rital94

Membres

Afficher le profil Afficher son activité

Compteur de contenus
39
Inscription
le 14 juin 2008
Dernière visite
le 30 novembre 2013

À propos de rital94

Date de naissance 30/06/1967

Profile Information

Sexe
Male
Localisation
val de Marne

rital94's Achievements

Member (4/12)

Réputation sur la communauté

Se débarrasser de Do-Search

rital94 a posté un sujet dans Analyses et éradication malwares

Bonsoir Malgré une analyse avec malwarebyte et adwcleaner do search est toujours là . Quoi faire ? Au cas où cela serve voila le rapport ZHPdiag : ~ Rapport de ZHPDiag v2013.11.30.64 - Nicolas Coolman (30/11/2013) ~ Lancé par Maman d'amour (30/11/2013 18:55:59) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Deactivate by program ---\\ Navigateurs Internet MSIE: Internet Explorer v10.0.9200.16736 ---\\ Informations sur les produits Windows ~ Langage: Français Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ---\\ Logiciels de protection du système Avira Free Antivirus v14.0.1.749 Malwarebytes Anti-Malware version 1.75.0.1300 Spybot - Search & Destroy v2.1.21 Windows Defender W7 ---\\ Logiciels d'optimisation du système CCleaner v4.07 =>Piriform Ltd ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 11 Plugin Adobe Reader XI Java 7 Update 45 ---\\ Informations sur le système ~ Processor: AMD64 Family 16 Model 6 Stepping 2, AuthenticAMD ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 2815 MB (57% free) System Restore: Activé (Enable) System drive C: has 461 GB (79%) free of 577 GB ---\\ Mode de connexion au système ~ Computer Name: MAMANDAMOUR-PC ~ User Name: Maman d'amour ~ All Users Names: UpdatusUser, Maman d'amour, HomeGroupUser$, GRAZIELLA, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Maman d'amour\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Maman d'amour\AppData\Roaming\ ~ %Desktop% : C:\Users\Maman d'amour\Desktop\ ~ %Favorites% : C:\Users\Maman d'amour\Favorites\ ~ %LocalAppData% : C:\Users\Maman d'amour\AppData\Local\ ~ %StartMenu% : C:\Users\Maman d'amour\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 461 Go of 577 Go) D: CD-ROM drive (Not Inserted) E: Floppy drive, Flash card reader, USB Key (Not Inserted) F: Floppy drive, Flash card reader, USB Key (Not Inserted) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 49 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.9706C99DAEBE3FEAC811B239617E98C4] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.12/10/2013 - 09:45:20.) -- C:\Windows\System32\wininet.dll [2241536] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 3/2872 ~ Mes musiques (My Musics) : 4/85 ~ Mes Videos (My Videos) : 2/180 ~ Mes Favoris (My Favorites) : 1/90 ~ Mes Documents (My Documents) : 3/11625 ~ Mon Bureau (My Desktop) : 1/877 ~ Menu demarrer (Programs) : 1/81 ~ Hidden Files: Scanned in 00mn 01s ---\\ Processus lancés [MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2708] [MD5.6DCFADDA4F2A6D3396D13F0554D672E8] - (.Microsoft Corporation - Windows Live Family Safety Filter.) -- C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [884584] [PID.3008] [MD5.636D97B3BAF854511FF3F4093E895FED] - (.Google Inc. - Google Chrome.) -- C:\Users\Maman d'amour\AppData\Local\Google\Chrome\Application\chrome.exe [863184] [PID.3032] [MD5.F9F2E450BF37A98DC658404611AA97C7] - (.Pas de propriétaire - Hercules WiFi Station N Utility.) -- C:\Program Files (x86)\Hercules\WiFiStationN\WiFiN.exe [128296] [PID.3064] [MD5.B412B75E55FEA30E780185B002D3AE14] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576] [PID.3248] [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3308] [MD5.AF49D1C79EA49A7833017F290EE63B82] - (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784] [PID.3316] [MD5.CBDD25C4B42053D30000A9CFC24BE111] - (.Eastman Kodak Company - Camera detection stub.) -- C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe [108032] [PID.940] [MD5.5397E32E882C0148CEC13D9EACFB7157] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) -- C:\Program Files (x86)\Internet Explorer\IELowutil.exe [222208] [PID.5524] [MD5.58920E6A409046BA06548D9D139CE0F0] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608] [PID.3996] [MD5.85AF4805A6E0512F523170AD228758D3] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8260608] [PID.4788] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\Maman d'amour\AppData\Local\Google\Chrome\User Data\Default\Preferences G2 - GCE: Preference [user Data\Default] [booedmolknjekdopkepjjeckmjkdpfgl] Managerr v.0.1 (Activé) G2 - GCE: Preference [user Data\Default] [finjldehgjkbodfcolnccgkejloahbcm] Le Yams v.6.8 (Désactivé) G2 - GCE: Preference [user Data\Default] [flpcjncodpafbgdpnkljologafpionhb] Managera v.0.1 (Activé) G2 - GCE: Preference [user Data\Default] [imfaefgciinakhhijicamiodfbejphdb] RePlay.FR v.1.4.1 (Désactivé) G2 - GCE: Preference [user Data\Default] [lpibnckjjeaabeepofhfmmpjmnomohee] Word\u00B2 v.2.5 (Désactivé) G2 - GCE: Preference [user Data\Default] [njienacjggibaeolcbbjfnigbojkcggj] MyWebFace v.5.53.2.50612, (Désactivé) =>PUP.MyWebFace G2 - GCE: Preference [user Data\Default] [ojcgaoafcmbadjkfdippkdddgkeaipbn] DealPly Shopping v.3.5.3.0 (Désactivé) =>PUP.DealPly ~ Google Browser: 72 Legitimates Filtered in 00mn 15s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com =>PUP.DoSearches R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com =>PUP.DoSearches ~ IE Browser: 15 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [Public]: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe O4 - GS\Program [Public]: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe O4 - GS\QuickLaunch [Maman d'amour]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://do-search.com =>PUP.DoSearches O4 - GS\QuickLaunch [Maman d'amour]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe O4 - GS\TaskBar [Maman d'amour]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\Maman d'amour\AppData\Local\Google\Chrome\Application\chrome.exe http://do-search.com =>PUP.DoSearches O4 - GS\Program [Maman d'amour]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://do-search.com =>PUP.DoSearches O4 - GS\SystemTools [Maman d'amour]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://do-search.com =>PUP.DoSearches O4 - GS\Desktop [Maman d'amour]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\Maman d'amour\AppData\Local\Google\Chrome\Application\chrome.exe http://do-search.com =>PUP.DoSearches O4 - GS\Desktop [Maman d'amour]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://do-search.com =>PUP.DoSearches O4 - GS\Desktop [Maman d'amour]: Ordinateur.lnk - Clé orpheline O4 - GS\QuickLaunch [GRAZIELLA]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Program [GRAZIELLA]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\SystemTools [GRAZIELLA]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Desktop [GRAZIELLA]: Solitaire - Raccourci.lnk - Clé orpheline ~ Global Startup: 87 Legitimates Filtered in 00mn 01s ---\\ Applications lancées au démarrage du sytème (O4) O4 - GS\Startup [Public]: WiFi Station N.lnk . (...) -- C:\Program Files (x86)\Hercules\WiFiStationN\WiFiN.exe O4 - HKLM\..\Run: [fssui] . (.Microsoft Corporation - Windows Live Family Safety Filter.) -- C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe O4 - HKLM\..\Run: [bCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation O4 - HKCU\..\Run: [2F7F363D4E024E1206FC5C90C0443F22E99E25FF._service_run] . (.Google Inc. - Google Chrome.) -- C:\Users\Maman d'amour\AppData\Local\Google\Chrome\Application\chrome.exe O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Maman d'amour\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Maman d'amour\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe O4 - HKLM\..\Wow6432Node\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Wow6432Node\Run: [sDTray] . (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-172122536-2556622816-571697149-1000\..\Run: [2F7F363D4E024E1206FC5C90C0443F22E99E25FF._service_run] . (.Google Inc. - Google Chrome.) -- C:\Users\Maman d'amour\AppData\Local\Google\Chrome\Application\chrome.exe O4 - HKUS\S-1-5-21-172122536-2556622816-571697149-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Maman d'amour\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKUS\S-1-5-21-172122536-2556622816-571697149-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Maman d'amour\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc ~ Application: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.) O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.) ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{DFE4FEE7-4906-4336-AAB0-28550CC777ED}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{4F6ECF54-5221-490A-A141-352358F699B6}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{DFE4FEE7-4906-4336-AAB0-28550CC777ED}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{4F6ECF54-5221-490A-A141-352358F699B6}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{DFE4FEE7-4906-4336-AAB0-28550CC777ED}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{4F6ECF54-5221-490A-A141-352358F699B6}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (...) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (.not file.) =>Toolbar.Conduit ~ AppInit DLL: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: ForceWare Intelligent Application Manager (IAM) (ForceWare Intelligent Application Manager (IAM)) . (.Pas de propriétaire - app_filter Module.) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe O23 - Service: TeamViewer 7 (TeamViewer7) . (.TeamViewer GmbH - TeamViewer Remote Control Application.) - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe ~ Services: 17 Legitimates Filtered in 00mn 05s ---\\ Tâches planifiées en automatique (O39) [MD5.00000000000000000000000000000000] [APT] [4786] (...) -- C:\Users\Maman d'amour\AppData\Local\Temp\launchie.vbs \\B (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [bho_update] (...) -- C:\Program Files (x86)\Internet Explorer\Updater.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [HostsGuard] (...) -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [somotoUpdateCheckerAutoStart] (...) -- C:\Users\Maman d'amour\AppData\Local\FilesFrog Update Checker\update_checker.exe (.not file.) [0] =>Adware.MegaSearch [MD5.00000000000000000000000000000000] [APT] [{0518CFD9-FB1D-43E6-AF46-2FF10FB76855}] (...) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{1E8EA72B-BE89-4747-8FCB-CA22507149E2}] (...) -- C:\Program Files\TRENDnet\TEW-649UB\WlanCU.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{34C47850-97BF-4BD8-AC5C-F36D75C29DAA}] (...) -- C:\Users\Maman d'amour\Desktop\avast internet security\avast internet security 6.0.1125.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{3C06B6F4-1C6A-40C9-A5B1-36980E33C2CF}] (...) -- C:\Users\Maman d'amour\Downloads\HiJackThis.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{89E40B86-AE00-413F-86AE-A6F213FFFC52}] (...) -- C:\Users\Maman d'amour\Downloads\twister_en\setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{E2FDE73E-AE3A-4C46-A043-4F53561E7223}] (...) -- C:\Users\Maman d'amour\Desktop\setup(2).exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{FA4A9AB8-65F4-40E0-8C88-BBD8DDD11089}] (...) -- C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{FCA1AE4A-E783-4D87-9A23-3C3BA368E1F4}] (...) -- G:\avast internet security 6.0.1125.exe (.not file.) [0] ~ Scheduled Task: 106 Legitimates Filtered in 00mn 02s ---\\ HKCU & HKLM Software Keys [HKCU\Software\ForumerIT] =>Toolbar.Forumer [HKLM\Software\Wow6432Node\Grooveware Multimedia] ~ Key Software: 348 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 26/10/2013 - 11:47:44 - [6,330] ----D C:\Program Files (x86)\OOo4Kids 1.2 O43 - CFD: 08/11/2011 - 09:49:21 - [0,003] ----D C:\ProgramData\c5900000-b330-4e1f-f043-e63537f1bfa3 O43 - CFD: 22/04/2012 - 01:21:49 - [20,295] ----D C:\ProgramData\{FD7CAB3E-E895-4E98-9D68-A307CC601204} O43 - CFD: 30/11/2013 - 06:25:31 - [1,162] ----D C:\Users\Maman d'amour\AppData\Roaming\do-search =>PUP.DoSearches O43 - CFD: 30/04/2013 - 21:21:51 - [2,227] ----D C:\Users\Maman d'amour\AppData\Roaming\OOo4Kids O43 - CFD: 30/04/2013 - 21:20:29 - [0,201] ----D C:\Users\Maman d'amour\AppData\Local\Updater12765 =>PUP.CrossRider ~ 578 Dossiers CLSID vides (CLSID Empty Folders) ~ Program Folder: 799 Legitimates Filtered in 00mn 10s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 30/11/2013 - 07:35:20 ---A- . (...) -- C:\autoexec.bat [0] ~ Files: 17 Legitimates Filtered in 00mn 02s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.B3A3C3FF5A922550F6BCFC02CEDA1C17] - 24/11/2013 - 11:56:08 ---A- - C:\Windows\Prefetch\MONALBUMPHOTO_SETUPALT_3.5.TM-266263F1.pf O45 - LFCP:[MD5.A07212F1DF5BBCA7EB0BD825F7925150] - 24/11/2013 - 11:56:11 ---A- - C:\Windows\Prefetch\MONALBUMPHOTO_SETUPALT_3.5.EX-A69568A5.pf O45 - LFCP:[MD5.35178D9D12866A77716B3FC05417D683] - 24/11/2013 - 11:56:12 ---A- - C:\Windows\Prefetch\MONALBUMPHOTO_SETUPALT_3.5.TM-1507CC3E.pf O45 - LFCP:[MD5.C1AFBE0A01C7D618516EC83EFA59F26B] - 24/11/2013 - 21:12:41 ---A- - C:\Windows\Prefetch\7ZIPSETUP-7EABZHE.EXE-3D86D0A4.pf O45 - LFCP:[MD5.E1A8BEA094197E980C12061D766CE49B] - 24/11/2013 - 21:17:13 ---A- - C:\Windows\Prefetch\SMT_DO-SEARCH_201311131701.EX-036BFEC8.pf =>PUP.DoSearches O45 - LFCP:[MD5.0A0CE99F9B3159AD65647102E6EB5A31] - 24/11/2013 - 21:18:08 ---A- - C:\Windows\Prefetch\BAOFENG.EXE-2EAC8611.pf O45 - LFCP:[MD5.A9B9ACC554DDA50601987C8768143DB5] - 24/11/2013 - 21:18:25 ---A- - C:\Windows\Prefetch\BAOFENG.EXE-7FF55A4B.pf O45 - LFCP:[MD5.1C235B1C83C4AFC14F78ECE71BD5E329] - 24/11/2013 - 21:52:14 ---A- - C:\Windows\Prefetch\7Z920.EXE-DAE9F563.pf O45 - LFCP:[MD5.D09B9E1CFDD4BD17269593DA94D2A470] - 30/11/2013 - 07:28:18 ---A- - C:\Windows\Prefetch\WIFIN.EXE-7A3DAAF5.pf O45 - LFCP:[MD5.615054EEC3E373940CD70B1AC483BAFC] - 30/11/2013 - 10:35:05 ---A- - C:\Windows\Prefetch\FSUI.EXE-13784E92.pf ~ Prefetcher: 143 Legitimates Filtered in 00mn 00s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Clé de registre Shell MountPoints2 (MPKS) (O51) O51 - MPSK:{7ff54e90-8b8a-11e1-a9e8-00262d322d21}\AutoRun\command. (...) -- G:\KODAK_Software_Downloader.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Enumération des clés de registre StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\Hotkey Utility [Key] . (.Pas de propriétaire - Hotkey Utility.) -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe O53 - SMSR:HKLM\...\startupreg\Sweetpacks Communicator [Key] . (...) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM ~ SMSR Keys: 8 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 18 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 12 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496] O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232] O58 - SDL:[MD5.B9430166FEB246F6070A62B3554932C9] - 19/09/2012 - 10:02:08 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [102368] O58 - SDL:[MD5.C692C94FE55CAD0633440236022C27B3] - 19/09/2012 - 10:02:06 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [203104] O58 - SDL:[MD5.58C89A89D4AF0288DCF432EC0B358438] - 19/09/2012 - 10:02:08 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile Logging Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudserd.sys [203104] O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656] ~ Drivers: 18 Legitimates Filtered in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 27/11/2013 - 18:58:32 -SHA- . (...) -- C:\Users\Maman d'amour\Documents\Mes fichiers reçus\Thumbs.db [12288] O61 - LFC: 30/11/2013 - 18:56:55 ---A- . (...) -- C:\Users\Maman d'amour\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [269398] O61 - LFC: 30/11/2013 - 18:56:55 ---A- . (...) -- C:\Users\Maman d'amour\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4] O61 - LFC: 30/11/2013 - 18:57:03 ---A- . (...) -- C:\Users\Maman d'amour\AppData\Local\Google\Chrome\User Data\Local State [58230] O61 - LFC: 30/11/2013 - 18:57:47 ---A- . (...) -- C:\Users\Maman d'amour\AppData\Roaming\ZHP\Log.txt [62502] =>.Nicolas Coolman O61 - LFC: 30/11/2013 - 18:57:47 ---A- . (...) -- C:\Users\Maman d'amour\AppData\Roaming\ZHP\TestsZHPDiag.txt [3069] =>.Nicolas Coolman O61 - LFC: 30/11/2013 - 18:57:47 ---A- . (...) -- C:\Users\Maman d'amour\AppData\Roaming\ZHP\ZHPDiag.txt [76102] =>.Nicolas Coolman O61 - LFC: 30/11/2013 - 18:58:27 -SHA- . (...) -- C:\Users\Maman d'amour\Documents\Graziella\Thumbs.db [1500672] O61 - LFC: 30/11/2013 - 18:58:32 ---A- . (...) -- C:\Users\Maman d'amour\Downloads\adwcleaner (1).exe [1091882] O61 - LFC: 30/11/2013 - 18:58:32 -SHA- . (...) -- C:\Users\Maman d'amour\Documents\Sample Pictures\Thumbs.db [69120] O61 - LFC: 30/11/2013 - 18:58:32 -SHA- . (...) -- C:\Users\Maman d'amour\Documents\Scanned Documents\Thumbs.db [16896] O61 - LFC: 30/11/2013 - 18:58:33 ---A- . (...) -- C:\Users\Maman d'amour\Downloads\adwcleaner.exe [1091882] O61 - LFC: 30/11/2013 - 18:58:45 RSHA- . (...) -- C:\Users\Maman d'amour\ntuser.pol [664] ~ 9 Fichiers temporaires (Temporary files) ~ Files: 562 Legitimates Filtered in 02mn 15s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> <ChromeHTML.SQ6XNFMQIQ75ZFGY5JALQBAKMY>[HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.not file.) O68 - StartMenuInternet: <Google Chrome.SQ6XNFMQIQ75ZFGY5JALQBAKMY> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- C:\Users\Maman d'amour\AppData\Local\Google\Chrome\Application\chrome.exe" http://do-search.com =>PUP.DoSearches O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] 34C7BBDC99AC4BECBAD2E61CF033D36A - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.5C287A6C343E5311162F3B7246BD6265] [sPRF][08/11/2011] (...) -- C:\ProgramData\bdinstall.bin [116275] [MD5.3B32CAA07D672F8A2E0DF5CB3A873F45] [sPRF][22/06/2012] (...) -- C:\Users\Maman d'amour\AppData\Local\Temp\ESGScanner.sys [22704] [MD5.C59BDF3C0E8F946A6D9E8E3934485830] [sPRF][22/11/2013] (...) -- C:\Users\Maman d'amour\AppData\Local\Temp\Quarantine.exe [355225] [MD5.883DFC791AAF1298FCFC2BCF5471BBFC] [sPRF][30/11/2013] (...) -- C:\Users\Maman d'amour\AppData\Local\Temp\SHSetup.exe [46777424] =>Crapware.SpyHunter [MD5.7CF319F9EF25F03D7EA3C6F40AEE6FEA] [sPRF][01/04/2013] (...) -- C:\Users\Maman d'amour\AppData\Roaming\wklnhst.dat [108] [MD5.AA2DB43AE211068BAFBD1D99B7556F11] [sPRF][24/08/2013] (...) -- C:\Users\Maman d'amour\Desktop\direct-telecharger_pour_adobephotoshop.exe [118311] ~ Files: 9 Legitimates Filtered in 00mn 05s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.A3AEEC9A9B6984F2E22B90FDC9A23AB8] [WIS][26/11/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\2020be.msi [24993792] ~ WIS: 152 Legitimates Filtered in 00mn 14s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 12/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Demand 07/10/2013 240736 | (GamesAppIntegrationService) . (.WildTangent.) - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe SS - | Auto 07/09/2011 135664 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 07/09/2011 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 15/01/2010 935208 | (Nero BackItUp Scheduler 4.0) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SR - | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 27/11/2013 440376 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe SR - | Auto 27/11/2013 440376 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe SR - | Auto 10/08/2009 626208 | (ForceWare Intelligent Application Manager (IAM)) . (...) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe SR - | Auto 28/08/2009 1150496 | (Greg_Service) . (.Acer Incorporated.) - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe SR - | Auto 17/11/2010 53544 | (HerculesWiFi) . (.Guillemot Corporation.) - C:\Windows\SysWOW64\HerculesWiFiService.exe SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe SR - | Auto 10/08/2009 206880 | (nSvcIp) . (...) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe SR - | Auto 31/01/2013 878368 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe SR - | Auto 19/02/2013 1259296 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SR - | Auto 16/05/2013 1817560 | (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe SR - | Auto 16/05/2013 1033688 | (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe SR - | Auto 15/05/2013 171928 | (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe SR - | Auto 23/02/2012 2886528 | (TeamViewer7) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Auto 14/07/2009 27136 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 16s ---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80) Run by Maman d'amour at 30/11/2013 18:59:43 ~ OS 64 not supported by MBR tool ~ MBR: 0 Legitimates Filtered in 00mn 00s ---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Maman d'amour at 30/11/2013 18:59:45 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 02s ---\\ Scan Additionnel (O88) Database Version : 13004 - (30/11/2013) Clés trouvées (Keys found) : 27 Valeurs trouvées (Values found) : 6 Dossiers trouvés (Folders found) : 4 Fichiers trouvés (Files found) : 2 [HKLM\Software\Google\Chrome\Extensions\njienacjggibaeolcbbjfnigbojkcggj] =>PUP.MyWebFace^ [HKLM\Software\Google\Chrome\Extensions\ojcgaoafcmbadjkfdippkdddgkeaipbn] =>PUP.DealPly^ [HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Sweetpacks Communicator] =>PUP.SweetIM^ [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\omigaplussvc] =>Hijacker.OmigaPlus [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater] =>Hijacker.BabSolution [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\254796BF4AC84B64891B61C529A2E23F] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate] =>PUP.DealPly [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47] =>Adware.IMBooster [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856] =>Adware.IMBooster [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494] =>Adware.IMBooster [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\eSafeSvc] =>PUP.eSafeSecurity [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyLiveUpdateTaskMachineUA] =>PUP.DealPly [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836] =>PUP.SweetIM^ C:\Users\Maman d'amour\AppData\Local\Google\Chrome\User Data\Default\Extensions\njienacjggibaeolcbbjfnigbojkcggj =>PUP.MyWebFace^ C:\Users\Maman d'amour\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojcgaoafcmbadjkfdippkdddgkeaipbn =>PUP.DealPly^ C:\Users\Maman d'amour\AppData\Roaming\do-search =>PUP.DoSearches^ C:\Users\Maman d'amour\AppData\Local\Updater12765 =>PUP.CrossRider^ [HKCU\Software\ForumerIT] =>Toolbar.Forumer^ C:\Users\Maman d'amour\AppData\Local\Temp\SHSetup.exe =>Crapware.SpyHunter^ ~ Additionnel Scan: 281296 Items scanned in 00mn 17s ---\\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/27747161-pup-mywebface =>PUP.MyWebFace ~ http://nicolascoolman.webs.com/apps/blog/show/28060597-pup-dealply =>PUP.DealPly ~ http://nicolascoolman.webs.com/apps/blog/show/33477786-pup-dosearches =>PUP.DoSearches ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit ~ http://nicolascoolman.webs.com/apps/blog/show/26919368-adware-megasearch =>Adware.MegaSearch ~ http://nicolascoolman.webs.com/apps/blog/show/32729139-toolbar-forumer =>Toolbar.Forumer ~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider ~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM ~ http://nicolascoolman.webs.com/apps/blog/show/26609241-crapware-spyhunter =>Crapware.SpyHunter ~ http://nicolascoolman.webs.com/apps/blog/show/30152670-hijacker-omigaplus =>Hijacker.OmigaPlus ~ http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution =>Hijacker.BabSolution ~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma ~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster ~ http://nicolascoolman.webs.com/apps/blog/show/27588628-pup-esafesecurity =>PUP.eSafeSecurity ~ MSI: 14 link(s) detected in 00mn 17s ~ 2651 Legitimates filtered by white list End of the scan (547 lines in 04mn 03s)(0)
- le 30 novembre 2013
- 1 réponse
Windows infecté

rital94 a répondu à un(e) sujet de rital94 dans Analyses et éradication malwares

SX Check&Update Lien vers le tutoriel : Tutoriels - Security-X --- Windows Version : Windows 7 32 bits Service Pack : 1 UserName : CELSO 02/03/2012 17:35:06 version = v0.1.1 --- Windows Update Information : AUOptions : 2 Notify Download and Install --- Name : FlashPlayer ActiveX Version : 11.1.102.62 Flash Player ActiveX est à jour Name : FlashPlayer Plugin Version : 11.1.102.62 Flash Player Plugin est à jour Nom : Mozilla Firefox 10.0.2 (x86 fr) Version : 10.0.2 Java Information : Nom : Java 6 Update 31 Version : 6.0.310 Java 6 Update 31 est à jour Nom : Adobe Reader X (10.1.2) - Français Version : 10.1.2 Adobe Reader est à jour Nom : Internet Explorer Version : 9.0.8112.16421 tout est ok alors Mon Pc est tout neuf !! si oui un grand Merci pour votre devouement a mon egard jattends votre oaccord merci je viens d'essayé de lancer mon jeux trackmania Canyon et mon pc c'est eteint puis se realume au bout de 5 minutes !! y a t-il aussi mon ALIM qui serai infecté ??? coup de panique
- le 2 mars 2012
- 20 réponses
Windows infecté

rital94 a répondu à un(e) sujet de rital94 dans Analyses et éradication malwares

SX Check&Update Lien vers le tutoriel : Tutoriels - Security-X --- Windows Version : Windows 7 32 bits Service Pack : 1 UserName : CELSO 02/03/2012 17:17:49 version = v0.1.1 --- Windows Update Information : AUOptions : 2 Notify Download and Install --- Name : FlashPlayer ActiveX Version : 10.2.152.26 Flash Player ActiveX n'est pas à jour! Name : FlashPlayer Plugin Version : 11.1.102.62 Flash Player Plugin est à jour Nom : Mozilla Firefox 10.0.2 (x86 fr) Version : 10.0.2 Java Information : Nom : Java 6 Update 26 Version : 6.0.260 Java 6 Update 26 n'est pas à jour! Nom : Adobe Reader X (10.1.2) - Français Version : 10.1.2 Adobe Reader est à jour Nom : Internet Explorer Version : 9.0.8112.16421
- le 2 mars 2012
- 20 réponses
Windows infecté

