Mai 2011 16:26:35

Bonjour j'ai un problème pour supprimer un virus.
En effet avast le détecte comme : windows/system32/nppt2N.sys
Je fais supprimer le fichier mais sa revient tout le temps est-ce que quelqu'un pourrait me dire quoi faire svp?

Autres pages sur : probleme supprimer virus resolu

29 Mai 2011 18:00:11

c'est quoi comme anti virus?
29 Mai 2011 18:29:25

Bonsoir
gabriel121 a dit :
c'est quoi comme anti virus?



Citation :
En effet avast le détecte comme : windows/system32/nppt2N.sys

gabriel121, merci de ne plus poster dans cette section du forum... :o 


Angerose
mets à jour avast pour voir, je pense que c'est un faux positif...

puis:


Télécharge DDS et sauvegarde-le sur ton bureau.
  • Désactive tout script bloquant, tels qu'un antivirus, un logiciel comme ad-block, noscript etc.
  • Double-clique sur dds.scr pour lancer l'outil.
  • Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
  • Clique Oui à la prochaine invite Optional Scan.
  • Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.

    Contenus similaires
    30 Mai 2011 10:53:55

    Merci pour ton aide et voilà le dds :

    DDS (Ver_11-05-19.01) - NTFSx86
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_24
    Run by Graziella Mickael at 12:50:23 on 2011-05-30
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1015.374 [GMT 2:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ===============
    .
    D:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    D:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\system32\igfxtray.exe
    D:\WINDOWS\system32\igfxpers.exe
    D:\WINDOWS\RTHDCPL.EXE
    D:\Program Files\Alwil Software\Avast5\avastUI.exe
    D:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
    D:\Program Files\DivX\DivX Update\DivXUpdate.exe
    D:\Program Files\Windows Live\Messenger\msnmsgr.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\OrangeHSS\Launcher\Launcher.exe
    D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    D:\Program Files\OrangeHSS\systray\systrayapp.exe
    D:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
    svchost.exe
    D:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
    D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    D:\Program Files\Java\jre6\bin\jqs.exe
    D:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
    D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\Program Files\Mozilla Firefox\plugin-container.exe
    D:\Program Files\BitTorrent\bittorrent.exe
    D:\WINDOWS\System32\svchost.exe -k HTTPFilter
    D:\WINDOWS\system32\wuauclt.exe
    D:\Documents and Settings\Graziella Mickael\Bureau\dds.scr
    D:\WINDOWS\system32\WSCRIPT.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uURLSearchHooks: Search Class: {08c06d61-f1f3-4799-86f8-be1a89362c85} - d:\program files\orangehss\searchurlhook\SearchPageURL.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - d:\program files\divx\divx plus web player\npdivx32.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - d:\program files\divx\divx plus web player\npdivx32.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - d:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - d:\program files\ask.com\GenericAskToolbar.dll
    uRun: [msnmsgr] "d:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
    mRun: [igfxtray] d:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] d:\windows\system32\hkcmd.exe
    mRun: [igfxpers] d:\windows\system32\igfxpers.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [SkyTel] SkyTel.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [ORAHSSSessionManager] d:\program files\orangehss\sessionmanager\SessionManager.exe
    mRun: [avast5] "d:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [SunJavaUpdateSched] "d:\program files\fichiers communs\java\java update\jusched.exe"
    mRun: [DivXUpdate] "d:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRunOnce: [aswAhAScr.dll] "d:\program files\alwil software\avast5\aswregsvr.exe" "d:\program files\alwil software\avast5\AhAScr.dll"
    dRun: [CTFMON.EXE] d:\windows\system32\CTFMON.EXE
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~3\office12\REFIEBAR.DLL
    Trusted Zone: mappy.com
    Trusted Zone: orange.fr
    Trusted Zone: voila.fr\rw.search.ke
    Trusted Zone: weborama.fr\orange
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - d:\documents and settings\graziella mickael\application data\mozilla\firefox\profiles\5w0euea9.default\
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: d:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: d:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [2011-5-27 307928]
    R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [2011-5-27 19544]
    R2 avast! Antivirus;avast! Antivirus;d:\program files\alwil software\avast5\AvastSvc.exe [2011-5-27 40384]
    S1 aswSnx;aswSnx;d:\windows\system32\drivers\aswSnx.sys [2011-5-30 441176]
    S3 npggsvc;nProtect GameGuard Service;d:\windows\system32\gamemon.des -service --> d:\windows\system32\GameMon.des -service [?]
    .
    =============== Created Last 30 ================
    .
    2011-05-30 10:49:55 441176 ----a-w- d:\windows\system32\drivers\aswSnx.sys
    2011-05-30 08:45:36 -------- dc-h--w- d:\windows\ie8
    2011-05-30 08:43:40 -------- d-----w- D:\a2e9f854c72ebfa35eb14c
    2011-05-30 04:28:14 -------- d-----w- d:\documents and settings\graziella mickael\application data\BitTorrent
    2011-05-29 12:56:23 -------- d-----w- d:\program files\fichiers communs\DivX Shared
    2011-05-29 12:41:18 -------- d-----w- d:\program files\DivX
    2011-05-29 12:37:42 -------- d-----w- d:\documents and settings\all users\application data\DivX
    2011-05-29 09:25:02 -------- d-----w- d:\windows\SHELLNEW
    2011-05-29 09:24:36 -------- d-----w- d:\documents and settings\graziella mickael\local settings\application data\Microsoft Help
    2011-05-29 08:35:44 -------- d-----w- d:\documents and settings\graziella mickael\application data\Malwarebytes
    2011-05-29 08:35:33 -------- d-----w- d:\documents and settings\all users\application data\Malwarebytes
    2011-05-29 08:35:29 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
    2011-05-29 06:13:11 1182 ----a-w- d:\windows\system32\tmp.reg
    2011-05-28 10:15:06 4330168 ----a-w- d:\windows\system32\GameMon.des
    2011-05-28 10:07:20 4682 ----a-w- d:\windows\system32\npptNT2.sys
    2011-05-28 10:07:19 5174 ----a-w- d:\windows\system32\nppt9x.vxd
    2011-05-28 10:05:52 -------- d-----w- d:\program files\Common Files
    2011-05-28 08:50:24 472808 ----a-w- d:\windows\system32\deployJava1.dll
    2011-05-28 08:42:18 -------- d-----w- d:\documents and settings\all users\application data\Messenger Plus!
    2011-05-28 08:34:04 -------- d-----w- d:\windows\system32\Lang
    2011-05-28 00:23:36 272768 -c----w- d:\windows\system32\dllcache\bthport.sys
    2011-05-28 00:23:36 272768 ------w- d:\windows\system32\drivers\bthport.sys
    2011-05-27 23:33:26 2194816 -c----w- d:\windows\system32\dllcache\ntoskrnl.exe
    2011-05-27 23:33:24 2150912 -c----w- d:\windows\system32\dllcache\ntkrnlmp.exe
    2011-05-27 23:33:24 2029056 -c----w- d:\windows\system32\dllcache\ntkrpamp.exe
    2011-05-27 23:29:35 455936 -c----w- d:\windows\system32\dllcache\mrxsmb.sys
    2011-05-27 23:09:44 -------- d-----w- d:\program files\Windows Media Connect 2
    2011-05-27 23:07:20 -------- d-----w- d:\windows\system32\LogFiles
    2011-05-27 23:05:41 26488 ----a-w- d:\windows\system32\spupdsvc.exe
    2011-05-27 23:05:41 -------- d-----w- d:\windows\system32\PreInstall
    2011-05-27 23:05:39 -------- d--h--w- d:\windows\$hf_mig$
    2011-05-27 20:51:15 274288 ----a-w- d:\windows\system32\mucltui.dll
    2011-05-27 20:51:15 215920 ----a-w- d:\windows\system32\muweb.dll
    2011-05-27 20:51:15 18288 ----a-w- d:\windows\system32\mucltui.dll.mui
    .
    ==================== Find3M ====================
    .
    2011-05-27 16:37:09 404640 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-27 15:48:15 315392 ----a-w- d:\windows\HideWin.exe
    2011-05-10 12:10:59 40112 ----a-w- d:\windows\avastSS.scr
    2011-03-07 05:33:47 692736 ----a-w- d:\windows\system32\inetcomm.dll
    2011-03-04 06:45:11 434176 ----a-w- d:\windows\system32\vbscript.dll
    2011-03-03 13:53:37 1858048 ----a-w- d:\windows\system32\win32k.sys
    .
    ============= FINISH: 12:51:19,01 ===============
    30 Mai 2011 20:53:00

    Bonsoir

  • Télécharge Ad-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

    /!\ Déconnecte-toi, désactive ton anti-virus et ferme toutes applications en cours /!\

  • Double-clique sur AD-R situé sur ton Bureau pour le lancer.
    (Sous Vista/Seven, il faut cliquer droit sur AD-R et choisir Exécuter en tant qu'administrateur)
  • Choisis la langue F pour français.
  • Au menu principal, choisis l'option Scanner.

    /!\ Laisse travailler l'outil /!\

  • Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).
    /!\ Pense à réactiver ton antivirus /!\


    +++++++++++++++++++++++++++++++
    31 Mai 2011 11:00:55

    .
    ======= RAPPORT D'AD-REMOVER 2.0.0.0,D | UNIQUEMENT XP/VISTA/7 =======
    .
    Mis à jour par C_XX le 19/05/10 à 19:20
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 12:38:00 le 31/05/2011 | Mode normal | Option: SCAN
    Exécuté de: D:\Ad-Remover\ADR.exe
    SE: Microsoft Windows XP Édition familiale (Service Pack 3 - X86)
    Nom du PC: GRAZIELLA
    Utilisateur actuel: Graziella Mickael
    .
    ============== ÉLÉMENT(S) TROUVÉ(S) ==============
    .
    .
    D:\Documents and Settings\Graziella Mickael\Local Settings\Application Data\AskToolbar
    D:\Program Files\Ask.com
    D:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    D:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
    .
    HKCU\Software\AppDataLow\AskToolbarInfo
    HKCU\Software\Ask.com
    HKCU\Software\AskToolbar
    HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
    HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
    HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
    HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\post platform|AskTB5.5
    HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
    HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|D:\Program Files\Ask.com\GenericAskToolbar.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|D:\Program Files\Ask.com\UpdateTask.exe
    .
    .
    ============== SCAN ADDITIONNEL ==============
    .
    * Mozilla FireFox Version 4.0.1 (fr) *
    .
    D:\Documents and Settings\Graziella Mickael\..\5w0euea9.default\prefs.js - browser.download.dir: D:\\Documents and Settings\\Graziella Mickael\\Bureau
    D:\Documents and Settings\Graziella Mickael\..\5w0euea9.default\prefs.js - browser.download.lastDir: D:\\Documents and Settings\\Graziella Mickael\\Bureau
    D:\Documents and Settings\Graziella Mickael\..\5w0euea9.default\prefs.js - browser.startup.homepage_override.buildID: 20110413222027
    D:\Documents and Settings\Graziella Mickael\..\5w0euea9.default\prefs.js - browser.startup.homepage_override.mstone: rv:2.0.1
    .
    .
    * Internet Explorer Version 6.0.2900.5512 *
    .
    [HKCU\Software\Microsoft\Internet Explorer\Main]
    .
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Do404Search: 0x01000000
    Local Page: D:\windows\system32\blank.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Show_ToolBar: yes
    Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Use Custom Search URL: 0
    .
    [HKLM\Software\Microsoft\Internet Explorer\Main]
    .
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Delete_Temp_Files_On_Exit: yes
    Local Page: D:\windows\system32\blank.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    Use Custom Search URL: 0
    .
    [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
    .
    Blank: res://mshtml.dll/blank.htm
    .
    ========================================
    .
    D:\Ad-Remover\Quarantine: 0 Fichier(s)
    D:\Ad-Remover\Backup: 0 Fichier(s)
    .
    D:\Ad-Report-SCAN[1].txt - 4489 Octet(s)
    .
    Fin à: 12:38:52, 31/05/2011
    .
    ============== E.O.F - SCAN[1] ==============
    31 Mai 2011 11:01:30

    Bonjour voilà le rapport d'add remover x)
    31 Mai 2011 20:53:21

    Bonsoir :) 


    /!\ Déconnecte-toi, désactive ton anti-virus et ferme toutes applications en cours /!\

  • Double-clique sur AD-R situé sur ton Bureau pour le lancer.
    (Sous Vista/Seven, il faut cliquer droit sur AD-R et choisir Exécuter en tant qu'administrateur)
  • Choisis la langue F pour français.
  • Au menu principal, choisis l'option Nettoyer.

    /!\ Laisse travailler l'outil /!\

  • Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).
    /!\ Pense à réactiver ton antivirus /!\

    +++++++++++++++++++++++++
    1 Juin 2011 11:45:40

    Bonjour voilà le rapport clean :) 

    ======= RAPPORT D'AD-REMOVER 2.0.0.0,D | UNIQUEMENT XP/VISTA/7 =======
    .
    Mis à jour par C_XX le 19/05/10 à 19:20
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 13:40:51 le 01/06/2011 | Mode normal | Option: CLEAN
    Exécuté de: D:\Ad-Remover\ADR.exe
    SE: Microsoft Windows XP Édition familiale (Service Pack 3 - X86)
    Nom du PC: GRAZIELLA
    Utilisateur actuel: Graziella Mickael
    .
    ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
    .
    .
    D:\Documents and Settings\Graziella Mickael\Local Settings\Application Data\AskToolbar
    D:\Program Files\Ask.com
    D:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    D:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

    (!) -- Fichiers temporaires supprimés.
    .
    HKCU\Software\AppDataLow\AskToolbarInfo
    HKCU\Software\Ask.com
    HKCU\Software\AskToolbar
    HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
    HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
    HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
    HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\post platform|AskTB5.5
    HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
    HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|D:\Program Files\Ask.com\GenericAskToolbar.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|D:\Program Files\Ask.com\UpdateTask.exe
    .
    .
    ============== SCAN ADDITIONNEL ==============
    .
    * Mozilla FireFox Version 4.0.1 (fr) *
    .
    D:\Documents and Settings\Graziella Mickael\..\5w0euea9.default\prefs.js - browser.download.dir: D:\\Documents and Settings\\Graziella Mickael\\Bureau
    D:\Documents and Settings\Graziella Mickael\..\5w0euea9.default\prefs.js - browser.download.lastDir: D:\\Documents and Settings\\Graziella Mickael\\Bureau
    D:\Documents and Settings\Graziella Mickael\..\5w0euea9.default\prefs.js - browser.startup.homepage_override.buildID: 20110413222027
    D:\Documents and Settings\Graziella Mickael\..\5w0euea9.default\prefs.js - browser.startup.homepage_override.mstone: rv:2.0.1
    .
    .
    * Internet Explorer Version 6.0.2900.5512 *
    .
    [HKCU\Software\Microsoft\Internet Explorer\Main]
    .
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Do404Search: 0x01000000
    Local Page: D:\windows\system32\blank.htm
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Show_ToolBar: yes
    Start Page: hxxp://fr.msn.com/
    Use Custom Search URL: 0
    .
    [HKLM\Software\Microsoft\Internet Explorer\Main]
    .
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Delete_Temp_Files_On_Exit: yes
    Local Page: D:\windows\system32\blank.htm
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://fr.msn.com/
    Use Custom Search URL: 0
    .
    [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
    .
    Tabs: res://ieframe.dll/tabswelcome.htm
    Blank: res://mshtml.dll/blank.htm
    .
    ========================================
    .
    D:\Ad-Remover\Quarantine: 1 Fichier(s)
    D:\Ad-Remover\Backup: 13 Fichier(s)
    .
    D:\Ad-Report-CLEAN[1].txt - 4569 Octet(s)
    D:\Ad-Report-SCAN[1].txt - 4613 Octet(s)
    .
    Fin à: 13:41:54, 01/06/2011
    .
    ============== E.O.F - CLEAN[1] ==============
    1 Juin 2011 18:45:29

    bonjour

    telecharge sur ton bureau http://support.kaspersky.com/downloads/utils/tdsskiller... , dezippe le et execute le , un rapport sera crée ici:

    C:\TDSSKillerVersion_Date_Time_log.txt.<< copie_colle son contenu

    tu as aussi directement l'executable là : http://support.kaspersky.com/downloads/utils/tdsskiller...

    o execute le , La fenêtre suivante va s'ouvrir::



    o Clique sur Start scan et laisse l'outil scanner ton disque dur sans l'interrompre et sans utiliser le PC.
    o Si des fichiers infectés sont trouvées, une nouvelle fenêtre va s'ouvrir:



    o Si TDSS.tdl2 est détecté l'option delete sera cochée par défaut.

    o Si TDSS.tdl3 est détecté assure toi que Cure est bien cochée.

    o Si TDSS.tdl4(\HardDisk0\MBR) est détecté assure toi que Cure est bien cochée.

    o Si Suspicious file est indiqué, laisse l'option cochée sur Skip

    o Clique sur Continue puis sur Reboot now pour redémarrer le PC.

    o Copie-colle le rapport généré dans ta prochaine réponse (Il est aussi sauvegardé à la racine de ta partition système sous le nom C:\TDSSKiller_Quarantine\JJ.MM.AA_HH.MM.SS. (JJ.MM.AA date du passage de l'outil, HH.MM.SS heure de passage).

    tutoriel--> http://support.kaspersky.com/viruses/solutions?qid=2082...



    ++++++++++++++++++++++++++++++++++++++++
    3 Juin 2011 08:50:08

    Bpnjour voilà le rapport tdskiller :

    2011/06/03 10:45:16.0953 1576 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
    2011/06/03 10:45:17.0515 1576 ================================================================================
    2011/06/03 10:45:17.0515 1576 SystemInfo:
    2011/06/03 10:45:17.0515 1576
    2011/06/03 10:45:17.0515 1576 OS Version: 5.1.2600 ServicePack: 3.0
    2011/06/03 10:45:17.0515 1576 Product type: Workstation
    2011/06/03 10:45:17.0515 1576 ComputerName: GRAZIELLA
    2011/06/03 10:45:17.0515 1576 UserName: Graziella Mickael
    2011/06/03 10:45:17.0515 1576 Windows directory: D:\WINDOWS
    2011/06/03 10:45:17.0515 1576 System windows directory: D:\WINDOWS
    2011/06/03 10:45:17.0515 1576 Processor architecture: Intel x86
    2011/06/03 10:45:17.0515 1576 Number of processors: 1
    2011/06/03 10:45:17.0515 1576 Page size: 0x1000
    2011/06/03 10:45:17.0515 1576 Boot type: Normal boot
    2011/06/03 10:45:17.0515 1576 ================================================================================
    2011/06/03 10:45:18.0796 1576 Initialize success
    2011/06/03 10:48:39.0468 2216 ================================================================================
    2011/06/03 10:48:39.0468 2216 Scan started
    2011/06/03 10:48:39.0468 2216 Mode: Manual;
    2011/06/03 10:48:39.0468 2216 ================================================================================
    2011/06/03 10:48:39.0609 2216 Aavmker4 (3f6884eff406238d39aaa892218f1df7) D:\WINDOWS\system32\drivers\Aavmker4.sys
    2011/06/03 10:48:39.0703 2216 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) D:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/06/03 10:48:39.0765 2216 ACPIEC (e4abc1212b70bb03d35e60681c447210) D:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/06/03 10:48:39.0875 2216 aec (8bed39e3c35d6a489438b8141717a557) D:\WINDOWS\system32\drivers\aec.sys
    2011/06/03 10:48:39.0906 2216 AFD (7618d5218f2a614672ec61a80d854a37) D:\WINDOWS\System32\drivers\afd.sys
    2011/06/03 10:48:40.0093 2216 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) D:\WINDOWS\system32\drivers\aswFsBlk.sys
    2011/06/03 10:48:40.0171 2216 aswMon2 (c2181ef6b54752273a0759a968c59279) D:\WINDOWS\system32\drivers\aswMon2.sys
    2011/06/03 10:48:40.0203 2216 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) D:\WINDOWS\system32\drivers\aswRdr.sys
    2011/06/03 10:48:40.0265 2216 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) D:\WINDOWS\system32\drivers\aswSnx.sys
    2011/06/03 10:48:40.0359 2216 aswSP (d6788e3211afa9951ed7a4d617f68a4f) D:\WINDOWS\system32\drivers\aswSP.sys
    2011/06/03 10:48:40.0375 2216 aswTdi (4d100c45517809439c7b6dd98997fa00) D:\WINDOWS\system32\drivers\aswTdi.sys
    2011/06/03 10:48:40.0421 2216 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) D:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/06/03 10:48:40.0468 2216 atapi (9f3a2f5aa6875c72bf062c712cfa2674) D:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/06/03 10:48:40.0562 2216 Atmarpc (9916c1225104ba14794209cfa8012159) D:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/06/03 10:48:40.0625 2216 audstub (d9f724aa26c010a217c97606b160ed68) D:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/06/03 10:48:40.0687 2216 Beep (da1f27d85e0d1525f6621372e7b685e9) D:\WINDOWS\system32\drivers\Beep.sys
    2011/06/03 10:48:40.0734 2216 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) D:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/06/03 10:48:40.0796 2216 Cdaudio (c1b486a7658353d33a10cc15211a873b) D:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/06/03 10:48:40.0906 2216 Cdfs (c885b02847f5d2fd45a24e219ed93b32) D:\WINDOWS\system32\drivers\Cdfs.sys
    2011/06/03 10:48:40.0953 2216 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) D:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/06/03 10:48:41.0109 2216 Disk (044452051f3e02e7963599fc8f4f3e25) D:\WINDOWS\system32\DRIVERS\disk.sys
    2011/06/03 10:48:41.0187 2216 dmboot (f5deadd42335fb33edca74ecb2f36cba) D:\WINDOWS\system32\drivers\dmboot.sys
    2011/06/03 10:48:41.0265 2216 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) D:\WINDOWS\system32\drivers\dmio.sys
    2011/06/03 10:48:41.0296 2216 dmload (e9317282a63ca4d188c0df5e09c6ac5f) D:\WINDOWS\system32\drivers\dmload.sys
    2011/06/03 10:48:41.0343 2216 DMusic (8a208dfcf89792a484e76c40e5f50b45) D:\WINDOWS\system32\drivers\DMusic.sys
    2011/06/03 10:48:41.0390 2216 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) D:\WINDOWS\system32\drivers\drmkaud.sys
    2011/06/03 10:48:41.0453 2216 Fastfat (38d332a6d56af32635675f132548343e) D:\WINDOWS\system32\drivers\Fastfat.sys
    2011/06/03 10:48:41.0484 2216 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) D:\WINDOWS\system32\drivers\Fdc.sys
    2011/06/03 10:48:41.0531 2216 Fips (31f923eb2170fc172c81abda0045d18c) D:\WINDOWS\system32\drivers\Fips.sys
    2011/06/03 10:48:41.0562 2216 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) D:\WINDOWS\system32\drivers\Flpydisk.sys
    2011/06/03 10:48:41.0593 2216 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) D:\WINDOWS\system32\DRIVERS\fltMgr.sys
    2011/06/03 10:48:41.0656 2216 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) D:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/06/03 10:48:41.0687 2216 Ftdisk (a86859b77b908c18c2657f284aa29fe3) D:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/06/03 10:48:41.0765 2216 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) D:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/06/03 10:48:41.0828 2216 HDAudBus (573c7d0a32852b48f3058cfd8026f511) D:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/06/03 10:48:41.0906 2216 hidusb (ccf82c5ec8a7326c3066de870c06daf1) D:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/06/03 10:48:42.0000 2216 HTTP (f80a415ef82cd06ffaf0d971528ead38) D:\WINDOWS\system32\Drivers\HTTP.sys
    2011/06/03 10:48:42.0062 2216 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) D:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/06/03 10:48:42.0156 2216 ialm (81efe1c5542afb2570758f39ae3b1151) D:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    2011/06/03 10:48:42.0234 2216 Imapi (083a052659f5310dd8b6a6cb05edcf8e) D:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/06/03 10:48:42.0406 2216 IntcAzAudAddService (b29781b9a90cd55fc5d859c0b1c243bc) D:\WINDOWS\system32\drivers\RtkHDAud.sys
    2011/06/03 10:48:42.0562 2216 intelppm (ad340800c35a42d4de1641a37feea34c) D:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/06/03 10:48:42.0593 2216 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) D:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    2011/06/03 10:48:42.0640 2216 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) D:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/06/03 10:48:42.0671 2216 IpInIp (b87ab476dcf76e72010632b5550955f5) D:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/06/03 10:48:42.0718 2216 IpNat (cc748ea12c6effde940ee98098bf96bb) D:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/06/03 10:48:42.0781 2216 IPSec (23c74d75e36e7158768dd63d92789a91) D:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/06/03 10:48:42.0812 2216 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) D:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/06/03 10:48:42.0890 2216 isapnp (355836975a67b6554bca60328cd6cb74) D:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/06/03 10:48:42.0953 2216 Kbdclass (16813155807c6881f4bfbf6657424659) D:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/06/03 10:48:42.0984 2216 kmixer (692bcf44383d056aed41b045a323d378) D:\WINDOWS\system32\drivers\kmixer.sys
    2011/06/03 10:48:43.0015 2216 KSecDD (b467646c54cc746128904e1654c750c1) D:\WINDOWS\system32\drivers\KSecDD.sys
    2011/06/03 10:48:43.0093 2216 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) D:\WINDOWS\system32\drivers\mnmdd.sys
    2011/06/03 10:48:43.0171 2216 Modem (510ade9327fe84c10254e1902697e25f) D:\WINDOWS\system32\drivers\Modem.sys
    2011/06/03 10:48:43.0218 2216 Mouclass (027c01bd7ef3349aaebc883d8a799efb) D:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/06/03 10:48:43.0265 2216 mouhid (124d6846040c79b9c997f78ef4b2a4e5) D:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/06/03 10:48:43.0296 2216 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) D:\WINDOWS\system32\drivers\MountMgr.sys
    2011/06/03 10:48:43.0375 2216 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) D:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/06/03 10:48:43.0421 2216 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) D:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/06/03 10:48:43.0484 2216 Msfs (c941ea2454ba8350021d774daf0f1027) D:\WINDOWS\system32\drivers\Msfs.sys
    2011/06/03 10:48:43.0531 2216 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) D:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/06/03 10:48:43.0562 2216 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) D:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/06/03 10:48:43.0578 2216 MSPQM (bad59648ba099da4a17680b39730cb3d) D:\WINDOWS\system32\drivers\MSPQM.sys
    2011/06/03 10:48:43.0625 2216 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) D:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/06/03 10:48:43.0703 2216 Mup (2f625d11385b1a94360bfc70aaefdee1) D:\WINDOWS\system32\drivers\Mup.sys
    2011/06/03 10:48:43.0765 2216 NDIS (1df7f42665c94b825322fae71721130d) D:\WINDOWS\system32\drivers\NDIS.sys
    2011/06/03 10:48:43.0796 2216 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) D:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/06/03 10:48:43.0859 2216 Ndisuio (f927a4434c5028758a842943ef1a3849) D:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/06/03 10:48:43.0875 2216 NdisWan (edc1531a49c80614b2cfda43ca8659ab) D:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/06/03 10:48:43.0921 2216 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) D:\WINDOWS\system32\drivers\NDProxy.sys
    2011/06/03 10:48:43.0937 2216 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) D:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/06/03 10:48:44.0000 2216 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) D:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/06/03 10:48:44.0078 2216 Npfs (3182d64ae053d6fb034f44b6def8034a) D:\WINDOWS\system32\drivers\Npfs.sys
    2011/06/03 10:48:44.0140 2216 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) D:\WINDOWS\system32\drivers\Ntfs.sys
    2011/06/03 10:48:44.0218 2216 Null (73c1e1f395918bc2c6dd67af7591a3ad) D:\WINDOWS\system32\drivers\Null.sys
    2011/06/03 10:48:44.0281 2216 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) D:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/06/03 10:48:44.0312 2216 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) D:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/06/03 10:48:44.0375 2216 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) D:\WINDOWS\system32\drivers\Parport.sys
    2011/06/03 10:48:44.0421 2216 PartMgr (beb3ba25197665d82ec7065b724171c6) D:\WINDOWS\system32\drivers\PartMgr.sys
    2011/06/03 10:48:44.0500 2216 ParVdm (9575c5630db8fb804649a6959737154c) D:\WINDOWS\system32\drivers\ParVdm.sys
    2011/06/03 10:48:44.0578 2216 PCAMPR5 (b670c5d89f0726b7a2a7dfb4e968cdf8) D:\WINDOWS\system32\PCAMPR5.SYS
    2011/06/03 10:48:44.0640 2216 PCANDIS5 (ecd2f9d67b06606064daf6961a6d5efe) D:\WINDOWS\system32\PCANDIS5.SYS
    2011/06/03 10:48:44.0734 2216 PCI (043410877bda580c528f45165f7125bc) D:\WINDOWS\system32\DRIVERS\pci.sys
    2011/06/03 10:48:44.0765 2216 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) D:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/06/03 10:48:44.0812 2216 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) D:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/06/03 10:48:44.0968 2216 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) D:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/06/03 10:48:45.0000 2216 PSched (09298ec810b07e5d582cb3a3f9255424) D:\WINDOWS\system32\DRIVERS\psched.sys
    2011/06/03 10:48:45.0046 2216 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) D:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/06/03 10:48:45.0093 2216 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) D:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/06/03 10:48:45.0234 2216 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) D:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/06/03 10:48:45.0281 2216 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) D:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/06/03 10:48:45.0328 2216 RasPppoe (5bc962f2654137c9909c3d4603587dee) D:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/06/03 10:48:45.0343 2216 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) D:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/06/03 10:48:45.0375 2216 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) D:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/06/03 10:48:45.0437 2216 RDPCDD (4912d5b403614ce99c28420f75353332) D:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/06/03 10:48:45.0531 2216 RDPWD (6728e45b66f93c08f11de2e316fc70dd) D:\WINDOWS\system32\drivers\RDPWD.sys
    2011/06/03 10:48:45.0578 2216 redbook (d8eb2a7904db6c916eb5361878ddcbae) D:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/06/03 10:48:45.0671 2216 RTLE8023xp (bb0ae2171f08129f4f3ff9df20ffbf89) D:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    2011/06/03 10:48:45.0750 2216 Secdrv (90a3935d05b494a5a39d37e71f09a677) D:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/06/03 10:48:45.0781 2216 serenum (0f29512ccd6bead730039fb4bd2c85ce) D:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/06/03 10:48:45.0812 2216 Serial (93d313c31f7ad9ea2b75f26075413c7c) D:\WINDOWS\system32\DRIVERS\serial.sys
    2011/06/03 10:48:45.0859 2216 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) D:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/06/03 10:48:45.0953 2216 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) D:\WINDOWS\system32\drivers\splitter.sys
    2011/06/03 10:48:46.0015 2216 sr (39626e6dc1fb39434ec40c42722b660a) D:\WINDOWS\system32\DRIVERS\sr.sys
    2011/06/03 10:48:46.0062 2216 Srv (47ddfc2f003f7f9f0592c6874962a2e7) D:\WINDOWS\system32\DRIVERS\srv.sys
    2011/06/03 10:48:46.0125 2216 swenum (3941d127aef12e93addf6fe6ee027e0f) D:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/06/03 10:48:46.0171 2216 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) D:\WINDOWS\system32\drivers\swmidi.sys
    2011/06/03 10:48:46.0265 2216 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) D:\WINDOWS\system32\drivers\sysaudio.sys
    2011/06/03 10:48:46.0343 2216 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) D:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/06/03 10:48:46.0390 2216 TDPIPE (6471a66807f5e104e4885f5b67349397) D:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/06/03 10:48:46.0437 2216 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) D:\WINDOWS\system32\drivers\TDTCP.sys
    2011/06/03 10:48:46.0484 2216 TermDD (88155247177638048422893737429d9e) D:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/06/03 10:48:46.0578 2216 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) D:\WINDOWS\system32\drivers\Udfs.sys
    2011/06/03 10:48:46.0625 2216 Update (402ddc88356b1bac0ee3dd1580c76a31) D:\WINDOWS\system32\DRIVERS\update.sys
    2011/06/03 10:48:46.0703 2216 usbccgp (173f317ce0db8e21322e71b7e60a27e8) D:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/06/03 10:48:46.0750 2216 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) D:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/06/03 10:48:46.0859 2216 usbhub (1ab3cdde553b6e064d2e754efe20285c) D:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/06/03 10:48:46.0937 2216 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/06/03 10:48:46.0968 2216 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) D:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/06/03 10:48:47.0031 2216 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) D:\WINDOWS\System32\drivers\vga.sys
    2011/06/03 10:48:47.0093 2216 VolSnap (46de1126684369bace4849e4fc8c43ca) D:\WINDOWS\system32\drivers\VolSnap.sys
    2011/06/03 10:48:47.0140 2216 Wanarp (e20b95baedb550f32dd489265c1da1f6) D:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/06/03 10:48:47.0234 2216 wdmaud (6768acf64b18196494413695f0c3a00f) D:\WINDOWS\system32\drivers\wdmaud.sys
    2011/06/03 10:48:47.0343 2216 WudfPf (f15feafffbb3644ccc80c5da584e6311) D:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/06/03 10:48:47.0375 2216 WudfRd (28b524262bce6de1f7ef9f510ba3985b) D:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/06/03 10:48:47.0437 2216 MBR (0x1B8) (c99c3199cfaa4cbdcd91493f6d113a50) \Device\Harddisk0\DR0
    2011/06/03 10:48:47.0562 2216 ================================================================================
    2011/06/03 10:48:47.0562 2216 Scan finished
    2011/06/03 10:48:47.0562 2216 ================================================================================
    2011/06/03 10:48:47.0578 3600 Detected object count: 0
    2011/06/03 10:48:47.0578 3600 Actual detected object count: 0
    3 Juin 2011 21:09:01

    Bonsoir
    tu peux me poster un rapport de scan avast stp
    7 Juin 2011 09:51:16

    Bonjour au fait j'arrive pas à trouver l'emplacement des rapports de scan d'avast :s
    24 Juin 2011 08:03:33

    Désolé du retard j'ai eu un souci avec mon ordinateur.
    Et je ne trouve toujours pas l'emplacement des rapports de scan, j'ai regarder dans
    ProgramFiles/AdwilSoftware/Avast5 mais je n'ai pas le dossier DATA où normalement se trouve les rapports.
    25 Juin 2011 17:47:47

    Bonsoir bah sa a donné:

    Nom du fichier
    D:\System Volume Information\_restore{0BDB2-78F1-4FA4-AC11-BEC29A04323B}\RP12\A00022689.exe

    Sévérité
    Limitée

    Etat
    LPI:WIN32:HotBar-BE[PUP]

    Action
    Supprimer
    25 Juin 2011 22:46:40

    re
    encore des soucis?
    27 Juin 2011 16:49:45

    Bonsoir ben toujours le meme problème au faite le scan n'a rien changé
    27 Juin 2011 21:32:58

    Bonsoir
    si c'est toujours:
    Citation :
    En effet avast le détecte comme : windows/system32/nppt2N.sys

    scanne ce fichier chez virus total (je pense toujours que c'est un faux positif):
    Rends toi sur ce lien : Virus Total
  • Clique sur Parcourir

  • Analyse le fichier en gras et poste le rapport.

    c:\ windows/system32/nppt2N.sys

  • Si une fenêtre indique que le fichier a déjà été analysé, clique sur réanalyser le fichier maintenant.

    Aide:
    http://forum.malekal.com/virustotal-comment-scanner-fic...
    28 Juin 2011 08:13:17

    Bonjour j'ai fait le scan et voilà ce qui a été donné:


    AhnLab-V3 2011.06.28.00 2011.06.27 -
    AntiVir 7.11.10.132 2011.06.28 -
    Antiy-AVL 2.0.3.7 2011.06.27 -
    Avast 4.8.1351.0 2011.06.27 -
    Avast5 5.0.677.0 2011.06.27 -
    AVG 10.0.0.1190 2011.06.28 -
    BitDefender 7.2 2011.06.28 -
    CAT-QuickHeal 11.00 2011.06.28 -
    ClamAV 0.97.0.0 2011.06.28 -
    Commtouch 5.3.2.6 2011.06.28 -
    Comodo 9209 2011.06.28 -
    DrWeb 5.0.2.03300 2011.06.28 -
    eSafe 7.0.17.0 2011.06.27 Win32.TrojanHorse
    eTrust-Vet 36.1.8411 2011.06.28 -
    F-Prot 4.6.2.117 2011.06.27 -
    F-Secure 9.0.16440.0 2011.06.28 -
    Fortinet 4.2.257.0 2011.06.28 -
    GData 22 2011.06.28 -
    Ikarus T3.1.1.104.0 2011.06.28 -
    Jiangmin 13.0.900 2011.06.27 -
    K7AntiVirus 9.106.4848 2011.06.27 -
    Kaspersky 9.0.0.837 2011.06.28 -
    McAfee 5.400.0.1158 2011.06.28 -
    McAfee-GW-Edition 2010.1D 2011.06.27 -
    Microsoft 1.7000 2011.06.28 -
    NOD32 6245 2011.06.28 -
    Norman 6.07.10 2011.06.27 -
    nProtect 2011-06-27.01 2011.06.27 -
    Panda 10.0.3.5 2011.06.27 -
    PCTools 8.0.0.5 2011.06.28 -
    Prevx 3.0 2011.06.28 -
    Rising 23.64.00.03 2011.06.27 -
    Sophos 4.66.0 2011.06.28 -
    SUPERAntiSpyware 4.40.0.1006 2011.06.28 -
    Symantec 20111.1.0.186 2011.06.28 -
    TheHacker 6.7.0.1.243 2011.06.27 -
    TrendMicro 9.200.0.1012 2011.06.28 -
    TrendMicro-HouseCall 9.200.0.1012 2011.06.28 -
    VIPRE 9715 2011.06.28 -
    ViRobot 2011.6.28.4537 2011.06.28 -
    VirusBuster 14.0.98.0 2011.06.27
    28 Juin 2011 20:09:36

    Bonsoir
    c'est un faux positif.
    avast ne le détecte même pas...
    alors détaille:

    Citation :
    Bonsoir ben toujours le meme problème au faite le scan n'a rien changé

    stp
    :hello: 
    29 Juin 2011 09:35:02

    Bonjour ben à chaque fois il y a un message qui apparait disant qu'avast a détecté un virus dans le fichier : ??/D/Windows/system32/nppnt2 et je dois choisir l'action à effectuer c'est à dire ignorer ou supprimer.
    Je supprime mais à chaque fois je reçois le même message voilà.
    29 Juin 2011 10:58:25

    Bonjour
    tu as mis à jour avast? Je vérifie une dernière chose, mais pour moi, c'est bien un faux positif...