rital94 a répondu à un(e) sujet de rital94 dans Analyses et éradication malwares

Rapport de ZHPDiag v1.28.32 par Nicolas Coolman, Update du 05/02/2012 Run by CELSO at 02/03/2012 15:28:00 Web site : ZHPDiag Outil de diagnostic Web site : Blog de NicolasCoolman - ZebHelpProcess - Skyrock.com State : Version à jour. ---\\ Web Browser MSIE: Internet Explorer v9.0.8112.16421 MFIE: Mozilla Firefox 10.0.2 v10.0.2 (Defaut) ---\\ Windows Product Information ~ Langage: Français Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows® 7, OEM_COA_NSLP channel Windows ID Activation : OK ~ Windows Partial Key : RCRT4 Windows License : OK ~ Windows Remaining Initializations Number : 4 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System Information ~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 3071 MB (52% free) System Restore: Activé (Enable) System drive C: has 364 GB (78%) free of 466 GB ---\\ Logged in mode ~ Computer Name: CELSO-PC ~ User Name: CELSO ~ All Users Names: UpdatusUser, HomeGroupUser$, CELSO, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\CELSO\AppData\Roaming\ ~ %Desktop% : C:\Users\CELSO\Desktop\ ~ %Favorites% : C:\Users\CELSO\Favorites\ ~ %LocalAppData% : C:\Users\CELSO\AppData\Local\ ~ %StartMenu% : C:\Users\CELSO\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\system32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 364 Go of 466 Go) D:\ CD-ROM drive (Not Inserted) E:\ CD-ROM drive (Free 0 Go of 0 Go) F:\ Hard drive, Flash drive, Thumb drive (Free 616 Go of 932 Go) G:\ Floppy drive, Flash card reader, USB Key (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyComputer: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SYSTEM\CurrentControlSet\Services] wscsvc : OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ~ Scan Security Center in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320] [MD5.51138BEEA3E2C21EC44D0932C71762A8] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) (.14/07/2009 - 02:14:31.) -- C:\Windows\system32\rundll32.exe [44544] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\system32\Wininit.exe [96256] [MD5.1D94FA7C81D2FFE494AF094619BA706F] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.14/12/2011 - 03:57:18.) -- C:\Windows\system32\wininet.dll [1127424] [MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 13:17:54.) -- C:\Windows\system32\Winlogon.exe [286720] [MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 13:21:24.) -- C:\Windows\system32\sppcomapi.dll [193536] [MD5.129F80D7868E30DF3E3DE33A1D3132B4] - (.Microsoft Corporation - DLL client de l’API uilisateur de Windows multi-utilisateurs.) (.20/11/2010 - 13:08:50.) -- C:\Windows\system32\fr-FR\user32.dll.mui [20480] [MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:18:03.) -- C:\Windows\system32\drivers\AFD.sys [338944] [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\drivers\atapi.sys [21584] [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\drivers\Cdfs.sys [70656] [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\drivers\Cdrom.sys [108544] [MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\drivers\DfsC.sys [78336] [MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\drivers\HDAudBus.sys [108544] [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\drivers\i8042prt.sys [80896] [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\drivers\IpNat.sys [101888] [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\drivers\MRxSmb.sys [123904] [MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\drivers\netBT.sys [187904] [MD5.81189C3D7763838E55C397759D49007A] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.11/03/2011 - 06:39:00.) -- C:\Windows\system32\drivers\ntfs.sys [1211264] [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\drivers\Parport.sys [79360] [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\drivers\Rasl2tp.sys [78848] [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\drivers\smb.sys [71168] [MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\drivers\tdx.sys [74752] [MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\drivers\volsnap.sys [245632] ~ Scan Generic Processes in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 119/6239 ~ Mes Videos (My Videos) : 2/58 ~ Mes Favoris (My Favorites) : Non accessible (Not found) ~ Mes Documents (My Documents) : 12/4903 ~ Mon Bureau (My Desktop) : 155/8291 ~ Menu demarrer (Programs) : 7/32 ~ Scan Hidden Files in 00mn 20s ---\\ Processus lancés [MD5.BF1FF06F5434AFAEAB6C3279E3BD2250] - (.Symantec Corporation - Symantec User Session.) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115560] [PID.2656] [MD5.F40E80C04475731C6ED5D19C48E45E3C] - (.Elaborate Bytes AG - Virtual CloneDrive Daemon.) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [85160] [PID.2664] [MD5.16E288B32BC5ED1A73D8D266B354AD5F] - (.cyberlink - brs.) -- C:\Program Files\CyberLink\Shared files\brs.exe [75048] [PID.2680] [MD5.60D0647A2DC2D397B84D0AFB0808F85D] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [460872] [PID.2800] [MD5.F7BA07E85A37CA30FFED726001754951] - (.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe [10871680] [PID.2872] [MD5.C687C23E093782DA238F6B972FCB717C] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1820480] [PID.3356] [MD5.FB9DFE1D04DFA81ABBD8493A52A23773] - (.Symantec Corporation - Symantec CMC SmcGui.) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe [1459528] [PID.3448] [MD5.5AC757AE411CBC603C33C85F81F8657D] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [924632] [PID.2848] [MD5.196F6E8FBC7043A867C8F428E40530E8] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [16856] [PID.2140] [MD5.D9C51528488EA0D98D3C4D02ABD16759] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.2652] [MD5.4AEEC870451AE02CB1A1596C9792CD66] - (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.) -- C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe [8517104] [PID.5264] [MD5.4309B75F125067EF805F3125B01FCC30] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [2210816] [PID.4524] ~ Scan Processes Running in 00mn 01s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\CELSO\AppData\Roaming\Mozilla\Firefox\Profiles\y5f7xqok.default\prefs.js M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml M0 - MFSP: prefs.js [CELSO - y5f7xqok.default] Google M2 - MFEP: prefs.js [CELSO - y5f7xqok.default\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}] [] Garmin Communicator v4.0.1.0 (.Garmin International.) P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.2.) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.5.9.620.) -- C:\Windows\System32\Adobe\Director\np32dsw.dll P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) -- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_26 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.1.10111.0.) -- C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll P2 - FPN: [HKLM] [@nvidia.com/3DVision] - (.NVIDIA Corporation - NVIDIA 3D Vision plugin for Mozilla browsers.) -- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll P2 - FPN: [HKLM] [@nvidia.com/3DVisionStreaming] - (.NVIDIA Corporation - NVIDIA 3D Vision Streaming plugin for Mozilla browsers.) -- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.2.) -- C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll P2 - FPN: [HKCU] [@Skype Limited.com/Facebook Video Calling Plugin] - (.Skype Limited - Facebook Video Calling Plugin.) -- C:\Users\CELSO\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll ~ Scan Firefox Browser in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Search Microsoft.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\System32\ieframe.dll R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1 ~ Scan IE Browser in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Scan Proxy management in 00mn 00s ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2) F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe ~ Scan Keys in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Scan Hosts File in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} . (.TechSmith Corporation - SnagIt Browser Helper Object for Internet E.) -- C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll ~ Scan BHO in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} . (.TechSmith Corporation - SnagIt Add-in for Internet Explorer.) -- C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll ~ Scan Toolbar in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe O4 - HKLM\..\Run: [ccApp] . (.Symantec Corporation - Symantec User Session.) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [VirtualCloneDrive] . (.Elaborate Bytes AG - Virtual CloneDrive Daemon.) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe O4 - HKLM\..\Run: [bDRegion] . (.cyberlink - brs.) -- C:\Program Files\CyberLink\Shared files\brs.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\System32\nvmctray.dll O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe ~ Scan Application in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - Global Startup: C:\Users\CELSO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Users\CELSO\Desktop\everest.exe - Raccourci.lnk . (...) -- F:\Logiciels 2011 Kevin\Everest.Corporate.Edtion.v2.80\everest.exe O4 - Global Startup: C:\Users\CELSO\Desktop\HijackThis.exe - Raccourci.lnk . (.Trend Micro Inc..) -- F:\Logiciel Maintenance & dvd Shrink,\HiJackThis\HijackThis.exe O4 - Global Startup: C:\Users\CELSO\Desktop\Jouer à ManiaPlanet.lnk . (...) -- C:\Program Files\ManiaPlanet\ManiaPlanetLauncher.exe O4 - Global Startup: C:\Users\CELSO\Desktop\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - Global Startup: C:\Users\CELSO\Desktop\PhotoFiltre.lnk . (.Antonio Da Cruz.) -- C:\Program Files\PhotoFiltre\photofiltre.exe O4 - Global Startup: C:\Users\CELSO\Desktop\Windows Live Messenger.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O4 - Global Startup: C:\Users\CELSO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Users\CELSO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk . (.Microsoft Corporation.) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE O4 - Global Startup: C:\Users\CELSO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe ~ Scan Global Startup in 00mn 09s ---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5) O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no ~ Scan IE Control Panel in 00mn 00s ---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8) O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\Program Files\MICROS~2\Office12\EXCEL.exe ~ Scan IE Menu Contextuel in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO ~ Scan IE Extra Buttons in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\System32\nlaapi.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d’affectation de noms de messagerie.) -- C:\Windows\System32\NapiNSP.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\System32\pnrpnsp.dll O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\System32\pnrpnsp.dll O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\System32\mswsock.dll O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\System32\winrnr.dll O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.dll O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.dll ~ Scan Winsock in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ~ Scan Objets ActiveX in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{2B015339-CF8E-4E76-9AF8-3D0CC9B1E0FA}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CS1\Services\Tcpip\..\{2B015339-CF8E-4E76-9AF8-3D0CC9B1E0FA}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CS2\Services\Tcpip\..\{2B015339-CF8E-4E76-9AF8-3D0CC9B1E0FA}: NameServer = 8.8.8.8,8.8.4.4 ~ Scan Domain in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\MSVidCtl.dll O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.dll O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files\Common Files\microsoft shared\Help\hxds.dll O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.dll O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\MSVidCtl.dll O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll ~ Scan Protocole Additionnel in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\system32\igfxdev.dll ~ Scan Winlogon in 00mn 00s ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. ~ Scan SSODL in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) . (.Symantec Corporation - Symantec Service Framework.) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) . (.Symantec Corporation - Symantec Service Framework.) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 295.7.) - C:\Windows\System32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) . (.NVIDIA Corporation - NVIDIA Settings Update Manager.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: PnkBstrA (PnkBstrA) . (...) - C:\Windows\System32\PnkBstrA.exe O23 - Service: Client de gestion Symantec (SmcService) . (.Symantec Corporation - Symantec CMC Smc.) - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) . (.Symantec Corporation - Symantec AntiVirus.) - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe O23 - Service: TeamViewer 7 (TeamViewer7) . (.TeamViewer GmbH - TeamViewer Remote Control Application.) - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: Power Control [2011/02/26 16:42:22] ({B154377D-700F-42cc-9474-23858FBDF4BD}) . (.CyberLink Corp. - Pas de description.) - C:\Program Files\CyberLink\PowerDVD9\NavFilter\000.fcl ~ Scan Services in 00mn 00s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Default MHTML Editor: Last - .(...) - (.not file.) ~ Scan Desktop Component in 00mn 00s ---\\ BootExecute (O34) O34 - HKLM BootExecute: (autocheck autochk *) - File not found ~ Scan Keys in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-501933425-2476989565-1232407324-1000Core.job O39 - APT:Automatic Planified Task - C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-501933425-2476989565-1232407324-1000UA.job O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [MD5.FCC7C432FBF465C38FD5D940580EF9B7] [APT] [FacebookUpdateTaskUserS-1-5-21-501933425-2476989565-1232407324-1000Core] (.Facebook Inc..) -- C:\Users\CELSO\AppData\Local\Facebook\Update\FacebookUpdate.exe [MD5.FCC7C432FBF465C38FD5D940580EF9B7] [APT] [FacebookUpdateTaskUserS-1-5-21-501933425-2476989565-1232407324-1000UA] (.Facebook Inc..) -- C:\Users\CELSO\AppData\Local\Facebook\Update\FacebookUpdate.exe [MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [MD5.00000000000000000000000000000000] [APT] [{97FAB673-36A2-4CD2-BA32-68A669238929}] (...) -- D:\setup.exe (.not file.) [MD5.028CD3C6E95FF807859FA47A96604890] [APT] [{9C1D237C-593F-4628-9A9E-507628D61569}] (...) -- F:\Logiciels 2011 Kevin\Everest.Corporate.Edtion.v2.80\everest.exe [MD5.B8F49232247D0825B2B82E08A9E10753] [APT] [{BDF7492F-AD9E-4DB2-A57A-F3F0436E4635}] (.Malwarebytes Corporation.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [MD5.00000000000000000000000000000000] [APT] [{C544CD80-0710-4A00-B5B5-9B489786A3FD}] (...) -- D:\setup.exe (.not file.) [MD5.5BC75CB78D32CC34428FC8584A3BD167] [APT] [{CFD75BF0-4D55-4DDC-A7EA-B3C0F143E5F4}] (.NVIDIA Corporation.) -- C:\Users\CELSO\Downloads\295.73-desktop-win7-winvista-32bit-international-whql.exe [MD5.028CD3C6E95FF807859FA47A96604890] [APT] [{D7E0FBA8-3269-4FAB-AC5B-FEF3502D6084}] (...) -- C:\Users\CELSO\Desktop\Everest\everest.exe [MD5.00000000000000000000000000000000] [APT] [{F07B0A95-A454-472A-B4B2-880372743DFF}] (...) -- D:\setup.exe (.not file.) ~ Scan Scheduled Task in 00mn 09s ---\\ Composants installés (ActiveSetup Installed Components) (O40) O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - Personnalisation d’IEAK.) -- C:\Windows\System32\iedkcs32.dll O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\regutils.dll O40 - ASIC: Microsoft Windows Media Player 12.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\System32\wmpdxm.dll O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Windows Media Player.) -- C:\Windows\system32\wmp.dll O40 - ASIC: Web Platform Customizations - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll ~ Scan Active Setup in 00mn 00s ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: C:\Windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\system32\DRIVERS\blbdrive.sys O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\drivers\cdrom.sys O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\system32\Drivers\dfsc.sys O41 - Driver: C:\Windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\system32\drivers\discache.sys O41 - Driver: (eeCtrl) . (.Symantec Corporation - Symantec Eraser Control Driver.) - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys O41 - Driver: (ElbyCDIO) . (.Elaborate Bytes AG - ElbyCD Windows NT/2000/XP I/O driver.) - C:\Windows\system32\Drivers\ElbyCDIO.sys O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\system32\DRIVERS\netbios.sys O41 - Driver: C:\Windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\system32\DRIVERS\netbt.sys O41 - Driver: C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\system32\drivers\nsiproxy.sys O41 - Driver: C:\Windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\system32\DRIVERS\pacer.sys O41 - Driver: C:\Windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\system32\DRIVERS\rdbss.sys O41 - Driver: C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\system32\DRIVERS\RDPCDD.sys O41 - Driver: C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\system32\drivers\rdpencdd.sys O41 - Driver: C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\system32\drivers\rdprefmp.sys O41 - Driver: (Serial) . (.Microsoft Corporation - Pilote de périphérique série.) - C:\Windows\system32\DRIVERS\serial.sys O41 - Driver: (SPBBCDrv) . (.Symantec Corporation - SPBBC Driver.) - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys O41 - Driver: (SRTSP) . (.Symantec Corporation - Symantec AutoProtect.) - C:\Windows\system32\Drivers\SRTSP.sys O41 - Driver: (SRTSPX) . (.Symantec Corporation - Symantec AutoProtect.) - C:\Windows\system32\Drivers\SRTSPX.sys O41 - Driver: (SYMTDI) . (.Symantec Corporation - Network Dispatch Driver.) - C:\Windows\system32\Drivers\SYMTDI.sys O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\system32\DRIVERS\tdx.sys O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\drivers\termdd.sys O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys O41 - Driver: C:\Windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\system32\DRIVERS\wanarp.sys O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\system32\DRIVERS\wfplwf.sys ~ Scan Drivers in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin O42 - Logiciel: Adobe Reader X (10.1.2) - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-AA1000000001} O42 - Logiciel: Adobe Shockwave Player 11.5 - (.Adobe Systems, Inc..) [HKLM] -- Adobe Shockwave Player O42 - Logiciel: Ashampoo Burning Studio 10 v.10.0.15 - (.Ashampoo GmbH & Co. KG.) [HKLM] -- Ashampoo Burning Studio 10_is1 O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner O42 - Logiciel: Call of Duty® 2 - (.Activision.) [HKLM] -- InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374} O42 - Logiciel: Call of Duty® 4 - Modern Warfare - (.Activision.) [HKLM] -- InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217} O42 - Logiciel: Call of Duty® 4 - Modern Warfare 1.7 Patch - (.Pas de propriétaire.) [HKLM] -- InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498} O42 - Logiciel: CyberLink PowerDVD 9 - (.CyberLink Corp..) [HKLM] -- InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8} O42 - Logiciel: CyberLink PowerDVD 9 - (.CyberLink Corp..) [HKLM] -- {A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8} O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF} O42 - Logiciel: Diz&Nfo v1.7d - (.Pas de propriétaire.) [HKLM] -- Diz&Nfo v1.7d_is1 O42 - Logiciel: FTPRush 2.1.4 - (.wftpserver.com.) [HKLM] -- FTP Rush_is1 O42 - Logiciel: Facebook Video Calling 1.1.1.1 - (.Skype Limited.) [HKLM] -- {624E54D0-E4F4-434F-9EF6-D4D066EE4348} O42 - Logiciel: Google Earth Plug-in - (.Google.) [HKLM] -- {2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E} O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} O42 - Logiciel: HomePlayer 1.5.9d - (.HomePlayer.) [HKLM] -- HomePlayer O42 - Logiciel: Intel® Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM] -- HDMI O42 - Logiciel: Intel® TV Wizard - (.Intel Corporation.) [HKLM] -- TVWiz O42 - Logiciel: Java 6 Update 26 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216024FF} O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM] -- {8E5233E1-7495-44FB-8DEB-4BE906D59619} O42 - Logiciel: Les Sims 2 - (.Pas de propriétaire.) [HKLM] -- {6E7DD182-9FC6-4651-0095-2E666CC6AF35} O42 - Logiciel: Les Sims 2 Fun en Famille Kit - (.Pas de propriétaire.) [HKLM] -- {6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0} O42 - Logiciel: LiveUpdate 3.3 (Symantec Corporation) - (.Symantec Corporation.) [HKLM] -- LiveUpdate O42 - Logiciel: Logiciel d'archivage WinRAR - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} O42 - Logiciel: Malwarebytes Anti-Malware version 1.60.1.1000 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1 O42 - Logiciel: ManiaPlanet - (.Nadeo.) [HKLM] -- ManiaPlanet_is1 O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6} O42 - Logiciel: Microsoft .NET Framework 4 Client Profile FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E} O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93} O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8} O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8} O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8} O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8} O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8} O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8} O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8} O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A} O42 - Logiciel: Microsoft Office Access MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0015-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Excel MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office File Validation Add-In - (.Microsoft Corporation.) [HKLM] -- {90140000-2005-0000-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office InfoPath MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0044-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Outlook MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001A-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] -- PROPLUS O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (Arabic) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (Dutch) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (German) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proofing (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002C-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC} O42 - Logiciel: Microsoft Office Publisher MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0019-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Shared MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Word MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {770657D0-A123-3C07-8E44-1C83EC895118} O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {710f4c1c-cc18-4c49-8cbf-51240c89a1a2} O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 - (.Microsoft Corporation.) [HKLM] -- {86CE85E6-DBAC-3FFD-B977-E4B79F83C909} O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475} O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 - (.Microsoft Corporation.) [HKLM] -- {9BE518E6-ECC6-35A9-88E4-87755C07200F} O42 - Logiciel: Mises à jour NVIDIA 1.7.11 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack O42 - Logiciel: Mozilla Firefox 10.0.2 (x86 fr) - (.Mozilla.) [HKLM] -- Mozilla Firefox 10.0.2 (x86 fr) O42 - Logiciel: NVIDIA Logiciel système PhysX 9.12.0209 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX O42 - Logiciel: NVIDIA PhysX - (.NVIDIA Corporation.) [HKLM] -- {4EAE665D-957A-4D04-9679-3AD582008877} O42 - Logiciel: NVIDIA Pilote 3D Vision 295.73 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision O42 - Logiciel: NVIDIA Pilote audio HD : 1.3.12.0 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver O42 - Logiciel: NVIDIA Pilote du contrôleur 3D Vision 295.73 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB O42 - Logiciel: NVIDIA Pilote graphique 295.73 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver O42 - Logiciel: NVIDIA Stereoscopic 3D Driver - (.NVIDIA Corporation.) [HKLM] -- NVIDIAStereo O42 - Logiciel: PVSonyDll - (.NVIDIA Corporation.) [HKLM] -- {3D3E663D-4E7E-4577-A560-7ECDDD45548A} O42 - Logiciel: PhotoFiltre - (.Pas de propriétaire.) [HKCU] -- PhotoFiltre O42 - Logiciel: Playviz 1.7.7 - (.Previznet.) [HKCU] -- Playviz 1.7.7 O42 - Logiciel: QuickPar 0.9 - (.Peter B. Clements.) [HKLM] -- QuickPar O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2478663 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2539636 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2572078 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2633870 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656351 O42 - Logiciel: Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09} O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{AEA16A27-0B97-4670-818F-A98D06EC0A6F} O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0EF0D4FB-BB23-4515-AAEA-1240AC2DA525} O42 - Logiciel: Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{5A8732F0-C20F-4A9B-A2A9-66FE7A586C35} O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663) - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}.KB2478663 O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}.KB2518870 O42 - Logiciel: SnagIt 9 - (.TechSmith Corporation.) [HKLM] -- {2FADA80A-5D89-4CC8-9ED7-445527754A83} O42 - Logiciel: Symantec Endpoint Protection - (.Symantec Corporation.) [HKLM] -- {3C1AE512-3C37-44FA-BA42-ABB721EC5B1D} O42 - Logiciel: TeamSpeak 3 Client - (.TeamSpeak Systems GmbH.) [HKLM] -- TeamSpeak 3 Client O42 - Logiciel: TeamViewer 7 - (.TeamViewer.) [HKLM] -- TeamViewer 7 O42 - Logiciel: TmNationsForever - (.Nadeo.) [HKLM] -- TmNationsForever_is1 O42 - Logiciel: Update for 2007 Microsoft Office System (KB967642) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D} O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2468871) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871 O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2533523) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523 O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2600217) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217 O42 - Logiciel: Update for Microsoft Office 2007 (KB2508958) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438} O42 - Logiciel: Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{B7873DF5-9E1C-45EE-8895-D29C6AE01202} O42 - Logiciel: Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C20964A7-5181-45E5-9E82-72F5D400DEBF} O42 - Logiciel: Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{97FF6C46-CE3A-47F6-BA6B-3D743ACA4054} O42 - Logiciel: Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{567103D1-96CD-4B76-93B9-2681A187DEFF} O42 - Logiciel: VLC media player 1.1.5 - (.VideoLAN.) [HKLM] -- VLC media player O42 - Logiciel: Virtual Plastic Surgery Software - VPSS v1.0 - (.Kaeria SARL.) [HKLM] -- Virtual Plastic Surgery Software - VPSS_is1 O42 - Logiciel: VirtualCloneDrive - (.Elaborate Bytes.) [HKLM] -- VirtualCloneDrive O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM] -- {34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5} O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {D45240D3-B6B3-4FF9-B243-54ECE3E10066} O42 - Logiciel: Windows Live ID Sign-in Assistant - (.Microsoft Corporation.) [HKLM] -- {C6150D8A-86ED-41D3-87BB-F3BB51B0B77F} O42 - Logiciel: Windows Live Installer - (.Microsoft Corporation.) [HKLM] -- {0B0F231F-CE6A-483D-AA23-77B364F75917} O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {AB61A2E9-37D3-485D-9085-19FBDF8CEF4A} O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {E5B21F11-6933-4E0B-A25C-7963E3C07D11} O42 - Logiciel: Windows Live PIMT Platform - (.Microsoft Corporation.) [HKLM] -- {83C292B7-38A5-440B-A731-07070E81A64F} O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM] -- {A9BDCA6B-3653-467B-AC83-94367DA3BFE3} O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM] -- {C893D8C0-1BA0-4517-B11C-E89B65E72F70} O42 - Logiciel: Windows Live SOXE - (.Microsoft Corporation.) [HKLM] -- {682B3E4F-696A-42DE-A41C-4C07EA1678B4} O42 - Logiciel: Windows Live SOXE Definitions - (.Microsoft Corporation.) [HKLM] -- {200FEC62-3C34-4D60-9CE8-EC372E01C08F} O42 - Logiciel: Windows Live UX Platform - (.Microsoft Corporation.) [HKLM] -- {CE95A79E-E4FC-4FFF-8A75-29F04B942FF2} O42 - Logiciel: Windows Live UX Platform Language Pack - (.Microsoft Corporation.) [HKLM] -- {05E379CC-F626-4E7D-8354-463865B303BF} O42 - Logiciel: Xfire (remove only) - (.Pas de propriétaire.) [HKLM] -- Xfire ---\\ HKCU & HKLM Software Keys [HKCU\Software\ASProtect] [HKCU\Software\ASUS] [HKCU\Software\Adobe] [HKCU\Software\AppDataLow\Software\Adobe] [HKCU\Software\AppDataLow\Software\Microsoft] [HKCU\Software\AppDataLow\Software] [HKCU\Software\AppDataLow] [HKCU\Software\Ashampoo] [HKCU\Software\Classes] [HKCU\Software\Clients] [HKCU\Software\CyberLink] [HKCU\Software\Digital River] [HKCU\Software\DivXNetworks] [HKCU\Software\Elaborate Bytes] [HKCU\Software\FTPRush] [HKCU\Software\Facebook] [HKCU\Software\Garmin] [HKCU\Software\Google] [HKCU\Software\Hewlett-Packard] [HKCU\Software\HookNetwork] [HKCU\Software\IM Providers] [HKCU\Software\INTEL] [HKCU\Software\ImInstaller] [HKCU\Software\IncrediMail] [HKCU\Software\JEDI-VCL] [HKCU\Software\JavaSoft] [HKCU\Software\Lake] [HKCU\Software\Lavalys] [HKCU\Software\Macromedia] [HKCU\Software\Malwarebytes' Anti-Malware] [HKCU\Software\MozillaPlugins] [HKCU\Software\Mozilla] [HKCU\Software\Mumble] [HKCU\Software\NVIDIA Corporation] [HKCU\Software\Netscape] [HKCU\Software\ODBC] [HKCU\Software\Piriform] [HKCU\Software\Policies] [HKCU\Software\SkypeRS] [HKCU\Software\Softonic] [HKCU\Software\Symantec] [HKCU\Software\Sysinternals] [HKCU\Software\TeamSpeak 3 Client] [HKCU\Software\TeamViewer] [HKCU\Software\TechSmith] [HKCU\Software\Trolltech] [HKCU\Software\Virtual Plastic Surgery Software - VPSS] [HKCU\Software\WinRAR] [HKCU\Software\Xfire] [HKCU\Software\YahooPartnerToolbar] [HKLM\Software\AGEIA Technologies] [HKLM\Software\ASUS] [HKLM\Software\ATI Technologies] [HKLM\Software\Activision] [HKLM\Software\Adobe] [HKLM\Software\AppDataLow] [HKLM\Software\Ashampoo] [HKLM\Software\BrowserChoice] [HKLM\Software\C07ft5Y] [HKLM\Software\Classes] [HKLM\Software\Clients] [HKLM\Software\CyberLink] [HKLM\Software\EA GAMES] [HKLM\Software\Elaborate Bytes] [HKLM\Software\Electronic Arts] [HKLM\Software\Even Balance] [HKLM\Software\Garmin] [HKLM\Software\Google] [HKLM\Software\Hewlett-Packard] [HKLM\Software\ImInstaller] [HKLM\Software\InstallShield] [HKLM\Software\Intel] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\Khronos] [HKLM\Software\Lake] [HKLM\Software\Licenses] [HKLM\Software\Logitech] [HKLM\Software\Macromedia] [HKLM\Software\Malwarebytes' Anti-Malware (Trial)] [HKLM\Software\Malwarebytes' Anti-Malware] [HKLM\Software\MozillaPlugins] [HKLM\Software\Mozilla] [HKLM\Software\NVIDIA Corporation] [HKLM\Software\ODBC] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\RegisteredApplications] [HKLM\Software\Sonic] [HKLM\Software\Symantec] [HKLM\Software\TeamViewer] [HKLM\Software\TechSmith] [HKLM\Software\Uniblue] [HKLM\Software\VideoLAN] [HKLM\Software\Volatile] [HKLM\Software\WinRAR] [HKLM\Software\Windows] [HKLM\Software\Wow6432Node] [HKLM\Software\mozilla.org] ~ Scan Softwares in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 19/05/2011 - 14:55:28 - [-669,815] ----D- C:\Program Files\Activision O43 - CFD: 17/06/2011 - 09:11:28 - [158,508] ----D- C:\Program Files\Adobe O43 - CFD: 17/05/2011 - 10:18:54 - [187,007] ----D- C:\Program Files\Ashampoo O43 - CFD: 16/05/2011 - 09:14:54 - [0,398] ----D- C:\Program Files\Call of Duty O43 - CFD: 25/02/2011 - 00:08:36 - [3,484] ----D- C:\Program Files\CCleaner O43 - CFD: 02/07/2011 - 01:15:00 - [383,219] ----D- C:\Program Files\Common Files O43 - CFD: 26/02/2011 - 16:42:44 - [192,712] ----D- C:\Program Files\CyberLink O43 - CFD: 26/02/2011 - 16:36:18 - [0,312] ----D- C:\Program Files\Diz&Nfo O43 - CFD: 02/03/2011 - 11:02:48 - [79,371] ----D- C:\Program Files\DVD Maker O43 - CFD: 11/07/2011 - 20:21:46 - [-1074,294] ----D- C:\Program Files\EA GAMES O43 - CFD: 24/02/2011 - 19:40:56 - [2,029] ----D- C:\Program Files\Elaborate Bytes O43 - CFD: 22/02/2011 - 17:00:46 - [0] -SH-D- C:\Program Files\Fichiers communs O43 - CFD: 11/04/2011 - 19:30:34 - [0,002] ----D- C:\Program Files\FileZilla FTP Client O43 - CFD: 11/04/2011 - 19:22:22 - [9,973] ----D- C:\Program Files\FTPRush O43 - CFD: 17/11/2011 - 00:58:02 - [58,807] ----D- C:\Program Files\Google O43 - CFD: 24/02/2011 - 19:44:56 - [135,712] ----D- C:\Program Files\HomePlayer O43 - CFD: 27/04/2011 - 11:40:52 - [45,979] ----D- C:\Program Files\HP O43 - CFD: 19/05/2011 - 15:11:36 - [20,592] ----D- C:\Program Files\InstallShield Installation Information O43 - CFD: 22/02/2011 - 17:16:46 - [11,571] ----D- C:\Program Files\Intel O43 - CFD: 15/02/2012 - 13:51:48 - [4,935] ----D- C:\Program Files\Internet Explorer O43 - CFD: 02/07/2011 - 01:14:30 - [84,449] ----D- C:\Program Files\Java O43 - CFD: 29/02/2012 - 22:31:50 - [11,412] ----D- C:\Program Files\Malwarebytes' Anti-Malware O43 - CFD: 20/10/2011 - 15:42:14 - [61,736] ----D- C:\Program Files\ManiaPlanet O43 - CFD: 14/07/2009 - 10:00:58 - [140,966] ----D- C:\Program Files\Microsoft Games O43 - CFD: 03/07/2011 - 06:55:04 - [479,611] ----D- C:\Program Files\Microsoft Office O43 - CFD: 24/02/2012 - 22:21:30 - [36,634] ----D- C:\Program Files\Microsoft Silverlight O43 - CFD: 22/02/2011 - 17:38:38 - [0,014] ----D- C:\Program Files\Microsoft Visual Studio O43 - CFD: 26/02/2011 - 16:46:36 - [3,554] ----D- C:\Program Files\Microsoft Works O43 - CFD: 03/03/2011 - 08:39:56 - [7,789] ----D- C:\Program Files\Microsoft.NET O43 - CFD: 26/02/2012 - 23:40:12 - [37,531] ----D- C:\Program Files\Mozilla Firefox O43 - CFD: 24/02/2011 - 19:14:18 - [0,025] ----D- C:\Program Files\MSBuild O43 - CFD: 24/02/2012 - 22:00:00 - [1004,957] ----D- C:\Program Files\NVIDIA Corporation O43 - CFD: 30/04/2011 - 13:40:44 - [3,528] ----D- C:\Program Files\PhotoFiltre O43 - CFD: 26/02/2011 - 16:33:38 - [0,898] ----D- C:\Program Files\QuickPar O43 - CFD: 14/07/2009 - 05:52:30 - [37,345] ----D- C:\Program Files\Reference Assemblies O43 - CFD: 24/02/2011 - 19:29:36 - [49,066] ----D- C:\Program Files\Symantec O43 - CFD: 14/02/2012 - 17:41:14 - [55,344] ----D- C:\Program Files\TeamSpeak 3 Client O43 - CFD: 06/12/2011 - 09:34:56 - [109,553] ----D- C:\Program Files\TeamViewer O43 - CFD: 24/02/2011 - 21:30:36 - [45,323] ----D- C:\Program Files\TechSmith O43 - CFD: 24/02/2011 - 21:53:26 - [713,725] ----D- C:\Program Files\TmNationsForever O43 - CFD: 14/07/2009 - 05:53:24 - [0] --H-D- C:\Program Files\Uninstall Information O43 - CFD: 22/02/2011 - 17:35:18 - [76,799] ----D- C:\Program Files\VideoLAN O43 - CFD: 17/07/2011 - 15:08:46 - [5,227] ----D- C:\Program Files\VPSS O43 - CFD: 11/04/2011 - 18:53:28 - [0] ----D- C:\Program Files\Wikikou O43 - CFD: 02/03/2011 - 11:02:44 - [2,909] ----D- C:\Program Files\Windows Defender O43 - CFD: 02/03/2011 - 11:02:48 - [6,689] ----D- C:\Program Files\Windows Journal O43 - CFD: 06/09/2011 - 16:01:34 - [62,208] ----D- C:\Program Files\Windows Live O43 - CFD: 02/03/2011 - 11:02:48 - [5,895] ----D- C:\Program Files\Windows Mail O43 - CFD: 02/03/2011 - 11:02:48 - [6,298] ----D- C:\Program Files\Windows Media Player O43 - CFD: 22/02/2011 - 17:00:46 - [11,632] ----D- C:\Program Files\Windows NT O43 - CFD: 02/03/2011 - 11:02:48 - [4,213] ----D- C:\Program Files\Windows Photo Viewer O43 - CFD: 02/03/2011 - 11:02:46 - [0,181] ----D- C:\Program Files\Windows Portable Devices O43 - CFD: 02/03/2011 - 11:02:48 - [6,374] ----D- C:\Program Files\Windows Sidebar O43 - CFD: 24/02/2011 - 19:18:30 - [4,827] ----D- C:\Program Files\WinRAR O43 - CFD: 18/12/2011 - 12:42:34 - [19,529] ----D- C:\Program Files\Xfire O43 - CFD: 02/03/2012 - 15:28:32 - [10,101] ----D- C:\Program Files\ZHPDiag O43 - CFD: 17/06/2011 - 09:11:32 - [3,651] ----D- C:\Program Files\Common Files\Adobe O43 - CFD: 24/02/2011 - 18:57:54 - [0] ----D- C:\Program Files\Common Files\BitDefender O43 - CFD: 26/02/2011 - 16:41:30 - [0,115] ----D- C:\Program Files\Common Files\CyberLink O43 - CFD: 22/02/2011 - 17:38:38 - [0,089] ----D- C:\Program Files\Common Files\DESIGNER O43 - CFD: 14/05/2011 - 00:43:46 - [2,770] ----D- C:\Program Files\Common Files\InstallShield O43 - CFD: 02/07/2011 - 01:15:00 - [1,201] ----D- C:\Program Files\Common Files\Java O43 - CFD: 24/02/2011 - 17:26:18 - [0,410] ----D- C:\Program Files\Common Files\logishrd O43 - CFD: 26/10/2011 - 10:19:44 - [273,937] ----D- C:\Program Files\Common Files\microsoft shared O43 - CFD: 14/07/2009 - 03:37:06 - [0,003] ----D- C:\Program Files\Common Files\Services O43 - CFD: 14/07/2009 - 03:37:06 - [39,200] ----D- C:\Program Files\Common Files\SpeechEngines O43 - CFD: 24/02/2011 - 19:30:46 - [19,589] ----D- C:\Program Files\Common Files\Symantec Shared O43 - CFD: 09/11/2011 - 10:23:44 - [42,256] ----D- C:\Program Files\Common Files\System O43 - CFD: 22/02/2011 - 17:40:38 - [0] ----D- C:\Program Files\Common Files\Windows Live O43 - CFD: 17/06/2011 - 09:11:30 - [0,000] ----D- C:\ProgramData\Adobe O43 - CFD: 14/07/2009 - 05:53:56 - [0] -SH-D- C:\ProgramData\Application Data O43 - CFD: 17/05/2011 - 10:19:20 - [0,344] ----D- C:\ProgramData\ashampoo O43 - CFD: 22/02/2011 - 17:00:46 - [0] -SH-D- C:\ProgramData\Bureau O43 - CFD: 26/02/2011 - 16:43:54 - [1,447] ----D- C:\ProgramData\CyberLink O43 - CFD: 14/07/2009 - 05:53:56 - [0] -SH-D- C:\ProgramData\Desktop O43 - CFD: 14/07/2009 - 05:53:56 - [0] -SH-D- C:\ProgramData\Documents O43 - CFD: 22/02/2011 - 17:00:46 - [0] -SH-D- C:\ProgramData\Favoris O43 - CFD: 14/07/2009 - 05:53:56 - [0] -SH-D- C:\ProgramData\Favorites O43 - CFD: 24/02/2011 - 18:34:58 - [0,000] ----D- C:\ProgramData\IM O43 - CFD: 19/05/2011 - 17:20:58 - [15,410] ----D- C:\ProgramData\Malwarebytes O43 - CFD: 04/02/2012 - 02:12:02 - [681,954] ----D- C:\ProgramData\ManiaPlanet O43 - CFD: 22/02/2011 - 17:00:46 - [0] -SH-D- C:\ProgramData\Menu Démarrer O43 - CFD: 25/02/2012 - 17:10:48 - [365,273] -S--D- C:\ProgramData\Microsoft O43 - CFD: 15/02/2012 - 13:07:46 - [0,061] ----D- C:\ProgramData\Microsoft Help O43 - CFD: 22/02/2011 - 17:00:46 - [0] -SH-D- C:\ProgramData\Modèles O43 - CFD: 02/03/2012 - 09:53:34 - [2,623] ----D- C:\ProgramData\NVIDIA O43 - CFD: 19/05/2011 - 14:40:56 - [0,909] ----D- C:\ProgramData\NVIDIA Corporation O43 - CFD: 14/07/2009 - 05:53:56 - [0] -SH-D- C:\ProgramData\Start Menu O43 - CFD: 01/03/2011 - 15:00:44 - [0,000] ----D- C:\ProgramData\Sun O43 - CFD: 24/02/2011 - 19:30:36 - [837,072] ----D- C:\ProgramData\Symantec O43 - CFD: 24/02/2011 - 21:30:40 - [0,888] ----D- C:\ProgramData\TechSmith O43 - CFD: 26/02/2011 - 16:37:48 - [0,051] ----D- C:\ProgramData\Temp O43 - CFD: 14/07/2009 - 05:53:56 - [0] -SH-D- C:\ProgramData\Templates O43 - CFD: 26/02/2011 - 21:33:28 - [551,981] ----D- C:\ProgramData\TmForever O43 - CFD: 18/12/2011 - 18:41:24 - [134,809] ----D- C:\ProgramData\Xfire O43 - CFD: 25/02/2011 - 09:45:56 - [3,856] ----D- C:\Users\CELSO\AppData\Roaming\Adobe O43 - CFD: 17/05/2011 - 10:20:08 - [0] ----D- C:\Users\CELSO\AppData\Roaming\Ashampoo O43 - CFD: 26/02/2011 - 16:43:54 - [0,002] ----D- C:\Users\CELSO\AppData\Roaming\CyberLink O43 - CFD: 11/04/2011 - 18:54:48 - [0,016] ----D- C:\Users\CELSO\AppData\Roaming\FileZilla O43 - CFD: 24/02/2012 - 21:40:38 - [0,175] ----D- C:\Users\CELSO\AppData\Roaming\FTPRush O43 - CFD: 29/11/2011 - 15:26:16 - [0,105] ----D- C:\Users\CELSO\AppData\Roaming\Garmin O43 - CFD: 22/02/2011 - 17:01:00 - [0] ----D- C:\Users\CELSO\AppData\Roaming\Identities O43 - CFD: 24/02/2011 - 18:37:26 - [0,030] ----D- C:\Users\CELSO\AppData\Roaming\Macromedia O43 - CFD: 19/05/2011 - 17:21:06 - [0,002] ----D- C:\Users\CELSO\AppData\Roaming\Malwarebytes O43 - CFD: 14/07/2009 - 10:00:24 - [0] ----D- C:\Users\CELSO\AppData\Roaming\Media Center Programs O43 - CFD: 01/02/2012 - 20:06:36 - [2,777] -S--D- C:\Users\CELSO\AppData\Roaming\Microsoft O43 - CFD: 24/02/2011 - 17:34:00 - [108,818] ----D- C:\Users\CELSO\AppData\Roaming\Mozilla O43 - CFD: 19/12/2011 - 18:55:54 - [1,087] ----D- C:\Users\CELSO\AppData\Roaming\Mumble O43 - CFD: 26/02/2011 - 16:45:08 - [0] ----D- C:\Users\CELSO\AppData\Roaming\NVIDIA O43 - CFD: 30/04/2011 - 13:52:22 - [0,002] ----D- C:\Users\CELSO\AppData\Roaming\PhotoFiltre O43 - CFD: 22/02/2011 - 17:21:16 - [0] ----D- C:\Users\CELSO\AppData\Roaming\QuickScan O43 - CFD: 24/02/2011 - 18:49:48 - [0,215] ----D- C:\Users\CELSO\AppData\Roaming\TeamViewer O43 - CFD: 24/02/2012 - 21:40:38 - [3,340] ----D- C:\Users\CELSO\AppData\Roaming\TS3Client O43 - CFD: 26/02/2011 - 19:04:34 - [0,192] ----D- C:\Users\CELSO\AppData\Roaming\Uniblue O43 - CFD: 27/10/2011 - 15:19:30 - [1,808] ----D- C:\Users\CELSO\AppData\Roaming\vlc O43 - CFD: 24/02/2011 - 19:19:00 - [1,180] ----D- C:\Users\CELSO\AppData\Roaming\WinRAR O43 - CFD: 29/01/2012 - 20:25:26 - [0,009] ----D- C:\Users\CELSO\AppData\Roaming\Xfire O43 - CFD: 25/02/2011 - 09:45:56 - [15,213] ----D- C:\Users\CELSO\AppData\Local\Adobe O43 - CFD: 22/02/2011 - 17:00:52 - [0] -SH-D- C:\Users\CELSO\AppData\Local\Application Data O43 - CFD: 17/05/2011 - 10:20:02 - [0,344] ----D- C:\Users\CELSO\AppData\Local\ashampoo O43 - CFD: 26/02/2011 - 16:45:02 - [0,007] ----D- C:\Users\CELSO\AppData\Local\Cyberlink O43 - CFD: 26/02/2012 - 01:59:02 - [0,425] ----D- C:\Users\CELSO\AppData\Local\Diagnostics O43 - CFD: 06/09/2011 - 16:42:20 - [0,093] ----D- C:\Users\CELSO\AppData\Local\Downloader O43 - CFD: 23/02/2012 - 21:36:50 - [0,299] ----D- C:\Users\CELSO\AppData\Local\ElevatedDiagnostics O43 - CFD: 03/12/2011 - 17:22:00 - [6,511] ----D- C:\Users\CELSO\AppData\Local\Facebook O43 - CFD: 30/04/2011 - 14:44:28 - [0] ----D- C:\Users\CELSO\AppData\Local\Google O43 - CFD: 22/02/2011 - 17:00:52 - [0] -SH-D- C:\Users\CELSO\AppData\Local\Historique O43 - CFD: 24/02/2011 - 18:37:20 - [8,655] ----D- C:\Users\CELSO\AppData\Local\IM O43 - CFD: 25/02/2012 - 17:10:48 - [534,566] ----D- C:\Users\CELSO\AppData\Local\Microsoft O43 - CFD: 22/09/2011 - 19:15:24 - [0,161] ----D- C:\Users\CELSO\AppData\Local\Microsoft Games O43 - CFD: 01/02/2012 - 20:06:34 - [0,101] ----D- C:\Users\CELSO\AppData\Local\Microsoft Help O43 - CFD: 05/10/2011 - 10:41:32 - [0,179] ----D- C:\Users\CELSO\AppData\Local\MigWiz O43 - CFD: 24/02/2011 - 17:33:30 - [246,159] ----D- C:\Users\CELSO\AppData\Local\Mozilla O43 - CFD: 20/05/2011 - 21:52:28 - [5,830] ----D- C:\Users\CELSO\AppData\Local\PunkBuster O43 - CFD: 24/02/2011 - 19:30:40 - [16,388] ----D- C:\Users\CELSO\AppData\Local\Symantec O43 - CFD: 24/02/2011 - 21:30:36 - [11,812] ----D- C:\Users\CELSO\AppData\Local\TechSmith O43 - CFD: 02/03/2012 - 15:26:44 - [0,235] ----D- C:\Users\CELSO\AppData\Local\Temp O43 - CFD: 22/02/2011 - 17:00:52 - [0] -SH-D- C:\Users\CELSO\AppData\Local\Temporary Internet Files O43 - CFD: 26/02/2011 - 17:30:34 - [-895,550] ----D- C:\Users\CELSO\AppData\Local\VirtualStore O43 - CFD: 02/03/2012 - 13:42:48 - [0,059] ----D- C:\Users\CELSO\AppData\Local\Windows Live O43 - CFD: 02/03/2012 - 13:41:56 - [0] ----D- C:\Users\CELSO\AppData\Local\{751660B0-AD1D-47EE-8D77-CFDECC81B923} ~ Scan Program Folder in 00mn 47s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.6C1C89CB058CF60FAE14BC1B200F23F1] - 02/03/2012 - 11:35:07 ---A- . (...) -- C:\Windows\WindowsUpdate.log [149005] O44 - LFC:[MD5.8E4A4137D4AFAE5A101E7DB18AA26848] - 02/03/2012 - 09:57:58 ---A- . (...) -- C:\Windows\system32\PerfStringBackup.INI [1549700] O44 - LFC:[MD5.459DCA304BF29FF3E81C6F774A79D707] - 02/03/2012 - 09:57:58 ---A- . (...) -- C:\Windows\system32\perfc009.dat [106190] O44 - LFC:[MD5.18CDC094A676FE47080CCD860EB295ED] - 02/03/2012 - 09:57:58 ---A- . (...) -- C:\Windows\system32\perfc00C.dat [130548] O44 - LFC:[MD5.99DEAE2A78FC7BC5B0BE5E775F904533] - 02/03/2012 - 09:57:58 ---A- . (...) -- C:\Windows\system32\perfh009.dat [615810] O44 - LFC:[MD5.F706069057D460C50F0D4C9F4B85C387] - 02/03/2012 - 09:57:58 ---A- . (...) -- C:\Windows\system32\perfh00C.dat [704242] O44 - LFC:[MD5.D74E3C688AA4F552EB9F55CB8EA67170] - 02/03/2012 - 09:53:33 ---A- . (...) -- C:\Windows\setupact.log [56] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 02/03/2012 - 09:53:33 ---A- . (...) -- C:\Windows\setuperr.log [0] O44 - LFC:[MD5.9277F24FAD5513EF65B08A9B6238A8AF] - 02/03/2012 - 09:53:31 -S-A- . (...) -- C:\Windows\bootstat.dat [67584] O44 - LFC:[MD5.6E459C97410A669FD20190EC4545520B] - 02/03/2012 - 09:53:19 ---A- . (...) -- C:\Windows\PFRO.log [774] O44 - LFC:[MD5.22F004E6413440C7A4E6E8C2D2F2836C] - 01/03/2012 - 16:13:31 ---A- . (...) -- C:\PhysicalDisk0_MBR.bin [512] O44 - LFC:[MD5.B7CA8CC3F978201856B6AB82F40953C3] - 29/02/2012 - 22:29:43 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys [20464] O44 - LFC:[MD5.24097AF73562086C5DC1B48412F02DA0] - 29/02/2012 - 22:27:34 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\Windows\system32\FlashPlayerCPLApp.cpl [414368] O44 - LFC:[MD5.1B6CABCAE393257233F0F916F7D99D4E] - 29/02/2012 - 22:27:10 ---A- . (...) -- C:\Windows\system32\lvcoinst.log [10700] O44 - LFC:[MD5.628BA691C30D52309016F01D011BE900] - 29/02/2012 - 17:53:41 ---A- . (...) -- C:\Windows\system32\FNTCACHE.DAT [409992] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 24/02/2012 - 21:59:58 ---A- . (...) -- C:\Windows\system32\nvdrssel.bin [0] O44 - LFC:[MD5.0195003E40E6EBB9B684C2FD1D13E38D] - 23/02/2012 - 22:29:34 ---A- . (.NVIDIA Corporation - Generic Coinstaller.) -- C:\Windows\system32\nvhdagenco3220103.dll [876864] O44 - LFC:[MD5.3D7FB57354703809B5F0C23287FAC1D6] - 23/02/2012 - 22:29:34 ---A- . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) -- C:\Windows\system32\drivers\nvhda32v.sys [148800] O44 - LFC:[MD5.A435BA6A5146800CC0335972A37CD7FD] - 23/02/2012 - 22:29:34 ---A- . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) -- C:\Windows\system32\nvhdap32.dll [27968] O44 - LFC:[MD5.188A70B814F4C77EA093A1CA34CC8F2D] - 10/02/2012 - 05:13:00 ---A- . (...) -- C:\Windows\system32\nvinfo.pb [8772] O44 - LFC:[MD5.1992D479AC7B804B699EFA8573230C94] - 10/02/2012 - 05:13:00 ---A- . (.Khronos Group - OpenCL Client DLL.) -- C:\Windows\system32\OpenCL.dll [61248] O44 - LFC:[MD5.2941DA00EFD5F801EFE442BABD8B3B6D] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - Display Driver Coinstaller.) -- C:\Windows\system32\nvdispco32.dll [1000256] O44 - LFC:[MD5.5055CA6E2C7041C1557B48CC1E487CAA] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - Generic Coinstaller.) -- C:\Windows\system32\nvgenco32.dll [881984] O44 - LFC:[MD5.9FD158015EE8F3B4971A76BC6E3B520F] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA CUDA Driver, Version 295.73.) -- C:\Windows\system32\nvcuda.dll [5892928] O44 - LFC:[MD5.D592EA592BFC42BBAA64B9A36E11A956] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA CUDA Video Decode API, Version 295.7.) -- C:\Windows\system32\nvcuvid.dll [2517312] O44 - LFC:[MD5.680BF097C8D195109590E8078C71F989] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA CUDA Video Encoder, Version 295.73.) -- C:\Windows\system32\nvcuvenc.dll [2437440] O44 - LFC:[MD5.7E6E761D5C5A4BCF19BA3149310770D2] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA Compatible OpenGL ICD.) -- C:\Windows\system32\nvoglv32.dll [19443520] O44 - LFC:[MD5.AD5DAA753919D0EBCC8CE85031E11550] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA Compiler, Version 295.73.) -- C:\Windows\system32\nvcompiler.dll [17543488] O44 - LFC:[MD5.C2B076639017CAB78DD63FF8F94BDD7C] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA D3D10 Driver, Version 295.73.) -- C:\Windows\system32\nvwgf2um.dll [7713088] O44 - LFC:[MD5.E9511F7F35D6A144C1B5F067209C1CBA] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA NVAPI Library, Version 295.73.) -- C:\Windows\system32\nvapi.dll [2301248] O44 - LFC:[MD5.91C8B1471CD7BDAE2FF6F062E25228BD] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA WDDM D3D Driver, Version 295.73.) -- C:\Windows\system32\nvd3dum.dll [15009600] O44 - LFC:[MD5.F452E6AD3EDA2852F44BE492E283C40F] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version.) -- C:\Windows\system32\drivers\nvlddmkm.sys [10816832] O44 - LFC:[MD5.CCDCF296BF51DD66F6341B188373A78E] - 10/02/2012 - 04:02:06 ---A- . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\nvcpl.dll [3881792] O44 - LFC:[MD5.788FCC23961A7D65372D6BF3709DD39B] - 10/02/2012 - 04:00:44 ---A- . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 295.7.) -- C:\Windows\system32\nvsvc.dll [2719040] O44 - LFC:[MD5.70145ADE9EFE2CE296DD5FC761B4969B] - 10/02/2012 - 04:00:26 ---A- . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 295.7.) -- C:\Windows\system32\nvvsvc.exe [645440] O44 - LFC:[MD5.A9EF3534BFF340D2FEFB052B0DD7C4DB] - 10/02/2012 - 04:00:26 ---A- . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\system32\nvmctray.dll [108352] O44 - LFC:[MD5.216CD1ABF4CEDB5F4554D1E9DC2E4FF6] - 10/02/2012 - 04:00:26 ---A- . (.NVIDIA Corporation - Pas de description.) -- C:\Windows\system32\nvshext.dll [62272] O44 - LFC:[MD5.31C523B4181F48BA6B7DC23EC1861433] - 10/02/2012 - 04:00:25 ---A- . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 295.7.) -- C:\Windows\system32\nvsvcr.dll [2561344] O44 - LFC:[MD5.F86A49D72D156947AB4B1F398F6B98EA] - 09/02/2012 - 20:05:44 ---A- . (...) -- C:\Windows\system32\nvStreaming.exe [416064] ~ Scan Files in 00mn 56s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.DC4E4A3DE35D8AC37DE31443E2DA1DDE] - 01/03/2012 - 17:56:46 ---A- - C:\Windows\Prefetch\REGEDIT.EXE-4748FE01.pf O45 - LFCP:[MD5.F684D4F4798C78695C098378C557F705] - 01/03/2012 - 18:11:45 ---A- - C:\Windows\Prefetch\SNAGIT32.EXE-8916D00C.pf O45 - LFCP:[MD5.9EEB9D9809506B39775C9DC1B4BCE408] - 01/03/2012 - 18:11:46 ---A- - C:\Windows\Prefetch\SNAGPRIV.EXE-D57D688F.pf O45 - LFCP:[MD5.874A9843B7977FC72791FE01E5FD1700] - 01/03/2012 - 19:14:13 ---A- - C:\Windows\Prefetch\DEFRAG.EXE-738093E8.pf O45 - LFCP:[MD5.EC36C99014EDAF3E75CAF7CB9508405D] - 01/03/2012 - 19:14:16 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-8DA0BAAD.pf O45 - LFCP:[MD5.66E32096BFBB7516EDF594986F03105B] - 01/03/2012 - 19:24:05 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-F452D79D.pf O45 - LFCP:[MD5.841020C9DF444D917F707737C5CF5FD2] - 01/03/2012 - 19:24:10 ---A- - C:\Windows\Prefetch\VSSVC.EXE-04D079CC.pf O45 - LFCP:[MD5.BF22C90674CC3435F9713634CF97B843] - 01/03/2012 - 20:19:17 ---A- - C:\Windows\Prefetch\WMPNSCFG.EXE-DF1DD51A.pf O45 - LFCP:[MD5.E0CB244FA1BDB784CEBC79986244184D] - 01/03/2012 - 20:24:47 ---A- - C:\Windows\Prefetch\CLEANMGR.EXE-B508FB28.pf O45 - LFCP:[MD5.6A5AE77C1BCDB25002D2E12C96FD6547] - 01/03/2012 - 21:21:14 ---A- - C:\Windows\Prefetch\MSFEEDSSYNC.EXE-1F01ED17.pf O45 - LFCP:[MD5.0D5CB7101B4A26B3A8F11E9D5F281286] - 01/03/2012 - 23:41:18 ---A- - C:\Windows\Prefetch\TASKMGR.EXE-72398DC0.pf O45 - LFCP:[MD5.7F89819BC9D10E912581975143776CF2] - 01/03/2012 - 23:41:52 ---A- - C:\Windows\Prefetch\CCLEANER.EXE-CC440CDB.pf O45 - LFCP:[MD5.5FE33C8AB84A8E8F09843C1ABEE773B5] - 02/03/2012 - 03:05:49 ---A- - C:\Windows\Prefetch\LOGONUI.EXE-1BEE4A84.pf O45 - LFCP:[MD5.1D811B16A4E5FE5A417637FBE33E376E] - 02/03/2012 - 03:06:15 ---A- - C:\Windows\Prefetch\SMCGUI.EXE-3A816A45.pf O45 - LFCP:[MD5.1C35146D701D4891C1FBC82E21D88323] - 02/03/2012 - 03:07:08 ---A- - C:\Windows\Prefetch\PfSvPerfStats.bin O45 - LFCP:[MD5.A748E05C293F2A82BE3669BB17B9037D] - 02/03/2012 - 09:54:22 ---A- - C:\Windows\Prefetch\ATBROKER.EXE-FF58B71D.pf O45 - LFCP:[MD5.52A1CC693EBE48F3E098238E143F06EE] - 02/03/2012 - 09:54:22 ---A- - C:\Windows\Prefetch\DWM.EXE-AEABE78B.pf O45 - LFCP:[MD5.2D12A98A03403AC87C093BB3170158C5] - 02/03/2012 - 09:54:22 ---A- - C:\Windows\Prefetch\EXPLORER.EXE-7A3328DA.pf O45 - LFCP:[MD5.47697F7DF4E9D511BAFEB6E1C5A19539] - 02/03/2012 - 09:54:22 ---A- - C:\Windows\Prefetch\SPOOLSV.EXE-E4D0FF39.pf O45 - LFCP:[MD5.068D28F858712133B3EB66ABB193F2F4] - 02/03/2012 - 09:54:22 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-11B57953.pf O45 - LFCP:[MD5.B165A1BF47ABD79B940938CF7D78F89F] - 02/03/2012 - 09:54:22 ---A- - C:\Windows\Prefetch\USERINIT.EXE-F39AB672.pf O45 - LFCP:[MD5.74BC4336B2EAFA7DBA759F593AB63812] - 02/03/2012 - 09:54:52 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-53B78AD0.pf O45 - LFCP:[MD5.8D20AF2869B668DFE771AC9AF5DBC3C2] - 02/03/2012 - 09:55:48 ---A- - C:\Windows\Prefetch\MSCORSVW.EXE-FAA88858.pf O45 - LFCP:[MD5.06E30D9A06A604299B35E863642600AE] - 02/03/2012 - 09:55:59 ---A- - C:\Windows\Prefetch\MBAMSERVICE.EXE-CACDA1F4.pf O45 - LFCP:[MD5.FADAEA9E5133061CE657D8B077870E9E] - 02/03/2012 - 09:56:01 ---A- - C:\Windows\Prefetch\DAEMONU.EXE-71078F74.pf O45 - LFCP:[MD5.FFB6EE3194F870EFF8105CE4CA1A6E23] - 02/03/2012 - 09:57:55 ---A- - C:\Windows\Prefetch\WMIADAP.EXE-369DF1CD.pf O45 - LFCP:[MD5.7034A387E0DBB9B2568C2E959C5121B8] - 02/03/2012 - 10:06:46 ---A- - C:\Windows\Prefetch\WERMGR.EXE-2A1BCBC7.pf O45 - LFCP:[MD5.2D0A8156FC52537638BDA93CF4DBCE9C] - 02/03/2012 - 10:06:48 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-D40FB18A.pf O45 - LFCP:[MD5.94EBC2340437EACDD2D5AA385FACE4B1] - 02/03/2012 - 10:08:31 ---A- - C:\Windows\Prefetch\FIREFOX.EXE-E60C0AA7.pf O45 - LFCP:[MD5.FC65E9796F719A0949E5AB5A62F872B7] - 02/03/2012 - 10:08:52 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-E2054E7F.pf O45 - LFCP:[MD5.FF14F8100DDF31ECE3F52CC397E0778F] - 02/03/2012 - 10:50:12 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-AFD98684.pf O45 - LFCP:[MD5.46DC36338E19E5C51555644021EDBD06] - 02/03/2012 - 10:51:48 ---A- - C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-1D5F6C6B.pf O45 - LFCP:[MD5.FADF9E383EBB55942233F23977B0E4F0] - 02/03/2012 - 11:35:03 ---A- - C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-031B6478.pf O45 - LFCP:[MD5.AAA2E6574F1DDE11C1317967726C11C6] - 02/03/2012 - 12:26:05 ---A- - C:\Windows\Prefetch\IGFXSRVC.EXE-67E7A62F.pf O45 - LFCP:[MD5.B18DADA05424DB8D3CF9417C7C7A529C] - 02/03/2012 - 12:28:01 ---A- - C:\Windows\Prefetch\NOTEPAD.EXE-EB1B961A.pf O45 - LFCP:[MD5.1CEF91067464E1B768CBA379B3B09D13] - 02/03/2012 - 12:33:55 ---A- - C:\Windows\Prefetch\MSOXMLED.EXE-C7C6174E.pf O45 - LFCP:[MD5.E7C5165BF0FE1878CBB2954C4A01D773] - 02/03/2012 - 12:34:01 ---A- - C:\Windows\Prefetch\IEXPLORE.EXE-1B894AFB.pf O45 - LFCP:[MD5.880E3AA1E3F08081B03C416E3AD37D07] - 02/03/2012 - 12:34:04 ---A- - C:\Windows\Prefetch\PREVHOST.EXE-205F609A.pf O45 - LFCP:[MD5.A4C5ED45BDE2120CA3081F7C153322B8] - 02/03/2012 - 12:38:27 ---A- - C:\Windows\Prefetch\SYMCORPUI.EXE-9552AFDC.pf O45 - LFCP:[MD5.6A992405226EC431E6FFBBC8C52ED0E6] - 02/03/2012 - 12:39:24 ---A- - C:\Windows\Prefetch\DWHWIZRD.EXE-3820D06C.pf O45 - LFCP:[MD5.B5C224697BCA05566B458977D9747AEE] - 02/03/2012 - 12:39:51 ---A- - C:\Windows\Prefetch\SAVUI.EXE-24D69985.pf O45 - LFCP:[MD5.194C6E9B77A4907664CA784571C0BAC8] - 02/03/2012 - 13:11:42 ---A- - C:\Windows\Prefetch\LUCALLBACKPROXY.EXE-9EFD4A00.pf O45 - LFCP:[MD5.699709683D392D2D88A5FBB454EF921C] - 02/03/2012 - 13:11:50 ---A- - C:\Windows\Prefetch\LUALL.EXE-C73A48CA.pf O45 - LFCP:[MD5.23DEFAE08F062AA2C9B42348260B1B34] - 