    Télécharge SystemLook à partir d'un des liens ci dessous sur ton Bureau.
    http://jpshortstuff.247fixes.com/SystemLook.exe

    * Double-click SystemLook.exe pour le lancer.
    * Clic droit/copier le contenu du cadre ci dessous ,et clic droit/coller dans le cadre blanc de SystemLook:

    :filefind
    nppt2N.sys


    * Click le bouton Look pour commencer le scan.
    * Laisse l'outil travailler, cela peut prendre quelques minutes.
    * Copie-colle dans ta prochaine réponse le rapport\contenu du fichier texte qui s'affiche

    Note: Le rapport peut aussi être trouvé sur ton Bureau nommé SystemLook.txt
    30 Juin 2011 08:37:53

    Bonjour oui avast est à jour et voici le rapport:

    SystemLook 04.09.10 by jpshortstuff
    Log created at 10:35 on 30/06/2011 by Graziella Mickael
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "nppt2N.sys"
    No files found.

    -= EOF =-
    30 Juin 2011 21:13:34

    Bonsoir

    Citation :
    Searching for "nppt2N.sys"
    No files found.

    Je ne m'attendais pas à ça... le driver peut effectivement être rootkité...

    je me fie à ça:
    http://www.threatexpert.com/files/npptnt2.sys.html

    mais j'ai un doute car google ne me donne pas beaucoup de pages...

    on va passer un scanner de rootkits...


    Télécharge GMER à partir de ce lien : http://www.gmer.net/files.php - clic sur "Download EXE" et télécharge le fichier sur ton bureau.
    Voir le tutorial GMER, ça peut peut-être t'aider : http://www.malekal.com/tutorial_GMER.php

  • Désactive tes logiciels de protection (antivirus, antispyware etc) et ferme tous les programmes ouverts.
  • Double-clique sur le fichier GMER téléchargé.
    IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
  • Clique sur l'onglet "rootkit"
  • A droite, coche tout.
  • Clique maintenant sur Scan.
  • Lorsque le scan est terminé, clique sur Copy.
  • Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
    Le rapport doit alors apparaître.
  • Enregistre le fichier sur ton Bureau et poste le contenu ici.


    ++++++++++++++++++++++++
    3 Juillet 2011 11:57:56

    Bonjour voilà le rapport que j'ai obtenu:

    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit scan 2011-07-03 13:09:09
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10 Hitachi_HDS721616PLA380 rev.P22OABEA
    Running: q5hkz9qv.exe; Driver: D:\DOCUME~1\GRAZIE~1\LOCALS~1\Temp\pwtyypoc.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x9FE7C202]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA536DCB2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0x9FEA06C1]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9FE7E81C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x9FE7E874]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x9FE7E98A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0x9FEA0075]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x9FE7E772]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x9FE7E8C4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9FE7E7C6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x9FE7E938]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x9FE7C226]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0x9FEA0D87]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0x9FEA103D]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x9FE7EC0E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0x9FEA0BF2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0x9FEA0A5D]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA536DD62]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x9FE7BFF0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x9FE7C24A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x9FE7ED82]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x9FE7CCDA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9FE7E84C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x9FE7E89C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x9FE7E9B4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0x9FEA03D1]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9FE7E79E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x9FE7EA46]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x9FE7E904]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x9FE7E7F4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x9FE7EB2A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x9FE7E962]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA536DDFA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0x9FEA08D8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x9FE7CBA0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0x9FEA072A]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA5376E48]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0x9FE9F6E8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x9FE7C26E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x9FE7C292]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x9FE7C04A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x9FE7C186]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0x9FEA0E8E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x9FE7C162]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x9FE7C1AA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x9FE7C2B6]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA5383902]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2410 80501C48 8 Bytes [1C, E8, E7, 9F, 74, E8, E7, ...] {SBB AL, 0xe8; OUT 0x9f, EAX; JZ 0xffffffffffffffee; OUT 0x9f, EAX}
    .text ntkrnlpa.exe!ZwCallbackReturn + 241C 80501C54 4 Bytes [8A, E9, E7, 9F] {MOV CH, CL; OUT 0x9f, EAX}
    .text ntkrnlpa.exe!ZwCallbackReturn + 244C 80501C84 8 Bytes [C4, E8, E7, 9F, C6, E7, E7, ...]
    .text ntkrnlpa.exe!ZwCallbackReturn + 245C 80501C94 4 Bytes [38, E9, E7, 9F] {CMP CL, CH; OUT 0x9f, EAX}
    .text ntkrnlpa.exe!ZwCallbackReturn + 254C 80501D84 8 Bytes [4C, E8, E7, 9F, 9C, E8, E7, ...] {DEC ESP; CALL 0xffffffffe89c9fed; OUT 0x9f, EAX}
    .text ...
    PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059B8EC 4 Bytes CALL 9FE7D335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1DB4 5 Bytes JMP A537F2BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 805B8C2C 5 Bytes JMP A5380D5C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C74CC 7 Bytes JMP A5383906 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    .text win32k.sys!EngFreeUserMem + 674 BF809922 5 Bytes JMP 9FE7FCCE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP 9FE7FBDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngSetLastError + 783B BF824157 5 Bytes JMP 9FE7EF60 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateBitmap + F9C BF828CE9 5 Bytes JMP 9FE7FE38 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316DA 5 Bytes JMP 9FE80040 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnmapFontFileFD + B8F2 BF83A37C 5 Bytes JMP 9FE7FB4A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCopyBits + 5F35 BF857E69 5 Bytes JMP 9FE7EFD0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 348C BF866FF4 5 Bytes JMP 9FE7F1AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 3517 BF86707F 5 Bytes JMP 9FE7F352 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 3F47 BF867AAF 5 Bytes JMP 9FE7EE84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + AAFC BF86E664 5 Bytes JMP 9FE7FC04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnicodeToMultiByteN + 2ED7 BF871F85 5 Bytes JMP 9FE7FF9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetCurrentCodePage + 411E BF88C9D8 5 Bytes JMP 9FE7F32A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngTextOut + 4149 BF8B0CBE 5 Bytes JMP 9FE7EE9C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreatePalette + 2DBF BF8C26A3 5 Bytes JMP 9FE7FD80 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngStretchBltROP + 450 BF8C3048 5 Bytes JMP 9FE7F06A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFillPath + 1517 BF8CB4AA 5 Bytes JMP 9FE7F0DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFillPath + 1797 BF8CB72A 5 Bytes JMP 9FE7F114 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSemaphore + 3B3E BF8ED1B7 5 Bytes JMP 9FE7EDB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 19B2 BF913F1F 5 Bytes JMP 9FE7EF1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 2586 BF914AF3 5 Bytes JMP 9FE7F034 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 4EE5 BF917452 5 Bytes JMP 9FE7F46C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngPlgBlt + 1924 BF945FB0 5 Bytes JMP 9FE7FEF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    ---- User code sections - GMER 1.0.15 ----

    .text D:\Program Files\OrangeHSS\Launcher\Launcher.exe[428] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001601F8
    .text D:\Program Files\OrangeHSS\Launcher\Launcher.exe[428] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text D:\Program Files\OrangeHSS\Launcher\Launcher.exe[428] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001603FC
    .text D:\Program Files\OrangeHSS\Launcher\Launcher.exe[428] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text D:\Program Files\OrangeHSS\Launcher\Launcher.exe[428] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003B1014
    .text D:\Program Files\OrangeHSS\Launcher\Launcher.exe[428] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003B0804
    .text D:\Program Files\OrangeHSS\Launcher\Launcher.exe[428] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003B0A08
    .text D:\Program Files\OrangeHSS\Launcher\Launcher.exe[428] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003B0C0C
    .text D:\Program Files\OrangeHSS\Launcher\Launcher.exe[428] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003B0E10
    .text D:\Program Files\OrangeHSS\Launcher\Launcher.exe[428] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003B01F8
    .text D:\Program Files\OrangeHSS\Launcher\Launcher.exe[428] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003B03FC
    .text D:\Program Files\OrangeHSS\Launcher\Launcher.exe[428] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003B0600
    .text D:\Program Files\OrangeHSS\Launcher\Launcher.exe[428] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003C0804
    .text D:\Program Files\OrangeHSS\Launcher\Launcher.exe[428] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003C0A08
    .text D:\Program Files\OrangeHSS\Launcher\Launcher.exe[428] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003C0600
    .text D:\Program Files\OrangeHSS\Launcher\Launcher.exe[428] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003C01F8
    .text D:\Program Files\OrangeHSS\Launcher\Launcher.exe[428] USER32.dll!UnhookWinEvent 7E3B18AC 3 Bytes JMP 003C03FC
    .text D:\Program Files\OrangeHSS\Launcher\Launcher.exe[428] USER32.dll!UnhookWinEvent + 4 7E3B18B0 1 Byte [82]
    .text D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[548] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
    .text D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[548] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[548] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
    .text D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[548] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[548] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00380804
    .text D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[548] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00380A08
    .text D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[548] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00380600
    .text D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[548] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003801F8
    .text D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[548] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003803FC
    .text D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[548] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
    .text D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[548] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
    .text D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[548] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
    .text D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[548] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
    .text D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[548] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
    .text D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[548] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
    .text D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[548] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
    .text D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[548] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
    .text D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[548] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
    .text D:\WINDOWS\System32\smss.exe[624] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text D:\Program Files\OrangeHSS\systray\systrayapp.exe[640] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
    .text D:\Program Files\OrangeHSS\systray\systrayapp.exe[640] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text D:\Program Files\OrangeHSS\systray\systrayapp.exe[640] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
    .text D:\Program Files\OrangeHSS\systray\systrayapp.exe[640] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text D:\Program Files\OrangeHSS\systray\systrayapp.exe[640] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00381014
    .text D:\Program Files\OrangeHSS\systray\systrayapp.exe[640] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00380804
    .text D:\Program Files\OrangeHSS\systray\systrayapp.exe[640] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00380A08
    .text D:\Program Files\OrangeHSS\systray\systrayapp.exe[640] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00380C0C
    .text D:\Program Files\OrangeHSS\systray\systrayapp.exe[640] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00380E10
    .text D:\Program Files\OrangeHSS\systray\systrayapp.exe[640] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003801F8
    .text D:\Program Files\OrangeHSS\systray\systrayapp.exe[640] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003803FC
    .text D:\Program Files\OrangeHSS\systray\systrayapp.exe[640] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00380600
    .text D:\Program Files\OrangeHSS\systray\systrayapp.exe[640] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00390804
    .text D:\Program Files\OrangeHSS\systray\systrayapp.exe[640] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00390A08
    .text D:\Program Files\OrangeHSS\systray\systrayapp.exe[640] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00390600
    .text D:\Program Files\OrangeHSS\systray\systrayapp.exe[640] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003901F8
    .text D:\Program Files\OrangeHSS\systray\systrayapp.exe[640] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003903FC
    .text D:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[664] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
    .text D:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[664] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text D:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[664] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
    .text D:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[664] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text D:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[664] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003D0804
    .text D:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[664] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003D0A08
    .text D:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[664] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003D0600
    .text D:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[664] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003D01F8
    .text D:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[664] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003D03FC
    .text D:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[664] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003E1014
    .text D:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[664] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003E0804
    .text D:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[664] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003E0A08
    .text D:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[664] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003E0C0C
    .text D:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[664] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003E0E10
    .text D:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[664] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003E01F8
    .text D:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[664] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003E03FC
    .text D:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[664] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003E0600
    .text D:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[676] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
    .text D:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[676] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text D:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[676] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
    .text D:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[676] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text D:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[676] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003B1014
    .text D:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[676] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003B0804
    .text D:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[676] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003B0A08
    .text D:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[676] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003B0C0C
    .text D:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[676] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003B0E10
    .text D:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[676] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003B01F8
    .text D:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[676] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003B03FC
    .text D:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[676] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003B0600
    .text D:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[676] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003C0804
    .text D:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[676] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003C0A08
    .text D:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[676] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003C0600
    .text D:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[676] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003C01F8
    .text D:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[676] USER32.dll!UnhookWinEvent 7E3B18AC 3 Bytes JMP 003C03FC
    .text D:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[676] USER32.dll!UnhookWinEvent + 4 7E3B18B0 1 Byte [82]
    .text D:\WINDOWS\system32\csrss.exe[688] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text D:\WINDOWS\system32\csrss.exe[688] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text D:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000701F8
    .text D:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text D:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000703FC
    .text D:\WINDOWS\system32\winlogon.exe[712] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text D:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
    .text D:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
    .text D:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
    .text D:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
    .text D:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
    .text D:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
    .text D:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
    .text D:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
    .text D:\WINDOWS\system32\winlogon.exe[712] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
    .text D:\WINDOWS\system32\winlogon.exe[712] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
    .text D:\WINDOWS\system32\winlogon.exe[712] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
    .text D:\WINDOWS\system32\winlogon.exe[712] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
    .text D:\WINDOWS\system32\winlogon.exe[712] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
    .text D:\WINDOWS\system32\services.exe[756] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
    .text D:\WINDOWS\system32\services.exe[756] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text D:\WINDOWS\system32\services.exe[756] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
    .text D:\WINDOWS\system32\services.exe[756] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text D:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
    .text D:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
    .text D:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
    .text D:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
    .text D:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
    .text D:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
    .text D:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
    .text D:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
    .text D:\WINDOWS\system32\services.exe[756] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
    .text D:\WINDOWS\system32\services.exe[756] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
    .text D:\WINDOWS\system32\services.exe[756] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
    .text D:\WINDOWS\system32\services.exe[756] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
    .text D:\WINDOWS\system32\services.exe[756] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
    .text D:\WINDOWS\system32\lsass.exe[768] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
    .text D:\WINDOWS\system32\lsass.exe[768] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text D:\WINDOWS\system32\lsass.exe[768] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
    .text D:\WINDOWS\system32\lsass.exe[768] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text D:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
    .text D:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
    .text D:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
    .text D:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
    .text D:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
    .text D:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
    .text D:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
    .text D:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
    .text D:\WINDOWS\system32\lsass.exe[768] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
    .text D:\WINDOWS\system32\lsass.exe[768] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
    .text D:\WINDOWS\system32\lsass.exe[768] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
    .text D:\WINDOWS\system32\lsass.exe[768] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
    .text D:\WINDOWS\system32\lsass.exe[768] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
    .text D:\WINDOWS\system32\svchost.exe[924] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
    .text D:\WINDOWS\system32\svchost.exe[924] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text D:\WINDOWS\system32\svchost.exe[924] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
    .text D:\WINDOWS\system32\svchost.exe[924] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text D:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
    .text D:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
    .text D:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
    .text D:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
    .text D:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
    .text D:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
    .text D:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
    .text D:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
    .text D:\WINDOWS\system32\svchost.exe[924] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
    .text D:\WINDOWS\system32\svchost.exe[924] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
    .text D:\WINDOWS\system32\svchost.exe[924] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
    .text D:\WINDOWS\system32\svchost.exe[924] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
    .text D:\WINDOWS\system32\svchost.exe[924] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
    .text D:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
    .text D:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text D:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
    .text D:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text D:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
    .text D:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
    .text D:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
    .text D:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
    .text D:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
    .text D:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
    .text D:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
    .text D:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
    .text D:\WINDOWS\system32\svchost.exe[1000] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
    .text D:\WINDOWS\system32\svchost.exe[1000] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
    .text D:\WINDOWS\system32\svchost.exe[1000] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
    .text D:\WINDOWS\system32\svchost.exe[1000] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
    .text D:\WINDOWS\system32\svchost.exe[1000] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
    .text D:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
    .text D:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text D:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
    .text D:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text D:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
    .text D:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
    .text D:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
    .text D:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
    .text D:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
    .text D:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
    .text D:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
    .text D:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
    .text D:\WINDOWS\System32\svchost.exe[1096] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
    .text D:\WINDOWS\System32\svchost.exe[1096] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
    .text D:\WINDOWS\System32\svchost.exe[1096] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
    .text D:\WINDOWS\System32\svchost.exe[1096] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
    .text D:\WINDOWS\System32\svchost.exe[1096] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
    .text D:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
    .text D:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text D:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
    .text D:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text D:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
    .text D:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
    .text D:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
    .text D:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
    .text D:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
    .text D:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
    .text D:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
    .text D:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
    .text D:\WINDOWS\system32\svchost.exe[1176] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
    .text D:\WINDOWS\system32\svchost.exe[1176] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
    .text D:\WINDOWS\system32\svchost.exe[1176] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
    .text D:\WINDOWS\system32\svchost.exe[1176] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
    .text D:\WINDOWS\system32\svchost.exe[1176] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
    .text D:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
    .text D:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text D:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
    .text D:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text D:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
    .text D:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
    .text D:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
    .text D:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
    .text D:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
    .text D:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
    .text D:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
    .text D:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
    .text D:\WINDOWS\system32\svchost.exe[1308] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
    .text D:\WINDOWS\system32\svchost.exe[1308] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
    .text D:\WINDOWS\system32\svchost.exe[1308] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
    .text D:\WINDOWS\system32\svchost.exe[1308] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
    .text D:\WINDOWS\system32\svchost.exe[1308] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
    .text D:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1508] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text D:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1508] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text D:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1508] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text D:\WINDOWS\Explorer.EXE[1592] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
    .text D:\WINDOWS\Explorer.EXE[1592] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text D:\WINDOWS\Explorer.EXE[1592] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
    .text D:\WINDOWS\Explorer.EXE[1592] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text D:\WINDOWS\Explorer.EXE[1592] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
    .text D:\WINDOWS\Explorer.EXE[1592] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
    .text D:\WINDOWS\Explorer.EXE[1592] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
    .text D:\WINDOWS\Explorer.EXE[1592] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
    .text D:\WINDOWS\Explorer.EXE[1592] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
    .text D:\WINDOWS\Explorer.EXE[1592] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
    .text D:\WINDOWS\Explorer.EXE[1592] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
    .text D:\WINDOWS\Explorer.EXE[1592] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600
    .text D:\WINDOWS\Explorer.EXE[1592] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002D0804
    .text D:\WINDOWS\Explorer.EXE[1592] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002D0A08
    .text D:\WINDOWS\Explorer.EXE[1592] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002D0600
    .text D:\WINDOWS\Explorer.EXE[1592] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002D01F8
    .text D:\WINDOWS\Explorer.EXE[1592] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002D03FC
    .text D:\WINDOWS\system32\spoolsv.exe[1696] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
    .text D:\WINDOWS\system32\spoolsv.exe[1696] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text D:\WINDOWS\system32\spoolsv.exe[1696] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
    .text D:\WINDOWS\system32\spoolsv.exe[1696] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text D:\WINDOWS\system32\spoolsv.exe[1696] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
    .text D:\WINDOWS\system32\spoolsv.exe[1696] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
    .text D:\WINDOWS\system32\spoolsv.exe[1696] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
    .text D:\WINDOWS\system32\spoolsv.exe[1696] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
    .text D:\WINDOWS\system32\spoolsv.exe[1696] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
    .text D:\WINDOWS\system32\spoolsv.exe[1696] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
    .text D:\WINDOWS\system32\spoolsv.exe[1696] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
    .text D:\WINDOWS\system32\spoolsv.exe[1696] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
    .text D:\WINDOWS\system32\spoolsv.exe[1696] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
    .text D:\WINDOWS\system32\spoolsv.exe[1696] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
    .text D:\WINDOWS\system32\spoolsv.exe[1696] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
    .text D:\WINDOWS\system32\spoolsv.exe[1696] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
    .text D:\WINDOWS\system32\spoolsv.exe[1696] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
    .text D:\WINDOWS\system32\igfxtray.exe[1828] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
    .text D:\WINDOWS\system32\igfxtray.exe[1828] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
    .text D:\WINDOWS\system32\igfxtray.exe[1828] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
    .text D:\WINDOWS\system32\igfxtray.exe[1828] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text D:\WINDOWS\system32\igfxtray.exe[1828] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00380804
    .text D:\WINDOWS\system32\igfxtray.exe[1828] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00380A08
    .text D:\WINDOWS\system32\igfxtray.exe[1828] USER32.dll!SetWindowsHookExA
    3 Juillet 2011 12:02:11

    .text D:\WINDOWS\System32\alg.exe[4068] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002B01F8
    .text D:\WINDOWS\System32\alg.exe[4068] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002B03FC
    .text D:\WINDOWS\System32\alg.exe[4068] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
    .text D:\WINDOWS\System32\alg.exe[4068] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
    .text D:\WINDOWS\System32\alg.exe[4068] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
    .text D:\WINDOWS\System32\alg.exe[4068] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
    .text D:\WINDOWS\System32\alg.exe[4068] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
    .text D:\WINDOWS\System32\alg.exe[4068] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
    .text D:\WINDOWS\System32\alg.exe[4068] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
    .text D:\WINDOWS\System32\alg.exe[4068] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT D:\WINDOWS\system32\services.exe[756] @ D:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005E0002
    IAT D:\WINDOWS\system32\services.exe[756] @ D:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005E0000

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 56613
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4C6AF1AB-13CA-4213-A249-F3167496D67C}@LeaseObtainedTime 1309676543
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4C6AF1AB-13CA-4213-A249-F3167496D67C}@T1 1309676548
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4C6AF1AB-13CA-4213-A249-F3167496D67C}@T2 1309676551
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4C6AF1AB-13CA-4213-A249-F3167496D67C}@LeaseTerminatesTime 1309676553
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4C6AF1AB-13CA-4213-A249-F3167496D67C}@DhcpRetryTime 4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\{4C6AF1AB-13CA-4213-A249-F3167496D67C}\Parameters\Tcpip@LeaseObtainedTime 1309676543
    Reg HKLM\SYSTEM\CurrentControlSet\Services\{4C6AF1AB-13CA-4213-A249-F3167496D67C}\Parameters\Tcpip@T1 1309676548
    Reg HKLM\SYSTEM\CurrentControlSet\Services\{4C6AF1AB-13CA-4213-A249-F3167496D67C}\Parameters\Tcpip@T2 1309676551
    Reg HKLM\SYSTEM\CurrentControlSet\Services\{4C6AF1AB-13CA-4213-A249-F3167496D67C}\Parameters\Tcpip@LeaseTerminatesTime 1309676553

    ---- EOF - GMER 1.0.15 ----
    3 Juillet 2011 23:18:24

    Bonsoir
    je ne le vois toujours pas...

    On fait un dernier essai avec deux outisl simples d’utilisation, après si ça ne marche pas, on fera autrement pour que je puisse voir ce driver...

    1

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs : Combofix
    Sauvegarde-le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer

    <@_@>


    2

    ▪ Télécharge aswMBR.exe, sauvegarde-le sur ton bureau et pas ailleurs!
    ▪ Double-clique sur aswMBR.exe situé sur ton Bureau pour le lancer.
    (Sous Vista/Seven, il faut cliquer droit sur aswMBR et choisir Exécuter en tant qu'administrateur)

    ▪ Accepte la demande de mise à jour.


    ▪ Patiente le temps du téléchargement (entre 40 et 50 Mo)


    ▪ Clique sur le bouton Scan 1 et laisse l'outil travailler.
    ▪ Clic sur Save Log2 ,Enregistre le rapport sur le bureau et poste le rapport dans ta prochaine réponse.
    6 Juillet 2011 09:51:05

    Bonjour voici les rapports :

    Combofix
    ComboFix 11-07-03.01 - Graziella Mickael 05/07/2011 10:13:30.1.1 - x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1015.472 [GMT 4:00]
    Lancé depuis: d:\documents and settings\Graziella Mickael\Bureau\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    * Un nouveau point de restauration a été créé
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    d:\windows\system32\404Fix.exe
    d:\windows\system32\Agent.OMZ.Fix.exe
    d:\windows\system32\dumphive.exe
    d:\windows\system32\IEDFix.C.exe
    d:\windows\system32\IEDFix.exe
    d:\windows\system32\o4Patch.exe
    d:\windows\system32\Process.exe
    d:\windows\system32\SrchSTS.exe
    d:\windows\system32\tmp.reg
    d:\windows\system32\VACFix.exe
    d:\windows\system32\VCCLSID.exe
    d:\windows\system32\WS2Fix.exe
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2011-06-05 au 2011-07-05 ))))))))))))))))))))))))))))))))))))
    .
    .
    2011-07-02 04:45 . 2011-07-02 04:45 -------- d-----w- d:\documents and settings\Graziella Mickael\Local Settings\Application Data\Temp
    2011-07-02 04:45 . 2008-04-13 07:47 25856 -c--a-w- d:\windows\system32\dllcache\usbprint.sys
    2011-07-02 04:45 . 2008-04-13 07:47 25856 ----a-w- d:\windows\system32\drivers\usbprint.sys
    2011-07-01 06:52 . 2011-07-01 06:52 -------- d-----w- d:\program files\Fichiers communs\Java
    2011-07-01 06:52 . 2011-05-04 00:52 476904 ----a-w- d:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-06-29 09:38 . 2011-06-29 09:38 -------- d-----w- d:\program files\Windows Live SkyDrive
    2011-06-29 09:09 . 2011-06-29 09:09 -------- d-----w- d:\documents and settings\Graziella Mickael\Contacts
    2011-06-29 08:43 . 2006-11-29 09:06 3426072 ----a-w- d:\windows\system32\d3dx9_32.dll
    2011-06-29 08:42 . 2011-06-29 08:42 -------- d-----w- d:\program files\Microsoft SQL Server Compact Edition
    2011-06-29 08:28 . 2008-06-17 12:13 74520 ----a-w- d:\program files\Fichiers communs\Windows Live\.cache\8cea182c1cc3636\DSETUP.dll
    2011-06-29 08:28 . 2008-06-17 12:13 484632 ----a-w- d:\program files\Fichiers communs\Windows Live\.cache\8cea182c1cc3636\DXSETUP.exe
    2011-06-29 08:28 . 2008-06-17 12:13 1670936 ----a-w- d:\program files\Fichiers communs\Windows Live\.cache\8cea182c1cc3636\dsetup32.dll
    2011-06-29 08:26 . 2008-07-11 00:50 1013800 ----a-w- d:\program files\Fichiers communs\Windows Live\.cache\4054ef461cc3636\WindowsXP-KB954708-x86-ENU.exe
    2011-06-26 15:48 . 2011-07-04 14:07 -------- d-----w- d:\documents and settings\Graziella Mickael\Application Data\BitTorrent
    2011-06-26 15:47 . 2011-06-27 07:28 -------- d-----w- d:\program files\BitTorrent
    2011-06-25 04:23 . 2010-01-01 08:00 2106216 ----a-w- d:\program files\Mozilla Firefox\D3DCompiler_43.dll
    2011-06-25 04:23 . 2010-01-01 08:00 1998168 ----a-w- d:\program files\Mozilla Firefox\d3dx9_43.dll
    2011-06-23 23:05 . 2011-06-23 23:05 -------- d-----w- d:\windows\system32\XPSViewer
    2011-06-23 23:05 . 2011-06-23 23:05 -------- d-----w- d:\program files\Reference Assemblies
    2011-06-23 23:04 . 2008-07-06 12:06 89088 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2011-06-23 23:04 . 2008-07-06 12:06 89088 -c----w- d:\windows\system32\dllcache\filterpipelineprintproc.dll
    2011-06-23 23:04 . 2008-07-06 12:06 575488 -c----w- d:\windows\system32\dllcache\xpsshhdr.dll
    2011-06-23 23:04 . 2008-07-06 12:06 575488 ------w- d:\windows\system32\xpsshhdr.dll
    2011-06-23 23:04 . 2008-07-06 12:06 1676288 -c----w- d:\windows\system32\dllcache\xpssvcs.dll
    2011-06-23 23:04 . 2008-07-06 12:06 1676288 ------w- d:\windows\system32\xpssvcs.dll
    2011-06-23 23:04 . 2008-07-06 12:06 117760 ------w- d:\windows\system32\prntvpt.dll
    2011-06-23 23:04 . 2008-07-06 10:50 597504 -c----w- d:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2011-06-23 23:04 . 2008-07-06 10:50 597504 ------w- d:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    2011-06-23 23:04 . 2011-06-23 23:04 -------- d-----w- D:\026e42924269b24c6ed1d2
    2011-06-14 15:33 . 2011-06-14 15:44 -------- d-----w- d:\documents and settings\Graziella Mickael\.gimp-2.6
    2011-06-14 15:17 . 2011-06-14 15:17 -------- dc----w- d:\windows\system32\DRVSTORE
    2011-06-14 15:16 . 2011-06-20 06:53 -------- d-----w- d:\program files\MSECACHE
    2011-06-14 15:02 . 2011-06-14 15:02 -------- d-----w- d:\program files\GIMP-2.0
    2011-06-14 14:21 . 2011-06-18 17:48 -------- d-----w- d:\program files\PhotoFiltre
    2011-06-12 12:39 . 2011-06-14 09:12 -------- d-----w- d:\documents and settings\All Users\Application Data\FLEXnet
    2011-06-10 15:58 . 2011-06-10 15:58 -------- d-----w- d:\windows\system32\wbem\Repository
    2011-06-10 08:28 . 2011-06-10 08:29 -------- d-----w- d:\documents and settings\All Users\Application Data\SweetIM
    2011-06-09 18:03 . 2011-06-29 08:08 -------- d-----w- d:\program files\Google
    2011-06-09 18:03 . 2011-06-10 15:57 -------- d-----w- d:\documents and settings\Graziella Mickael\Local Settings\Application Data\Google
    2011-06-07 21:10 . 2011-06-07 21:10 -------- d-sh--w- d:\documents and settings\Graziella Mickael\PrivacIE
    2011-06-07 14:12 . 2011-06-07 14:12 -------- d-----w- d:\program files\Fichiers communs\Adobe AIR
    2011-06-07 14:11 . 2011-07-02 04:45 -------- d-----w- d:\documents and settings\Graziella Mickael\Local Settings\Application Data\Adobe
    2011-06-07 14:08 . 2011-06-07 14:08 -------- d-----w- d:\program files\Fichiers communs\Macrovision Shared
    2011-06-06 08:55 . 2011-06-06 08:55 183696 ----a-w- d:\program files\Mozilla Firefox\plugins\nppdf32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-29 07:29 . 2011-05-27 16:25 404640 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-27 15:48 . 2011-05-27 15:48 315392 ----a-w- d:\windows\HideWin.exe
    2011-05-11 17:06 . 2011-05-28 10:15 4330168 ----a-w- d:\windows\system32\GameMon.des
    2011-05-10 12:10 . 2011-05-27 16:06 40112 ----a-w- d:\windows\avastSS.scr
    2011-05-10 12:10 . 2011-05-27 16:06 199304 ----a-w- d:\windows\system32\aswBoot.exe
    2011-05-10 12:03 . 2011-05-30 10:49 441176 ----a-w- d:\windows\system32\drivers\aswSnx.sys
    2011-05-10 12:03 . 2011-05-27 16:06 307928 ----a-w- d:\windows\system32\drivers\aswSP.sys
    2011-05-10 12:02 . 2011-05-27 16:06 49240 ----a-w- d:\windows\system32\drivers\aswTdi.sys
    2011-05-10 12:02 . 2011-05-27 16:06 102616 ----a-w- d:\windows\system32\drivers\aswmon2.sys
    2011-05-10 12:02 . 2011-05-27 16:06 96344 ----a-w- d:\windows\system32\drivers\aswmon.sys
    2011-05-10 11:59 . 2011-05-27 16:06 25432 ----a-w- d:\windows\system32\drivers\aswRdr.sys
    2011-05-10 11:59 . 2011-05-27 16:06 30808 ----a-w- d:\windows\system32\drivers\aavmker4.sys
    2011-05-10 11:59 . 2011-05-27 16:06 19544 ----a-w- d:\windows\system32\drivers\aswFsBlk.sys
    2011-05-04 00:52 . 2011-05-28 08:50 472808 ----a-w- d:\windows\system32\deployJava1.dll
    2011-05-03 22:25 . 2011-05-27 16:15 73728 ----a-w- d:\windows\system32\javacpl.cpl
    2011-05-02 15:31 . 2011-05-27 15:33 692736 ----a-w- d:\windows\system32\inetcomm.dll
    2011-04-29 17:25 . 2008-04-14 12:00 151552 ----a-w- d:\windows\system32\schannel.dll
    2011-04-29 16:19 . 2008-04-14 12:00 456320 ----a-w- d:\windows\system32\drivers\mrxsmb.sys
    2011-04-25 16:06 . 2008-04-14 12:00 916480 ----a-w- d:\windows\system32\wininet.dll
    2011-04-25 16:06 . 2008-04-14 12:00 43520 ------w- d:\windows\system32\licmgr10.dll
    2011-04-25 16:06 . 2008-04-14 12:00 1469440 ------w- d:\windows\system32\inetcpl.cpl
    2011-04-25 12:01 . 2008-04-14 12:00 385024 ------w- d:\windows\system32\html.iec
    2011-04-21 13:37 . 2008-04-14 12:00 105472 ----a-w- d:\windows\system32\drivers\mup.sys
    2011-06-16 04:38 . 2011-06-28 11:34 142296 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-05-10 12:10 122512 ----a-w- d:\program files\Alwil Software\Avast5\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="d:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="d:\windows\system32\igfxtray.exe" [2005-11-03 98304]
    "igfxhkcmd"="d:\windows\system32\hkcmd.exe" [2005-11-03 77824]
    "igfxpers"="d:\windows\system32\igfxpers.exe" [2005-11-03 118784]
    "RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
    "SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
    "ORAHSSSessionManager"="d:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248]
    "DivXUpdate"="d:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
    "AdobeCS4ServiceManager"="d:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "avast"="d:\program files\Alwil Software\Avast5\avastUI.exe" [2011-05-10 3459712]
    "Adobe ARM"="d:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "SunJavaUpdateSched"="d:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2011-04-08 254696]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "d:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
    "d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "d:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "d:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "d:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "d:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "d:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4
    .
    R1 aswSnx;aswSnx;d:\windows\system32\drivers\aswSnx.sys [30/05/2011 14:49 441176]
    R1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [27/05/2011 20:06 307928]
    R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [27/05/2011 20:06 19544]
    S2 gupdate;Service Google Update (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [09/06/2011 22:04 136176]
    S3 gupdatem;Service Google Update (gupdatem);d:\program files\Google\Update\GoogleUpdate.exe [09/06/2011 22:04 136176]
    S3 npggsvc;nProtect GameGuard Service;d:\windows\system32\GameMon.des -service --> d:\windows\system32\GameMon.des -service [?]
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2011-07-05 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - d:\program files\Google\Update\GoogleUpdate.exe [2011-06-09 18:02]
    .
    2011-07-04 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - d:\program files\Google\Update\GoogleUpdate.exe [2011-06-09 18:02]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.ask.com/?l=dis&o=14978
    IE: E&xporter vers Microsoft Excel - d:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    Trusted Zone: mappy.com
    Trusted Zone: orange.fr
    Trusted Zone: voila.fr\rw.search.ke
    Trusted Zone: weborama.fr\orange
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - d:\documents and settings\Graziella Mickael\Application Data\Mozilla\Firefox\Profiles\5w0euea9.default\
    FF - prefs.js: browser.startup.homepage -  fficial" rel="nofollow" target="_blank">www.google.fr/firefox?client=firefox_a&rls=org.mozilla:...
    FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHELINS SUPPRIMES - - - -
    .
    HKCU-Run-AdobeBridge - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-07-05 10:32
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    Recherche de processus cachés ...
    .
    Recherche d'éléments en démarrage automatique cachés ...
    .
    Recherche de fichiers cachés ...
    .
    Scan terminé avec succès
    Fichiers cachés: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
    "ImagePath"="d:\windows\system32\GameMon.des -service"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------
    .
    - - - - - - - > 'winlogon.exe'(716)
    d:\program files\Fichiers communs\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    Heure de fin: 2011-07-05 10:36:58
    ComboFix-quarantined-files.txt 2011-07-05 06:36
    .
    Avant-CF: 37 226 221 568 octets libres
    Après-CF: 37 720 240 128 octets libres
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
    .
    - - End Of File - - 8901B2A4E9D2997C71026A6AEAC2997F

    ASW
    swMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
    Run date: 2011-07-06 10:21:35
    -----------------------------
    10:21:35.859 OS Version: Windows 5.1.2600 Service Pack 3
    10:21:35.859 Number of processors: 1 586 0x1601
    10:21:35.859 ComputerName: GRAZIELLA UserName:
    10:21:42.203 Initialize success
    10:21:42.593 AVAST engine defs: 11070501
    10:22:02.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10
    10:22:02.406 Disk 0 Vendor: Hitachi_HDS721616PLA380 P22OABEA Size: 152627MB BusType: 3
    10:22:02.421 Disk 0 MBR read successfully
    10:22:02.421 Disk 0 MBR scan
    10:22:02.421 Disk 0 unknown MBR code
    10:22:02.437 Disk 0 scanning sectors +312560640
    10:22:02.484 Disk 0 scanning D:\WINDOWS\system32\drivers
    10:22:14.359 Service scanning
    10:22:18.468 Disk 0 trace - called modules:
    10:22:18.500 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
    10:22:18.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8637d030]
    10:22:18.500 3 CLASSPNP.SYS[f75c7fd7] -> nt!IofCallDriver -> \Device\0000005f[0x863c9c80]
    10:22:18.500 5 ACPI.sys[f745d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-10[0x8637bd98]
    10:22:20.109 AVAST engine scan D:\WINDOWS
    10:49:10.093 AVAST engine scan D:\Documents and Settings\Graziella Mickael
    10:56:08.859 Disk 0 MBR has been saved successfully to "D:\Documents and Settings\Graziella Mickael\Bureau\MBR.dat"
    10:56:08.984 The log file has been saved successfully to "D:\Documents and Settings\Graziella Mickael\Bureau\aswMBR.txt"


    6 Juillet 2011 21:11:13

    Bonsoir
    c'est mort, il va falloir aller le chercher sous un autre environnement que windows pour le voir:

    j'espère que tu ne te trompes pas dans le nom du fichier détecté, c'est bien nppt2N.sys...