02/03/2012 - 13:11:51 ---A- - C:\Windows\Prefetch\LUCOMS~1.EXE-95D7A512.pf O45 - LFCP:[MD5.CBC9C8F1D12C5DDBE9445AAC6EB8C226] - 02/03/2012 - 13:11:51 ---A- - C:\Windows\Prefetch\SESCLU.EXE-3C84D030.pf O45 - LFCP:[MD5.3FEC5F334C65F0F95CEABCE3EC93274C] - 02/03/2012 - 13:22:53 ---A- - C:\Windows\Prefetch\Layout.ini O45 - LFCP:[MD5.E37FA4F31593259652ADCBEF0DF67299] - 02/03/2012 - 13:28:10 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-6202E8F2.pf O45 - LFCP:[MD5.C415188A58CE2D98635E46787A45B5C9] - 02/03/2012 - 13:29:19 ---A- - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-501933425-2476989565-1232407324-1000.db O45 - LFCP:[MD5.210A9F3D5272B27A6BF017722FE16AF5] - 02/03/2012 - 13:29:19 ---A- - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-501933425-2476989565-1232407324-1000.db O45 - LFCP:[MD5.7E1DD4589CFC89C6ABB3BCDBEE90969A] - 02/03/2012 - 13:42:45 ---A- - C:\Windows\Prefetch\V8A0I9CB.EXE-640230D8.pf O45 - LFCP:[MD5.1ECC2A4963C9D6A1FF4A9F65BF555DCA] - 02/03/2012 - 13:50:36 ---A- - C:\Windows\Prefetch\ACRORD32.EXE-33939BD1.pf O45 - LFCP:[MD5.E1F8264EC53339C86D950029DBD1EBCC] - 02/03/2012 - 13:54:05 ---A- - C:\Windows\Prefetch\REGSVR32.EXE-55A4EE79.pf O45 - LFCP:[MD5.0F32E5E8D0EDD61F6DE4CD4450FE1889] - 02/03/2012 - 13:54:15 ---A- - C:\Windows\Prefetch\MBAM.EXE-CD3441D7.pf O45 - LFCP:[MD5.53A4BA9689EAE2DA19D7D4E2907B9546] - 02/03/2012 - 14:00:05 ---A- - C:\Windows\Prefetch\WINDOWSLIVEPHOTOVIEWER.EXE-6106E219.pf O45 - LFCP:[MD5.95FD8BB0F87CBF3D483E3689C800F4E0] - 02/03/2012 - 14:00:27 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-71214090.pf O45 - LFCP:[MD5.BC97582586240A8EA9E56A70329B454F] - 02/03/2012 - 14:06:09 ---A- - C:\Windows\Prefetch\OUTLOOK.EXE-B9F191EB.pf O45 - LFCP:[MD5.8128F254CC1EAC588967A9577CF0D786] - 02/03/2012 - 14:26:19 ---A- - C:\Windows\Prefetch\FACEBOOKUPDATE.EXE-956D9D42.pf O45 - LFCP:[MD5.DC8ADFBB3F793F3BBE43140783F5672C] - 02/03/2012 - 14:30:33 ---A- - C:\Windows\Prefetch\WERFAULT.EXE-B7E27BE5.pf O45 - LFCP:[MD5.22643B23D749D02682C6BE2C5F85404C] - 02/03/2012 - 14:43:41 ---A- - C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-AA7A1FDD.pf O45 - LFCP:[MD5.542D27A4B6CB32C85C7C9650A395C740] - 02/03/2012 - 14:43:41 ---A- - C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-AFAD3EF9.pf O45 - LFCP:[MD5.339F1DA85DABE57B9A86E0DC0B86231B] - 02/03/2012 - 14:58:06 ---A- - C:\Windows\Prefetch\MSNMSGR.EXE-DD43BBF4.pf O45 - LFCP:[MD5.AD63BAB155E74B0E505B243F9A2A143D] - 02/03/2012 - 15:02:12 ---A- - C:\Windows\Prefetch\GOOGLEUPDATE.EXE-8973CEDD.pf O45 - LFCP:[MD5.544EBE40943C72FDD936B85AF62AEFC4] - 02/03/2012 - 15:02:14 ---A- - C:\Windows\Prefetch\TASKENG.EXE-5BAF290C.pf O45 - LFCP:[MD5.7EAC2672581B500AD70E4C04AB049CD7] - 02/03/2012 - 15:04:20 ---A- - C:\Windows\Prefetch\NOTEPAD.EXE-3D2AFDB4.pf O45 - LFCP:[MD5.39516545C40BFA2D5546D7537998B0E4] - 02/03/2012 - 15:04:53 ---A- - C:\Windows\Prefetch\AgGlFaultHistory.db O45 - LFCP:[MD5.716B896E0BA2F164D2BB62B28CA0731D] - 02/03/2012 - 15:04:53 ---A- - C:\Windows\Prefetch\AgGlFgAppHistory.db O45 - LFCP:[MD5.38C48E2BB9C3D5302CE592D87107C317] - 02/03/2012 - 15:04:53 ---A- - C:\Windows\Prefetch\AgGlGlobalHistory.db O45 - LFCP:[MD5.B3D6665ED5BDB25860F3A8F007BE0C1A] - 02/03/2012 - 15:04:53 ---A- - C:\Windows\Prefetch\AgRobust.db O45 - LFCP:[MD5.B6B10270C7A28F879E1471061E392F0B] - 02/03/2012 - 15:13:27 ---A- - C:\Windows\Prefetch\TASKHOST.EXE-437C05A8.pf O45 - LFCP:[MD5.CD60C15BCF316AF287F45F9614A5E4BD] - 02/03/2012 - 15:15:47 ---A- - C:\Windows\Prefetch\WLCOMM.EXE-648065CA.pf O45 - LFCP:[MD5.048C95ABB1A480135E702D421D0D5F1B] - 02/03/2012 - 15:15:55 ---A- - C:\Windows\Prefetch\AUDIODG.EXE-D0D776AC.pf O45 - LFCP:[MD5.FAAC1F62D7E265A14D7275A6E9F4ACF8] - 02/03/2012 - 15:20:11 ---A- - C:\Windows\Prefetch\TS3CLIENT_WIN32.EXE-875B5789.pf O45 - LFCP:[MD5.04F4E0E6E2CAB22FE5849D119A8A0FD4] - 02/03/2012 - 15:26:55 ---A- - C:\Windows\Prefetch\CONSENT.EXE-65F6206D.pf O45 - LFCP:[MD5.81C375B71B6670CFB5A32994B3C92C58] - 02/03/2012 - 15:27:00 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-893DDF55.pf O45 - LFCP:[MD5.E9694238168BDAE456F8FFA1AD8C8F11] - 02/03/2012 - 15:27:05 ---A- - C:\Windows\Prefetch\ZHPDIAG.EXE-9D0EE457.pf O45 - LFCP:[MD5.06151EF6E6B69F43444AA35593A6BC85] - 02/03/2012 - 15:28:07 ---A- - C:\Windows\Prefetch\CONHOST.EXE-3218E401.pf O45 - LFCP:[MD5.B57272D348C363DBA18100EA46AB1BF1] - 02/03/2012 - 15:28:07 ---A- - C:\Windows\Prefetch\CSCRIPT.EXE-E4C98DEB.pf O45 - LFCP:[MD5.13ABEF422AF3F48DD09E375D9734EFFF] - 02/03/2012 - 15:28:12 ---A- - C:\Windows\Prefetch\WMIPRVSE.EXE-43972D0F.pf O45 - LFCP:[MD5.35E78A0FF043E0FBD9BD93CA164108AF] - 02/03/2012 - 15:28:13 ---A- - C:\Windows\Prefetch\SPPSVC.EXE-CBE91656.pf O45 - LFCP:[MD5.312DA2D3F2F2B7001EF8A8249D6146AF] - 02/03/2012 - 15:28:24 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-93CEEE07.pf O45 - LFCP:[MD5.3747AEEE3617C3196C79324659FCC330] - 02/03/2012 - 15:28:29 ---A- - C:\Windows\Prefetch\PV.EXE-8E63E86A.pf O45 - LFCP:[MD5.8BB581835F084853F1E466585A743F60] - 02/03/2012 - 15:28:48 ---A- - C:\Windows\Prefetch\CMD.EXE-89305D47.pf O45 - LFCP:[MD5.83F5D579EC53F2B5B4F2649C5CF48199] - 02/03/2012 - 15:28:48 ---A- - C:\Windows\Prefetch\SCHTASKS.EXE-2DE769BF.pf O45 - LFCP:[MD5.D718AFAE0178C28ECDFABDAE98BCBB41] - 26/02/2012 - 01:17:03 ---A- - C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf O45 - LFCP:[MD5.37A795C43426DC3899B266373DEBA6AB] - 26/02/2012 - 01:19:05 ---A- - C:\Windows\Prefetch\AgCx_SC4.db ~ Scan Prefetcher in 00mn 02s ---\\ Déni du service (Local Security Authority) (O48) O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l’Éditeur de configuration de sécurité Windows.) -- C:\Windows\System32\scecli.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Package de sécurité Kerberos.) -- C:\Windows\System32\kerberos.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\TSpkg.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corp. - LiveSSP.) -- C:\Windows\System32\LIVESSP.dll ~ Scan Keys in 00mn 00s ---\\ Contrôle du Safe Boot (CSB) (O49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\system32\Drivers\ipnat.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\system32\Drivers\nsiproxy.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\system32\Drivers\rdpencdd.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys ~ Scan CSB in 00mn 00s ---\\ MountPoints2 Shell Key (O51) (None) ---\\ Trojan Driver Search Data (HKLM) (O52) O52 - TDSD: \Drivers32\"VIDC.I420"="lvcodec2.dll" . (.Logitech Inc. - Video Codec.) -- C:\Windows\System32\lvcodec2.dll O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\iccvid.dll O52 - TDSD: \Drivers32\"VIDC.XFR1"="xfcodec.dll" . (.Pas de propriétaire - Xfire Video Codec.) -- C:\Windows\System32\xfcodec.dll O52 - TDSD: \Drivers32\"vidc.VP60"="C:\Windows\system32\vp6vfw.dll" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll O52 - TDSD: \Drivers32\"vidc.VP61"="C:\Windows\system32\vp6vfw.dll" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm O52 - TDSD: \drivers.desc\"xfcodec.dll"="Xfire video codec [XFR1]" . (.Pas de propriétaire - Xfire Video Codec.) -- C:\Windows\System32\xfcodec.dll O52 - TDSD: \drivers.desc\"vp6vfw.dll"="EA VP6 Codec" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll ~ Scan Keys in 00mn 00s ---\\ ShareTools MSconfig StartupReg (O53) (None) ---\\ Microsoft Control Security Providers (O54) O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll ~ Scan Keys in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5 O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3 O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1 O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0 O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"= O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"= O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0 O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ Scan Keys in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [422976] O58 - SDL:[MD5.0C676BC278D5B59FF5ABD57BBE9123F2] - 14/07/2009 - 02:26:17 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [297552] O58 - SDL:[MD5.7C7B5EE4B7B822EC85321FE23A27DB33] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\system32\drivers\adpu320.sys [146512] O58 - SDL:[MD5.0D40BCF52EA90FC7DF2AEAB6503DEA44] - 14/07/2009 - 02:26:15 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [14400] O58 - SDL:[MD5.D320BF87125326F996D4904FE24300FC] - 11/03/2011 - 06:38:37 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\system32\drivers\amdsata.sys [80256] O58 - SDL:[MD5.EA43AF0C423FF267355F74E7A53BDABA] - 14/07/2009 - 02:26:15 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows fa.) -- C:\Windows\system32\drivers\amdsbs.sys [159312] O58 - SDL:[MD5.46387FB17B086D16DEA267D5BE23A2F2] - 11/03/2011 - 06:38:37 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\system32\drivers\amdxata.sys [22400] O58 - SDL:[MD5.2932004F49677BD84DBC72EDB754FFB3] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [76368] O58 - SDL:[MD5.5D6F36C46FD283AE1B57BD2E9FEB0BC7] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [86608] O58 - SDL:[MD5.CBE71C122434805CB73FFB6619F60598] - 16/07/2009 - 04:36:30 ---A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\Windows\system32\drivers\ASACPI.sys [13216] O58 - SDL:[MD5.19166026A93206F9C6A8CD3A1F010AE4] - 02/04/2009 - 13:30:14 ---A- . (...) -- C:\Windows\system32\drivers\ASUSHWIO.SYS [10296] O58 - SDL:[MD5.BD8869EB9CDE6BBE4508D869929869EE] - 13/07/2009 - 23:02:49 ---A- . (.Broadcom Corporation - Pilote unifié NDIS6.x Broadcom NetXtreme Gigabit Ethernet..) -- C:\Windows\system32\drivers\b57nd60x.sys [229888] O58 - SDL:[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - 13/07/2009 - 23:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [13568] O58 - SDL:[MD5.56801AD62213A41F6497F96DEE83755A] - 13/07/2009 - 23:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [5248] O58 - SDL:[MD5.845B8CE732E67F3B4133164868C666EA] - 14/07/2009 - 01:57:25 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [272128] O58 - SDL:[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - 13/07/2009 - 23:53:32 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [62336] O58 - SDL:[MD5.BD456606156BA17E60A04E18016AE54B] - 13/07/2009 - 23:53:33 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [12160] O58 - SDL:[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - 13/07/2009 - 23:53:33 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [11904] O58 - SDL:[MD5.1A231ABEC60FD316EC54C66715543CEC] - 13/07/2009 - 23:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\system32\drivers\bxvbdx.sys [430080] O58 - SDL:[MD5.0F5CA31BB3FDB5C1E63C170CFBECC93B] - 03/02/2007 - 10:25:56 ---A- . (.Logitech Inc. - Universal Serial Bus Camera Driver.) -- C:\Windows\system32\drivers\Camdrl.sys [1075360] O58 - SDL:[MD5.C537B1DB64D495B9B4717B4D6D9EDBF2] - 14/07/2009 - 02:26:21 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [15952] O58 - SDL:[MD5.8B30250D573A8F6B4BD23195160D8707] - 14/07/2009 - 02:20:28 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys [70720] O58 - SDL:[MD5.44996A2ADDD2DB7454F2CA40B67D8941] - 17/12/2009 - 23:25:12 ---A- . (.Elaborate Bytes AG - ElbyCD Windows NT/2000/XP I/O driver.) -- C:\Windows\system32\drivers\ElbyCDIO.sys [26024] O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [453712] O58 - SDL:[MD5.024E1B5CAC09731E4D868E64DBFB4AB0] - 13/07/2009 - 23:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\system32\drivers\evbdx.sys [3100160] O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\system32\drivers\hcw85cir.sys [26624] O58 - SDL:[MD5.295FDC419039090EB8B49FFDBB374549] - 14/07/2009 - 02:20:28 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\system32\drivers\HpSAMD.sys [67152] O58 - SDL:[MD5.5CD5F9A5444E6CDCB0AC89BD62D8B76E] - 11/03/2011 - 06:38:51 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\system32\drivers\iaStorV.sys [332160] O58 - SDL:[MD5.9467514EA189475A6E7FDC5D7BDE9D3F] - 23/09/2009 - 19:18:14 ---A- . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\system32\drivers\igdkmd32.sys [4808192] O58 - SDL:[MD5.4173FF5708F3236CF25195FECD742915] - 14/07/2009 - 02:20:36 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [41040] O58 - SDL:[MD5.F7CDABA15C7E853F0A11AF6D77FCA990] - 23/08/2009 - 04:06:38 ---A- . (.Atheros Communications, Inc. - Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20.) -- C:\Windows\system32\drivers\L1E62x86.sys [48640] O58 - SDL:[MD5.EB119A53CCF2ACC000AC71B065B78FEF] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [95824] O58 - SDL:[MD5.8ADE1C877256A22E49B75D1CC9161F9C] - 14/07/2009 - 02:20:37 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [89168] O58 - SDL:[MD5.DC9DC3D3DAA0E276FD2EC262E38B11E9] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas2.sys [54864] O58 - SDL:[MD5.0A036C7D7CAB643A7F07135AC47E0524] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [96848] O58 - SDL:[MD5.64BC29C3A0388BFC580BB8B1346F7659] - 03/02/2007 - 10:32:36 ---A- . (.Logitech Inc. - USB Statistic Driver.) -- C:\Windows\system32\drivers\LVUSBSta.sys [41504] O58 - SDL:[MD5.B7CA8CC3F978201856B6AB82F40953C3] - 10/12/2011 - 15:24:06 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys [20464] O58 - SDL:[MD5.0FFF5B045293002AB38EB1FD1FC2FB74] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7 for x86.) -- C:\Windows\system32\drivers\megasas.sys [30800] O58 - SDL:[MD5.DCBAB2920C75F390CAF1D29F675D03D6] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys [235584] O58 - SDL:[MD5.1D85C4B390B0EE09C7A46B91EFB2C097] - 14/07/2009 - 02:20:44 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [44624] O58 - SDL:[MD5.3D7FB57354703809B5F0C23287FAC1D6] - 17/01/2012 - 13:45:56 ---A- . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) -- C:\Windows\system32\drivers\nvhda32v.sys [148800] O58 - SDL:[MD5.F452E6AD3EDA2852F44BE492E283C40F] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 295.73.) -- C:\Windows\system32\drivers\nvlddmkm.sys [10816832] O58 - SDL:[MD5.B3E25EE28883877076E0E1FF877D02E0] - 11/03/2011 - 06:39:00 ---A- . (.NVIDIA Corporation - NVIDIA® nForce RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [117120] O58 - SDL:[MD5.4380E59A170D88C4F1022EFF6719A8A4] - 11/03/2011 - 06:39:00 ---A- . (.NVIDIA Corporation - NVIDIA® nForce Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [143744] O58 - SDL:[MD5.8BB94087CEF0256F5EAD973D7524BF58] - 29/12/2011 - 18:17:23 ---A- . (...) -- C:\Windows\system32\drivers\PnkBstrK.sys [22328] O58 - SDL:[MD5.AB95ECF1F6659A60DDC166D8315B0751] - 14/07/2009 - 02:19:04 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [1383488] O58 - SDL:[MD5.B4DD51DD25182244B86737DC51AF2270] - 14/07/2009 - 02:19:04 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [106064] O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/07/2009 - 21:50:20 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys [20480] O58 - SDL:[MD5.A9F0486851BECB6DDA1D89D381E71055] - 14/07/2009 - 02:19:04 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\system32\drivers\sisraid2.sys [40016] O58 - SDL:[MD5.3727097B55738E2F554972C3BE5BC1AA] - 14/07/2009 - 02:19:04 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys [77888] O58 - SDL:[MD5.5A293729E1F9FCE3A2106D1F5DC5E98A] - 08/03/2010 - 12:59:14 ---A- . (.Symantec Corporation - Symantec AutoProtect.) -- C:\Windows\system32\drivers\srtsp.sys [283184] O58 - SDL:[MD5.0DDB7FBA32BE09D8057063C0CEE24137] - 08/03/2010 - 12:59:14 ---A- . (.Symantec Corporation - Symantec AutoProtect.) -- C:\Windows\system32\drivers\srtspl.sys [320944] O58 - SDL:[MD5.A99719DFB61B61AA5026341BBB733C0A] - 08/03/2010 - 12:59:14 ---A- . (.Symantec Corporation - Symantec AutoProtect.) -- C:\Windows\system32\drivers\srtspx.sys [43696] O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 14/07/2009 - 02:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\system32\drivers\stexstor.sys [21072] O58 - SDL:[MD5.51B57CDA977170AC608D839DBFA1D3EE] - 03/09/2009 - 16:03:48 ---A- . (.Symantec Corporation - DNS Filter Driver.) -- C:\Windows\system32\drivers\symdns.sys [12720] O58 - SDL:[MD5.A54FF04BD6E75DC4D8CB6F3E352635E0] - 24/02/2011 - 19:29:35 ---A- . (.Symantec Corporation - Symantec Event Library.) -- C:\Windows\system32\drivers\SYMEVENT.SYS [124976] O58 - SDL:[MD5.A131D8360B01044517AA44529E2137D6] - 03/09/2009 - 16:03:48 ---A- . (.Symantec Corporation - Firewall Filter Driver.) -- C:\Windows\system32\drivers\symfw.sys [145968] O58 - SDL:[MD5.2B77868F02DAE02103380B824431B798] - 03/09/2009 - 16:03:48 ---A- . (.Symantec Corporation - IDS Filter Driver.) -- C:\Windows\system32\drivers\symids.sys [39856] O58 - SDL:[MD5.7D3ADDFE63E5227BD2DBD5692BAFB688] - 03/09/2009 - 16:03:52 ---A- . (.Symantec Corporation - NDIS Filter Driver.) -- C:\Windows\system32\drivers\symndisv.sys [38448] O58 - SDL:[MD5.394B2368212114D538316812AF60FDDD] - 03/09/2009 - 16:03:48 ---A- . (.Symantec Corporation - Redirector Filter Driver.) -- C:\Windows\system32\drivers\symredrv.sys [26416] O58 - SDL:[MD5.D46676BB414C7531BDFFE637A33F5033] - 03/09/2009 - 16:03:48 ---A- . (.Symantec Corporation - Network Dispatch Driver.) -- C:\Windows\system32\drivers\symtdi.sys [188080] O58 - SDL:[MD5.94D73B62E458FB56C9CE60AA96D914F9] - 09/08/2009 - 22:25:56 ---A- . (.Elaborate Bytes AG - VirtualCloneCD Driver.) -- C:\Windows\system32\drivers\VClone.sys [29696] O58 - SDL:[MD5.E43574F6A56A0EE11809B48C09E4FD3C] - 14/07/2009 - 02:19:10 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys [16976] O58 - SDL:[MD5.9DFA0CC2F8855A04816729651175B631] - 14/07/2009 - 02:19:11 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys [141904] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\system32\ANSI.SYS [9029] O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 22:40:44 ---A- . (...) -- C:\Windows\system32\country.sys [27097] O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 22:40:40 ---A- . (...) -- C:\Windows\system32\HIMEM.SYS [4768] O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\system32\KEY01.SYS [42809] O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\system32\KEYBOARD.SYS [42537] O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 22:40:23 ---A- . (...) -- C:\Windows\system32\NTDOS.SYS [27866] O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 22:40:31 ---A- . (...) -- C:\Windows\system32\NTDOS404.SYS [29146] O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 22:40:35 ---A- . (...) -- C:\Windows\system32\NTDOS411.SYS [29370] O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 22:40:39 ---A- . (...) -- C:\Windows\system32\NTDOS412.SYS [29274] O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 22:40:27 ---A- . (...) -- C:\Windows\system32\NTDOS804.SYS [29146] O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 22:40:11 ---A- . (...) -- C:\Windows\system32\NTIO.SYS [33952] O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 22:40:15 ---A- . (...) -- C:\Windows\system32\NTIO404.SYS [34672] O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 22:40:17 ---A- . (...) -- C:\Windows\system32\NTIO411.SYS [35776] O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 22:40:19 ---A- . (...) -- C:\Windows\system32\NTIO412.SYS [35536] O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 22:40:13 ---A- . (...) -- C:\Windows\system32\NTIO804.SYS [34672] ~ Scan Drivers in 00mn 04s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\CATALOG.DAT [3714] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\ESRDEF.BIN [7220045] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\TCDEFS.DAT [27594416] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\TCSCAN7.DAT [23986652] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\TCSCAN8.DAT [179342] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\TCSCAN9.DAT [696000] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\TINF.DAT [453] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\TINFL.DAT [1957] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\TSCAN1.DAT [74646] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\V.GRD [5257] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\V.SIG [2609] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\V1.SIG [2266] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\VIRSCAN1.DAT [1068187] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\VIRSCAN2.DAT [574728] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\VIRSCAN3.DAT [158096] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\VIRSCAN4.DAT [320439] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\VIRSCAN5.DAT [16243155] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\VIRSCAN6.DAT [399471] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\VIRSCAN7.DAT [239646130] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\VIRSCAN8.DAT [1023024] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\VIRSCAN9.DAT [6609958] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\WHATSNEW.TXT [41437] O61 - LFC:Last File Created 01/03/2012 - 11:31:04 ---A- C:\Users\CELSO\AppData\Roaming\Microsoft\Office\VB12.pip [144] O61 - LFC:Last File Created 01/03/2012 - 11:35:23 ---A- C:\Users\CELSO\AppData\Local\Symantec\Symantec Endpoint Protection\Logs\03012012.Log [12633729] O61 - LFC:Last File Created 01/03/2012 - 12:04:08 ---A- C:\Users\CELSO\AppData\Roaming\Microsoft\Office\Excel12.pip [1548] O61 - LFC:Last File Created 01/03/2012 - 12:33:39 ---A- C:\Users\All Users\Symantec\LiveUpdate\6.Product.Inventory.LiveUpdate [3040] O61 - LFC:Last File Created 01/03/2012 - 12:33:39 R--A- C:\Users\All Users\Symantec\LiveUpdate\6.Settings.LiveUpdate [510528] O61 - LFC:Last File Created 01/03/2012 - 12:34:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\umcat_01.db [1312051] O61 - LFC:Last File Created 01/03/2012 - 12:34:05 ---A- C:\Users\All Users\Symantec\LiveUpdate\5.Product.Inventory.LiveUpdate [2992] O61 - LFC:Last File Created 01/03/2012 - 12:34:05 R--A- C:\Users\All Users\Symantec\LiveUpdate\5.Settings.LiveUpdate [510528] O61 - LFC:Last File Created 01/03/2012 - 12:51:01 ---A- C:\Users\CELSO\Downloads\ZHPDiag2.exe [3903203] O61 - LFC:Last File Created 01/03/2012 - 14:16:56 R--A- C:\Users\All Users\Symantec\LiveUpdate\4.Settings.LiveUpdate [510528] O61 - LFC:Last File Created 01/03/2012 - 14:16:57 ---A- C:\Users\All Users\Symantec\LiveUpdate\4.Product.Inventory.LiveUpdate [2992] O61 - LFC:Last File Created 01/03/2012 - 15:54:23 ---A- C:\Users\All Users\NVIDIA\Resource.old [1139961] O61 - LFC:Last File Created 01/03/2012 - 15:55:11 R--A- C:\Users\All Users\Symantec\LiveUpdate\3.Settings.LiveUpdate [510528] O61 - LFC:Last File Created 01/03/2012 - 15:55:12 ---A- C:\Users\All Users\Symantec\LiveUpdate\3.Product.Inventory.LiveUpdate [2992] O61 - LFC:Last File Created 01/03/2012 - 15:55:33 ---A- C:\Users\All Users\Symantec\Symantec Endpoint Protection\Logs\03012012.Log [12015454] O61 - LFC:Last File Created 01/03/2012 - 15:57:02 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-2012-03-01.txt [2656] O61 - LFC:Last File Created 01/03/2012 - 18:12:12 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DataStore\AppIcons\ZHPFix.exe.Nettoyeur de rapport ZHPDiag.Nicolas Coolman.1.1.2.3380.ico [16478] O61 - LFC:Last File Created 01/03/2012 - 18:12:12 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DataStore\AppIcons\explorer.exe.Explorateur Windows.Microsoft Corporation.6.1.7601.17567.ico [187373] O61 - LFC:Last File Created 01/03/2012 - 18:12:12 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DataStore\AppIcons\firefox.exe.Firefox.Mozilla Corporation.10.0.2.0.ico [295606] O61 - LFC:Last File Created 01/03/2012 - 18:24:02 ---A- C:\Users\CELSO\AppData\Local\Temp\5454231.od [134] O61 - LFC:Last File Created 01/03/2012 - 18:24:02 ---A- C:\Users\CELSO\AppData\Local\Temp\CVR3997.tmp.cvr [0] O61 - LFC:Last File Created 01/03/2012 - 18:42:01 ---A- C:\Users\CELSO\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC [1164] O61 - LFC:Last File Created 01/03/2012 - 20:43:49 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\EH2c3YNpItgAvkVJFx+swrz9tqQ= [22245] O61 - LFC:Last File Created 01/03/2012 - 21:29:47 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\fCaQjDMHcU0YaYwab1DzQzEcHc8= [27470] O61 - LFC:Last File Created 01/03/2012 - 21:48:00 ---A- C:\Users\CELSO\Downloads\Replays.rar [13840131] O61 - LFC:Last File Created 01/03/2012 - 23:16:24 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\T8Ufk8dNAknNYO2LQZRZB2qr+eQ= [2355] O61 - LFC:Last File Created 01/03/2012 - 23:17:51 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\UZnPQ2FW1QKnUT04RMrne1PzjAnY= [3434] O61 - LFC:Last File Created 01/03/2012 - 23:55:08 ---A- C:\Users\CELSO\AppData\Local\Temp\25319898.od [134] O61 - LFC:Last File Created 01/03/2012 - 23:55:08 ---A- C:\Users\CELSO\AppData\Local\Temp\CVR59CA.tmp.cvr [0] O61 - LFC:Last File Created 01/03/2012 - 23:59:59 ---A- C:\Users\All Users\Symantec\Symantec Endpoint Protection\Logs\02292012.Log [4263676] O61 - LFC:Last File Created 01/03/2012 - 23:59:59 ---A- C:\Users\CELSO\AppData\Local\Symantec\Symantec Endpoint Protection\Logs\02292012.Log [4261261] O61 - LFC:Last File Created 02/03/2012 - 00:15:58 ---A- C:\Users\CELSO\AppData\Local\Temp\26570402.od [134] O61 - LFC:Last File Created 02/03/2012 - 00:15:58 ---A- C:\Users\CELSO\AppData\Local\Temp\CVR6EA2.tmp.cvr [0] O61 - LFC:Last File Created 02/03/2012 - 03:05:45 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\Tray.bin [1520] O61 - LFC:Last File Created 02/03/2012 - 03:05:48 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DrawQuickStyles.xml [74] O61 - LFC:Last File Created 02/03/2012 - 03:05:48 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\ImageQuickStyles.xml [80] O61 - LFC:Last File Created 02/03/2012 - 03:06:04 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DataStore\SnagIt900.sdf [479232] O61 - LFC:Last File Created 02/03/2012 - 03:06:46 ---A- C:\Users\All Users\Symantec\Common Client\settings.bak [215060] O61 - LFC:Last File Created 02/03/2012 - 03:06:46 ---A- C:\Users\All Users\Symantec\Common Client\settings.dat [215060] O61 - LFC:Last File Created 02/03/2012 - 03:06:53 ---A- C:\Users\All Users\Symantec\SavSubEng\submissions.idx [1940144] O61 - LFC:Last File Created 02/03/2012 - 03:06:54 ---A- C:\Users\All Users\NVIDIA\Updatus\updtConfig.xml [2388] O61 - LFC:Last File Created 02/03/2012 - 03:06:55 ---A- C:\Users\All Users\NVIDIA\Updatus\updtclient.log.bak [357] O61 - LFC:Last File Created 02/03/2012 - 09:53:32 ---A- C:\Users\All Users\NVIDIA\Resource.dat [1139961] O61 - LFC:Last File Created 02/03/2012 - 09:53:59 ---A- C:\Users\All Users\Symantec\LiveUpdate\2.Product.Inventory.LiveUpdate [2992] O61 - LFC:Last File Created 02/03/2012 - 09:53:59 R--A- C:\Users\All Users\Symantec\LiveUpdate\2.Settings.LiveUpdate [510528] O61 - LFC:Last File Created 02/03/2012 - 09:55:51 ---A- C:\Users\All Users\NVIDIA\Updatus\journalBS.jour.dat [0] O61 - LFC:Last File Created 02/03/2012 - 12:39:09 ---A- C:\Users\All Users\Symantec\LiveUpdate\Downloads\minitri.flg [1] O61 - LFC:Last File Created 02/03/2012 - 12:39:10 ---A- C:\Users\All Users\Symantec\LiveUpdate\Downloads\decomposer_1.0.0_symalllanguages_livetri.zip [2660] O61 - LFC:Last File Created 02/03/2012 - 12:39:10 ---A- C:\Users\All Users\Symantec\LiveUpdate\Downloads\sesc$20submission$20control$20data_11.0_symalllanguages_livetri.zip [2624] O61 - LFC:Last File Created 02/03/2012 - 12:39:10 ---A- C:\Users\All Users\Symantec\LiveUpdate\Downloads\sesc$20virus$20definitions$20win32$20v11_microdefsb.curdefs_symalllanguages_livetri.zip [3790] O61 - LFC:Last File Created 02/03/2012 - 12:39:10 ---A- C:\Users\All Users\Symantec\LiveUpdate\Downloads\sesc$20virus$20definitions$20win32$20v11_microdefsb.feb_symalllanguages_livetri.zip [2949] O61 - LFC:Last File Created 02/03/2012 - 12:39:11 ---A- C:\Users\All Users\Symantec\LiveUpdate\Downloads\1330669341jtun_nav2k8en120229034.m25 [876525] O61 - LFC:Last File Created 02/03/2012 - 12:39:22 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\definfo.dat [34] O61 - LFC:Last File Created 02/03/2012 - 12:39:27 ---A- C:\Users\All Users\Symantec\LiveUpdate\1.Product.Inventory.LiveUpdate [3040] O61 - LFC:Last File Created 02/03/2012 - 12:39:27 R--A- C:\Users\All Users\Symantec\LiveUpdate\1.Settings.LiveUpdate [511221] O61 - LFC:Last File Created 02/03/2012 - 12:39:28 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\usage.dat [54] O61 - LFC:Last File Created 02/03/2012 - 12:41:28 ---A- C:\Users\All Users\Symantec\Symantec Endpoint Protection\Logs\03022012.Log [1312] O61 - LFC:Last File Created 02/03/2012 - 12:41:28 ---A- C:\Users\CELSO\AppData\Local\Symantec\Symantec Endpoint Protection\Logs\03022012.Log [580] O61 - LFC:Last File Created 02/03/2012 - 13:08:18 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\N0FqWUdpRzJzOVdhSWR1Mi83OEVtek5DcTU4PQ==\channels\cache.dat [4] O61 - LFC:Last File Created 02/03/2012 - 13:08:18 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\N0FqWUdpRzJzOVdhSWR1Mi83OEVtek5DcTU4PQ==\perm.dat [79436] O61 - LFC:Last File Created 02/03/2012 - 13:08:19 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\resolved.dat [112] O61 - LFC:Last File Created 02/03/2012 - 13:08:19 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\subscribemode.dat [90] O61 - LFC:Last File Created 02/03/2012 - 13:08:20 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\chats\N0FqWUdpRzJzOVdhSWR1Mi83OEVtek5DcTU4PQ==\channel.html [71447] O61 - LFC:Last File Created 02/03/2012 - 13:11:49 ---A- C:\Users\All Users\Symantec\LiveUpdate\Product.Inventory.LiveUpdate [2992] O61 - LFC:Last File Created 02/03/2012 - 13:11:49 R---- C:\Users\All Users\Symantec\LiveUpdate\Product.Inventory.LastGood.LiveUpdate [2992] O61 - LFC:Last File Created 02/03/2012 - 13:11:49 R---- C:\Users\All Users\Symantec\LiveUpdate\Settings.LiveUpdate [511221] O61 - LFC:Last File Created 02/03/2012 - 13:11:54 ---A- C:\Users\All Users\Symantec\LiveUpdate\Log.LiveUpdate [4127844] O61 - LFC:Last File Created 02/03/2012 - 14:00:05 ---A- C:\Users\CELSO\AppData\Local\Windows Live\uxcore_WindowsLivePhotoViewer_00.etl [8192] O61 - LFC:Last File Created 02/03/2012 - 14:06:08 ---A- C:\Users\CELSO\AppData\Local\Temp\15198569.od [134] O61 - LFC:Last File Created 02/03/2012 - 14:06:08 ---A- C:\Users\CELSO\AppData\Local\Temp\CVRE969.tmp.cvr [0] O61 - LFC:Last File Created 02/03/2012 - 14:23:30 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\vscanmsx.dat [2072] O61 - LFC:Last File Created 02/03/2012 - 14:34:07 ---A- C:\Users\CELSO\AppData\Roaming\Microsoft\Outlook\Outlook.NK2 [31295] O61 - LFC:Last File Created 02/03/2012 - 14:34:07 ---A- C:\Users\CELSO\AppData\Roaming\Microsoft\Outlook\Outlook.xml [3609] O61 - LFC:Last File Created 02/03/2012 - 14:34:07 ---A- C:\Users\CELSO\AppData\Roaming\Microsoft\Outlook\outcmd.dat [1862] O61 - LFC:Last File Created 02/03/2012 - 14:58:03 ----- C:\Users\CELSO\AppData\Local\Windows Live\uxcore_msnmsgr_00.etl [0] O61 - LFC:Last File Created 02/03/2012 - 15:01:04 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\local.conf [757] O61 - LFC:Last File Created 02/03/2012 - 15:01:10 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\database.conf [432] O61 - LFC:Last File Created 02/03/2012 - 15:01:10 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref [6542191] O61 - LFC:Last File Created 02/03/2012 - 15:03:50 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-2012-03-02.txt [2958] O61 - LFC:Last File Created 02/03/2012 - 15:04:10 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2012-03-02 (13-54-46).txt [2194] O61 - LFC:Last File Created 02/03/2012 - 15:15:45 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\ErrorResponse.xml [2782] O61 - LFC:Last File Created 02/03/2012 - 15:16:00 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\LOFVk2xI5ySk9SiT4qgRUN76D40= [8335] O61 - LFC:Last File Created 02/03/2012 - 15:20:08 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\ts3clientui_qt.conf [4833] O61 - LFC:Last File Created 02/03/2012 - 15:20:09 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\chats\N0FqWUdpRzJzOVdhSWR1Mi83OEVtek5DcTU4PQ==\channel.txt [8834] O61 - LFC:Last File Created 02/03/2012 - 15:20:39 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\chats\N0FqWUdpRzJzOVdhSWR1Mi83OEVtek5DcTU4PQ==\server.html [230656] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\VIRSCAN.INF [106244] O61 - LFC:Last File Created 29/02/2012 - 17:52:58 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\Cat.DB [1329804] O61 - LFC:Last File Created 29/02/2012 - 17:56:37 ---A- C:\Users\CELSO\Documents\TmForever\Config\blacklist.txt [120] O61 - LFC:Last File Created 29/02/2012 - 17:56:37 ---A- C:\Users\CELSO\Documents\TmForever\Config\checksum.txt [363135] O61 - LFC:Last File Created 29/02/2012 - 17:56:37 ---A- C:\Users\CELSO\Documents\TmForever\Config\guestlist.txt [119] O61 - LFC:Last File Created 29/02/2012 - 20:45:36 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\chats\NE1JVU9BeXFyWjI2YUhzSllvWGhjNXU2OGZJPQ==\channel.txt [231] O61 - LFC:Last File Created 29/02/2012 - 20:45:39 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\NE1JVU9BeXFyWjI2YUhzSllvWGhjNXU2OGZJPQ==\channels\cache.dat [4] O61 - LFC:Last File Created 29/02/2012 - 20:45:39 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\NE1JVU9BeXFyWjI2YUhzSllvWGhjNXU2OGZJPQ==\perm.dat [79438] O61 - LFC:Last File Created 29/02/2012 - 20:45:45 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\chats\NE1JVU9BeXFyWjI2YUhzSllvWGhjNXU2OGZJPQ==\channel.html [1059] O61 - LFC:Last File Created 29/02/2012 - 20:49:07 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\ts3clientui_qt.secrets.conf [1198] O61 - LFC:Last File Created 29/02/2012 - 20:49:10 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\V1VVY1dkVmtBNW0rM0p2ZENkQVNwZnVqL0pZPQ==\icons\dummy.png [109] O61 - LFC:Last File Created 29/02/2012 - 20:49:10 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\remote\downloads.csil.fr\manager\teamspeak\customers-banners\510-213.251.151.138-9509.6b04c2b318b48e6f1e590825bdc9714234ac41f1.29.02.2012.21.33.54.jpg [42922] O61 - LFC:Last File Created 29/02/2012 - 20:49:24 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\chats\V1VVY1dkVmtBNW0rM0p2ZENkQVNwZnVqL0pZPQ==\channel.html [194] O61 - LFC:Last File Created 29/02/2012 - 20:58:28 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\umcat_02.db [1308039] O61 - LFC:Last File Created 29/02/2012 - 20:58:49 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\V1VVY1dkVmtBNW0rM0p2ZENkQVNwZnVqL0pZPQ==\clients\avatar_ljedojdaaaeeidbmhnjokpfpibgmemaacmlcjaaf [19959] O61 - LFC:Last File Created 29/02/2012 - 20:59:01 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\V1VVY1dkVmtBNW0rM0p2ZENkQVNwZnVqL0pZPQ==\clients\avatar_dobmnnckfihhhjnnengekhjonmipfkmcnahkcggl [11057] O61 - LFC:Last File Created 29/02/2012 - 20:59:24 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\V1VVY1dkVmtBNW0rM0p2ZENkQVNwZnVqL0pZPQ==\clients\avatar_kjbkpaccmbblhidcainhoblifiliaocnjfakiden [13969] O61 - LFC:Last File Created 29/02/2012 - 21:00:57 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\V1VVY1dkVmtBNW0rM0p2ZENkQVNwZnVqL0pZPQ==\channels\cache.dat [4] O61 - LFC:Last File Created 29/02/2012 - 21:00:57 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\V1VVY1dkVmtBNW0rM0p2ZENkQVNwZnVqL0pZPQ==\perm.dat [79438] O61 - LFC:Last File Created 29/02/2012 - 21:00:59 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\chats\NE1JVU9BeXFyWjI2YUhzSllvWGhjNXU2OGZJPQ==\server.html [4134] O61 - LFC:Last File Created 29/02/2012 - 22:02:16 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DataStore\AppIcons\SavUI.exe.Symantec AntiVirus.Symantec Corporation.11.0.6070.422.ico [107710] O61 - LFC:Last File Created 29/02/2012 - 22:02:16 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DataStore\AppIcons\SymCorpUI.exe.Symantec AntiVirus.Symantec Corporation.11.0.6070.422.ico [107710] O61 - LFC:Last File Created 29/02/2012 - 22:02:16 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DataStore\AppIcons\msnmsgr.exe.Windows Live Messenger.Microsoft Corporation.15.4.3538.513.ico [80395] O61 - LFC:Last File Created 29/02/2012 - 22:08:23 ---A- C:\Users\All Users\Symantec\LiveUpdate\10.Product.Inventory.LiveUpdate [2992] O61 - LFC:Last File Created 29/02/2012 - 22:08:23 R--A- C:\Users\All Users\Symantec\LiveUpdate\10.Settings.LiveUpdate [509835] O61 - LFC:Last File Created 29/02/2012 - 22:08:43 ---A- C:\Users\All Users\Symantec\LiveUpdate\9.Product.Inventory.LiveUpdate [2992] O61 - LFC:Last File Created 29/02/2012 - 22:08:43 R--A- C:\Users\All Users\Symantec\LiveUpdate\9.Settings.LiveUpdate [509835] O61 - LFC:Last File Created 29/02/2012 - 22:26:42 ---A- C:\Users\All Users\Symantec\LiveUpdate\8.Product.Inventory.LiveUpdate [2992] O61 - LFC:Last File Created 29/02/2012 - 22:26:42 R--A- C:\Users\All Users\Symantec\LiveUpdate\8.Settings.LiveUpdate [509835] O61 - LFC:Last File Created 29/02/2012 - 22:29:58 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\link.txt [115] O61 - LFC:Last File Created 29/02/2012 - 22:29:58 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe [9502424] O61 - LFC:Last File Created 29/02/2012 - 22:29:58 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\news.txt [78] O61 - LFC:Last File Created 29/02/2012 - 22:33:23 R--A- C:\Users\All Users\Symantec\LiveUpdate\7.Settings.LiveUpdate [509835] O61 - LFC:Last File Created 29/02/2012 - 22:33:25 ---A- C:\Users\All Users\Symantec\LiveUpdate\7.Product.Inventory.LiveUpdate [2992] O61 - LFC:Last File Created 29/02/2012 - 22:37:50 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\exclusions.dat [2] O61 - LFC:Last File Created 29/02/2012 - 22:37:56 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\manifest.conf [514] O61 - LFC:Last File Created 29/02/2012 - 22:37:56 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\news.conf [282] O61 - LFC:Last File Created 29/02/2012 - 22:43:56 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\5542903943.data [668] O61 - LFC:Last File Created 29/02/2012 - 22:43:57 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\5542903943.quar [98304] O61 - LFC:Last File Created 29/02/2012 - 23:57:24 ---A- C:\Users\CELSO\Downloads\adwcleaner.exe [602051] O61 - LFC:Last File Created 29/02/2012 - 23:57:47 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-2012-02-29.txt [1478] O61 - LFC:Last File Created 30/12/1899 - 03:05:35 --HA- C:\Users\CELSO\AppData\Local\IconCache.db [2590285] ~ Scan Files in 09mn 42s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 1.28 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ Scan ADS in 00mn 00s ---\\ Liste des services Legacy (O64) O64 - Services: CurCS - 13/02/2012 - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (eeCtrl) .(.Symantec Corporation - Symantec Eraser Control Driver.) - LEGACY_EECTRL O64 - Services: CurCS - 17/12/2009 - C:\Windows\system32\Drivers\ElbyCDIO.sys (ElbyCDIO) .(.Elaborate Bytes AG - ElbyCD Windows NT/2000/XP I/O driver.) - LEGACY_ELBYCDIO O64 - Services: CurCS - 13/02/2012 - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (EraserUtilRebootDrv) .(.Symantec Corporation - Symantec Eraser Utility Driver.) - LEGACY_ERASERUTILREBOOTDRV O64 - Services: CurCS - 10/12/2011 - C:\Windows\system32\drivers\mbam.sys (MBAMProtector) .(.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) - LEGACY_MBAMPROTECTOR O64 - Services: CurCS - ??\??\???? - C:\Windows\system32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV O64 - Services: CurCS - 18/12/2009 - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (SPBBCDrv) .(.Symantec Corporation - SPBBC Driver.) - LEGACY_SPBBCDRV O64 - Services: CurCS - 08/03/2010 - C:\Windows\system32\Drivers\SRTSP.sys (SRTSP) .(.Symantec Corporation - Symantec AutoProtect.) - LEGACY_SRTSP O64 - Services: CurCS - 08/03/2010 - C:\Windows\system32\Drivers\SRTSPX.sys (SRTSPX) .(.Symantec Corporation - Symantec AutoProtect.) - LEGACY_SRTSPX O64 - Services: CurCS - 24/02/2011 - C:\Windows\system32\Drivers\SYMEVENT.sys (SymEvent) .(.Symantec Corporation - Symantec Event Library.) - LEGACY_SYMEVENT O64 - Services: CurCS - 03/09/2009 - C:\Windows\system32\Drivers\SYMREDRV.sys (SYMREDRV) .(.Symantec Corporation - Redirector Filter Driver.) - LEGACY_SYMREDRV O64 - Services: CurCS - 03/09/2009 - C:\Windows\system32\Drivers\SYMTDI.sys (SYMTDI) .(.Symantec Corporation - Network Dispatch Driver.) - LEGACY_SYMTDI O64 - Services: CurCS - 15/12/2009 - C:\Program Files\CyberLink\PowerDVD9\NavFilter\000.fcl ({B154377D-700F-42cc-9474-23858FBDF4BD}) .(.CyberLink Corp. - Pas de description.) - LEGACY_{B154377D-700F-42CC-9474-23858FBDF4BD} ~ Scan Services in 00mn 03s ---\\ Liste des fichiers non signés (O65) (None) ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\system32\control.exe O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\system32\eventvwr.exe O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\system32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\system32\control.exe O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> <evtfile>[HKCR\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\system32\eventvwr.exe O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\system32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe ~ Scan Keys in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe ~ Scan Keys in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - Bing ~ Scan Keys in 00mn 00s ---\\ Recherche des services démarrés par Svchost (O83) O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Service Expérience d’application.) -- C:\Windows\system32\aelupsvc.dll [62464] O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\system32\certprop.dll [67584] O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\system32\certprop.dll [67584] O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL du service Serveur.) -- C:\Windows\system32\srvsvc.dll [168960] O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Client de stratégie de groupe.) -- C:\Windows\system32\gpsvc.dll [593408] O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extension IKE.) -- C:\Windows\system32\ikeext.dll [674304] O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Service Audio Windows.) -- C:\Windows\system32\Audiosrv.dll [473600] O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gestionnaire de numérotation automatique d’accès distant.) -- C:\Windows\system32\rasauto.dll [90624] O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gestionnaire de connexions d’accès distant.) -- C:\Windows\system32\rasmans.dll [286208] O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gestionnaire d’interface dynamique.) -- C:\Windows\system32\mprdim.dll [75264] O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Service de notification d’événements système (SENS).) -- C:\Windows\system32\sens.dll [49664] O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Composants de l’application d’assistance à Microsoft NAT.) -- C:\Windows\system32\ipnathlp.dll [300544] O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Serveur de téléphonie Microsoft® Windows.) -- C:\Windows\system32\tapisrv.dll [242176] O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gestionnaire des connexions distantes du serveur hôte de session Burea.) -- C:\Windows\system32\termsrv.dll [521216] O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Agent de mise à jour automatique Windows Update.) -- C:\Windows\system32\wuaueng.dll [1914368] O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Service de transfert intelligent en arrière-plan.) -- C:\Windows\system32\qmgr.dll [585728] O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\Windows\system32\shsvcs.dll [328192] O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service offrant une connectivité IPv6 sur un réseau IPv4..) -- C:\Windows\system32\iphlpsvc.dll [499712] O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de service d’ouverture de session secondaire.) -- C:\Windows\system32\seclogon.dll [21504] O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Service Informations d’application.) -- C:\Windows\system32\appinfo.dll [47104] O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Service de découverte iSCSI.) -- C:\Windows\system32\iscsiexe.dll [114688] O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Service Planificateur de classes multimédias.) -- C:\Windows\system32\mmcss.dll [49664] O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Rapports et solutions aux problèmes.) -- C:\Windows\system32\wercplsupport.dll [61440] O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Service EAPHost Microsoft.) -- C:\Windows\system32\eapsvc.dll [98304] O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\system32\profsvc.dll [164352] O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Service du Planificateur de tâches.) -- C:\Windows\system32\schedsvc.dll [750592] O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Service Gestion des clés.) -- C:\Windows\system32\kmsvc.dll [71168] O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Service Configuration des services Bureau à distance.) -- C:\Windows\system32\sessenv.dll [113664] O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\system32\wbem\WMIsvc.dll [168960] O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL du service Explorateur d’ordinateurs.) -- C:\Windows\system32\browser.dll [102400] O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL du service des thèmes Windows Shell.) -- C:\Windows\system32\themeservice.dll [37376] O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Service BDE.) -- C:\Windows\system32\bdesvc.dll [76800] ~ Scan Services in 00mn 00s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.A719B9EE6116B496F4000C0B1311EA13] [sPRF][26/02/2011] (...) -- C:\Users\CELSO\AppData\Roaming\PnkBstrK.sys [22328] [MD5.371D4542D9EC5C1D90809F578D177429] [sPRF][29/02/2012] (...) -- C:\Users\CELSO\Desktop\adwcleaner.exe [602051] [MD5.4D930392BD13F448ED474CE2C41DFADA] [sPRF][03/02/2011] (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller 10.2 r152.) -- C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [2871968] ~ Scan Files in 00mn 01s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "{768764A5-EE18-4CF0-A7C2-C06CA2470F4E}" | In - Private - P6 - TRUE | .(.Symantec Corporation - Symantec CMC Smc.) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe O87 - FAEL: "{B39930D3-0685-4B0B-B436-D92E51467FD0}" | In - Private - P17 - TRUE | .(.Symantec Corporation - Symantec CMC Smc.) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe O87 - FAEL: "{D0C64FAF-F625-4A2A-9DA8-0480DF218DAF}" | In - Private - P6 - TRUE | .(.Symantec Corporation - Symantec Network Access Control.) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.exe O87 - FAEL: "{21A47798-3CA9-4853-A8A4-13571D36B9D8}" | In - Private - P17 - TRUE | .(.Symantec Corporation - Symantec Network Access Control.) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.exe O87 - FAEL: "{FF9446F0-997A-4989-8FAE-165400FA773B}" | In - Private - P6 - TRUE | .(.Symantec Corporation - Symantec User Session.) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe O87 - FAEL: "{99B7EAE7-A241-42FE-A376-D00EC6BEC35E}" | In - Private - P17 - TRUE | .(.Symantec Corporation - Symantec User Session.) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe O87 - FAEL: "{90A8D7F2-D7E0-4D88-88FC-538BEB05D43E}" | In - Private - P6 - TRUE | .(...) -- C:\Program Files\HomePlayer\HomePlayer.exe O87 - FAEL: "{D1641D63-D1D2-4D22-AAAB-E6996B6BBC47}" | In - Private - P17 - TRUE | .(...) -- C:\Program Files\HomePlayer\HomePlayer.exe O87 - FAEL: "{CBD46927-16E3-4645-A333-E3E96ADBF20D}" | In - Private - P6 - TRUE | .(...) -- C:\Program Files\HomePlayer\VLC\vlc.exe O87 - FAEL: "{C463970E-9993-4131-A162-DB36ABC82DE5}" | In - Private - P17 - TRUE | .(...) -- C:\Program Files\HomePlayer\VLC\vlc.exe O87 - FAEL: "{9F525B69-8322-43D5-AB5E-3D926DB5FE19}" | In - None - P17 - TRUE | .(.CyberLink Corp. - CyberLink PowerDVD Cinema Main Program.) -- C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe O87 - FAEL: "{2779ED72-2D8F-458E-A553-532462A26773}" | In - None - P17 - TRUE | .(.CyberLink Corp. - PowerDVD 9.0.) -- C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe O87 - FAEL: "{07DDECF6-849F-4176-A6E7-16D105249038}" | In - Private - P6 - TRUE | .(...) -- C:\Windows\System32\PnkBstrA.exe O87 - FAEL: "{C35DE4CF-48BA-4FAC-AC6D-7FC5A9D31068}" | In - Private - P17 - TRUE | .(...) -- C:\Windows\System32\PnkBstrA.exe O87 - FAEL: "{D063662A-F9C5-4B72-91F6-89FE80620588}" | In - Private - P6 - TRUE | .(...) -- C:\Windows\System32\PnkBstrB.exe O87 - FAEL: "{49A573E0-A040-4386-A288-BA6A270E7775}" | In - Private - P17 - TRUE | .(...) -- C:\Windows\System32\PnkBstrB.exe O87 - FAEL: "{F129F5CC-FD1D-4D97-88D6-27AEC1428462}" | In - Private - P6 - TRUE | .(...) -- C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe O87 - FAEL: "{2736B1FE-2EC8-4A6D-9689-3F53070D4C57}" | In - Private - P17 - TRUE | .(...) -- C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe O87 - FAEL: "TCP Query User{A58B5EAA-3EF6-47B9-8C18-7CFFBC9C96C8}C:\program files\xfire\xfire.exe" | In - Private - P6 - TRUE | .(.Xfire Inc. - Xfire.) -- C:\Program Files\Xfire\Xfire.exe O87 - FAEL: "UDP Query User{5AB11151-291C-4248-825E-AC23CEF8AD9B}C:\program files\xfire\xfire.exe" | In - Private - P17 - TRUE | .(.Xfire Inc. - Xfire.) -- C:\Program Files\Xfire\Xfire.exe O87 - FAEL: "TCP Query User{199EC9F2-7B18-4BC7-8498-4E0B0854367A}C:\program files\tmnationsforever\tmforever.exe" | In - Private - P6 - TRUE | .(...) -- C:\Program Files\TmNationsForever\TmForever.exe O87 - FAEL: "UDP Query User{59FFB152-C260-4FF9-984F-ADB091E925A6}C:\program files\tmnationsforever\tmforever.exe" | In - Private - P17 - TRUE | .(...) -- C:\Program Files\TmNationsForever\TmForever.exe O87 - FAEL: "TCP Query User{927922A5-396E-4280-BFFD-C530A1F34AC0}C:\program files\activision\call of duty 2\cod2mp_s.exe" | In - Private - P6 - TRUE | .(...) -- C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe O87 - FAEL: "UDP Query User{C9A7C4FE-57EB-4D32-945C-7F465208635F}C:\program files\activision\call of duty 2\cod2mp_s.exe" | In - Private - P17 - TRUE | .(...) -- C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe O87 - FAEL: "TCP Query User{8C2CCB46-F6A4-4475-8FEF-E0570A54DCC4}C:\program files\google\google earth\plugin\geplugin.exe" | In - Private - P6 - TRUE | .(.Google - Google Earth.) -- C:\Program Files\Google\Google Earth\plugin\geplugin.exe O87 - FAEL: "UDP Query User{782CF56E-D15C-44DA-96F7-2F3319969315}C:\program files\google\google earth\plugin\geplugin.exe" | In - Private - P17 - TRUE | .(.Google - Google Earth.) -- C:\Program Files\Google\Google Earth\plugin\geplugin.exe O87 - FAEL: "TCP Query User{E90365DB-56C7-408B-A978-E040D9463AA0}C:\program files\maniaplanet\maniaplanet.exe" | In - Private - P6 - TRUE | .(.Nadeo - ManiaPlanet.) -- C:\Program Files\ManiaPlanet\ManiaPlanet.exe O87 - FAEL: "UDP Query User{C40BA7F3-76AE-4350-AA3B-8B9302382B9A}C:\program files\maniaplanet\maniaplanet.exe" | In - Private - P17 - TRUE | .(.Nadeo - ManiaPlanet.) -- C:\Program Files\ManiaPlanet\ManiaPlanet.exe O87 - FAEL: "{CB517CEE-EE2B-4FD8-AB90-821D40EA15FC}" | In - Private - P6 - TRUE | .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe O87 - FAEL: "{20628F0E-FE6A-4BC7-BC7A-0609D0C70DB5}" | In - Private - P17 - TRUE | .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe O87 - FAEL: "{A853B28D-A101-4BE2-9D3A-2278AE00E5F2}" | In - Private - P6 - TRUE | .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe O87 - FAEL: "{A91ACAA4-41F8-4335-8F0B-1DDAAD02A7AF}" | In - Private - P17 - TRUE | .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe O87 - FAEL: "{1FB1CC51-A200-4A1E-AD1B-B8332BE8A238}" | In - None - P17 - TRUE | .(.Skype Limited - Facebook Video Calling.) -- C:\Users\CELSO\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe O87 - FAEL: "{469EE70C-48E3-442E-824B-E93B994E478E}" | In - Private - P6 - FALSE | .(.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O87 - FAEL: "{50002BA1-1F53-4912-A50B-859A2842C1B2}" | In - Private - P17 - FALSE | .(.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O87 - FAEL: "TCP Query User{0D8BB620-31ED-40A2-9352-07C707B29323}C:\program files\tmnationsforever\tmforever.exe" | In - Public - P6 - TRUE | .(...) -- C:\Program Files\TmNationsForever\TmForever.exe O87 - FAEL: "UDP Query User{0865982E-E7D0-4E3A-851E-382BEDD64A2D}C:\program files\tmnationsforever\tmforever.exe" | In - Public - P17 - TRUE | .(...) -- C:\Program Files\TmNationsForever\TmForever.exe ~ Scan Firewall in 00mn 02s ---\\ Scan Additionnel (O88) Database Version : 9066 - (05/02/2012) Clés trouvées (Keys found) : 1 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 [HKLM\Software\Xfire\OpenCandy] =>Adware.OpenCandy ~ Scan Additionnel in 00mn 05s ---\\ Recherche détournement de DNS routeur (O89) Serveur : google-public-dns-a.google.com Address: 8.8.8.8 Nom : www-cctld.l.google.com Address: 173.194.67.94 Aliases: www.google.fr ~ Scan DNS in 00mn 03s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 03/01/2012 63928 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 25/01/2010 108392 | (ccEvtMgr) . (.Symantec Corporation.) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe SR - | Auto 25/01/2010 108392 | (ccSetMgr) . (.Symantec Corporation.) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe SS - | Auto 30/04/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 30/04/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 17/02/2010 3093880 | (LiveUpdate) . (.Symantec Corporation.) - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.exe SR - | Auto 13/01/2012 652360 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe SR - | Auto 10/02/2012 645440 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe SR - | Auto 10/02/2012 2348352 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SR - | Auto 75136 | (PnkBstrA) . (...) - C:\Windows\System32\PnkBstrA.exe SR - | Auto 16/04/2010 1881368 | (SmcService) . (.Symantec Corporation.) - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe SS - | Disabled 01/04/2010 349512 | (SNAC) . (.Symantec Corporation.) - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.exe SR - | Auto 09/02/2012 382272 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe SR - | Auto 23/04/2010 1831024 | (Symantec AntiVirus) . (.Symantec Corporation.) - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe SR - | Auto 02/12/2011 2923392 | (TeamViewer7) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe SR - | Auto 14/07/2009 20992 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 15/12/2009 87536 | ({B154377D-700F-42cc-9474-23858FBDF4BD}) . (.CyberLink Corp..) - C:\Program Files\CyberLink\PowerDVD9\NavFilter\000.fcl ~ Scan Services in 00mn 07s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover Run by CELSO at 02/03/2012 15:42:45 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys 1 ntkrnlpa!IofCallDriver[0x8304052A] -> \Device\Harddisk0\DR0[0x86563A38] 3 CLASSPNP[0x8B79459E] -> ntkrnlpa!IofCallDriver[0x8304052A] -> [0x860DE7E0] 5 ACPI[0x8B2C63D4] -> ntkrnlpa!IofCallDriver[0x8304052A] -> \Device\Ide\IdeDeviceP2T0L0-2[0x860D0908] kernel: MBR read successfully user & kernel MBR OK ~ Scan MBR in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by CELSO at 02/03/2012 15:42:47 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ Scan MBR in 00mn 04s End of the scan (1496 lines in 14mn 46s)(0)
- le 2 mars 2012
- 20 réponses
Windows infecté