    Télécharge OTLPENet.
    Prépare un CD vierge et lance OTLPENet, cela va te permettre de graver une image iso.
    Note : Le CD gravé, il faut maintenant redémarrer la machine sur le lecteur CDROM
    Pour se faire suivre ce lien : Booter sur un CD.
    Tuto OTLPE

    Tu lances l'iso d'OTLPENet que tu as gravé.
  • une fois le bureau de reatogo chargé , tu lances OTLPE , l'icône jaune

  • Double-clique sur l'icone OTLPE
  • quand demandé "Do you wish to load the remote registry", select Yes
  • quand demandé "Do you wish to load remote user profile(s) for scanning", select Yes
  • vérifier que "Automatically Load All Remaining Users" est sélectionné et press OK



  • sous Custom Scan box
    1 copie_colle le contenu du cadre ci dessous:


    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    /md5start
    nppt2N.sys
    explorer.exe
    userinit.exe
    winlogon.exe
    wininit.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    volsnap.sys
    nvstor.sys
    atapi.sys
    i8042prt.sys
    cdrom.sys
    disk.sys
    ndis.sys
    tcpip.sys
    imapi.sys
    RDPCDD.sys
    mountmgr.sys
    aec.sys
    rasacd.sys
    redbook.sys
    intelide.sys
    mrxsmb10.sys
    mrxsmb20.sys
    termdd.sys
    mrxsmb.sys
    win32k.sys
    storport.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\repair\*.*
    %systemroot%\repair\*.
    %systemroot%\repair\*
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT


  • copie colle ce texte dans un fichier texte|bloc note que tu enregistres sur clé usb que tu brancheras sous reatogo tu pourras alors facilement le copier\coller.
  • 2 Clic Run Scan pour démarrer le scan.
  • Une fois terminé , le fichier se trouve là C:\OTL.txt
  • Copie_colle le contenu dans ta prochaine réponse.
    9 Juillet 2011 17:09:52

    Bonsoir j'ai un souci. Quand je lance l'application OTLPE on me demande si je veux graver le cd je fais oui mais aprés l'extraction n'avance pas sa reste bloqué à 0%;
    10 Juillet 2011 15:27:36

    Bonsoir oui j'ai fait exactement ce qui était demandé
    10 Juillet 2011 22:26:15

    re
    Ok, on change:
    tu vas le faire via une clé usb, tu prends cette méthode reatogo :
    http://forum.malekal.com/erreur-adresse-plugin-t33534.h...

    par contre tu prends ce custom scan :



    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    /md5start
    nppt2N.sys
    explorer.exe
    userinit.exe
    winlogon.exe
    wininit.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    volsnap.sys
    nvstor.sys
    atapi.sys
    i8042prt.sys
    cdrom.sys
    disk.sys
    ndis.sys
    tcpip.sys
    imapi.sys
    RDPCDD.sys
    mountmgr.sys
    aec.sys
    rasacd.sys
    redbook.sys
    intelide.sys
    mrxsmb10.sys
    mrxsmb20.sys
    termdd.sys
    mrxsmb.sys
    win32k.sys
    storport.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\repair\*.*
    %systemroot%\repair\*.
    %systemroot%\repair\*
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT
    12 Juillet 2011 13:40:15

    Bonjour voila j ai reussi

    OTL logfile created on: 7/12/2011 5:33:02 PM - Run
    OTLPE by OldTimer - Version 3.1.47.1 Folder = X:\Programs\OTLPE
    Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,015.00 Mb Total Physical Memory | 694.00 Mb Available Physical Memory | 68.00% Memory free
    903.00 Mb Paging File | 687.00 Mb Available in Paging File | 76.00% Paging File free
    Paging file location(s): D:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
    Drive C: | 48.83 Gb Total Space | 21.02 Gb Free Space | 43.05% Space Free | Partition Type: NTFS
    Drive D: | 100.21 Gb Total Space | 48.74 Gb Free Space | 48.64% Space Free | Partition Type: NTFS
    Drive X: | 1.91 Gb Total Space | 1.38 Gb Free Space | 72.22% Space Free | Partition Type: FAT

    Computer Name: REATOGO | User Name: SYSTEM
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    Using ControlSet: ControlSet001

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto] -- -- (wuauserv)
    SRV - File not found [Disabled] -- -- (HidServ)
    SRV - File not found [On_Demand] -- -- (AppMgmt)
    SRV - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto] -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2011/06/07 10:08:04 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- D:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011/05/11 13:06:00 | 004,330,168 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- D:\WINDOWS\System32\GameMon.des -- (npggsvc)
    SRV - [2008/11/03 19:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
    SRV - [2007/12/11 14:19:44 | 000,065,536 | ---- | M] (France Telecom SA) [Auto] -- D:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)
    SRV - [2006/10/26 08:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
    DRV - File not found [Kernel | System] -- -- (PCIDump)
    DRV - File not found [Kernel | System] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System] -- -- (i2omgmt)
    DRV - File not found [Kernel | On_Demand] -- -- (GMSIPCI)
    DRV - File not found [Kernel | System] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand] -- -- (catchme)
    DRV - [2011/07/09 05:24:38 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System] -- D:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV - [2011/07/09 05:05:50 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
    DRV - [2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System] -- D:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System] -- D:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System] -- D:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto] -- D:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System] -- D:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System] -- D:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto] -- D:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/07/04 15:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable] -- D:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
    DRV - [2007/02/06 12:43:26 | 000,090,880 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2007/01/30 06:57:00 | 004,474,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2006/03/01 12:53:54 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- D:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5)
    DRV - [2003/09/23 04:38:34 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- D:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Graziella_Mickael_ON_D\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.ask.com/?l=dis&o=14978 [binary data]
    IE - HKU\Graziella_Mickael_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = astroburn-search.com
    IE - HKU\Graziella_Mickael_ON_D\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll ()
    IE - HKU\Graziella_Mickael_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\systemprofile_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: D:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/29 08:58:54 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: D:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/29 08:58:54 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011/06/29 03:43:18 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011/07/01 02:52:40 | 000,000,000 | ---D | M]

    [2011/07/12 17:23:30 | 000,000,000 | ---D | M] (No name found) -- B:\Documents and Settings\Default User\Application Data\Mozilla\Extensions
    [2011/07/01 02:52:42 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
    [2011/05/28 04:50:25 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/07/01 02:52:42 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2011/06/16 00:38:33 | 000,142,296 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/05/03 20:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2010/01/01 04:00:00 | 000,001,516 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
    [2011/06/04 06:06:51 | 000,002,423 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\babylon.xml
    [2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2010/01/01 04:00:00 | 000,001,822 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2010/01/01 04:00:00 | 000,001,154 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
    [2010/01/01 04:00:00 | 000,001,426 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
    [2010/01/01 04:00:00 | 000,000,956 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

    O1 HOSTS File: ([2011/07/05 02:32:19 | 000,000,027 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O3 - HKU\Graziella_Mickael_ON_D\..\Toolbar\WebBrowser: (no name) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - No CLSID value found.
    O4 - HKLM..\Run: [Adobe ARM] D:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] D:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avast] D:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [DivXUpdate] D:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [ORAHSSSessionManager] D:\Program Files\OrangeHSS\SessionManager\SessionManager.exe (France Telecom SA)
    O4 - HKLM..\Run: [SunJavaUpdateSched] D:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKU\Graziella_Mickael_ON_D..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\Graziella_Mickael_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\Graziella_Mickael_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\Graziella_Mickael_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\LocalService_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\NetworkService_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\systemprofile_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-wind... (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-wind... (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-wind... (Java Plug-in 1.6.0_26)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/07/18 14:34:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 11:06:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ FAT ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: wuauserv - File not found


    SafeBootMin: AppMgmt - File not found
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: sermouse.sys - Driver
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vga.sys - Driver
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    SafeBootNet: AppMgmt - File not found
    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: sermouse.sys - Driver
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: vga.sys - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
    ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
    ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
    ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:o E /CALLER:WINNT /user /install
    ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
    ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
    ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
    ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - D:\WINDOWS\system32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - d:\WINDOWS\system32\Rundll32.exe d:\WINDOWS\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
    ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player 9 ActiveX
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - D:\WINDOWS\system32\ieudinit.exe
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - D:\WINDOWS\inf\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - D:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "D:\WINDOWS\system32\rundll32.exe" "D:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
    ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

    Drivers32: msacm.iac2 - D:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - D:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - D:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - D:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - D:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - D:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.iv31 - D:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - D:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - D:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - D:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.yv12 - D:\WINDOWS\System32\DivX.dll (DivX, Inc.)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/07/12 05:10:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet
    [2011/07/12 04:19:13 | 127,210,482 | ---- | C] (Igor Pavlov) -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet.exe
    [2011/07/12 04:15:01 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\7-Zip
    [2011/07/12 04:15:00 | 000,000,000 | ---D | C] -- D:\Program Files\7-Zip
    [2011/07/11 11:28:39 | 000,000,000 | -H-D | C] -- D:\WINDOWS\PIF
    [2011/07/09 10:56:03 | 000,000,000 | ---D | C] -- D:\Program Files\Astroburn Toolbar
    [2011/07/09 10:55:50 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Astroburn Lite
    [2011/07/09 10:48:36 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Documents\DAEMON Tools Images
    [2011/07/09 05:24:38 | 000,218,688 | ---- | C] (DT Soft Ltd) -- D:\WINDOWS\System32\drivers\dtsoftbus01.sys
    [2011/07/09 05:19:22 | 011,193,664 | ---- | C] (DT Soft Ltd.) -- D:\Program Files\DTLite4402-0131.exe
    [2011/07/09 05:11:25 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2011/07/09 05:11:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\DAEMON Tools Lite
    [2011/07/09 05:11:00 | 000,000,000 | ---D | C] -- D:\Program Files\DAEMON Tools Lite
    [2011/07/09 05:05:49 | 000,717,296 | ---- | C] (Duplex Secure Ltd.) -- D:\WINDOWS\System32\drivers\sptd.sys
    [2011/07/09 05:05:29 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Graziella Mickael\Application Data\DAEMON Tools Lite
    [2011/07/08 08:56:09 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\NetworkService\Cookies
    [2011/07/06 11:29:13 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Graziella Mickael\Menu Démarrer\Programmes\Unlocker
    [2011/07/06 11:29:12 | 000,000,000 | ---D | C] -- D:\Program Files\Unlocker
    [2011/07/05 04:13:55 | 000,000,000 | -HSD | C] -- D:\RECYCLER
    [2011/07/05 02:07:09 | 000,518,144 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWREG.exe
    [2011/07/05 02:07:09 | 000,406,528 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWSC.exe
    [2011/07/05 02:07:09 | 000,212,480 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWXCACLS.exe
    [2011/07/05 02:07:09 | 000,060,416 | ---- | C] (NirSoft) -- D:\WINDOWS\NIRCMD.exe
    [2011/07/05 02:06:57 | 000,000,000 | ---D | C] -- D:\WINDOWS\ERDNT
    [2011/07/02 00:45:57 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Graziella Mickael\Local Settings\Application Data\Temp
    [2011/07/02 00:45:48 | 000,025,856 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\usbprint.sys
    [2011/07/01 02:52:58 | 000,000,000 | ---D | C] -- D:\Program Files\Fichiers communs\Java
    [2011/07/01 02:52:40 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\javaws.exe
    [2011/07/01 02:52:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\javaw.exe
    [2011/07/01 02:52:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\java.exe
    [2011/06/29 05:38:47 | 000,000,000 | ---D | C] -- D:\Program Files\Windows Live SkyDrive
    [2011/06/29 05:09:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Graziella Mickael\Contacts
    [2011/06/29 04:43:03 | 003,426,072 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\d3dx9_32.dll
    [2011/06/29 04:42:48 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft SQL Server Compact Edition
    [2011/06/26 11:48:31 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Graziella Mickael\Application Data\BitTorrent
    [2011/06/26 11:47:50 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\BitTorrent
    [2011/06/26 11:47:49 | 000,000,000 | ---D | C] -- D:\Program Files\BitTorrent
    [2011/06/23 19:05:25 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\XPSViewer
    [2011/06/23 19:05:18 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\en-US
    [2011/06/23 19:05:12 | 000,000,000 | ---D | C] -- D:\Program Files\Reference Assemblies
    [2011/06/23 19:04:43 | 001,676,288 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\xpssvcs.dll
    [2011/06/23 19:04:43 | 001,676,288 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\xpssvcs.dll
    [2011/06/23 19:04:43 | 000,597,504 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
    [2011/06/23 19:04:43 | 000,575,488 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\xpsshhdr.dll
    [2011/06/23 19:04:43 | 000,117,760 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\prntvpt.dll
    [2011/06/23 19:04:43 | 000,089,088 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
    [2011/06/23 19:04:42 | 000,000,000 | ---D | C] -- D:\026e42924269b24c6ed1d2
    [2011/06/22 12:47:08 | 000,000,000 | R-SD | C] -- D:\WINDOWS\assembly
    [2011/06/22 12:33:03 | 000,000,000 | ---D | C] -- D:\WINDOWS\Microsoft.NET
    [2011/06/16 11:35:47 | 000,000,000 | ---D | C] -- D:\WINDOWS\Minidump
    [2011/06/14 11:33:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Graziella Mickael\.gimp-2.6
    [2011/06/14 11:33:46 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Graziella Mickael\Mes documents\gegl-0.0
    [2011/06/14 11:17:21 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\DRVSTORE
    [2011/06/14 11:16:02 | 000,000,000 | ---D | C] -- D:\Program Files\MSECACHE
    [2011/06/14 11:02:44 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\GIMP
    [2011/06/14 11:02:13 | 000,000,000 | ---D | C] -- D:\Program Files\GIMP-2.0
    [2011/06/14 10:21:04 | 000,000,000 | ---D | C] -- D:\Program Files\PhotoFiltre
    [2011/06/14 10:21:04 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\PhotoFiltre
    [4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
    [1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/07/12 08:07:39 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
    [2011/07/12 08:02:49 | 000,001,074 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/07/12 05:09:57 | 127,210,482 | ---- | M] (Igor Pavlov) -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet.exe
    [2011/07/12 05:09:01 | 000,001,078 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/07/12 04:42:17 | 000,047,616 | ---- | M] () -- D:\Documents and Settings\Graziella Mickael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/07/12 04:15:01 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\7-Zip
    [2011/07/10 07:10:20 | 000,003,121 | ---- | M] () -- D:\WINDOWS\System32\CONFIG.NT
    [2011/07/09 23:49:09 | 000,013,646 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
    [2011/07/09 05:26:20 | 000,500,482 | ---- | M] () -- D:\WINDOWS\System32\perfh00C.dat
    [2011/07/09 05:26:20 | 000,432,356 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
    [2011/07/09 05:26:20 | 000,080,508 | ---- | M] () -- D:\WINDOWS\System32\perfc00C.dat
    [2011/07/09 05:26:20 | 000,067,312 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
    [2011/07/09 05:24:38 | 000,218,688 | ---- | M] (DT Soft Ltd) -- D:\WINDOWS\System32\drivers\dtsoftbus01.sys
    [2011/07/09 05:24:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\DAEMON Tools Lite
    [2011/07/09 05:19:14 | 011,193,664 | ---- | M] (DT Soft Ltd.) -- D:\Program Files\DTLite4402-0131.exe
    [2011/07/05 02:32:19 | 000,000,027 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts.msn
    [2011/07/05 02:32:19 | 000,000,027 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts
    [2011/07/04 07:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- D:\WINDOWS\avastSS.scr
    [2011/07/04 07:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\aswBoot.exe
    [2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswSnx.sys
    [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswSP.sys
    [2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys
    [2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys
    [2011/07/04 07:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswmon.sys
    [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys
    [2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys
    [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2011/06/29 05:39:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Windows Live
    [2011/06/29 05:31:34 | 000,000,939 | ---- | M] () -- D:\Documents and Settings\Graziella Mickael\Mes documents\Mes dossiers de partage.lnk
    [2011/06/29 04:05:38 | 000,001,804 | ---- | M] () -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Adobe Reader X.lnk
    [2011/06/29 03:29:12 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- D:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2011/06/28 07:35:26 | 000,000,742 | ---- | M] () -- D:\Documents and Settings\Graziella Mickael\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/06/28 07:35:25 | 000,000,730 | ---- | M] () -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Mozilla Firefox.lnk
    [2011/06/28 07:35:25 | 000,000,724 | ---- | M] () -- D:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
    [2011/06/26 11:49:02 | 000,000,650 | ---- | M] () -- D:\Documents and Settings\Graziella Mickael\Bureau\BitTorrent.lnk
    [2011/06/26 11:47:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\BitTorrent
    [2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- D:\WINDOWS\PEV.exe
    [2011/06/24 02:23:45 | 000,001,374 | ---- | M] () -- D:\WINDOWS\imsins.BAK
    [2011/06/23 19:27:23 | 002,147,312 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
    [2011/06/22 11:58:37 | 001,047,899 | ---- | M] () -- D:\Documents and Settings\Graziella Mickael\Bureau\CharSim_FR.zip
    [2011/06/14 11:02:44 | 000,000,792 | ---- | M] () -- D:\Documents and Settings\All Users\Bureau\GIMP 2.lnk
    [2011/06/14 11:02:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\GIMP
    [2011/06/14 10:21:05 | 000,000,718 | ---- | M] () -- D:\Documents and Settings\Graziella Mickael\Bureau\PhotoFiltre.lnk
    [2011/06/14 10:21:05 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\PhotoFiltre
    [4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
    [1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/07/05 02:07:09 | 000,256,000 | ---- | C] () -- D:\WINDOWS\PEV.exe
    [2011/07/05 02:07:09 | 000,208,896 | ---- | C] () -- D:\WINDOWS\MBR.exe
    [2011/07/05 02:07:09 | 000,098,816 | ---- | C] () -- D:\WINDOWS\sed.exe
    [2011/07/05 02:07:09 | 000,080,412 | ---- | C] () -- D:\WINDOWS\grep.exe
    [2011/07/05 02:07:09 | 000,068,096 | ---- | C] () -- D:\WINDOWS\zip.exe
    [2011/06/29 05:31:34 | 000,000,939 | ---- | C] () -- D:\Documents and Settings\Graziella Mickael\Mes documents\Mes dossiers de partage.lnk
    [2011/06/29 04:05:38 | 000,001,804 | ---- | C] () -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Adobe Reader X.lnk
    [2011/06/26 11:49:02 | 000,000,650 | ---- | C] () -- D:\Documents and Settings\Graziella Mickael\Bureau\BitTorrent.lnk
    [2011/06/22 11:57:15 | 001,047,899 | ---- | C] () -- D:\Documents and Settings\Graziella Mickael\Bureau\CharSim_FR.zip
    [2011/06/14 11:02:44 | 000,000,792 | ---- | C] () -- D:\Documents and Settings\All Users\Bureau\GIMP 2.lnk
    [2011/06/14 10:21:05 | 000,000,718 | ---- | C] () -- D:\Documents and Settings\Graziella Mickael\Bureau\PhotoFiltre.lnk
    [2011/05/31 09:22:01 | 000,000,056 | -H-- | C] () -- D:\WINDOWS\System32\ezsidmv.dat
    [2011/05/27 19:35:43 | 000,047,616 | ---- | C] () -- D:\Documents and Settings\Graziella Mickael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/05/27 13:25:07 | 000,004,205 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
    [2011/05/27 13:24:04 | 002,147,312 | ---- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT
    [2011/05/27 12:19:15 | 000,000,000 | ---- | C] () -- D:\WINDOWS\nsreg.dat
    [2011/05/27 11:49:03 | 000,049,152 | R--- | C] () -- D:\WINDOWS\System32\ChCfg.exe
    [2011/05/27 11:37:13 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat
    [2011/05/27 11:32:52 | 000,021,892 | ---- | C] () -- D:\WINDOWS\System32\emptyregdb.dat
    [2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- D:\WINDOWS\System32\oembios.bin
    [2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- D:\WINDOWS\System32\mlang.dat
    [2008/04/14 08:00:00 | 000,500,482 | ---- | C] () -- D:\WINDOWS\System32\perfh00C.dat
    [2008/04/14 08:00:00 | 000,432,356 | ---- | C] () -- D:\WINDOWS\System32\perfh009.dat
    [2008/04/14 08:00:00 | 000,322,810 | ---- | C] () -- D:\WINDOWS\System32\perfi00C.dat
    [2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- D:\WINDOWS\System32\perfi009.dat
    [2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- D:\WINDOWS\System32\dssec.dat
    [2008/04/14 08:00:00 | 000,080,508 | ---- | C] () -- D:\WINDOWS\System32\perfc00C.dat
    [2008/04/14 08:00:00 | 000,067,312 | ---- | C] () -- D:\WINDOWS\System32\perfc009.dat
    [2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- D:\WINDOWS\System32\mib.bin
    [2008/04/14 08:00:00 | 000,034,108 | ---- | C] () -- D:\WINDOWS\System32\perfd00C.dat
    [2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- D:\WINDOWS\System32\perfd009.dat
    [2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- D:\WINDOWS\System32\secupd.dat
    [2008/04/14 08:00:00 | 000,004,461 | ---- | C] () -- D:\WINDOWS\System32\oembios.dat
    [2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- D:\WINDOWS\System32\Dcache.bin
    [2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- D:\WINDOWS\System32\noise.dat

    ========== LOP Check ==========

    [2011/06/04 14:18:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Graziella Mickael\Application Data\BabylonToolbar
    [2011/07/10 05:28:46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Graziella Mickael\Application Data\BitTorrent
    [2011/07/09 10:51:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Graziella Mickael\Application Data\DAEMON Tools Lite
    [2011/05/27 12:06:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Alwil Software
    [2011/07/09 10:56:48 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Astroburn Lite
    [2011/07/09 05:22:46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2011/06/10 04:29:28 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\SweetIM

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AEC.SYS >
    [2008/04/14 08:00:00 | 020,102,028 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:aec.sys
    [2004/08/03 18:39:38 | 000,142,464 | ---- | M] (Microsoft Corporation) MD5=841F385C6CFAF66B58FBD898722BB4F0 -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\DRIVERS\AEC.SYS
    [2008/04/13 03:39:24 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- D:\WINDOWS\ERDNT\cache\aec.sys
    [2008/04/13 03:39:24 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- D:\WINDOWS\system32\dllcache\aec.sys
    [2008/04/13 03:39:24 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- D:\WINDOWS\system32\drivers\aec.sys

    < MD5 for: AGP440.SYS >
    [2008/04/14 08:00:00 | 020,102,028 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
    [2004/08/03 19:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\DRIVERS\AGP440.SYS

    < MD5 for: ATAPI.SYS >
    [2008/04/14 08:00:00 | 020,102,028 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
    [2008/04/13 05:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- D:\WINDOWS\ERDNT\cache\atapi.sys
    [2008/04/13 05:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- D:\WINDOWS\system32\dllcache\atapi.sys
    [2008/04/13 05:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- D:\WINDOWS\system32\drivers\atapi.sys
    [2008/04/14 08:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- D:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
    [2008/04/13 05:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- D:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
    [2004/08/03 17:07:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\DRIVERS\ATAPI.SYS

    < MD5 for: CDROM.SYS >
    [2008/04/14 08:00:00 | 020,102,028 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
    [2008/04/14 08:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- D:\WINDOWS\system32\drivers\cdrom.sys
    [2004/08/03 17:07:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\DRIVERS\CDROM.SYS

    < MD5 for: DISK.SYS >
    [2008/04/14 08:00:00 | 020,102,028 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:D isk.sys
    [2004/08/03 17:07:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\DRIVERS\DISK.SYS
    [2008/04/14 08:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- D:\WINDOWS\system32\drivers\disk.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- D:\WINDOWS\ERDNT\cache\eventlog.dll
    [2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- D:\WINDOWS\system32\dllcache\eventlog.dll
    [2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- D:\WINDOWS\system32\eventlog.dll
    [2004/08/03 17:07:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\EVENTLOG.DLL

    < MD5 for: EXPLORER.EXE >
    [2004/08/03 17:07:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\EXPLORER.EXE
    [2008/04/14 08:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- D:\WINDOWS\ERDNT\cache\explorer.exe
    [2008/04/14 08:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- D:\WINDOWS\explorer.exe
    [2008/04/14 08:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- D:\WINDOWS\system32\dllcache\explorer.exe

    < MD5 for: I8042PRT.SYS >
    [2008/04/14 08:00:00 | 020,102,028 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:i8042prt.sys
    [2004/08/03 17:07:00 | 000,052,736 | ---- | M] (Microsoft Corporation) MD5=5502B58EEF7486EE6F93F3F164DCB808 -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\DRIVERS\I8042PRT.SYS
    [2008/04/14 08:00:00 | 000,054,144 | ---- | M] (Microsoft Corporation) MD5=A09BDC4ED10E3B2E0EC27BB94AF32516 -- D:\WINDOWS\system32\drivers\i8042prt.sys

    < MD5 for: IMAPI.SYS >
    [2008/04/14 08:00:00 | 020,102,028 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:imapi.sys
    [2008/04/14 08:00:00 | 000,042,112 | ---- | M] (Microsoft Corporation) MD5=083A052659F5310DD8B6A6CB05EDCF8E -- D:\WINDOWS\system32\drivers\imapi.sys
    [2004/08/03 19:00:16 | 000,041,856 | ---- | M] (Microsoft Corporation) MD5=F8AA320C6A0409C0380E5D8A99D76EC6 -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\DRIVERS\IMAPI.SYS

    < MD5 for: INTELIDE.SYS >
    [2008/04/14 08:00:00 | 020,102,028 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:intelide.sys
    [2004/08/03 17:07:00 | 000,005,504 | ---- | M] (Microsoft Corporation) MD5=2D722B2B54AB55B2FA475EB58D7B2AAD -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\DRIVERS\INTELIDE.SYS

    < MD5 for: MOUNTMGR.SYS >
    [2004/08/03 17:07:00 | 000,042,240 | ---- | M] (Microsoft Corporation) MD5=65653F3B4477F3C63E68A9659F85EE2E -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\DRIVERS\MOUNTMGR.SYS
    [2008/04/14 08:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- D:\WINDOWS\system32\dllcache\mountmgr.sys
    [2008/04/14 08:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- D:\WINDOWS\system32\drivers\mountmgr.sys

    < MD5 for: MRXSMB.SYS >
    [2008/04/14 08:00:00 | 020,102,028 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:mrxsmb.sys
    [2011/04/29 12:19:43 | 000,456,320 | ---- | M] (Microsoft Corporation) MD5=0DC719E9B15E902346E87E9DCD5751FA -- D:\WINDOWS\Driver Cache\i386\mrxsmb.sys
    [2011/04/29 12:19:43 | 000,456,320 | ---- | M] (Microsoft Corporation) MD5=0DC719E9B15E902346E87E9DCD5751FA -- D:\WINDOWS\system32\dllcache\mrxsmb.sys
    [2011/04/29 12:19:43 | 000,456,320 | ---- | M] (Microsoft Corporation) MD5=0DC719E9B15E902346E87E9DCD5751FA -- D:\WINDOWS\system32\drivers\mrxsmb.sys
    [2011/02/17 09:18:24 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=0EA4D8ED179B75F8AFA7998BA22285CA -- D:\WINDOWS\$NtUninstallKB2536276$\mrxsmb.sys
    [2004/08/03 17:07:00 | 000,451,456 | ---- | M] (Microsoft Corporation) MD5=1FD607FC67F7F7C633C3DA65BFC53D18 -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\DRIVERS\MRXSMB.SYS
    [2008/04/14 08:00:00 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- D:\WINDOWS\$NtUninstallKB2511455$\mrxsmb.sys
    [2011/04/29 12:47:42 | 000,457,856 | ---- | M] (Microsoft Corporation) MD5=8DD801E28EB76FDA2A38907882A0036F -- D:\WINDOWS\$hf_mig$\KB2536276\SP3QFE\mrxsmb.sys
    [2011/02/17 09:19:38 | 000,457,472 | ---- | M] (Microsoft Corporation) MD5=FB7DFD15D760AD339837A470F0E780D3 -- D:\WINDOWS\$hf_mig$\KB2511455\SP3QFE\mrxsmb.sys

    < MD5 for: NDIS.SYS >
    [2008/04/14 08:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- D:\WINDOWS\ERDNT\cache\ndis.sys
    [2008/04/14 08:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- D:\WINDOWS\system32\dllcache\ndis.sys
    [2008/04/14 08:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- D:\WINDOWS\system32\drivers\ndis.sys
    [2004/08/03 17:07:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\DRIVERS\NDIS.SYS

    < MD5 for: NETLOGON.DLL >
    [2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- D:\WINDOWS\ERDNT\cache\netlogon.dll
    [2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- D:\WINDOWS\system32\dllcache\netlogon.dll
    [2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- D:\WINDOWS\system32\netlogon.dll
    [2004/08/03 17:07:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\NETLOGON.DLL

    < MD5 for: RASACD.SYS >
    [2004/08/03 17:07:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\DRIVERS\RASACD.SYS
    [2008/04/14 08:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- D:\WINDOWS\system32\dllcache\rasacd.sys
    [2008/04/14 08:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- D:\WINDOWS\system32\drivers\rasacd.sys

    < MD5 for: RDPCDD.SYS >
    [2008/04/14 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=4912D5B403614CE99C28420F75353332 -- D:\WINDOWS\system32\dllcache\rdpcdd.sys
    [2008/04/14 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=4912D5B403614CE99C28420F75353332 -- D:\WINDOWS\system32\drivers\rdpcdd.sys

    < MD5 for: REDBOOK.SYS >
    [2008/04/14 08:00:00 | 020,102,028 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:redbook.sys
    [2004/08/03 18:59:38 | 000,057,472 | ---- | M] (Microsoft Corporation) MD5=B31B4588E4086D8D84ADBF9845C2402B -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\DRIVERS\REDBOOK.SYS
    [2008/04/13 14:57:36 | 000,058,752 | ---- | M] (Microsoft Corporation) MD5=D8EB2A7904DB6C916EB5361878DDCBAE -- D:\WINDOWS\system32\drivers\redbook.sys

    < MD5 for: SCECLI.DLL >
    [2004/08/03 17:07:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\SCECLI.DLL
    [2008/04/14 08:00:00 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- D:\WINDOWS\ERDNT\cache\scecli.dll
    [2008/04/14 08:00:00 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- D:\WINDOWS\system32\dllcache\scecli.dll
    [2008/04/14 08:00:00 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- D:\WINDOWS\system32\scecli.dll

    < MD5 for: TCPIP.SYS >
    [2008/04/14 08:00:00 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- D:\WINDOWS\$NtUninstallKB2509553$\tcpip.sys
    [2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- D:\WINDOWS\ERDNT\cache\tcpip.sys
    [2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- D:\WINDOWS\system32\dllcache\tcpip.sys
    [2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- D:\WINDOWS\system32\drivers\tcpip.sys
    [2004/08/03 17:07:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\DRIVERS\TCPIP.SYS
    [2008/06/20 07:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- D:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys

    < MD5 for: TERMDD.SYS >
    [2008/04/14 08:00:00 | 020,102,028 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:termdd.sys
    [2008/04/13 13:34:54 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=88155247177638048422893737429D9E -- D:\WINDOWS\system32\drivers\termdd.sys

    < MD5 for: USERINIT.EXE >
    [2004/08/03 17:07:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\USERINIT.EXE
    [2008/04/14 08:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- D:\WINDOWS\ERDNT\cache\userinit.exe
    [2008/04/14 08:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- D:\WINDOWS\system32\dllcache\userinit.exe
    [2008/04/14 08:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- D:\WINDOWS\system32\userinit.exe

    < MD5 for: VOLSNAP.SYS >
    [2008/04/14 08:00:00 | 000,053,376 | ---- | M] (Microsoft Corporation) MD5=46DE1126684369BACE4849E4FC8C43CA -- D:\WINDOWS\system32\dllcache\volsnap.sys
    [2008/04/14 08:00:00 | 000,053,376 | ---- | M] (Microsoft Corporation) MD5=46DE1126684369BACE4849E4FC8C43CA -- D:\WINDOWS\system32\drivers\volsnap.sys
    [2004/08/03 17:07:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\DRIVERS\VOLSNAP.SYS

    < MD5 for: WIN32K.SYS >
    [2008/04/14 08:00:00 | 001,845,760 | ---- | M] (Microsoft Corporation) MD5=0E65F97FF5B39068D1D2186B3D7600C7 -- D:\WINDOWS\$NtUninstallKB2506223$\win32k.sys
    [2011/03/03 09:53:37 | 001,858,048 | ---- | M] (Microsoft Corporation) MD5=3BEDF6024160399E2AF010BB2E7F4F59 -- D:\WINDOWS\system32\dllcache\win32k.sys
    [2011/03/03 09:53:37 | 001,858,048 | ---- | M] (Microsoft Corporation) MD5=3BEDF6024160399E2AF010BB2E7F4F59 -- D:\WINDOWS\system32\win32k.sys
    [2004/08/03 17:07:00 | 001,835,904 | ---- | M] (Microsoft Corporation) MD5=B74C69A810949E7A54DC688CAE662206 -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\WIN32K.SYS
    [2011/03/03 09:52:12 | 001,867,008 | ---- | M] (Microsoft Corporation) MD5=E832E04ADDD745DC462ED800E8416B9C -- D:\WINDOWS\$hf_mig$\KB2506223\SP3QFE\win32k.sys

    < MD5 for: WINLOGON.EXE >
    [2004/08/03 17:07:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\WINLOGON.EXE
    [2008/04/14 08:00:00 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- D:\WINDOWS\ERDNT\cache\winlogon.exe
    [2008/04/14 08:00:00 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- D:\WINDOWS\system32\dllcache\winlogon.exe
    [2008/04/14 08:00:00 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- D:\WINDOWS\system32\winlogon.exe

    < %systemroot%\repair\*.* >
    [2008/04/14 08:00:00 | 000,001,896 | ---- | M] () -- D:\WINDOWS\repair\autoexec.nt
    [2011/05/27 11:35:17 | 000,003,072 | ---- | M] () -- D:\WINDOWS\repair\config.nt
    [2011/05/27 11:37:13 | 000,241,664 | ---- | M] () -- D:\WINDOWS\repair\default
    [2011/05/27 11:35:22 | 000,241,664 | -H-- | M] () -- D:\WINDOWS\repair\ntuser.dat
    [2011/05/27 11:37:13 | 000,020,480 | ---- | M] () -- D:\WINDOWS\repair\sam
    [2011/05/27 11:35:24 | 000,250,248 | ---- | M] () -- D:\WINDOWS\repair\secsetup.inf
    [2011/05/27 11:37:13 | 000,028,672 | ---- | M] () -- D:\WINDOWS\repair\security
    [2011/05/27 11:34:01 | 000,214,699 | ---- | M] () -- D:\WINDOWS\repair\setup.log
    [2011/05/27 11:37:13 | 008,916,992 | ---- | M] () -- D:\WINDOWS\repair\software
    [2011/05/27 11:37:10 | 001,003,520 | ---- | M] () -- D:\WINDOWS\repair\system

    < %systemroot%\repair\*. >

    < %systemroot%\repair\* >
    [2008/04/14 08:00:00 | 000,001,896 | ---- | M] () -- D:\WINDOWS\repair\autoexec.nt
    [2011/05/27 11:35:17 | 000,003,072 | ---- | M] () -- D:\WINDOWS\repair\config.nt
    [2011/05/27 11:37:13 | 000,241,664 | ---- | M] () -- D:\WINDOWS\repair\default
    [2011/05/27 11:35:22 | 000,241,664 | -H-- | M] () -- D:\WINDOWS\repair\ntuser.dat
    [2011/05/27 11:37:13 | 000,020,480 | ---- | M] () -- D:\WINDOWS\repair\sam
    [2011/05/27 11:35:24 | 000,250,248 | ---- | M] () -- D:\WINDOWS\repair\secsetup.inf
    [2011/05/27 11:37:13 | 000,028,672 | ---- | M] () -- D:\WINDOWS\repair\security
    [2011/05/27 11:34:01 | 000,214,699 | ---- | M] () -- D:\WINDOWS\repair\setup.log
    [2011/05/27 11:37:13 | 008,916,992 | ---- | M] () -- D:\WINDOWS\repair\software
    [2011/05/27 11:37:10 | 001,003,520 | ---- | M] () -- D:\WINDOWS\repair\system

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [1 D:\WINDOWS\system32\*.tmp files -> D:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2011/05/27 13:23:00 | 000,094,208 | ---- | M] () -- D:\WINDOWS\System32\config\default.sav
    [2011/05/27 13:23:00 | 001,069,056 | ---- | M] () -- D:\WINDOWS\System32\config\software.sav
    [2011/05/27 13:22:59 | 000,438,272 | ---- | M] () -- D:\WINDOWS\System32\config\system.sav

    < CREATERESTOREPOINT >
    < End of report >
    12 Juillet 2011 17:11:52

    re
    je t'avais demandé de prendre mon custom scan car j'avais ajouté:
    nppt2N.sys dans la recherche. Car nous n'avons toujours pas retrouvé ce driver!
    Je n'ai aucune preuve de son existence....
    Je pars en vacances donc je vais voir pour qu'un helper termine ce topic:

    :hello: 

    en attendant, tu refais otlpe avec mon custom scan:




    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    /md5start
    nppt2N.sys
    explorer.exe
    userinit.exe
    winlogon.exe
    wininit.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    volsnap.sys
    nvstor.sys
    atapi.sys
    i8042prt.sys
    cdrom.sys
    disk.sys
    ndis.sys
    tcpip.sys
    imapi.sys
    RDPCDD.sys
    mountmgr.sys
    aec.sys
    rasacd.sys
    redbook.sys
    intelide.sys
    mrxsmb10.sys
    mrxsmb20.sys
    termdd.sys
    mrxsmb.sys
    win32k.sys
    storport.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\repair\*.*
    %systemroot%\repair\*.
    %systemroot%\repair\*
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    a c 614 8 Sécurité
    12 Juillet 2011 23:13:04

    Bonsoir,

    Pour suivre et finir au besoin. [:_tom_:7]
    14 Juillet 2011 08:28:01

    Bonjour et merci voila le scqn que j ai refait

    OTL logfile created on: 7/14/2011 11:06:38 AM - Run
    OTLPE by OldTimer - Version 3.1.47.1 Folder = X:\Programs\OTLPE
    Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    1,015.00 Mb Total Physical Memory | 754.00 Mb Available Physical Memory | 74.00% Memory free
    903.00 Mb Paging File | 740.00 Mb Available in Paging File | 82.00% Paging File free
    Paging file location(s): D:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
    Drive C: | 48.83 Gb Total Space | 20.18 Gb Free Space | 41.32% Space Free | Partition Type: NTFS
    Drive D: | 100.21 Gb Total Space | 40.12 Gb Free Space | 40.03% Space Free | Partition Type: NTFS
    Drive X: | 1.91 Gb Total Space | 1.36 Gb Free Space | 71.13% Space Free | Partition Type: FAT