rital94 a répondu à un(e) sujet de rital94 dans Analyses et éradication malwares

je viens de refaire une analyse complet voila ce qui la retrouver que faire svp Malwarebytes Anti-Malware (Essai) 1.60.1.1000 www.malwarebytes.org Version de la base de données: v2012.03.02.02 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 CELSO :: CELSO-PC [administrateur] Protection: Activé 02/03/2012 13:54:46 mbam-log-2012-03-02 (13-54-46).txt Type d'examen: Examen complet Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 366882 Temps écoulé: 1 heure(s), 9 minute(s), 24 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 0 (Aucun élément nuisible détecté) (fin) un trojan.Agent 29/02/2012,21h43 file F:\Logiciel Mantenance&dvd Shrink,\cdkey-rzr-cod4.exe mis en quarantaine "dois- le supprimer ou pas " merci exuser moi c'etait deja mis en quarantaine Malwarebites
- le 2 mars 2012
- 20 réponses
Windows infecté

rital94 a répondu à un(e) sujet de rital94 dans Analyses et éradication malwares

je voulais simplement mettre une simple image mais que dois-je faire maintenant es-ce que mon pc est propre ou pas windoows est -il propre merci car je suis nul en informatique donc j'attends votre feu vert merci Mr pear
- le 2 mars 2012
- 20 réponses
Windows infecté

rital94 a répondu à un(e) sujet de rital94 dans Analyses et éradication malwares

bonjour Mr pear je suis a votre disposition toute la journée pour executé vos directives merci que dois-je faire maintenant svp Mr pear merci d'avance
- le 2 mars 2012
- 20 réponses
Windows infecté

rital94 a répondu à un(e) sujet de rital94 dans Analyses et éradication malwares

merci de ton aide sympa
- le 1 mars 2012
- 20 réponses
Windows infecté

rital94 a répondu à un(e) sujet de rital94 dans Analyses et éradication malwares

desole mauvaise manipulation imposible de vous mettre une image !!!
- le 1 mars 2012
- 20 réponses
Windows infecté

rital94 a répondu à un(e) sujet de rital94 dans Analyses et éradication malwares

Rapport de ZHPFix 1.12.3380 par Nicolas Coolman, Update du 05/02/2011 Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-01-03-2012-17-56-48.txt Run by CELSO at 01/03/2012 17:56:48 Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601) Web site : ZHPFix Fix de rapport Web site : Blog de NicolasCoolman - ZebHelpProcess - Skyrock.com ========== Processus mémoire ========== SUPPRIME Memory Process: C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\keygen.exe SUPPRIME Memory Process: C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\oodpe_8_5_1932_fra.exe SUPPRIME Memory Process: F:\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\keygen.exe SUPPRIME Memory Process: F:\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\oodpe_8_5_1932_fra.exe SUPPRIME Memory Process: F:\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\keygen.exe SUPPRIME Memory Process: F:\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\oodpe_8_5_1932_fra.exe ========== Clé(s) du Registre ========== SUPPRIME Key: SearchScopes :{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} ABSENT Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} ========== Valeur(s) du Registre ========== SUPPRIME {6BEEBFC0-890F-4FE6-95D2-CA3B464DE353} SUPPRIME {1BD6DC99-87C4-4937-826B-910BAE2DD02A} SUPPRIME {1A15E680-3D45-4FC9-A726-1A974CFE5FF9} SUPPRIME {0E87757C-0474-4D04-AC62-54285AFEF89E} SUPPRIME {AD6BF7BE-7D0A-4112-9536-DEAD743DD93A} SUPPRIME {E02CD5AE-0A58-4241-9DE2-CC86585E3A32} SUPPRIME [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} ABSENT Valeur Standard Profile: FirewallRaz : ABSENT Valeur Domain Profile: FirewallRaz : SUPPRIME FirewallRaz (Domain) : NetPres-In-TCP-NoScope SUPPRIME FirewallRaz (Domain) : NetPres-Out-TCP-NoScope SUPPRIME FirewallRaz (None) : NetPres-WSD-In-UDP SUPPRIME FirewallRaz (None) : NetPres-WSD-Out-UDP SUPPRIME FirewallRaz (Public) : NetPres-In-TCP SUPPRIME FirewallRaz (Public) : NetPres-Out-TCP SUPPRIME FirewallRaz (Private) : {6DDFD881-6916-4CAD-928A-CFB6C4C28F8E} SUPPRIME FirewallRaz (Private) : {B2E79365-8139-4ACF-B9AE-816CD7BF2CFD} ========== Elément(s) de donnée du Registre ========== SUPPRIME R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page ========== Dossier(s) ========== SUPPRIME Folder: C:\Users\CELSO\AppData\Roaming\OpenCandy SUPPRIME Folder: C:\Users\CELSO\AppData\Local\OpenCandy SUPPRIME Folder: c:\users\celso\appdata\locallow\shopperreports3 SUPPRIME Folder: C:\Users\CELSO\AppData\Local\{21323798-F0F1-46C1-93F5-4D78751EDA46} SUPPRIME Folder: C:\Users\CELSO\AppData\Local\{68DB5F03-B576-48F7-85FE-84B19F380F95} SUPPRIME Folder: C:\Users\CELSO\AppData\Local\{83DA3416-C940-4A57-800C-0BC28D0F7B1B} SUPPRIME Folder: C:\Users\CELSO\AppData\Local\{A8D7FA30-AE5A-4015-90E3-7A07465B2017} SUPPRIME Folder: C:\Users\CELSO\AppData\Local\{DCCAC3E5-0625-43BD-9A0A-BCABC323C64F} SUPPRIME Flash Cookies: 26 SUPPRIME Temporaires Windows: : 105 ========== Fichier(s) ========== ABSENT Folder/File: c:\users\celso\appdata\roaming\opencandy ABSENT Folder/File: c:\users\celso\appdata\local\opencandy SUPPRIME File: c:\users\celso\desktop\sauvegarde\logiciel maintenance & dvd shrink,\o&o\o&o defrag pro v8.5.1932fr + keygen\keygen.exe SUPPRIME File***: c:\users\celso\desktop\sauvegarde\logiciel maintenance & dvd shrink,\o&o\o&o defrag pro v8.5.1932fr + keygen\oodpe_8_5_1932_fra.exe SUPPRIME File: C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen.rar SUPPRIME File: f:\logiciel maintenance & dvd shrink,\o&o\o&o defrag pro v8.5.1932fr + keygen\keygen.exe SUPPRIME File: f:\logiciel maintenance & dvd shrink,\o&o\o&o defrag pro v8.5.1932fr + keygen\oodpe_8_5_1932_fra.exe SUPPRIME File: F:\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj01.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj02.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj03.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj04.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj05.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj06.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj07.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj08.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj09.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj10.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj11.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj12.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj13.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj14.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj15.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj16.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj17.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj18.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj19.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj20.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj21.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part01.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part02.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part03.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part04.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part05.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part06.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part07.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part08.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part09.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part10.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part11.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part12.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part13.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part14.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part15.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part16.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part17.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part18.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part19.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part20.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part21.rar SUPPRIME File: f:\sauvegarde\logiciel maintenance & dvd shrink,\o&o\o&o defrag pro v8.5.1932fr + keygen\keygen.exe SUPPRIME File: f:\sauvegarde\logiciel maintenance & dvd shrink,\o&o\o&o defrag pro v8.5.1932fr + keygen\oodpe_8_5_1932_fra.exe SUPPRIME File: F:\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen.rar SUPPRIME File: c:\users\celso\appdata\roaming\mozilla\firefox\profiles\y5f7xqok.default\searchplugins\askcom.xml ABSENT File: c:\users\celso\appdata\roaming\mozilla\firefox\profiles\y5f7xqok.default\searchplugins\askcom.xml SUPPRIME Flash Cookies: 10 SUPPRIME Temporaires Windows: : 249 ========== Tache planifiée ========== SUPPRIME Task: {3297A559-5B5F-4C7C-B424-1361C06D20FE} SUPPRIME Task: {87C5EE51-F534-4BED-BEB0-CF23AD2C062F} ========== Autre ========== NON TRAITE PROCESSUS MALWARE (Rootkit, trojan, ver, spyware, adware,...) NON TRAITE PROCESSUS SUPERFLU DU SYSTEME NON TRAITE TOOLBAR INUTILE (Navigateur internet) ========== Récapitulatif ========== 6 : Processus mémoire 2 : Clé(s) du Registre 17 : Valeur(s) du Registre 1 : Elément(s) de donnée du Registre 10 : Dossier(s) 57 : Fichier(s) 2 : Tache planifiée 3 : Autre End of clean in 00mn 21s ========== Chemin de fichier rapport ========== C:\ZHP\ZHPFix[R1].txt - 01/03/2012 17:56:48 [9840]
- le 1 mars 2012
- 20 réponses
rital94

pear
je vous remerci enormement de traite mon probleme

car etant moi même novice sur ce domaine

je suis sous windoows 7

Merci
- le 1 mars 2012
- Signaler
Windows infecté

rital94 a répondu à un(e) sujet de rital94 dans Analyses et éradication malwares

Rapport de ZHPDiag v1.28.32 par Nicolas Coolman, Update du 05/02/2012 Run by CELSO at 01/03/2012 15:56:50 Web site : ZHPDiag Outil de diagnostic Web site : Blog de NicolasCoolman - ZebHelpProcess - Skyrock.com State : Version à jour. ---\\ Web Browser MSIE: Internet Explorer v9.0.8112.16421 MFIE: Mozilla Firefox 10.0.2 v10.0.2 (Defaut) ---\\ Windows Product Information ~ Langage: Français Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows® 7, OEM_COA_NSLP channel Windows ID Activation : OK ~ Windows Partial Key : RCRT4 Windows License : OK ~ Windows Remaining Initializations Number : 4 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System Information ~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 3071 MB (61% free) System Restore: Activé (Enable) System drive C: has 343 GB (73%) free of 466 GB ---\\ Logged in mode ~ Computer Name: CELSO-PC ~ User Name: CELSO ~ All Users Names: UpdatusUser, HomeGroupUser$, CELSO, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\CELSO\AppData\Roaming\ ~ %Desktop% : C:\Users\CELSO\Desktop\ ~ %Favorites% : C:\Users\CELSO\Favorites\ ~ %LocalAppData% : C:\Users\CELSO\AppData\Local\ ~ %StartMenu% : C:\Users\CELSO\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\system32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 343 Go of 466 Go) D:\ CD-ROM drive (Not Inserted) E:\ CD-ROM drive (Free 0 Go of 0 Go) F:\ Hard drive, Flash drive, Thumb drive (Free 613 Go of 932 Go) G:\ Floppy drive, Flash card reader, USB Key (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyComputer: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SYSTEM\CurrentControlSet\Services] wscsvc : OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ~ Scan Security Center in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320] [MD5.51138BEEA3E2C21EC44D0932C71762A8] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) (.14/07/2009 - 02:14:31.) -- C:\Windows\system32\rundll32.exe [44544] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\system32\Wininit.exe [96256] [MD5.1D94FA7C81D2FFE494AF094619BA706F] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.14/12/2011 - 03:57:18.) -- C:\Windows\system32\wininet.dll [1127424] [MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 13:17:54.) -- C:\Windows\system32\Winlogon.exe [286720] [MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 13:21:24.) -- C:\Windows\system32\sppcomapi.dll [193536] [MD5.129F80D7868E30DF3E3DE33A1D3132B4] - (.Microsoft Corporation - DLL client de l’API uilisateur de Windows multi-utilisateurs.) (.20/11/2010 - 13:08:50.) -- C:\Windows\system32\fr-FR\user32.dll.mui [20480] [MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:18:03.) -- C:\Windows\system32\drivers\AFD.sys [338944] [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\drivers\atapi.sys [21584] [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\drivers\Cdfs.sys [70656] [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\drivers\Cdrom.sys [108544] [MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\drivers\DfsC.sys [78336] [MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\drivers\HDAudBus.sys [108544] [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\drivers\i8042prt.sys [80896] [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\drivers\IpNat.sys [101888] [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\drivers\MRxSmb.sys [123904] [MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\drivers\netBT.sys [187904] [MD5.81189C3D7763838E55C397759D49007A] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.11/03/2011 - 06:39:00.) -- C:\Windows\system32\drivers\ntfs.sys [1211264] [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\drivers\Parport.sys [79360] [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\drivers\Rasl2tp.sys [78848] [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\drivers\smb.sys [71168] [MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\drivers\tdx.sys [74752] [MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\drivers\volsnap.sys [245632] ~ Scan Generic Processes in 00mn 01s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 119/6239 ~ Mes Videos (My Videos) : 2/58 ~ Mes Favoris (My Favorites) : Non accessible (Not found) ~ Mes Documents (My Documents) : 12/4903 ~ Mon Bureau (My Desktop) : 221/15712 ~ Menu demarrer (Programs) : 7/32 ~ Scan Hidden Files in 00mn 35s ---\\ Processus lancés [MD5.BF1FF06F5434AFAEAB6C3279E3BD2250] - (.Symantec Corporation - Symantec User Session.) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115560] [PID.1724] [MD5.F40E80C04475731C6ED5D19C48E45E3C] - (.Elaborate Bytes AG - Virtual CloneDrive Daemon.) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [85160] [PID.2088] [MD5.16E288B32BC5ED1A73D8D266B354AD5F] - (.cyberlink - brs.) -- C:\Program Files\CyberLink\Shared files\brs.exe [75048] [PID.2108] [MD5.C687C23E093782DA238F6B972FCB717C] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1820480] [PID.2364] [MD5.60D0647A2DC2D397B84D0AFB0808F85D] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [460872] [PID.2376] [MD5.FB9DFE1D04DFA81ABBD8493A52A23773] - (.Symantec Corporation - Symantec CMC SmcGui.) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe [1459528] [PID.2964] [MD5.F7BA07E85A37CA30FFED726001754951] - (.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe [10871680] [PID.3516] [MD5.5AC757AE411CBC603C33C85F81F8657D] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [924632] [PID.4424] [MD5.4309B75F125067EF805F3125B01FCC30] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [2210816] [PID.5124] ~ Scan Processes Running in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\CELSO\AppData\Roaming\Mozilla\Firefox\Profiles\y5f7xqok.default\prefs.js M3 - MFPP: Plugins - [CELSO] -- C:\Users\CELSO\AppData\Roaming\Mozilla\Firefox\Profiles\y5f7xqok.default\searchplugins\askcom.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml M0 - MFSP: prefs.js [CELSO - y5f7xqok.default] Google M2 - MFEP: prefs.js [CELSO - y5f7xqok.default\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}] [] Garmin Communicator v4.0.1.0 (.Garmin International.) P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.2.) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.5.9.620.) -- C:\Windows\System32\Adobe\Director\np32dsw.dll P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) -- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_26 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.1.10111.0.) -- C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll P2 - FPN: [HKLM] [@nvidia.com/3DVision] - (.NVIDIA Corporation - NVIDIA 3D Vision plugin for Mozilla browsers.) -- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll P2 - FPN: [HKLM] [@nvidia.com/3DVisionStreaming] - (.NVIDIA Corporation - NVIDIA 3D Vision Streaming plugin for Mozilla browsers.) -- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.2.) -- C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll P2 - FPN: [HKCU] [@Skype Limited.com/Facebook Video Calling Plugin] - (.Skype Limited - Facebook Video Calling Plugin.) -- C:\Users\CELSO\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll ~ Scan Firefox Browser in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Search Microsoft.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\System32\ieframe.dll R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1 ~ Scan IE Browser in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Scan Proxy management in 00mn 00s ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2) F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe ~ Scan Keys in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Scan Hosts File in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} . (.TechSmith Corporation - SnagIt Browser Helper Object for Internet E.) -- C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll ~ Scan BHO in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} . (.TechSmith Corporation - SnagIt Add-in for Internet Explorer.) -- C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll ~ Scan Toolbar in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe O4 - HKLM\..\Run: [ccApp] . (.Symantec Corporation - Symantec User Session.) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [VirtualCloneDrive] . (.Elaborate Bytes AG - Virtual CloneDrive Daemon.) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe O4 - HKLM\..\Run: [bDRegion] . (.cyberlink - brs.) -- C:\Program Files\CyberLink\Shared files\brs.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\System32\nvmctray.dll O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe ~ Scan Application in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - Global Startup: C:\Users\CELSO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Users\CELSO\Desktop\everest.exe - Raccourci.lnk . (...) -- F:\Logiciels 2011 Kevin\Everest.Corporate.Edtion.v2.80\everest.exe O4 - Global Startup: C:\Users\CELSO\Desktop\HijackThis.exe - Raccourci.lnk . (.Trend Micro Inc..) -- F:\Logiciel Maintenance & dvd Shrink,\HiJackThis\HijackThis.exe O4 - Global Startup: C:\Users\CELSO\Desktop\Jouer à ManiaPlanet.lnk . (...) -- C:\Program Files\ManiaPlanet\ManiaPlanetLauncher.exe O4 - Global Startup: C:\Users\CELSO\Desktop\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - Global Startup: C:\Users\CELSO\Desktop\PhotoFiltre.lnk . (.Antonio Da Cruz.) -- C:\Program Files\PhotoFiltre\photofiltre.exe O4 - Global Startup: C:\Users\CELSO\Desktop\Windows Live Messenger.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O4 - Global Startup: C:\Users\CELSO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Users\CELSO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk . (.Microsoft Corporation.) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE O4 - Global Startup: C:\Users\CELSO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe ~ Scan Global Startup in 00mn 00s ---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5) O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no ~ Scan IE Control Panel in 00mn 00s ---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8) O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\Program Files\MICROS~2\Office12\EXCEL.exe ~ Scan IE Menu Contextuel in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO ~ Scan IE Extra Buttons in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\System32\nlaapi.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d’affectation de noms de messagerie.) -- C:\Windows\System32\NapiNSP.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\System32\pnrpnsp.dll O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\System32\pnrpnsp.dll O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\System32\mswsock.dll O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\System32\winrnr.dll O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.dll O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.dll ~ Scan Winsock in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ~ Scan Objets ActiveX in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{2B015339-CF8E-4E76-9AF8-3D0CC9B1E0FA}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CS1\Services\Tcpip\..\{2B015339-CF8E-4E76-9AF8-3D0CC9B1E0FA}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CS2\Services\Tcpip\..\{2B015339-CF8E-4E76-9AF8-3D0CC9B1E0FA}: NameServer = 8.8.8.8,8.8.4.4 ~ Scan Domain in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\MSVidCtl.dll O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.dll O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files\Common Files\microsoft shared\Help\hxds.dll O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.dll O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\MSVidCtl.dll O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll ~ Scan Protocole Additionnel in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\system32\igfxdev.dll ~ Scan Winlogon in 00mn 00s ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. ~ Scan SSODL in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) . (.Symantec Corporation - Symantec Service Framework.) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) . (.Symantec Corporation - Symantec Service Framework.) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 295.7.) - C:\Windows\System32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) . (.NVIDIA Corporation - NVIDIA Settings Update Manager.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: PnkBstrA (PnkBstrA) . (...) - C:\Windows\System32\PnkBstrA.exe O23 - Service: Client de gestion Symantec (SmcService) . (.Symantec Corporation - Symantec CMC Smc.) - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) . (.Symantec Corporation - Symantec AntiVirus.) - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe O23 - Service: TeamViewer 6 (TeamViewer6) . (.TeamViewer GmbH - TeamViewer Remote Control Application.) - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: TeamViewer 7 (TeamViewer7) . (.TeamViewer GmbH - TeamViewer Remote Control Application.) - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: Power Control [2011/02/26 16:42:22] ({B154377D-700F-42cc-9474-23858FBDF4BD}) . (.CyberLink Corp. - Pas de description.) - C:\Program Files\CyberLink\PowerDVD9\NavFilter\000.fcl ~ Scan Services in 00mn 00s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Default MHTML Editor: Last - .(...) - (.not file.) ~ Scan Desktop Component in 00mn 00s ---\\ BootExecute (O34) O34 - HKLM BootExecute: (autocheck autochk *) - File not found ~ Scan Keys in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-501933425-2476989565-1232407324-1000Core.job O39 - APT:Automatic Planified Task - C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-501933425-2476989565-1232407324-1000UA.job O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [MD5.FCC7C432FBF465C38FD5D940580EF9B7] [APT] [FacebookUpdateTaskUserS-1-5-21-501933425-2476989565-1232407324-1000Core] (.Facebook Inc..) -- C:\Users\CELSO\AppData\Local\Facebook\Update\FacebookUpdate.exe [MD5.FCC7C432FBF465C38FD5D940580EF9B7] [APT] [FacebookUpdateTaskUserS-1-5-21-501933425-2476989565-1232407324-1000UA] (.Facebook Inc..) -- C:\Users\CELSO\AppData\Local\Facebook\Update\FacebookUpdate.exe [MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [MD5.00000000000000000000000000000000] [APT] [{3297A559-5B5F-4C7C-B424-1361C06D20FE}] (...) -- D:\Directx\dxsetup.exe (.not file.) [MD5.00000000000000000000000000000000] [APT] [{87C5EE51-F534-4BED-BEB0-CF23AD2C062F}] (...) -- C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrinké\pacht cod2\pbsetup.exe (.not file.) [MD5.00000000000000000000000000000000] [APT] [{97FAB673-36A2-4CD2-BA32-68A669238929}] (...) -- D:\setup.exe (.not file.) [MD5.028CD3C6E95FF807859FA47A96604890] [APT] [{9C1D237C-593F-4628-9A9E-507628D61569}] (...) -- F:\Logiciels 2011 Kevin\Everest.Corporate.Edtion.v2.80\everest.exe [MD5.B8F49232247D0825B2B82E08A9E10753] [APT] [{BDF7492F-AD9E-4DB2-A57A-F3F0436E4635}] (.Malwarebytes Corporation.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [MD5.00000000000000000000000000000000] [APT] [{C544CD80-0710-4A00-B5B5-9B489786A3FD}] (...) -- D:\setup.exe (.not file.) [MD5.5BC75CB78D32CC34428FC8584A3BD167] [APT] [{CFD75BF0-4D55-4DDC-A7EA-B3C0F143E5F4}] (.NVIDIA Corporation.) -- C:\Users\CELSO\Downloads\295.73-desktop-win7-winvista-32bit-international-whql.exe [MD5.028CD3C6E95FF807859FA47A96604890] [APT] [{D7E0FBA8-3269-4FAB-AC5B-FEF3502D6084}] (...) -- C:\Users\CELSO\Desktop\Everest\everest.exe [MD5.00000000000000000000000000000000] [APT] [{F07B0A95-A454-472A-B4B2-880372743DFF}] (...) -- D:\setup.exe (.not file.) ~ Scan Scheduled Task in 00mn 07s ---\\ Composants installés (ActiveSetup Installed Components) (O40) O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - Personnalisation d’IEAK.) -- C:\Windows\System32\iedkcs32.dll O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\regutils.dll O40 - ASIC: Microsoft Windows Media Player 12.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\System32\wmpdxm.dll O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Windows Media Player.) -- C:\Windows\system32\wmp.dll O40 - ASIC: Web Platform Customizations - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll ~ Scan Active Setup in 00mn 00s ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: C:\Windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\system32\DRIVERS\blbdrive.sys O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\drivers\cdrom.sys O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\system32\Drivers\dfsc.sys O41 - Driver: C:\Windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\system32\drivers\discache.sys O41 - Driver: (eeCtrl) . (.Symantec Corporation - Symantec Eraser Control Driver.) - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys O41 - Driver: (ElbyCDIO) . (.Elaborate Bytes AG - ElbyCD Windows NT/2000/XP I/O driver.) - C:\Windows\system32\Drivers\ElbyCDIO.sys O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\system32\DRIVERS\netbios.sys O41 - Driver: C:\Windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\system32\DRIVERS\netbt.sys O41 - Driver: C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\system32\drivers\nsiproxy.sys O41 - Driver: C:\Windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\system32\DRIVERS\pacer.sys O41 - Driver: C:\Windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\system32\DRIVERS\rdbss.sys O41 - Driver: C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\system32\DRIVERS\RDPCDD.sys O41 - Driver: C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\system32\drivers\rdpencdd.sys O41 - Driver: C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\system32\drivers\rdprefmp.sys O41 - Driver: (Serial) . (.Microsoft Corporation - Pilote de périphérique série.) - C:\Windows\system32\DRIVERS\serial.sys O41 - Driver: (SPBBCDrv) . (.Symantec Corporation - SPBBC Driver.) - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys O41 - Driver: (SRTSP) . (.Symantec Corporation - Symantec AutoProtect.) - C:\Windows\system32\Drivers\SRTSP.sys O41 - Driver: (SRTSPX) . (.Symantec Corporation - Symantec AutoProtect.) - C:\Windows\system32\Drivers\SRTSPX.sys O41 - Driver: (SYMTDI) . (.Symantec Corporation - Network Dispatch Driver.) - C:\Windows\system32\Drivers\SYMTDI.sys O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\system32\DRIVERS\tdx.sys O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\drivers\termdd.sys O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys O41 - Driver: C:\Windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\system32\DRIVERS\wanarp.sys O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\system32\DRIVERS\wfplwf.sys ~ Scan Drivers in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin O42 - Logiciel: Adobe Reader X (10.1.2) - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-AA1000000001} O42 - Logiciel: Adobe Shockwave Player 11.5 - (.Adobe Systems, Inc..) [HKLM] -- Adobe Shockwave Player O42 - Logiciel: Ashampoo Burning Studio 10 v.10.0.15 - (.Ashampoo GmbH & Co. KG.) [HKLM] -- Ashampoo Burning Studio 10_is1 O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner O42 - Logiciel: Call of Duty® 2 - (.Activision.) [HKLM] -- InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374} O42 - Logiciel: Call of Duty® 4 - Modern Warfare - (.Activision.) [HKLM] -- InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217} O42 - Logiciel: Call of Duty® 4 - Modern Warfare 1.7 Patch - (.Pas de propriétaire.) [HKLM] -- InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498} O42 - Logiciel: CyberLink PowerDVD 9 - (.CyberLink Corp..) [HKLM] -- InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8} O42 - Logiciel: CyberLink PowerDVD 9 - (.CyberLink Corp..) [HKLM] -- {A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8} O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF} O42 - Logiciel: Diz&Nfo v1.7d - (.Pas de propriétaire.) [HKLM] -- Diz&Nfo v1.7d_is1 O42 - Logiciel: FTPRush 2.1.4 - (.wftpserver.com.) [HKLM] -- FTP Rush_is1 O42 - Logiciel: Facebook Video Calling 1.1.1.1 - (.Skype Limited.) [HKLM] -- {624E54D0-E4F4-434F-9EF6-D4D066EE4348} O42 - Logiciel: Google Earth Plug-in - (.Google.) [HKLM] -- {2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E} O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} O42 - Logiciel: HomePlayer 1.5.9d - (.HomePlayer.) [HKLM] -- HomePlayer O42 - Logiciel: Intel® Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM] -- HDMI O42 - Logiciel: Intel® TV Wizard - (.Intel Corporation.) [HKLM] -- TVWiz O42 - Logiciel: Java 6 Update 26 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216024FF} O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM] -- {8E5233E1-7495-44FB-8DEB-4BE906D59619} O42 - Logiciel: Les Sims 2 - (.Pas de propriétaire.) [HKLM] -- {6E7DD182-9FC6-4651-0095-2E666CC6AF35} O42 - Logiciel: Les Sims 2 Fun en Famille Kit - (.Pas de propriétaire.) [HKLM] -- {6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0} O42 - Logiciel: LiveUpdate 3.3 (Symantec Corporation) - (.Symantec Corporation.) [HKLM] -- LiveUpdate O42 - Logiciel: Logiciel d'archivage WinRAR - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} O42 - Logiciel: Malwarebytes Anti-Malware version 1.60.1.1000 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1 O42 - Logiciel: ManiaPlanet - (.Nadeo.) [HKLM] -- ManiaPlanet_is1 O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6} O42 - Logiciel: Microsoft .NET Framework 4 Client Profile FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E} O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93} O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8} O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8} O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8} O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8} O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8} O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8} O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8} O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A} O42 - Logiciel: Microsoft Office Access MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0015-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Excel MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office File Validation Add-In - (.Microsoft Corporation.) [HKLM] -- {90140000-2005-0000-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office InfoPath MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0044-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Outlook MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001A-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] -- PROPLUS O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (Arabic) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (Dutch) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (German) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proofing (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002C-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC} O42 - Logiciel: Microsoft Office Publisher MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0019-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Shared MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Word MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {770657D0-A123-3C07-8E44-1C83EC895118} O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {710f4c1c-cc18-4c49-8cbf-51240c89a1a2} O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 - (.Microsoft Corporation.) [HKLM] -- {86CE85E6-DBAC-3FFD-B977-E4B79F83C909} O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475} O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 - (.Microsoft Corporation.) [HKLM] -- {9BE518E6-ECC6-35A9-88E4-87755C07200F} O42 - Logiciel: Mises à jour NVIDIA 1.7.11 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack O42 - Logiciel: Mozilla Firefox 10.0.2 (x86 fr) - (.Mozilla.) [HKLM] -- Mozilla Firefox 10.0.2 (x86 fr) O42 - Logiciel: NVIDIA Logiciel système PhysX 9.12.0209 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX O42 - Logiciel: NVIDIA PhysX - (.NVIDIA Corporation.) [HKLM] -- {4EAE665D-957A-4D04-9679-3AD582008877} O42 - Logiciel: NVIDIA Pilote 3D Vision 295.73 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision O42 - Logiciel: NVIDIA Pilote audio HD : 1.3.12.0 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver O42 - Logiciel: NVIDIA Pilote du contrôleur 3D Vision 295.73 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB O42 - Logiciel: NVIDIA Pilote graphique 295.73 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver O42 - Logiciel: NVIDIA Stereoscopic 3D Driver - (.NVIDIA Corporation.) [HKLM] -- NVIDIAStereo O42 - Logiciel: PVSonyDll - (.NVIDIA Corporation.) [HKLM] -- {3D3E663D-4E7E-4577-A560-7ECDDD45548A} O42 - Logiciel: PhotoFiltre - (.Pas de propriétaire.) [HKCU] -- PhotoFiltre O42 - Logiciel: Playviz 1.7.7 - (.Previznet.) [HKCU] -- Playviz 1.7.7 O42 - Logiciel: QuickPar 0.9 - (.Peter B. Clements.) [HKLM] -- QuickPar O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2478663 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2539636 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2572078 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2633870 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656351 O42 - Logiciel: Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09} O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{AEA16A27-0B97-4670-818F-A98D06EC0A6F} O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0EF0D4FB-BB23-4515-AAEA-1240AC2DA525} O42 - Logiciel: Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{5A8732F0-C20F-4A9B-A2A9-66FE7A586C35} O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663) - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}.KB2478663 O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}.KB2518870 O42 - Logiciel: SnagIt 9 - (.TechSmith Corporation.) [HKLM] -- {2FADA80A-5D89-4CC8-9ED7-445527754A83} O42 - Logiciel: Symantec Endpoint Protection - (.Symantec Corporation.) [HKLM] -- {3C1AE512-3C37-44FA-BA42-ABB721EC5B1D} O42 - Logiciel: TeamSpeak 3 Client - (.TeamSpeak Systems GmbH.) [HKLM] -- TeamSpeak 3 Client O42 - Logiciel: TeamViewer 6 - (.TeamViewer GmbH.) [HKLM] -- TeamViewer 6 O42 - Logiciel: TeamViewer 7 - (.TeamViewer.) [HKLM] -- TeamViewer 7 O42 - Logiciel: TmNationsForever - (.Nadeo.) [HKLM] -- TmNationsForever_is1 O42 - Logiciel: Update for 2007 Microsoft Office System (KB967642) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D} O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2468871) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871 O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2533523) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523 O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2600217) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217 O42 - Logiciel: Update for Microsoft Office 2007 (KB2508958) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438} O42 - Logiciel: Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{B7873DF5-9E1C-45EE-8895-D29C6AE01202} O42 - Logiciel: Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C20964A7-5181-45E5-9E82-72F5D400DEBF} O42 - Logiciel: Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{97FF6C46-CE3A-47F6-BA6B-3D743ACA4054} O42 - Logiciel: Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{567103D1-96CD-4B76-93B9-2681A187DEFF} O42 - Logiciel: VLC media player 1.1.5 - (.VideoLAN.) [HKLM] -- VLC media player O42 - Logiciel: Virtual Plastic Surgery Software - VPSS v1.0 - (.Kaeria SARL.) [HKLM] -- Virtual Plastic Surgery Software - VPSS_is1 O42 - Logiciel: VirtualCloneDrive - (.Elaborate Bytes.) [HKLM] -- VirtualCloneDrive O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM] -- {34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5} O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {D45240D3-B6B3-4FF9-B243-54ECE3E10066} O42 - Logiciel: Windows Live ID Sign-in Assistant - (.Microsoft Corporation.) [HKLM] -- {C6150D8A-86ED-41D3-87BB-F3BB51B0B77F} O42 - Logiciel: Windows Live Installer - (.Microsoft Corporation.) [HKLM] -- {0B0F231F-CE6A-483D-AA23-77B364F75917} O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {AB61A2E9-37D3-485D-9085-19FBDF8CEF4A} O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {E5B21F11-6933-4E0B-A25C-7963E3C07D11} O42 - Logiciel: Windows Live PIMT Platform - (.Microsoft Corporation.) [HKLM] -- {83C292B7-38A5-440B-A731-07070E81A64F} O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM] -- {A9BDCA6B-3653-467B-AC83-94367DA3BFE3} O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM] -- {C893D8C0-1BA0-4517-B11C-E89B65E72F70} O42 - Logiciel: Windows Live SOXE - (.Microsoft Corporation.) [HKLM] -- {682B3E4F-696A-42DE-A41C-4C07EA1678B4} O42 - Logiciel: Windows Live SOXE Definitions - (.Microsoft Corporation.) [HKLM] -- {200FEC62-3C34-4D60-9CE8-EC372E01C08F} O42 - Logiciel: Windows Live UX Platform - (.Microsoft Corporation.) [HKLM] -- {CE95A79E-E4FC-4FFF-8A75-29F04B942FF2} O42 - Logiciel: Windows Live UX Platform Language Pack - (.Microsoft Corporation.) [HKLM] -- {05E379CC-F626-4E7D-8354-463865B303BF} O42 - Logiciel: Xfire (remove only) - (.Pas de propriétaire.) [HKLM] -- Xfire ---\\ HKCU & HKLM Software Keys [HKCU\Software\ASProtect] [HKCU\Software\ASUS] [HKCU\Software\Adobe] [HKCU\Software\AppDataLow\Software\Adobe] [HKCU\Software\AppDataLow\Software\Microsoft] [HKCU\Software\AppDataLow\Software] [HKCU\Software\AppDataLow] [HKCU\Software\Ashampoo] [HKCU\Software\Classes] [HKCU\Software\Clients] [HKCU\Software\CyberLink] [HKCU\Software\Digital River] [HKCU\Software\DivXNetworks] [HKCU\Software\Elaborate Bytes] [HKCU\Software\FTPRush] [HKCU\Software\Facebook] [HKCU\Software\Garmin] [HKCU\Software\Google] [HKCU\Software\Hewlett-Packard] [HKCU\Software\HookNetwork] [HKCU\Software\IM Providers] [HKCU\Software\INTEL] [HKCU\Software\ImInstaller] [HKCU\Software\IncrediMail] [HKCU\Software\JEDI-VCL] [HKCU\Software\JavaSoft] [HKCU\Software\Lake] [HKCU\Software\Lavalys] [HKCU\Software\Macromedia] [HKCU\Software\Malwarebytes' Anti-Malware] [HKCU\Software\MozillaPlugins] [HKCU\Software\Mozilla] [HKCU\Software\Mumble] [HKCU\Software\NVIDIA Corporation] [HKCU\Software\Netscape] [HKCU\Software\ODBC] [HKCU\Software\Piriform] [HKCU\Software\Policies] [HKCU\Software\SkypeRS] [HKCU\Software\Softonic] [HKCU\Software\Symantec] [HKCU\Software\Sysinternals] [HKCU\Software\TeamSpeak 3 Client] [HKCU\Software\TeamViewer] [HKCU\Software\TechSmith] [HKCU\Software\Trolltech] [HKCU\Software\Virtual Plastic Surgery Software - VPSS] [HKCU\Software\WinRAR] [HKCU\Software\Xfire] [HKCU\Software\YahooPartnerToolbar] [HKLM\Software\AGEIA Technologies] [HKLM\Software\ASUS] [HKLM\Software\ATI Technologies] [HKLM\Software\Activision] [HKLM\Software\Adobe] [HKLM\Software\AppDataLow] [HKLM\Software\Ashampoo] [HKLM\Software\BrowserChoice] [HKLM\Software\C07ft5Y] [HKLM\Software\Classes] [HKLM\Software\Clients] [HKLM\Software\CyberLink] [HKLM\Software\EA GAMES] [HKLM\Software\Elaborate Bytes] [HKLM\Software\Electronic Arts] [HKLM\Software\Even Balance] [HKLM\Software\Garmin] [HKLM\Software\Google] [HKLM\Software\Hewlett-Packard] [HKLM\Software\ImInstaller] [HKLM\Software\InstallShield] [HKLM\Software\Intel] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\Khronos] [HKLM\Software\Lake] [HKLM\Software\Licenses] [HKLM\Software\Logitech] [HKLM\Software\Macromedia] [HKLM\Software\Malwarebytes' Anti-Malware (Trial)] [HKLM\Software\Malwarebytes' Anti-Malware] [HKLM\Software\MozillaPlugins] [HKLM\Software\Mozilla] [HKLM\Software\NVIDIA Corporation] [HKLM\Software\ODBC] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\RegisteredApplications] [HKLM\Software\Sonic] [HKLM\Software\Symantec] [HKLM\Software\TeamViewer] [HKLM\Software\TechSmith] [HKLM\Software\Uniblue] [HKLM\Software\VideoLAN] [HKLM\Software\Volatile] [HKLM\Software\WinRAR] [HKLM\Software\Windows] [HKLM\Software\Wow6432Node] [HKLM\Software\mozilla.org] ~ Scan Softwares in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 19/05/2011 - 14:55:28 - [-669,815] ----D- C:\Program Files\Activision O43 - CFD: 17/06/2011 - 09:11:28 - [158,508] ----D- C:\Program Files\Adobe O43 - CFD: 17/05/2011 - 10:18:54 - [187,007] ----D- C:\Program Files\Ashampoo O43 - CFD: 16/05/2011 - 09:14:54 - [0,398] ----D- C:\Program Files\Call of Duty O43 - CFD: 25/02/2011 - 00:08:36 - [3,484] ----D- C:\Program Files\CCleaner O43 - CFD: 02/07/2011 - 01:15:00 - [383,219] ----D- C:\Program Files\Common Files O43 - CFD: 26/02/2011 - 16:42:44 - [192,712] ----D- C:\Program Files\CyberLink O43 - CFD: 26/02/2011 - 16:36:18 - [0,312] ----D- C:\Program Files\Diz&Nfo O43 - CFD: 02/03/2011 - 11:02:48 - [79,371] ----D- C:\Program Files\DVD Maker O43 - CFD: 11/07/2011 - 20:21:46 - [-1074,294] ----D- C:\Program Files\EA GAMES O43 - CFD: 24/02/2011 - 19:40:56 - [2,029] ----D- C:\Program Files\Elaborate Bytes O43 - CFD: 22/02/2011 - 17:00:46 - [0] -SH-D- C:\Program Files\Fichiers communs O43 - CFD: 11/04/2011 - 19:30:34 - [0,002] ----D- C:\Program Files\FileZilla FTP Client O43 - CFD: 11/04/2011 - 19:22:22 - [9,973] ----D- C:\Program Files\FTPRush O43 - CFD: 17/11/2011 - 00:58:02 - [58,807] ----D- C:\Program Files\Google O43 - CFD: 24/02/2011 - 19:44:56 - [135,712] ----D- C:\Program Files\HomePlayer O43 - CFD: 27/04/2011 - 11:40:52 - [45,979] ----D- C:\Program Files\HP O43 - CFD: 19/05/2011 - 15:11:36 - [20,592] ----D- C:\Program Files\InstallShield Installation Information O43 - CFD: 22/02/2011 - 17:16:46 - [11,571] ----D- C:\Program Files\Intel O43 - CFD: 15/02/2012 - 13:51:48 - [4,935] ----D- C:\Program Files\Internet Explorer O43 - CFD: 02/07/2011 - 01:14:30 - [84,449] ----D- C:\Program Files\Java O43 - CFD: 29/02/2012 - 22:31:50 - [11,412] ----D- C:\Program Files\Malwarebytes' Anti-Malware O43 - CFD: 20/10/2011 - 15:42:14 - [61,736] ----D- C:\Program Files\ManiaPlanet O43 - CFD: 14/07/2009 - 10:00:58 - [140,966] ----D- C:\Program Files\Microsoft Games O43 - CFD: 03/07/2011 - 06:55:04 - [479,611] ----D- C:\Program Files\Microsoft Office O43 - CFD: 24/02/2012 - 22:21:30 - [36,634] ----D- C:\Program Files\Microsoft Silverlight O43 - CFD: 22/02/2011 - 17:38:38 - [0,014] ----D- C:\Program Files\Microsoft Visual Studio O43 - CFD: 26/02/2011 - 16:46:36 - [3,554] ----D- C:\Program Files\Microsoft Works O43 - CFD: 03/03/2011 - 08:39:56 - [7,789] ----D- C:\Program Files\Microsoft.NET O43 - CFD: 26/02/2012 - 23:40:12 - [37,531] ----D- C:\Program Files\Mozilla Firefox O43 - CFD: 24/02/2011 - 19:14:18 - [0,025] ----D- C:\Program Files\MSBuild O43 - CFD: 24/02/2012 - 22:00:00 - [1004,957] ----D- C:\Program Files\NVIDIA Corporation O43 - CFD: 30/04/2011 - 13:40:44 - [3,528] ----D- C:\Program Files\PhotoFiltre O43 - CFD: 26/02/2011 - 16:33:38 - [0,898] ----D- C:\Program Files\QuickPar O43 - CFD: 14/07/2009 - 05:52:30 - [37,345] ----D- C:\Program Files\Reference Assemblies O43 - CFD: 24/02/2011 - 19:29:36 - [49,065] ----D- C:\Program Files\Symantec O43 - CFD: 14/02/2012 - 17:41:14 - [55,344] ----D- C:\Program Files\TeamSpeak 3 Client O43 - CFD: 06/12/2011 - 09:34:56 - [146,431] ----D- C:\Program Files\TeamViewer O43 - CFD: 24/02/2011 - 21:30:36 - [45,323] ----D- C:\Program Files\TechSmith O43 - CFD: 24/02/2011 - 21:53:26 - [713,725] ----D- C:\Program Files\TmNationsForever O43 - CFD: 14/07/2009 - 05:53:24 - [0] --H-D- C:\Program Files\Uninstall Information O43 - CFD: 22/02/2011 - 17:35:18 - [76,799] ----D- C:\Program Files\VideoLAN O43 - CFD: 17/07/2011 - 15:08:46 - [5,227] ----D- C:\Program Files\VPSS O43 - CFD: 11/04/2011 - 18:53:28 - [0] ----D- C:\Program Files\Wikikou O43 - CFD: 02/03/2011 - 11:02:44 - [2,909] ----D- C:\Program Files\Windows Defender O43 - CFD: 02/03/2011 - 11:02:48 - [6,689] ----D- C:\Program Files\Windows Journal O43 - CFD: 06/09/2011 - 16:01:34 - [62,208] ----D- C:\Program Files\Windows Live O43 - CFD: 02/03/2011 - 11:02:48 - [5,895] ----D- C:\Program Files\Windows Mail O43 - CFD: 02/03/2011 - 11:02:48 - [6,298] ----D- C:\Program Files\Windows Media Player O43 - CFD: 22/02/2011 - 17:00:46 - [11,632] ----D- C:\Program Files\Windows NT O43 - CFD: 02/03/2011 - 11:02:48 - [4,213] ----D- C:\Program Files\Windows Photo Viewer O43 - CFD: 02/03/2011 - 11:02:46 - [0,181] ----D- C:\Program Files\Windows Portable Devices O43 - CFD: 02/03/2011 - 11:02:48 - [6,374] ----D- C:\Program Files\Windows Sidebar O43 - CFD: 24/02/2011 - 19:18:30 - [4,827] ----D- C:\Program Files\WinRAR O43 - CFD: 18/12/2011 - 12:42:34 - [19,529] ----D- C:\Program Files\Xfire O43 - CFD: 01/03/2012 - 15:57:36 - [10,100] ----D- C:\Program Files\ZHPDiag O43 - CFD: 17/06/2011 - 09:11:32 - [3,651] ----D- C:\Program Files\Common Files\Adobe O43 - CFD: 24/02/2011 - 18:57:54 - [0] ----D- C:\Program Files\Common Files\BitDefender O43 - CFD: 26/02/2011 - 16:41:30 - [0,115] ----D- C:\Program Files\Common Files\CyberLink O43 - CFD: 22/02/2011 - 17:38:38 - [0,089] ----D- C:\Program Files\Common Files\DESIGNER O43 - CFD: 14/05/2011 - 00:43:46 - [2,770] ----D- C:\Program Files\Common Files\InstallShield O43 - CFD: 02/07/2011 - 01:15:00 - [1,201] ----D- C:\Program Files\Common Files\Java O43 - CFD: 24/02/2011 - 17:26:18 - [0,410] ----D- C:\Program Files\Common Files\logishrd O43 - CFD: 26/10/2011 - 10:19:44 - [273,937] ----D- C:\Program Files\Common Files\microsoft shared O43 - CFD: 14/07/2009 - 03:37:06 - [0,003] ----D- C:\Program Files\Common Files\Services O43 - CFD: 14/07/2009 - 03:37:06 - [39,200] ----D- C:\Program Files\Common Files\SpeechEngines O43 - CFD: 24/02/2011 - 19:30:46 - [19,589] ----D- C:\Program Files\Common Files\Symantec Shared O43 - CFD: 09/11/2011 - 10:23:44 - [42,256] ----D- C:\Program Files\Common Files\System O43 - CFD: 22/02/2011 - 17:40:38 - [0] ----D- C:\Program Files\Common Files\Windows Live O43 - CFD: 17/06/2011 - 09:11:30 - [0,000] ----D- C:\ProgramData\Adobe O43 - CFD: 14/07/2009 - 05:53:56 - [0] -SH-D- C:\ProgramData\Application Data O43 - CFD: 17/05/2011 - 10:19:20 - [0,344] ----D- C:\ProgramData\ashampoo O43 - CFD: 22/02/2011 - 17:00:46 - [0] -SH-D- C:\ProgramData\Bureau O43 - CFD: 26/02/2011 - 16:43:54 - [1,447] ----D- C:\ProgramData\CyberLink O43 - CFD: 14/07/2009 - 05:53:56 - [0] -SH-D- C:\ProgramData\Desktop O43 - CFD: 14/07/2009 - 05:53:56 - [0] -SH-D- C:\ProgramData\Documents O43 - CFD: 22/02/2011 - 17:00:46 - [0] -SH-D- C:\ProgramData\Favoris O43 - CFD: 14/07/2009 - 05:53:56 - [0] -SH-D- C:\ProgramData\Favorites O43 - CFD: 24/02/2011 - 18:34:58 - [0,000] ----D- C:\ProgramData\IM O43 - CFD: 19/05/2011 - 17:20:58 - [15,396] ----D- C:\ProgramData\Malwarebytes O43 - CFD: 04/02/2012 - 02:12:02 - [681,954] ----D- C:\ProgramData\ManiaPlanet O43 - CFD: 22/02/2011 - 17:00:46 - [0] -SH-D- C:\ProgramData\Menu Démarrer O43 - CFD: 25/02/2012 - 17:10:48 - [341,524] -S--D- C:\ProgramData\Microsoft O43 - CFD: 15/02/2012 - 13:07:46 - [0,061] ----D- C:\ProgramData\Microsoft Help O43 - CFD: 22/02/2011 - 17:00:46 - [0] -SH-D- C:\ProgramData\Modèles O43 - CFD: 01/03/2012 - 15:54:24 - [2,623] ----D- C:\ProgramData\NVIDIA O43 - CFD: 19/05/2011 - 14:40:56 - [0,909] ----D- C:\ProgramData\NVIDIA Corporation O43 - CFD: 14/07/2009 - 05:53:56 - [0] -SH-D- C:\ProgramData\Start Menu O43 - CFD: 01/03/2011 - 15:00:44 - [0,000] ----D- C:\ProgramData\Sun O43 - CFD: 24/02/2011 - 19:30:36 - [852,586] ----D- C:\ProgramData\Symantec O43 - CFD: 24/02/2011 - 21:30:40 - [0,888] ----D- C:\ProgramData\TechSmith O43 - CFD: 26/02/2011 - 16:37:48 - [0,051] ----D- C:\ProgramData\Temp O43 - CFD: 14/07/2009 - 05:53:56 - [0] -SH-D- C:\ProgramData\Templates O43 - CFD: 26/02/2011 - 21:33:28 - [551,981] ----D- C:\ProgramData\TmForever O43 - CFD: 18/12/2011 - 18:41:24 - [134,809] ----D- C:\ProgramData\Xfire O43 - CFD: 25/02/2011 - 09:45:56 - [3,856] ----D- C:\Users\CELSO\AppData\Roaming\Adobe O43 - CFD: 17/05/2011 - 10:20:08 - [0] ----D- C:\Users\CELSO\AppData\Roaming\Ashampoo O43 - CFD: 26/02/2011 - 16:43:54 - [0,002] ----D- C:\Users\CELSO\AppData\Roaming\CyberLink O43 - CFD: 11/04/2011 - 18:54:48 - [0,016] ----D- C:\Users\CELSO\AppData\Roaming\FileZilla O43 - CFD: 24/02/2012 - 21:40:38 - [0,175] ----D- C:\Users\CELSO\AppData\Roaming\FTPRush O43 - CFD: 29/11/2011 - 15:26:16 - [0,105] ----D- C:\Users\CELSO\AppData\Roaming\Garmin O43 - CFD: 22/02/2011 - 17:01:00 - [0] ----D- C:\Users\CELSO\AppData\Roaming\Identities O43 - CFD: 24/02/2011 - 18:37:26 - [0,055] ----D- C:\Users\CELSO\AppData\Roaming\Macromedia O43 - CFD: 19/05/2011 - 17:21:06 - [2,229] ----D- C:\Users\CELSO\AppData\Roaming\Malwarebytes O43 - CFD: 14/07/2009 - 10:00:24 - [0] ----D- C:\Users\CELSO\AppData\Roaming\Media Center Programs O43 - CFD: 01/02/2012 - 20:06:36 - [2,825] -S--D- C:\Users\CELSO\AppData\Roaming\Microsoft O43 - CFD: 24/02/2011 - 17:34:00 - [108,977] ----D- C:\Users\CELSO\AppData\Roaming\Mozilla O43 - CFD: 19/12/2011 - 18:55:54 - [1,087] ----D- C:\Users\CELSO\AppData\Roaming\Mumble O43 - CFD: 26/02/2011 - 16:45:08 - [0] ----D- C:\Users\CELSO\AppData\Roaming\NVIDIA O43 - CFD: 26/02/2011 - 18:57:26 - [8,253] ----D- C:\Users\CELSO\AppData\Roaming\OpenCandy O43 - CFD: 30/04/2011 - 13:52:22 - [0,002] ----D- C:\Users\CELSO\AppData\Roaming\PhotoFiltre O43 - CFD: 22/02/2011 - 17:21:16 - [0] ----D- C:\Users\CELSO\AppData\Roaming\QuickScan O43 - CFD: 24/02/2011 - 18:49:48 - [0,215] ----D- C:\Users\CELSO\AppData\Roaming\TeamViewer O43 - CFD: 24/02/2012 - 21:40:38 - [3,332] ----D- C:\Users\CELSO\AppData\Roaming\TS3Client O43 - CFD: 26/02/2011 - 19:04:34 - [0,192] ----D- C:\Users\CELSO\AppData\Roaming\Uniblue O43 - CFD: 27/10/2011 - 15:19:30 - [1,808] ----D- C:\Users\CELSO\AppData\Roaming\vlc O43 - CFD: 24/02/2011 - 19:19:00 - [1,180] ----D- C:\Users\CELSO\AppData\Roaming\WinRAR O43 - CFD: 29/01/2012 - 20:25:26 - [0,009] ----D- C:\Users\CELSO\AppData\Roaming\Xfire O43 - CFD: 25/02/2011 - 09:45:56 - [15,213] ----D- C:\Users\CELSO\AppData\Local\Adobe O43 - CFD: 22/02/2011 - 17:00:52 - [0] -SH-D- C:\Users\CELSO\AppData\Local\Application Data O43 - CFD: 17/05/2011 - 10:20:02 - [0,344] ----D- C:\Users\CELSO\AppData\Local\ashampoo O43 - CFD: 26/02/2011 - 16:45:02 - [0,007] ----D- C:\Users\CELSO\AppData\Local\Cyberlink O43 - CFD: 26/02/2012 - 01:59:02 - [0,425] ----D- C:\Users\CELSO\AppData\Local\Diagnostics O43 - CFD: 06/09/2011 - 16:42:20 - [0,093] ----D- C:\Users\CELSO\AppData\Local\Downloader O43 - CFD: 23/02/2012 - 21:36:50 - [0,299] ----D- C:\Users\CELSO\AppData\Local\ElevatedDiagnostics O43 - CFD: 03/12/2011 - 17:22:00 - [6,511] ----D- C:\Users\CELSO\AppData\Local\Facebook O43 - CFD: 30/04/2011 - 14:44:28 - [0] ----D- C:\Users\CELSO\AppData\Local\Google O43 - CFD: 22/02/2011 - 17:00:52 - [0] -SH-D- C:\Users\CELSO\AppData\Local\Historique O43 - CFD: 24/02/2011 - 18:37:20 - [8,655] ----D- C:\Users\CELSO\AppData\Local\IM O43 - CFD: 25/02/2012 - 17:10:48 - [562,774] ----D- C:\Users\CELSO\AppData\Local\Microsoft O43 - CFD: 22/09/2011 - 19:15:24 - [0,161] ----D- C:\Users\CELSO\AppData\Local\Microsoft Games O43 - CFD: 01/02/2012 - 20:06:34 - [0,101] ----D- C:\Users\CELSO\AppData\Local\Microsoft Help O43 - CFD: 05/10/2011 - 10:41:32 - [0,179] ----D- C:\Users\CELSO\AppData\Local\MigWiz O43 - CFD: 24/02/2011 - 17:33:30 - [374,556] ----D- C:\Users\CELSO\AppData\Local\Mozilla O43 - CFD: 27/02/2011 - 10:06:50 - [0] ----D- C:\Users\CELSO\AppData\Local\OpenCandy O43 - CFD: 20/05/2011 - 21:52:28 - [5,830] ----D- C:\Users\CELSO\AppData\Local\PunkBuster O43 - CFD: 24/02/2011 - 19:30:40 - [16,387] ----D- C:\Users\CELSO\AppData\Local\Symantec O43 - CFD: 24/02/2011 - 21:30:36 - [11,797] ----D- C:\Users\CELSO\AppData\Local\TechSmith O43 - CFD: 01/03/2012 - 15:54:52 - [5,908] ----D- C:\Users\CELSO\AppData\Local\Temp O43 - CFD: 22/02/2011 - 17:00:52 - [0] -SH-D- C:\Users\CELSO\AppData\Local\Temporary Internet Files O43 - CFD: 26/02/2011 - 17:30:34 - [-895,550] ----D- C:\Users\CELSO\AppData\Local\VirtualStore O43 - CFD: 01/03/2012 - 11:57:28 - [0,063] ----D- C:\Users\CELSO\AppData\Local\Windows Live O43 - CFD: 26/02/2012 - 12:36:26 - [0] ----D- C:\Users\CELSO\AppData\Local\{21323798-F0F1-46C1-93F5-4D78751EDA46} O43 - CFD: 27/02/2012 - 00:37:40 - [0] ----D- C:\Users\CELSO\AppData\Local\{68DB5F03-B576-48F7-85FE-84B19F380F95} O43 - CFD: 29/02/2012 - 19:37:48 - [0] ----D- C:\Users\CELSO\AppData\Local\{83DA3416-C940-4A57-800C-0BC28D0F7B1B} O43 - CFD: 01/03/2012 - 11:56:40 - [0] ----D- C:\Users\CELSO\AppData\Local\{A8D7FA30-AE5A-4015-90E3-7A07465B2017} O43 - CFD: 27/02/2012 - 13:24:00 - [0] ----D- C:\Users\CELSO\AppData\Local\{DCCAC3E5-0625-43BD-9A0A-BCABC323C64F} ~ Scan Program Folder in 01mn 45s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.1A913E8696E8F2CD758CDB0C9C0D22C2] - 01/03/2012 - 15:58:39 ---A- . (...) -- C:\Windows\WindowsUpdate.log [124493] O44 - LFC:[MD5.8E6310F248C4B6CCAD05C42287356DDD] - 01/03/2012 - 15:54:26 ---A- . (...) -- C:\Windows\setupact.log [843] O44 - LFC:[MD5.5F81096EC16A3977668FFE7893758BC1] - 01/03/2012 - 15:54:22 -S-A- . (...) -- C:\Windows\bootstat.dat [67584] O44 - LFC:[MD5.0DB7527DB188C7D967A37BB51BBF3963] - 01/03/2012 - 14:43:07 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbamswissarmy.sys [40776] O44 - LFC:[MD5.8E4A4137D4AFAE5A101E7DB18AA26848] - 01/03/2012 - 14:20:57 ---A- . (...) -- C:\Windows\system32\PerfStringBackup.INI [1549700] O44 - LFC:[MD5.459DCA304BF29FF3E81C6F774A79D707] - 01/03/2012 - 14:20:57 ---A- . (...) -- C:\Windows\system32\perfc009.dat [106190] O44 - LFC:[MD5.18CDC094A676FE47080CCD860EB295ED] - 01/03/2012 - 14:20:57 ---A- . (...) -- C:\Windows\system32\perfc00C.dat [130548] O44 - LFC:[MD5.99DEAE2A78FC7BC5B0BE5E775F904533] - 01/03/2012 - 14:20:57 ---A- . (...) -- C:\Windows\system32\perfh009.dat [615810] O44 - LFC:[MD5.F706069057D460C50F0D4C9F4B85C387] - 01/03/2012 - 14:20:57 ---A- . (...) -- C:\Windows\system32\perfh00C.dat [704242] O44 - LFC:[MD5.02440C2665C6DE0E48321979042C3BB0] - 01/03/2012 - 14:15:35 ---A- . (...) -- C:\Windows\PFRO.log [5612] O44 - LFC:[MD5.B7CA8CC3F978201856B6AB82F40953C3] - 29/02/2012 - 22:29:43 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys [20464] O44 - LFC:[MD5.24097AF73562086C5DC1B48412F02DA0] - 29/02/2012 - 22:27:34 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\Windows\system32\FlashPlayerCPLApp.cpl [414368] O44 - LFC:[MD5.1B6CABCAE393257233F0F916F7D99D4E] - 29/02/2012 - 22:27:10 ---A- . (...) -- C:\Windows\system32\lvcoinst.log [10700] O44 - LFC:[MD5.628BA691C30D52309016F01D011BE900] - 29/02/2012 - 17:53:41 ---A- . (...) -- C:\Windows\system32\FNTCACHE.DAT [409992] O44 - LFC:[MD5.F7CD5E9902D3B778759B467046A104F4] - 26/02/2012 - 14:37:22 ---A- . (...) -- C:\Windows\MEMORY.DMP [407791962] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 26/02/2012 - 11:40:31 ---A- . (...) -- C:\Windows\setuperr.log [0] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 24/02/2012 - 21:59:58 ---A- . (...) -- C:\Windows\system32\nvdrssel.bin [0] O44 - LFC:[MD5.0195003E40E6EBB9B684C2FD1D13E38D] - 23/02/2012 - 22:29:34 ---A- . (.NVIDIA Corporation - Generic Coinstaller.) -- C:\Windows\system32\nvhdagenco3220103.dll [876864] O44 - LFC:[MD5.3D7FB57354703809B5F0C23287FAC1D6] - 23/02/2012 - 22:29:34 ---A- . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) -- C:\Windows\system32\drivers\nvhda32v.sys [148800] O44 - LFC:[MD5.A435BA6A5146800CC0335972A37CD7FD] - 23/02/2012 - 22:29:34 ---A- . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) -- C:\Windows\system32\nvhdap32.dll [27968] O44 - LFC:[MD5.188A70B814F4C77EA093A1CA34CC8F2D] - 10/02/2012 - 05:13:00 ---A- . (...) -- C:\Windows\system32\nvinfo.pb [8772] O44 - LFC:[MD5.1992D479AC7B804B699EFA8573230C94] - 10/02/2012 - 05:13:00 ---A- . (.Khronos Group - OpenCL Client DLL.) -- C:\Windows\system32\OpenCL.dll [61248] O44 - LFC:[MD5.2941DA00EFD5F801EFE442BABD8B3B6D] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - Display Driver Coinstaller.) -- C:\Windows\system32\nvdispco32.dll [1000256] O44 - LFC:[MD5.5055CA6E2C7041C1557B48CC1E487CAA] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - Generic Coinstaller.) -- C:\Windows\system32\nvgenco32.dll [881984] O44 - LFC:[MD5.9FD158015EE8F3B4971A76BC6E3B520F] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA CUDA Driver, Version 295.73.) -- C:\Windows\system32\nvcuda.dll [5892928] O44 - LFC:[MD5.D592EA592BFC42BBAA64B9A36E11A956] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA CUDA Video Decode API, Version 295.7.) -- C:\Windows\system32\nvcuvid.dll [2517312] O44 - LFC:[MD5.680BF097C8D195109590E8078C71F989] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA CUDA Video Encoder, Version 295.73.) -- C:\Windows\system32\nvcuvenc.dll [2437440] O44 - LFC:[MD5.7E6E761D5C5A4BCF19BA3149310770D2] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA Compatible OpenGL ICD.) -- C:\Windows\system32\nvoglv32.dll [19443520] O44 - LFC:[MD5.AD5DAA753919D0EBCC8CE85031E11550] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA Compiler, Version 295.73.) -- C:\Windows\system32\nvcompiler.dll [17543488] O44 - LFC:[MD5.C2B076639017CAB78DD63FF8F94BDD7C] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA D3D10 Driver, Version 295.73.) -- C:\Windows\system32\nvwgf2um.dll [7713088] O44 - LFC:[MD5.E9511F7F35D6A144C1B5F067209C1CBA] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA NVAPI Library, Version 295.73.) -- C:\Windows\system32\nvapi.dll [2301248] O44 - LFC:[MD5.91C8B1471CD7BDAE2FF6F062E25228BD] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA WDDM D3D Driver, Version 295.73.) -- C:\Windows\system32\nvd3dum.dll [15009600] O44 - LFC:[MD5.F452E6AD3EDA2852F44BE492E283C40F] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version.) -- C:\Windows\system32\drivers\nvlddmkm.sys [10816832] O44 - LFC:[MD5.CCDCF296BF51DD66F6341B188373A78E] - 10/02/2012 - 04:02:06 ---A- . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\nvcpl.dll [3881792] O44 - LFC:[MD5.788FCC23961A7D65372D6BF3709DD39B] - 10/02/2012 - 04:00:44 ---A- . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 295.7.) -- C:\Windows\system32\nvsvc.dll [2719040] O44 - LFC:[MD5.70145ADE9EFE2CE296DD5FC761B4969B] - 10/02/2012 - 04:00:26 ---A- . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 295.7.) -- C:\Windows\system32\nvvsvc.exe [645440] O44 - LFC:[MD5.A9EF3534BFF340D2FEFB052B0DD7C4DB] - 10/02/2012 - 04:00:26 ---A- . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\system32\nvmctray.dll [108352] O44 - LFC:[MD5.216CD1ABF4CEDB5F4554D1E9DC2E4FF6] - 10/02/2012 - 04:00:26 ---A- . (.NVIDIA Corporation - Pas de description.) -- C:\Windows\system32\nvshext.dll [62272] O44 - LFC:[MD5.31C523B4181F48BA6B7DC23EC1861433] - 10/02/2012 - 04:00:25 ---A- . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 295.7.) -- C:\Windows\system32\nvsvcr.dll [2561344] O44 - LFC:[MD5.F86A49D72D156947AB4B1F398F6B98EA] - 09/02/2012 - 20:05:44 ---A- . (...) -- C:\Windows\system32\nvStreaming.exe [416064] ~ Scan Files in 01mn 30s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.D1455CB244C17F3C1C65F4C8C37AB0F9] - 01/03/2012 - 00:00:32 ---A- - C:\Windows\Prefetch\IGFXSRVC.EXE-67E7A62F.pf O45 - LFCP:[MD5.66EC6C9259E3629EE562EA4382822DA6] - 01/03/2012 - 10:00:04 ---A- - C:\Windows\Prefetch\SDCLT.EXE-2D2C4DDD.pf O45 - LFCP:[MD5.AF1846277C34292616C5085D193BCBC8] - 01/03/2012 - 10:47:19 ---A- - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-501933425-2476989565-1232407324-1000.db O45 - LFCP:[MD5.BE7D3D5D7A5EB25EE9B1670514BFFD8C] - 01/03/2012 - 10:47:19 ---A- - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-501933425-2476989565-1232407324-1000.db O45 - LFCP:[MD5.033ED07152FD57EE2550BA4CFC7C166D] - 01/03/2012 - 11:15:36 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-6202E8F2.pf O45 - LFCP:[MD5.66B0868507D65A5280382A10CF9F7922] - 01/03/2012 - 11:33:31 ---A- - C:\Windows\Prefetch\TASKMGR.EXE-72398DC0.pf O45 - LFCP:[MD5.3F5ECAF35CC4DA8E9E25D6477967E139] - 01/03/2012 - 11:35:24 ---A- - C:\Windows\Prefetch\SAVUI.EXE-24D69985.pf O45 - LFCP:[MD5.1457C57F0ED10A783D231975CC9AC1A9] - 01/03/2012 - 11:36:00 ---A- - C:\Windows\Prefetch\RTVSCAN.EXE-C249E232.pf O45 - LFCP:[MD5.A458A60B690FE85CAAB2F8EA34425B4D] - 01/03/2012 - 11:55:35 ---A- - C:\Windows\Prefetch\Layout.ini O45 - LFCP:[MD5.1658BA17A31F9DF1A9B97BCC506D64E7] - 01/03/2012 - 11:55:42 ---A- - C:\Windows\Prefetch\DEFRAG.EXE-738093E8.pf O45 - LFCP:[MD5.552395E86CF2536BC0AE58E7378B824A] - 01/03/2012 - 11:55:46 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-8DA0BAAD.pf O45 - LFCP:[MD5.770E51B33B322558188FCABF1E7506C7] - 01/03/2012 - 12:05:24 ---A- - C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-1D5F6C6B.pf O45 - LFCP:[MD5.48B094BB8948FB7530D78B652BF402B1] - 01/03/2012 - 12:32:56 ---A- - C:\Windows\Prefetch\SYMCORPUI.EXE-9552AFDC.pf O45 - LFCP:[MD5.57C0BA3A6E03B761D3EC2F9003100360] - 01/03/2012 - 12:33:11 ---A- - C:\Windows\Prefetch\SESCLU.EXE-3C84D030.pf O45 - LFCP:[MD5.AB32680DE97764346233E01E07DDB479] - 01/03/2012 - 12:33:42 ---A- - C:\Windows\Prefetch\DWHWIZRD.EXE-3820D06C.pf O45 - LFCP:[MD5.ECEE279E98A97F37127159C6ED859DD1] - 01/03/2012 - 12:33:57 ---A- - C:\Windows\Prefetch\LUCALLBACKPROXY.EXE-9EFD4A00.pf O45 - LFCP:[MD5.F42A5770FD721C5165D19773C327D05F] - 01/03/2012 - 12:34:02 ---A- - C:\Windows\Prefetch\LUALL.EXE-C73A48CA.pf O45 - LFCP:[MD5.CAED425DE3EF7D7DF2EC14F9B5F09AAC] - 01/03/2012 - 12:34:04 ---A- - C:\Windows\Prefetch\LUCOMS~1.EXE-95D7A512.pf O45 - LFCP:[MD5.E50588886F551443D9F862D831109CFE] - 01/03/2012 - 13:13:01 ---A- - C:\Windows\Prefetch\WINDOWSLIVEPHOTOVIEWER.EXE-6106E219.pf O45 - LFCP:[MD5.0E362D054BEB2FDB2F21225685FE0915] - 01/03/2012 - 13:14:40 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-71214090.pf O45 - LFCP:[MD5.48352CCA6FD22F7EADDE2A10F111940D] - 01/03/2012 - 13:19:11 ---A- - C:\Windows\Prefetch\MSNMSGR.EXE-DD43BBF4.pf O45 - LFCP:[MD5.16A3EDF15B88C108F74B682459B12B45] - 01/03/2012 - 13:27:28 ---A- - C:\Windows\Prefetch\WLCOMM.EXE-648065CA.pf O45 - LFCP:[MD5.6396441F8C5833761FA2F6AB10AE136E] - 01/03/2012 - 14:11:07 ---A- - C:\Windows\Prefetch\TASKHOST.EXE-437C05A8.pf O45 - LFCP:[MD5.23690CC18E519D622F79661D7CB4B9A9] - 01/03/2012 - 14:13:17 ---A- - C:\Windows\Prefetch\SMCGUI.EXE-3A816A45.pf O45 - LFCP:[MD5.F91958A425723E65962542B0C220F072] - 01/03/2012 - 14:14:03 ---A- - C:\Windows\Prefetch\PfSvPerfStats.bin O45 - LFCP:[MD5.BA919E067236E62387CA4ECBAED2AFE6] - 01/03/2012 - 14:17:26 ---A- - C:\Windows\Prefetch\ATBROKER.EXE-FF58B71D.pf O45 - LFCP:[MD5.AA7B9BE4CA2BBBCA1320EFE98AAEE991] - 01/03/2012 - 14:17:26 ---A- - C:\Windows\Prefetch\EXPLORER.EXE-7A3328DA.pf O45 - LFCP:[MD5.2E7E3988E771E5A302DEA97CD560D1D0] - 01/03/2012 - 14:17:44 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-DB4C36D7.pf O45 - LFCP:[MD5.67E78FCC5C64790CA40E9F573F5879CA] - 01/03/2012 - 14:20:01 ---A- - C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-031B6478.pf O45 - LFCP:[MD5.FD1916240921849CAE6E4F6142FFA816] - 01/03/2012 - 14:26:01 ---A- - C:\Windows\Prefetch\FACEBOOKUPDATE.EXE-956D9D42.pf O45 - LFCP:[MD5.A390832436D67BE393174902135C8FC5] - 01/03/2012 - 14:29:32 ---A- - C:\Windows\Prefetch\WERMGR.EXE-2A1BCBC7.pf O45 - LFCP:[MD5.71171B892E97F5A509F0A3B5BB69EA27] - 01/03/2012 - 14:29:37 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-D40FB18A.pf O45 - LFCP:[MD5.D474CADE406451590DE9E2BAD84949EE] - 01/03/2012 - 14:31:38 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-E2054E7F.pf O45 - LFCP:[MD5.73F92170944857ED43D93BE042045C30] - 01/03/2012 - 14:43:07 ---A- - C:\Windows\Prefetch\REGSVR32.EXE-55A4EE79.pf O45 - LFCP:[MD5.FA2A94819CF7BD01CE5E884E2C1FB822] - 01/03/2012 - 14:44:34 ---A- - C:\Windows\Prefetch\NOTEPAD.EXE-EB1B961A.pf O45 - LFCP:[MD5.741ECE1B33098A0E6F95FF47C69F878C] - 01/03/2012 - 14:57:31 ---A- - C:\Windows\Prefetch\AgRobust.db O45 - LFCP:[MD5.5917F9DD5A3FBA1270A1814C387F5508] - 01/03/2012 - 14:57:32 ---A- - C:\Windows\Prefetch\AgGlGlobalHistory.db O45 - LFCP:[MD5.61DD173EF1D7BAB171C119732752B2B3] - 01/03/2012 - 14:57:34 ---A- - C:\Windows\Prefetch\AgGlFaultHistory.db O45 - LFCP:[MD5.7E3459B0BC331D817905B86772DF8868] - 01/03/2012 - 14:57:39 ---A- - C:\Windows\Prefetch\AgGlFgAppHistory.db O45 - LFCP:[MD5.09FC76687539940E5F5824834EBB1548] - 01/03/2012 - 15:02:10 ---A- - C:\Windows\Prefetch\TASKENG.EXE-5BAF290C.pf O45 - LFCP:[MD5.C39A9C64377A4301D255098CCDD9D6B2] - 01/03/2012 - 15:55:32 ---A- - C:\Windows\Prefetch\AUDIODG.EXE-D0D776AC.pf O45 - LFCP:[MD5.50EF1165A2B5713890241C20EAF24603] - 01/03/2012 - 15:55:32 ---A- - C:\Windows\Prefetch\LOGONUI.EXE-1BEE4A84.pf O45 - LFCP:[MD5.B4FE636460758CE872554C42443F07A6] - 01/03/2012 - 15:55:32 ---A- - C:\Windows\Prefetch\MPNOTIFY.EXE-55171BA9.pf O45 - LFCP:[MD5.319DFEC7F0BC9ABF455B9D722319F29D] - 01/03/2012 - 15:55:32 ---A- - C:\Windows\Prefetch\NVVSVC.EXE-261BA731.pf O45 - LFCP:[MD5.84622CC93602BFD931CB6DC70AEDD31B] - 01/03/2012 - 15:55:32 ---A- - C:\Windows\Prefetch\NVXDSYNC.EXE-297C5BB3.pf O45 - LFCP:[MD5.D0E5DD10D9BBE46C55A03797E24B71AE] - 01/03/2012 - 15:55:32 ---A- - C:\Windows\Prefetch\SMC.EXE-6A4099C4.pf O45 - LFCP:[MD5.C7C47F671923C4D31F33AA76AD1F9303] - 01/03/2012 - 15:55:32 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-7643E300.pf O45 - LFCP:[MD5.705010C4B12B6D632747886440D58C48] - 01/03/2012 - 15:55:58 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-53B78AD0.pf O45 - LFCP:[MD5.712BAFCBCFED7F9ACF7CE66413948AF2] - 01/03/2012 - 15:56:07 ---A- - C:\Windows\Prefetch\FIREFOX.EXE-E60C0AA7.pf O45 - LFCP:[MD5.EC2F0B40CD50A2D185BD269C30E56AFC] - 01/03/2012 - 15:56:39 ---A- - C:\Windows\Prefetch\CONSENT.EXE-65F6206D.pf O45 - LFCP:[MD5.B20501FB8B6ECFC6CCDEECFD6522C36D] - 01/03/2012 - 15:56:44 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-893DDF55.pf O45 - LFCP:[MD5.CFEE0A94A47BC6C28DF56A27F80C04D7] - 01/03/2012 - 15:56:54 ---A- - C:\Windows\Prefetch\MSCORSVW.EXE-FAA88858.pf O45 - LFCP:[MD5.A3867A1CB6C40D2A9D4CB24400810DEF] - 01/03/2012 - 15:56:55 ---A- - C:\Windows\Prefetch\GOOGLEUPDATE.EXE-8973CEDD.pf O45 - LFCP:[MD5.D840C0836643E437A48F4A6A9C3E341C] - 01/03/2012 - 15:56:56 ---A- - C:\Windows\Prefetch\CONHOST.EXE-3218E401.pf O45 - LFCP:[MD5.61B2E5B1021932E913306170C6AF1187] - 01/03/2012 - 15:57:01 ---A- - C:\Windows\Prefetch\WMIPRVSE.EXE-43972D0F.pf O45 - LFCP:[MD5.B2F31767D7F711C6A76E9988BBD32D58] - 01/03/2012 - 15:57:02 ---A- - C:\Windows\Prefetch\SPPSVC.EXE-CBE91656.pf O45 - LFCP:[MD5.DF8001E24715C13250C993BB42A57EE1] - 01/03/2012 - 15:57:11 ---A- - C:\Windows\Prefetch\DAEMONU.EXE-71078F74.pf O45 - LFCP:[MD5.5A141FE46FB4E7BB0A93C17B1E3B83A6] - 01/03/2012 - 15:58:25 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-93CEEE07.pf O45 - LFCP:[MD5.7B6CD4CF19C875949D007659C4927C3A] - 01/03/2012 - 15:59:01 ---A- - C:\Windows\Prefetch\WMIADAP.EXE-369DF1CD.pf O45 - LFCP:[MD5.A4BE90A66BB86EE842387B5B9018257A] - 01/03/2012 - 16:00:31 ---A- - C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-AA7A1FDD.pf O45 - LFCP:[MD5.EE71A8BA81F85D821F21F22D5CC0FFE7] - 01/03/2012 - 16:00:31 ---A- - C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-AFAD3EF9.pf O45 - LFCP:[MD5.D718AFAE0178C28ECDFABDAE98BCBB41] - 26/02/2012 - 01:17:03 ---A- - C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf O45 - LFCP:[MD5.37A795C43426DC3899B266373DEBA6AB] - 26/02/2012 - 01:19:05 ---A- - C:\Windows\Prefetch\AgCx_SC4.db O45 - LFCP:[MD5.EFDEDB0650EE819A315A17727E79429C] - 26/02/2012 - 01:55:55 ---A- - C:\Windows\Prefetch\MSDT.EXE-3D8E9353.pf O45 - LFCP:[MD5.6EB7FF03D6F6AED5857A350FE3375096] - 26/02/2012 - 12:37:14 ---A- - C:\Windows\Prefetch\HCHNZI0V.EXE-AF52E1C1.pf O45 - LFCP:[MD5.5DC05BF34206CB64208287A7E6A7FC5F] - 26/02/2012 - 13:20:34 ---A- - C:\Windows\Prefetch\ACRORD32.EXE-33939BD1.pf O45 - LFCP:[MD5.40CE1179A49429E7AA34E0ED5D286714] - 26/02/2012 - 13:20:58 ---A- - C:\Windows\Prefetch\ADOBEARM.EXE-ACA00A4A.pf O45 - LFCP:[MD5.D165DA6516F7647364B31222CE7271F2] - 26/02/2012 - 14:41:08 ---A- - C:\Windows\Prefetch\SC.EXE-BC6DAF49.pf O45 - LFCP:[MD5.5DA4E2AA91516F0DC1D68C10A33C0A8A] - 26/02/2012 - 17:42:26 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-85E123DD.pf O45 - LFCP:[MD5.40E3549A7DD8D13B92DE50669533BBBA] - 26/02/2012 - 17:58:54 ---A- - C:\Windows\Prefetch\FTPRUSH.EXE-91557209.pf O45 - LFCP:[MD5.F89C4586170974646D3F4607A4B8FB04] - 26/02/2012 - 19:28:55 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-B6C9169C.pf O45 - LFCP:[MD5.973B90477200CD4334737367E885243E] - 26/02/2012 - 19:40:19 ---A- - C:\Windows\Prefetch\TEAMVIEWER_DESKTOP.EXE-80FF783D.pf O45 - LFCP:[MD5.77BADE0B22DD74497A70DF98D845B8B3] - 26/02/2012 - 20:42:01 ---A- - C:\Windows\Prefetch\WINRAR.EXE-6F42D4E7.pf O45 - LFCP:[MD5.D9F534785F33E8CF862272DC65103C66] - 26/02/2012 - 20:50:36 ---A- - C:\Windows\Prefetch\VLC.EXE-CE8E9BE1.pf O45 - LFCP:[MD5.46C0F6104C6BF5EE5AA037CC814D9BBA] - 26/02/2012 - 23:40:11 ---A- - C:\Windows\Prefetch\UPDATER.EXE-CE019E81.pf O45 - LFCP:[MD5.234666BA890272ED97261245A275BB22] - 26/02/2012 - 23:40:14 ---A- - C:\Windows\Prefetch\HELPER.EXE-36267E56.pf O45 - LFCP:[MD5.E9905E9F099DD55B1C622A226D9CB280] - 27/02/2012 - 00:38:26 ---A- - C:\Windows\Prefetch\WPBXI4ES.EXE-A21BCFAC.pf O45 - LFCP:[MD5.07AB1871F65DFAD2E7D07D8291CFF8A9] - 27/02/2012 - 12:25:00 ---A- - C:\Windows\Prefetch\PNKBSTRA.EXE-C7CBC1AC.pf O45 - LFCP:[MD5.03BCE3FDF70D4C74015051AB41884030] - 27/02/2012 - 12:25:00 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-7488A139.pf O45 - LFCP:[MD5.37B79138545EE1C62B6E52632465C14A] - 27/02/2012 - 13:19:07 ---A- - C:\Windows\Prefetch\NTVDM.EXE-42770598.pf O45 - LFCP:[MD5.B044EAA4ABA086FD29876D2B8B8D39BF] - 27/02/2012 - 13:24:47 ---A- - C:\Windows\Prefetch\D2QDACY9.EXE-A0D40668.pf O45 - LFCP:[MD5.BABE80A355C683E4F2BFD6AD6232C43B] - 27/02/2012 - 13:40:37 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-5408F669.pf O45 - LFCP:[MD5.5A55EE2DE132ED0F9D82303F175EE5C8] - 27/02/2012 - 13:40:40 ---A- - C:\Windows\Prefetch\OUTLOOK.EXE-B9F191EB.pf O45 - LFCP:[MD5.AE6887AC571CEAFC466F42D84D9329D7] - 27/02/2012 - 13:41:28 ---A- - C:\Windows\Prefetch\VCDMOUNT.EXE-6E08686D.pf O45 - LFCP:[MD5.D830E649E4B76E00675AEED046F44134] - 27/02/2012 - 13:42:06 ---A- - C:\Windows\Prefetch\EVEREST.EXE-2253DFA1.pf O45 - LFCP:[MD5.642EFD781B70E89850B55ACA5165ABAC] - 27/02/2012 - 13:42:16 ---A- - C:\Windows\Prefetch\EVEREST.BIN-15E1F87C.pf O45 - LFCP:[MD5.4F84A466C0450DB74842888076B83737] - 27/02/2012 - 13:55:30 ---A- - C:\Windows\Prefetch\PREVHOST.EXE-205F609A.pf O45 - LFCP:[MD5.6DA29E4EA6A331BD0ACBF046851D80A5] - 29/02/2012 - 16:01:03 ---A- - C:\Windows\Prefetch\CCSVCHST.EXE-18A52415.pf O45 - LFCP:[MD5.2A13743E3CBFC263F3B5C97EE8543C9D] - 29/02/2012 - 16:01:03 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-2A6E95B3.pf O45 - LFCP:[MD5.C42959DDE04BF4C6DAB36CB5FB3CBACF] - 29/02/2012 - 16:01:25 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-1C4796DF.pf O45 - LFCP:[MD5.29BE153F149E09EE5B3AA1B144B5056E] - 29/02/2012 - 17:54:42 ---A- - C:\Windows\Prefetch\LSASS.EXE-8DBFE3B9.pf O45 - LFCP:[MD5.D63960C85509EEBB1233147D1704FF63] - 29/02/2012 - 17:54:42 ---A- - C:\Windows\Prefetch\LSM.EXE-20DE9C3F.pf O45 - LFCP:[MD5.6F728761911DFF761A1F9F8ACC0AE547] - 29/02/2012 - 17:54:42 ---A- - C:\Windows\Prefetch\NVSCPAPISVR.EXE-5AFC19BA.pf O45 - LFCP:[MD5.D081717DF5B4603AF13CAEBC804C42AE] - 29/02/2012 - 17:54:42 ---A- - C:\Windows\Prefetch\SERVICES.EXE-2260497F.pf O45 - LFCP:[MD5.6957322F32EE0FA49434DED454FF9172] - 29/02/2012 - 17:54:42 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-F4BAF363.pf O45 - LFCP:[MD5.8D71787A793FF8781F845D940512C0CB] - 29/02/2012 - 17:54:42 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-F5AA802A.pf O45 - LFCP:[MD5.46607303B2AFABCF43FF9CA40A2D3157] - 29/02/2012 - 19:33:20 ---A- - C:\Windows\Prefetch\DINOTIFY.EXE-06EB7C61.pf O45 - LFCP:[MD5.5DCC2C4454C31F7355EE7D132EDA95D6] - 29/02/2012 - 19:33:20 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-903E43EF.pf O45 - LFCP:[MD5.43B5137AD7DC8004FD600F047F7D3705] - 29/02/2012 - 19:33:20 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-4D8DA32A.pf O45 - LFCP:[MD5.77702A0BC875DD3AA3EF3D49812B70BC] - 29/02/2012 - 19:33:20 ---A- - C:\Windows\Prefetch\WUDFHOST.EXE-81420B07.pf O45 - LFCP:[MD5.A1ED1EF21376C509EBD97D218CA51EFB] - 29/02/2012 - 19:33:42 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-C300C0AC.pf O45 - LFCP:[MD5.EDFA2A097F58D186392735C956A75A9A] - 29/02/2012 - 19:34:01 ---A- - C:\Windows\Prefetch\REGEDIT.EXE-4748FE01.pf O45 - LFCP:[MD5.2CAF10BB738494353C37295C2E52B172] - 29/02/2012 - 19:34:05 ---A- - C:\Windows\Prefetch\DRVINST.EXE-5F8E77CD.pf O45 - LFCP:[MD5.8EE67C3D496346EF1DC68B0442231A0D] - 29/02/2012 - 19:34:45 ---A- - C:\Windows\Prefetch\WUAUCLT.EXE-830BCC14.pf O45 - LFCP:[MD5.C2236A45C90D85D4C9AFE73A5107A9C1] - 29/02/2012 - 19:35:00 ---A- - C:\Windows\Prefetch\HELPPANE.EXE-D1016F9E.pf O45 - LFCP:[MD5.79BC080A3A2043817BD27B0E79D9F192] - 29/02/2012 - 19:35:35 ---A- - C:\Windows\Prefetch\SNAGIT32.EXE-8916D00C.pf O45 - LFCP:[MD5.77A02E92F5CAC4DE452504FD55C5B72E] - 29/02/2012 - 19:35:35 ---A- - C:\Windows\Prefetch\TSCHELP.EXE-C62FC814.pf O45 - LFCP:[MD5.B7DF72B4AB03952B4ED544AE2575DE2A] - 29/02/2012 - 19:35:36 ---A- - C:\Windows\Prefetch\SNAGPRIV.EXE-D57D688F.pf O45 - LFCP:[MD5.9A519052DE042569FDCEB734713A557D] - 29/02/2012 - 19:35:40 ---A- - C:\Windows\Prefetch\SNAGITEDITOR.EXE-2A4D5296.pf O45 - LFCP:[MD5.DFDF02F1ECF34599373B7159899954C3] - 29/02/2012 - 19:35:42 ---A- - C:\Windows\Prefetch\COMUPDATUS.EXE-CCAFFC58.pf O45 - LFCP:[MD5.7B51C28B7A8B12460ED7632397A4A935] - 29/02/2012 - 19:38:46 ---A- - C:\Windows\Prefetch\TQDTG1Q5.EXE-E074CAFD.pf O45 - LFCP:[MD5.FC91F1AD341B149856261E2F58FB56B5] - 29/02/2012 - 20:05:10 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-125D4518.pf O45 - LFCP:[MD5.154102003CE4A28E6BB66A93A85D9883] - 29/02/2012 - 20:12:12 ---A- - C:\Windows\Prefetch\CSC.EXE-4EF173D0.pf O45 - LFCP:[MD5.B4BBB2DC94E0EEDEDA3176834FA6C4F2] - 29/02/2012 - 20:12:12 ---A- - C:\Windows\Prefetch\CVTRES.EXE-419E4E46.pf O45 - LFCP:[MD5.CA2770A900524A45D17DD02E439C523B] - 29/02/2012 - 20:12:15 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-F452D79D.pf O45 - LFCP:[MD5.84B743278A36149F17374BB056482FFC] - 29/02/2012 - 20:12:19 ---A- - C:\Windows\Prefetch\SDIAGNHOST.EXE-67CD1457.pf O45 - LFCP:[MD5.4E40F309CD626AE059CD8783AD8E975E] - 29/02/2012 - 20:12:22 ---A- - C:\Windows\Prefetch\W32TM.EXE-5D2265F4.pf O45 - LFCP:[MD5.4089679E826C50251DFB7ACB79262C41] - 29/02/2012 - 20:12:23 ---A- - C:\Windows\Prefetch\VSSVC.EXE-04D079CC.pf O45 - LFCP:[MD5.E650C3B99C2420E5B311224D577A3C90] - 29/02/2012 - 20:12:24 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-8FD92526.pf O45 - LFCP:[MD5.4B626E4A3B4EB439625276AA8254AF35] - 29/02/2012 - 20:12:31 ---A- - C:\Windows\Prefetch\PING.EXE-B29F6629.pf O45 - LFCP:[MD5.A234896963CE4220F4A250F82FDAA19C] - 29/02/2012 - 20:37:24 ---A- - C:\Windows\Prefetch\MSFEEDSSYNC.EXE-1F01ED17.pf O45 - LFCP:[MD5.5C16F08AC9859E3F07D3C68BFC11CEB7] - 29/02/2012 - 20:39:26 ---A- - C:\Windows\Prefetch\IELOWUTIL.EXE-79D45B69.pf O45 - LFCP:[MD5.BA7C6AD302FC0C7E2C5BAC957A0888E9] - 29/02/2012 - 20:45:29 ---A- - C:\Windows\Prefetch\TS3CLIENT_WIN32.EXE-875B5789.pf O45 - LFCP:[MD5.050D1E8A2494AFAEEE25EFAEB5C7C897] - 29/02/2012 - 20:59:32 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-40C05CA3.pf O45 - LFCP:[MD5.D3094B0E2E354596C4C0D9654C173