    Computer Name: REATOGO | User Name: SYSTEM
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    Using ControlSet: ControlSet001

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto] -- -- (wuauserv)
    SRV - File not found [Disabled] -- -- (HidServ)
    SRV - File not found [On_Demand] -- -- (AppMgmt)
    SRV - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto] -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2011/06/07 10:08:04 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- D:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011/05/11 13:06:00 | 004,330,168 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- D:\WINDOWS\System32\GameMon.des -- (npggsvc)
    SRV - [2008/11/03 19:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
    SRV - [2007/12/11 14:19:44 | 000,065,536 | ---- | M] (France Telecom SA) [Auto] -- D:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)
    SRV - [2006/10/26 08:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
    DRV - File not found [Kernel | System] -- -- (PCIDump)
    DRV - File not found [Kernel | System] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System] -- -- (i2omgmt)
    DRV - File not found [Kernel | On_Demand] -- -- (GMSIPCI)
    DRV - File not found [Kernel | System] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand] -- -- (catchme)
    DRV - [2011/07/09 05:05:50 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
    DRV - [2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System] -- D:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System] -- D:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System] -- D:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto] -- D:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System] -- D:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System] -- D:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto] -- D:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/07/04 15:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable] -- D:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
    DRV - [2007/02/06 12:43:26 | 000,090,880 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2007/01/30 06:57:00 | 004,474,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2006/03/01 12:53:54 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- D:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5)
    DRV - [2003/09/23 04:38:34 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- D:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Graziella_Mickael_ON_D\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.ask.com/?l=dis&o=14978 [binary data]
    IE - HKU\Graziella_Mickael_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = astroburn-search.com
    IE - HKU\Graziella_Mickael_ON_D\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll ()
    IE - HKU\Graziella_Mickael_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\systemprofile_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: " fficial" rel="nofollow" target="_blank">www.google.fr/firefox?client=firefox_a&rls=org.mozilla:..."
    FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
    FF - prefs.js..network.proxy.type: 0
    FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="

    FF - HKLM\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: D:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/29 08:58:54 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: D:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/29 08:58:54 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011/06/29 03:43:18 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011/07/01 02:52:40 | 000,000,000 | ---D | M]

    [2011/05/27 12:19:19 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Graziella Mickael\Application Data\Mozilla\Extensions
    [2011/07/09 11:23:02 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Graziella Mickael\Application Data\Mozilla\Firefox\Profiles\5w0euea9.default\extensions
    [2011/07/09 10:56:03 | 000,002,071 | ---- | M] () -- D:\Documents and Settings\Graziella Mickael\Application Data\Mozilla\Firefox\Profiles\5w0euea9.default\searchplugins\absearch-search.xml
    [2009/07/10 09:26:08 | 000,002,257 | ---- | M] () -- D:\Documents and Settings\Graziella Mickael\Application Data\Mozilla\Firefox\Profiles\5w0euea9.default\searchplugins\askcom.xml
    [2011/06/10 04:29:10 | 000,003,915 | ---- | M] () -- D:\Documents and Settings\Graziella Mickael\Application Data\Mozilla\Firefox\Profiles\5w0euea9.default\searchplugins\sweetim.xml
    [2011/07/01 02:52:42 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
    [2011/05/28 04:50:25 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/07/01 02:52:42 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    File not found (No name found) --
    () (No name found) -- D:\DOCUMENTS AND SETTINGS\GRAZIELLA MICKAEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\5W0EUEA9.DEFAULT\EXTENSIONS\{7A88E876-D715-4503-A7BF-A8EBA13CA3F9}.XPI
    () (No name found) -- D:\DOCUMENTS AND SETTINGS\GRAZIELLA MICKAEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\5W0EUEA9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    [2011/05/27 12:15:46 | 000,000,000 | ---D | M] (Java Quick Starter) -- D:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2011/06/24 02:19:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2011/06/16 00:38:33 | 000,142,296 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/05/03 20:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2010/01/01 04:00:00 | 000,001,516 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
    [2011/06/04 06:06:51 | 000,002,423 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\babylon.xml
    [2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2010/01/01 04:00:00 | 000,001,822 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2010/01/01 04:00:00 | 000,001,154 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
    [2010/01/01 04:00:00 | 000,001,426 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
    [2010/01/01 04:00:00 | 000,000,956 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

    O1 HOSTS File: ([2011/07/05 02:32:19 | 000,000,027 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O3 - HKU\Graziella_Mickael_ON_D\..\Toolbar\WebBrowser: (no name) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - No CLSID value found.
    O4 - HKLM..\Run: [Adobe ARM] D:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] D:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avast] D:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [DivXUpdate] D:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [ORAHSSSessionManager] D:\Program Files\OrangeHSS\SessionManager\SessionManager.exe (France Telecom SA)
    O4 - HKLM..\Run: [SunJavaUpdateSched] D:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKU\Graziella_Mickael_ON_D..\Run: [Pando Media Booster] D:\Program Files\Pando Networks\Media Booster\PMB.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\Graziella_Mickael_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\Graziella_Mickael_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\Graziella_Mickael_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\Graziella_Mickael_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\LocalService_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\LocalService_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\NetworkService_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\NetworkService_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\systemprofile_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\systemprofile_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-wind... (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-wind... (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-wind... (Java Plug-in 1.6.0_26)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/07/18 14:34:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 11:06:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ FAT ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: wuauserv - File not found


    SafeBootMin: AppMgmt - File not found
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: sermouse.sys - Driver
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vga.sys - Driver
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    SafeBootNet: AppMgmt - File not found
    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: sermouse.sys - Driver
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: vga.sys - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
    ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
    ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
    ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:o E /CALLER:WINNT /user /install
    ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
    ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
    ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
    ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - D:\WINDOWS\system32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - d:\WINDOWS\system32\Rundll32.exe d:\WINDOWS\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
    ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player 9 ActiveX
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - D:\WINDOWS\system32\ieudinit.exe
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - D:\WINDOWS\inf\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - D:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "D:\WINDOWS\system32\rundll32.exe" "D:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
    ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

    Drivers32: msacm.iac2 - D:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - D:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - D:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - D:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - D:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - D:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.iv31 - D:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - D:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - D:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - D:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.yv12 - D:\WINDOWS\System32\DivX.dll (DivX, Inc.)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/07/13 19:50:07 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Graziella Mickael\Menu Démarrer\Programmes\Perfect World Entertainment
    [2011/07/13 19:03:25 | 000,000,000 | ---D | C] -- D:\Program Files\Perfect World Entertainment
    [2011/07/13 13:55:05 | 000,258,352 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\unicows.dll
    [2011/07/12 18:22:38 | 000,000,000 | ---D | C] -- D:\Program Files\PWI FR
    [2011/07/12 18:14:58 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Graziella Mickael\Local Settings\Application Data\PMB Files
    [2011/07/12 18:14:52 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\PMB Files
    [2011/07/12 18:12:12 | 000,000,000 | ---D | C] -- D:\Program Files\Pando Networks
    [2011/07/12 05:10:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet
    [2011/07/12 04:19:13 | 127,210,482 | ---- | C] (Igor Pavlov) -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet.exe
    [2011/07/11 11:28:39 | 000,000,000 | -H-D | C] -- D:\WINDOWS\PIF
    [2011/07/09 10:56:03 | 000,000,000 | ---D | C] -- D:\Program Files\Astroburn Toolbar
    [2011/07/09 10:55:50 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Astroburn Lite
    [2011/07/09 10:48:36 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Documents\DAEMON Tools Images
    [2011/07/09 05:19:22 | 011,193,664 | ---- | C] (DT Soft Ltd.) -- D:\Program Files\DTLite4402-0131.exe
    [2011/07/09 05:11:25 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2011/07/09 05:11:00 | 000,000,000 | ---D | C] -- D:\Program Files\DAEMON Tools Lite
    [2011/07/09 05:05:49 | 000,717,296 | ---- | C] (Duplex Secure Ltd.) -- D:\WINDOWS\System32\drivers\sptd.sys
    [2011/07/09 05:05:29 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Graziella Mickael\Application Data\DAEMON Tools Lite
    [2011/07/08 08:56:09 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\NetworkService\Cookies
    [2011/07/06 11:29:13 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Graziella Mickael\Menu Démarrer\Programmes\Unlocker
    [2011/07/06 11:29:12 | 000,000,000 | ---D | C] -- D:\Program Files\Unlocker
    [2011/07/05 04:13:55 | 000,000,000 | -HSD | C] -- D:\RECYCLER
    [2011/07/05 02:07:09 | 000,518,144 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWREG.exe
    [2011/07/05 02:07:09 | 000,406,528 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWSC.exe
    [2011/07/05 02:07:09 | 000,212,480 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWXCACLS.exe
    [2011/07/05 02:07:09 | 000,060,416 | ---- | C] (NirSoft) -- D:\WINDOWS\NIRCMD.exe
    [2011/07/05 02:06:57 | 000,000,000 | ---D | C] -- D:\WINDOWS\ERDNT
    [2011/07/02 00:45:57 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Graziella Mickael\Local Settings\Application Data\Temp
    [2011/07/02 00:45:48 | 000,025,856 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\usbprint.sys
    [2011/07/01 02:52:58 | 000,000,000 | ---D | C] -- D:\Program Files\Fichiers communs\Java
    [2011/07/01 02:52:40 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\javaws.exe
    [2011/07/01 02:52:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\javaw.exe
    [2011/07/01 02:52:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\java.exe
    [2011/06/29 05:38:47 | 000,000,000 | ---D | C] -- D:\Program Files\Windows Live SkyDrive
    [2011/06/29 05:09:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Graziella Mickael\Contacts
    [2011/06/29 04:43:03 | 003,426,072 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\d3dx9_32.dll
    [2011/06/29 04:42:48 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft SQL Server Compact Edition
    [2011/06/26 11:48:31 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Graziella Mickael\Application Data\BitTorrent
    [2011/06/26 11:47:50 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\BitTorrent
    [2011/06/26 11:47:49 | 000,000,000 | ---D | C] -- D:\Program Files\BitTorrent
    [2011/06/23 19:05:25 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\XPSViewer
    [2011/06/23 19:05:18 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\en-US
    [2011/06/23 19:05:12 | 000,000,000 | ---D | C] -- D:\Program Files\Reference Assemblies
    [2011/06/23 19:04:43 | 001,676,288 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\xpssvcs.dll
    [2011/06/23 19:04:43 | 001,676,288 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\xpssvcs.dll
    [2011/06/23 19:04:43 | 000,597,504 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
    [2011/06/23 19:04:43 | 000,575,488 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\xpsshhdr.dll
    [2011/06/23 19:04:43 | 000,117,760 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\prntvpt.dll
    [2011/06/23 19:04:43 | 000,089,088 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
    [2011/06/23 19:04:42 | 000,000,000 | ---D | C] -- D:\026e42924269b24c6ed1d2
    [2011/06/22 12:47:08 | 000,000,000 | R-SD | C] -- D:\WINDOWS\assembly
    [2011/06/22 12:33:03 | 000,000,000 | ---D | C] -- D:\WINDOWS\Microsoft.NET
    [2011/06/16 11:35:47 | 000,000,000 | ---D | C] -- D:\WINDOWS\Minidump
    [2011/06/14 11:33:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Graziella Mickael\.gimp-2.6
    [2011/06/14 11:33:46 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Graziella Mickael\Mes documents\gegl-0.0
    [2011/06/14 11:17:21 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\DRVSTORE
    [2011/06/14 11:16:02 | 000,000,000 | ---D | C] -- D:\Program Files\MSECACHE
    [4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
    [1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/07/14 03:12:47 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
    [2011/07/14 03:09:02 | 000,001,078 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/07/14 02:41:27 | 000,001,074 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/07/13 19:50:30 | 000,001,227 | ---- | M] () -- D:\Documents and Settings\Graziella Mickael\Bureau\Perfect World International.lnk
    [2011/07/13 09:48:36 | 000,500,482 | ---- | M] () -- D:\WINDOWS\System32\perfh00C.dat
    [2011/07/13 09:48:36 | 000,432,356 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
    [2011/07/13 09:48:36 | 000,080,508 | ---- | M] () -- D:\WINDOWS\System32\perfc00C.dat
    [2011/07/13 09:48:35 | 000,067,312 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
    [2011/07/13 09:46:35 | 000,013,646 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
    [2011/07/13 07:01:03 | 000,258,352 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\unicows.dll
    [2011/07/12 18:11:25 | 002,167,848 | ---- | M] () -- D:\Documents and Settings\Graziella Mickael\Bureau\PerfectWorldInternational_FR_Downloader.exe
    [2011/07/12 16:56:02 | 000,048,640 | ---- | M] () -- D:\Documents and Settings\Graziella Mickael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/07/12 05:09:57 | 127,210,482 | ---- | M] (Igor Pavlov) -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet.exe
    [2011/07/10 07:10:20 | 000,003,121 | ---- | M] () -- D:\WINDOWS\System32\CONFIG.NT
    [2011/07/09 05:19:14 | 011,193,664 | ---- | M] (DT Soft Ltd.) -- D:\Program Files\DTLite4402-0131.exe
    [2011/07/05 02:32:19 | 000,000,027 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts.msn
    [2011/07/05 02:32:19 | 000,000,027 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts
    [2011/07/04 07:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- D:\WINDOWS\avastSS.scr
    [2011/07/04 07:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\aswBoot.exe
    [2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswSnx.sys
    [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswSP.sys
    [2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys
    [2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys
    [2011/07/04 07:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswmon.sys
    [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys
    [2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys
    [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2011/06/29 05:39:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Windows Live
    [2011/06/29 05:31:34 | 000,000,939 | ---- | M] () -- D:\Documents and Settings\Graziella Mickael\Mes documents\Mes dossiers de partage.lnk
    [2011/06/29 04:05:38 | 000,001,804 | ---- | M] () -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Adobe Reader X.lnk
    [2011/06/29 03:29:12 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- D:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2011/06/28 07:35:26 | 000,000,742 | ---- | M] () -- D:\Documents and Settings\Graziella Mickael\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/06/28 07:35:25 | 000,000,730 | ---- | M] () -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Mozilla Firefox.lnk
    [2011/06/28 07:35:25 | 000,000,724 | ---- | M] () -- D:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
    [2011/06/26 11:49:02 | 000,000,650 | ---- | M] () -- D:\Documents and Settings\Graziella Mickael\Bureau\BitTorrent.lnk
    [2011/06/26 11:47:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\BitTorrent
    [2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- D:\WINDOWS\PEV.exe
    [2011/06/24 02:23:45 | 000,001,374 | ---- | M] () -- D:\WINDOWS\imsins.BAK
    [2011/06/23 19:27:23 | 002,147,312 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
    [2011/06/22 11:58:37 | 001,047,899 | ---- | M] () -- D:\Documents and Settings\Graziella Mickael\Bureau\CharSim_FR.zip
    [4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
    [1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/07/13 19:50:30 | 000,001,227 | ---- | C] () -- D:\Documents and Settings\Graziella Mickael\Bureau\Perfect World International.lnk
    [2011/07/12 18:10:42 | 002,167,848 | ---- | C] () -- D:\Documents and Settings\Graziella Mickael\Bureau\PerfectWorldInternational_FR_Downloader.exe
    [2011/07/05 02:07:09 | 000,256,000 | ---- | C] () -- D:\WINDOWS\PEV.exe
    [2011/07/05 02:07:09 | 000,208,896 | ---- | C] () -- D:\WINDOWS\MBR.exe
    [2011/07/05 02:07:09 | 000,098,816 | ---- | C] () -- D:\WINDOWS\sed.exe
    [2011/07/05 02:07:09 | 000,080,412 | ---- | C] () -- D:\WINDOWS\grep.exe
    [2011/07/05 02:07:09 | 000,068,096 | ---- | C] () -- D:\WINDOWS\zip.exe
    [2011/06/29 05:31:34 | 000,000,939 | ---- | C] () -- D:\Documents and Settings\Graziella Mickael\Mes documents\Mes dossiers de partage.lnk
    [2011/06/29 04:05:38 | 000,001,804 | ---- | C] () -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Adobe Reader X.lnk
    [2011/06/26 11:49:02 | 000,000,650 | ---- | C] () -- D:\Documents and Settings\Graziella Mickael\Bureau\BitTorrent.lnk
    [2011/06/22 11:57:15 | 001,047,899 | ---- | C] () -- D:\Documents and Settings\Graziella Mickael\Bureau\CharSim_FR.zip
    [2011/05/31 09:22:01 | 000,000,056 | -H-- | C] () -- D:\WINDOWS\System32\ezsidmv.dat
    [2011/05/27 19:35:43 | 000,048,640 | ---- | C] () -- D:\Documents and Settings\Graziella Mickael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/05/27 13:25:07 | 000,004,205 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
    [2011/05/27 13:24:04 | 002,147,312 | ---- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT
    [2011/05/27 12:19:15 | 000,000,000 | ---- | C] () -- D:\WINDOWS\nsreg.dat
    [2011/05/27 11:49:03 | 000,049,152 | R--- | C] () -- D:\WINDOWS\System32\ChCfg.exe
    [2011/05/27 11:37:13 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat
    [2011/05/27 11:32:52 | 000,021,892 | ---- | C] () -- D:\WINDOWS\System32\emptyregdb.dat
    [2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- D:\WINDOWS\System32\oembios.bin
    [2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- D:\WINDOWS\System32\mlang.dat
    [2008/04/14 08:00:00 | 000,500,482 | ---- | C] () -- D:\WINDOWS\System32\perfh00C.dat
    [2008/04/14 08:00:00 | 000,432,356 | ---- | C] () -- D:\WINDOWS\System32\perfh009.dat
    [2008/04/14 08:00:00 | 000,322,810 | ---- | C] () -- D:\WINDOWS\System32\perfi00C.dat
    [2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- D:\WINDOWS\System32\perfi009.dat
    [2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- D:\WINDOWS\System32\dssec.dat
    [2008/04/14 08:00:00 | 000,080,508 | ---- | C] () -- D:\WINDOWS\System32\perfc00C.dat
    [2008/04/14 08:00:00 | 000,067,312 | ---- | C] () -- D:\WINDOWS\System32\perfc009.dat
    [2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- D:\WINDOWS\System32\mib.bin
    [2008/04/14 08:00:00 | 000,034,108 | ---- | C] () -- D:\WINDOWS\System32\perfd00C.dat
    [2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- D:\WINDOWS\System32\perfd009.dat
    [2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- D:\WINDOWS\System32\secupd.dat
    [2008/04/14 08:00:00 | 000,004,461 | ---- | C] () -- D:\WINDOWS\System32\oembios.dat
    [2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- D:\WINDOWS\System32\Dcache.bin
    [2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- D:\WINDOWS\System32\noise.dat

    ========== LOP Check ==========

    [2011/06/04 14:18:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Graziella Mickael\Application Data\BabylonToolbar
    [2011/07/10 05:28:46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Graziella Mickael\Application Data\BitTorrent
    [2011/07/09 10:51:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Graziella Mickael\Application Data\DAEMON Tools Lite
    [2011/05/27 12:06:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Alwil Software
    [2011/07/09 10:56:48 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Astroburn Lite
    [2011/07/09 05:22:46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2011/07/13 13:54:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\PMB Files
    [2011/06/10 04:29:28 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\SweetIM

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AEC.SYS >
    [2008/04/14 08:00:00 | 020,102,028 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:aec.sys
    [2004/08/03 18:39:38 | 000,142,464 | ---- | M] (Microsoft Corporation) MD5=841F385C6CFAF66B58FBD898722BB4F0 -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\DRIVERS\AEC.SYS
    [2008/04/13 03:39:24 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- D:\WINDOWS\ERDNT\cache\aec.sys
    [2008/04/13 03:39:24 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- D:\WINDOWS\system32\dllcache\aec.sys
    [2008/04/13 03:39:24 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- D:\WINDOWS\system32\drivers\aec.sys

    < MD5 for: AGP440.SYS >
    [2008/04/14 08:00:00 | 020,102,028 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
    [2004/08/03 19:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\DRIVERS\AGP440.SYS

    < MD5 for: ATAPI.SYS >
    [2008/04/14 08:00:00 | 020,102,028 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
    [2008/04/13 05:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- D:\WINDOWS\ERDNT\cache\atapi.sys
    [2008/04/13 05:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- D:\WINDOWS\system32\dllcache\atapi.sys
    [2008/04/13 05:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- D:\WINDOWS\system32\drivers\atapi.sys
    [2008/04/14 08:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- D:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
    [2008/04/13 05:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- D:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
    [2004/08/03 17:07:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\DRIVERS\ATAPI.SYS

    < MD5 for: CDROM.SYS >
    [2008/04/14 08:00:00 | 020,102,028 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
    [2008/04/14 08:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- D:\WINDOWS\system32\drivers\cdrom.sys
    [2004/08/03 17:07:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\DRIVERS\CDROM.SYS

    < MD5 for: DISK.SYS >
    [2008/04/14 08:00:00 | 020,102,028 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:D isk.sys
    [2004/08/03 17:07:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\DRIVERS\DISK.SYS
    [2008/04/14 08:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- D:\WINDOWS\system32\drivers\disk.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- D:\WINDOWS\ERDNT\cache\eventlog.dll
    [2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- D:\WINDOWS\system32\dllcache\eventlog.dll
    [2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- D:\WINDOWS\system32\eventlog.dll
    [2004/08/03 17:07:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\EVENTLOG.DLL

    < MD5 for: EXPLORER.EXE >
    [2004/08/03 17:07:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\EXPLORER.EXE
    [2008/04/14 08:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- D:\WINDOWS\ERDNT\cache\explorer.exe
    [2008/04/14 08:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- D:\WINDOWS\explorer.exe
    [2008/04/14 08:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- D:\WINDOWS\system32\dllcache\explorer.exe

    < MD5 for: I8042PRT.SYS >
    [2008/04/14 08:00:00 | 020,102,028 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:i8042prt.sys
    [2004/08/03 17:07:00 | 000,052,736 | ---- | M] (Microsoft Corporation) MD5=5502B58EEF7486EE6F93F3F164DCB808 -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\DRIVERS\I8042PRT.SYS
    [2008/04/14 08:00:00 | 000,054,144 | ---- | M] (Microsoft Corporation) MD5=A09BDC4ED10E3B2E0EC27BB94AF32516 -- D:\WINDOWS\system32\drivers\i8042prt.sys

    < MD5 for: IMAPI.SYS >
    [2008/04/14 08:00:00 | 020,102,028 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:imapi.sys
    [2008/04/14 08:00:00 | 000,042,112 | ---- | M] (Microsoft Corporation) MD5=083A052659F5310DD8B6A6CB05EDCF8E -- D:\WINDOWS\system32\drivers\imapi.sys
    [2004/08/03 19:00:16 | 000,041,856 | ---- | M] (Microsoft Corporation) MD5=F8AA320C6A0409C0380E5D8A99D76EC6 -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\DRIVERS\IMAPI.SYS

    < MD5 for: INTELIDE.SYS >
    [2008/04/14 08:00:00 | 020,102,028 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:intelide.sys
    [2004/08/03 17:07:00 | 000,005,504 | ---- | M] (Microsoft Corporation) MD5=2D722B2B54AB55B2FA475EB58D7B2AAD -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\DRIVERS\INTELIDE.SYS

    < MD5 for: MOUNTMGR.SYS >
    [2004/08/03 17:07:00 | 000,042,240 | ---- | M] (Microsoft Corporation) MD5=65653F3B4477F3C63E68A9659F85EE2E -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\DRIVERS\MOUNTMGR.SYS
    [2008/04/14 08:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- D:\WINDOWS\system32\dllcache\mountmgr.sys
    [2008/04/14 08:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- D:\WINDOWS\system32\drivers\mountmgr.sys

    < MD5 for: MRXSMB.SYS >
    [2008/04/14 08:00:00 | 020,102,028 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:mrxsmb.sys
    [2011/04/29 12:19:43 | 000,456,320 | ---- | M] (Microsoft Corporation) MD5=0DC719E9B15E902346E87E9DCD5751FA -- D:\WINDOWS\Driver Cache\i386\mrxsmb.sys
    [2011/04/29 12:19:43 | 000,456,320 | ---- | M] (Microsoft Corporation) MD5=0DC719E9B15E902346E87E9DCD5751FA -- D:\WINDOWS\system32\dllcache\mrxsmb.sys
    [2011/04/29 12:19:43 | 000,456,320 | ---- | M] (Microsoft Corporation) MD5=0DC719E9B15E902346E87E9DCD5751FA -- D:\WINDOWS\system32\drivers\mrxsmb.sys
    [2011/02/17 09:18:24 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=0EA4D8ED179B75F8AFA7998BA22285CA -- D:\WINDOWS\$NtUninstallKB2536276$\mrxsmb.sys
    [2004/08/03 17:07:00 | 000,451,456 | ---- | M] (Microsoft Corporation) MD5=1FD607FC67F7F7C633C3DA65BFC53D18 -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\DRIVERS\MRXSMB.SYS
    [2008/04/14 08:00:00 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- D:\WINDOWS\$NtUninstallKB2511455$\mrxsmb.sys
    [2011/04/29 12:47:42 | 000,457,856 | ---- | M] (Microsoft Corporation) MD5=8DD801E28EB76FDA2A38907882A0036F -- D:\WINDOWS\$hf_mig$\KB2536276\SP3QFE\mrxsmb.sys
    [2011/02/17 09:19:38 | 000,457,472 | ---- | M] (Microsoft Corporation) MD5=FB7DFD15D760AD339837A470F0E780D3 -- D:\WINDOWS\$hf_mig$\KB2511455\SP3QFE\mrxsmb.sys

    < MD5 for: NDIS.SYS >
    [2008/04/14 08:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- D:\WINDOWS\ERDNT\cache\ndis.sys
    [2008/04/14 08:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- D:\WINDOWS\system32\dllcache\ndis.sys
    [2008/04/14 08:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- D:\WINDOWS\system32\drivers\ndis.sys
    [2004/08/03 17:07:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\DRIVERS\NDIS.SYS

    < MD5 for: NETLOGON.DLL >
    [2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- D:\WINDOWS\ERDNT\cache\netlogon.dll
    [2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- D:\WINDOWS\system32\dllcache\netlogon.dll
    [2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- D:\WINDOWS\system32\netlogon.dll
    [2004/08/03 17:07:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\NETLOGON.DLL

    < MD5 for: RASACD.SYS >
    [2004/08/03 17:07:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\DRIVERS\RASACD.SYS
    [2008/04/14 08:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- D:\WINDOWS\system32\dllcache\rasacd.sys
    [2008/04/14 08:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- D:\WINDOWS\system32\drivers\rasacd.sys

    < MD5 for: RDPCDD.SYS >
    [2008/04/14 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=4912D5B403614CE99C28420F75353332 -- D:\WINDOWS\system32\dllcache\rdpcdd.sys
    [2008/04/14 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=4912D5B403614CE99C28420F75353332 -- D:\WINDOWS\system32\drivers\rdpcdd.sys

    < MD5 for: REDBOOK.SYS >
    [2008/04/14 08:00:00 | 020,102,028 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:redbook.sys
    [2004/08/03 18:59:38 | 000,057,472 | ---- | M] (Microsoft Corporation) MD5=B31B4588E4086D8D84ADBF9845C2402B -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\DRIVERS\REDBOOK.SYS
    [2008/04/13 14:57:36 | 000,058,752 | ---- | M] (Microsoft Corporation) MD5=D8EB2A7904DB6C916EB5361878DDCBAE -- D:\WINDOWS\system32\drivers\redbook.sys

    < MD5 for: SCECLI.DLL >
    [2004/08/03 17:07:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\SCECLI.DLL
    [2008/04/14 08:00:00 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- D:\WINDOWS\ERDNT\cache\scecli.dll
    [2008/04/14 08:00:00 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- D:\WINDOWS\system32\dllcache\scecli.dll
    [2008/04/14 08:00:00 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- D:\WINDOWS\system32\scecli.dll

    < MD5 for: TCPIP.SYS >
    [2008/04/14 08:00:00 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- D:\WINDOWS\$NtUninstallKB2509553$\tcpip.sys
    [2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- D:\WINDOWS\ERDNT\cache\tcpip.sys
    [2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- D:\WINDOWS\system32\dllcache\tcpip.sys
    [2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- D:\WINDOWS\system32\drivers\tcpip.sys
    [2004/08/03 17:07:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\DRIVERS\TCPIP.SYS
    [2008/06/20 07:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- D:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys

    < MD5 for: TERMDD.SYS >
    [2008/04/14 08:00:00 | 020,102,028 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:termdd.sys
    [2008/04/13 13:34:54 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=88155247177638048422893737429D9E -- D:\WINDOWS\system32\drivers\termdd.sys

    < MD5 for: USERINIT.EXE >
    [2004/08/03 17:07:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\USERINIT.EXE
    [2008/04/14 08:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- D:\WINDOWS\ERDNT\cache\userinit.exe
    [2008/04/14 08:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- D:\WINDOWS\system32\dllcache\userinit.exe
    [2008/04/14 08:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- D:\WINDOWS\system32\userinit.exe

    < MD5 for: VOLSNAP.SYS >
    [2008/04/14 08:00:00 | 000,053,376 | ---- | M] (Microsoft Corporation) MD5=46DE1126684369BACE4849E4FC8C43CA -- D:\WINDOWS\system32\dllcache\volsnap.sys
    [2008/04/14 08:00:00 | 000,053,376 | ---- | M] (Microsoft Corporation) MD5=46DE1126684369BACE4849E4FC8C43CA -- D:\WINDOWS\system32\drivers\volsnap.sys
    [2004/08/03 17:07:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\DRIVERS\VOLSNAP.SYS

    < MD5 for: WIN32K.SYS >
    [2008/04/14 08:00:00 | 001,845,760 | ---- | M] (Microsoft Corporation) MD5=0E65F97FF5B39068D1D2186B3D7600C7 -- D:\WINDOWS\$NtUninstallKB2506223$\win32k.sys
    [2011/03/03 09:53:37 | 001,858,048 | ---- | M] (Microsoft Corporation) MD5=3BEDF6024160399E2AF010BB2E7F4F59 -- D:\WINDOWS\system32\dllcache\win32k.sys
    [2011/03/03 09:53:37 | 001,858,048 | ---- | M] (Microsoft Corporation) MD5=3BEDF6024160399E2AF010BB2E7F4F59 -- D:\WINDOWS\system32\win32k.sys
    [2004/08/03 17:07:00 | 001,835,904 | ---- | M] (Microsoft Corporation) MD5=B74C69A810949E7A54DC688CAE662206 -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\WIN32K.SYS
    [2011/03/03 09:52:12 | 001,867,008 | ---- | M] (Microsoft Corporation) MD5=E832E04ADDD745DC462ED800E8416B9C -- D:\WINDOWS\$hf_mig$\KB2506223\SP3QFE\win32k.sys

    < MD5 for: WINLOGON.EXE >
    [2004/08/03 17:07:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- D:\Documents and Settings\Graziella Mickael\Bureau\OTLPENet\OTLPE_New_Net\I386\SYSTEM32\WINLOGON.EXE
    [2008/04/14 08:00:00 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- D:\WINDOWS\ERDNT\cache\winlogon.exe
    [2008/04/14 08:00:00 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- D:\WINDOWS\system32\dllcache\winlogon.exe
    [2008/04/14 08:00:00 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- D:\WINDOWS\system32\winlogon.exe

    < %systemroot%\repair\*.* >
    [2008/04/14 08:00:00 | 000,001,896 | ---- | M] () -- D:\WINDOWS\repair\autoexec.nt
    [2011/05/27 11:35:17 | 000,003,072 | ---- | M] () -- D:\WINDOWS\repair\config.nt
    [2011/05/27 11:37:13 | 000,241,664 | ---- | M] () -- D:\WINDOWS\repair\default
    [2011/05/27 11:35:22 | 000,241,664 | -H-- | M] () -- D:\WINDOWS\repair\ntuser.dat
    [2011/05/27 11:37:13 | 000,020,480 | ---- | M] () -- D:\WINDOWS\repair\sam
    [2011/05/27 11:35:24 | 000,250,248 | ---- | M] () -- D:\WINDOWS\repair\secsetup.inf
    [2011/05/27 11:37:13 | 000,028,672 | ---- | M] () -- D:\WINDOWS\repair\security
    [2011/05/27 11:34:01 | 000,214,699 | ---- | M] () -- D:\WINDOWS\repair\setup.log
    [2011/05/27 11:37:13 | 008,916,992 | ---- | M] () -- D:\WINDOWS\repair\software
    [2011/05/27 11:37:10 | 001,003,520 | ---- | M] () -- D:\WINDOWS\repair\system

    < %systemroot%\repair\*. >

    < %systemroot%\repair\* >
    [2008/04/14 08:00:00 | 000,001,896 | ---- | M] () -- D:\WINDOWS\repair\autoexec.nt
    [2011/05/27 11:35:17 | 000,003,072 | ---- | M] () -- D:\WINDOWS\repair\config.nt
    [2011/05/27 11:37:13 | 000,241,664 | ---- | M] () -- D:\WINDOWS\repair\default
    [2011/05/27 11:35:22 | 000,241,664 | -H-- | M] () -- D:\WINDOWS\repair\ntuser.dat
    [2011/05/27 11:37:13 | 000,020,480 | ---- | M] () -- D:\WINDOWS\repair\sam
    [2011/05/27 11:35:24 | 000,250,248 | ---- | M] () -- D:\WINDOWS\repair\secsetup.inf
    [2011/05/27 11:37:13 | 000,028,672 | ---- | M] () -- D:\WINDOWS\repair\security
    [2011/05/27 11:34:01 | 000,214,699 | ---- | M] () -- D:\WINDOWS\repair\setup.log
    [2011/05/27 11:37:13 | 008,916,992 | ---- | M] () -- D:\WINDOWS\repair\software
    [2011/05/27 11:37:10 | 001,003,520 | ---- | M] () -- D:\WINDOWS\repair\system

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [1 D:\WINDOWS\system32\*.tmp files -> D:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2011/05/27 13:23:00 | 000,094,208 | ---- | M] () -- D:\WINDOWS\System32\config\default.sav
    [2011/05/27 13:23:00 | 001,069,056 | ---- | M] () -- D:\WINDOWS\System32\config\software.sav
    [2011/05/27 13:22:59 | 000,438,272 | ---- | M] () -- D:\WINDOWS\System32\config\system.sav
    < End of report >
    a c 614 8 Sécurité
    14 Juillet 2011 10:18:15

    Re,

    Je reprends car Sham est absent.

    Pas besoin de coller trois fois le même rapport, seul le premier est complet en plus ...

    Bon on va être clair maintenant :
    Citation :
    En effet avast le détecte comme : windows/system32/nppt2N.sys


    Ce fichier n'existe pas sur ton pc !

    Est-ce que tu as encore des alertes avast! à son propos ?
    14 Juillet 2011 19:32:36

    Bonsoir et excuse moi si il m'arrive d'avoir des moments d’inattention....
    Et ce fichier existe sur mon pc vu que lorsque je remonte à la source je le trouve...
    Et oui il m'arrive encore d'avoir ces messages d'alertes mais moins qu'avant
    a c 614 8 Sécurité
    14 Juillet 2011 21:58:32

    Re,

    J'ai de gros doutes ... (pas sur tes propos, sur ce fichier sois-disans infectieux et présent, mais qu'aucun scan ne trouve ...)


    Peux-tu me faire une copie d'écran du dossier system32 ou tu le vois ?

    Ensuite, refais l'analyse sur virustotal comme ceci, mais cette fois, donne moi le lien de la page de résultat, ne copie pas en réponse :

    Affiche les fichiers et dossiers cachés :
    http://www.inforumatique.fr/afficher-les-fichiers-cache...

    Va sur ce site :
    http://www.virustotal.com/fr/

    Clique sur "Parcourir" puis recherche ce fichier (si présent) :

    C:\windows\system32\nppt2N.sys

    Une fois sélectionné, clique sur "Send File", l'envoi va commencer.

    S'il te dit que ce fichier a déjà été analysé, redemande une analyse (bouton "Reanalysis"), et/ou laisse faire l'analyse jusqu'à avoir "terminée" en haut, après "current statut"

    Copie alors l'adresse dans la barre d'adresse de ton navigateur, puis donne-la moi dans ta prochaine réponse.

    [:_tom_:7]
    16 Juillet 2011 16:59:42

    Bonsoir voilà l'image :




    Et l'analyse virus total semble bloqué

    On ne voit même pas les noms des antivirus et le current status affiche toujours queud et un chiffre jte donne un aperçu:

    a c 614 8 Sécurité
    16 Juillet 2011 18:21:18

    Re,

    Ha ben le voilà le souci, tu nous disais :

    Citation :
    nppt2N.sys


    Or c'est :

    npptNT2


    Refais l'analyse virustotal, c'était que le site devait être surchargé.

    Normalement ce fichier là est connu il fait partie de processus anti-hack de jeu : Gameguard.
    Et celui-là tu l'as bien sur ton pc :
    Citation :
    S3 npggsvc;nProtect GameGuard Service;d:\windows\system32\GameMon.des -service --> d:\windows\system32\GameMon.des -service [?]


    On va attendre de voir le retour viustotal pour voir s'il est sain.

    [:_tom_:7]
    a c 614 8 Sécurité
    17 Juillet 2011 10:28:10

    Re,

    Ok c'est bien celui-là.

    Avast! te le détecte encore ?

    Sinon, c'est bon, il est légitime. Il est installé en même temps que beaucoup de MMO ou autre jeux en ligne afin de lutter contre les piratage.
    18 Juillet 2011 10:57:51

    Bonjour et avast le détecte plus maintenant.
    a c 614 8 Sécurité
    18 Juillet 2011 13:53:31

    Re,

    C’est ok alors, ce n'était qu'un faux-positif d'Avast! ...


    Tu peux supprimer les outils utilisé :

    - DDS
    - TDSSKiller

    Pour :

    AD-R : Ouvre le programme et clique sur "désinstaller"

    Combofix :

    Clique sur "démarrer" -> exécuter (si "exécuter" n'apparait pas, fais-le sous l'encart de recherche)
    Tape ceci :
    Citation :
    combofix /uninstall


    Valide avec "entrée"

    Tu peux indiquer ton sujet "réglé" en cliquant sur le bouton "éditer" dans ton tout premier message.
    -> Ajoute ensuite "résolu" à coté de ton titre et valide.


    A bientôt sur les forums Tom's Guide
    19 Juillet 2011 09:50:10

    Merci de votre aide :) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS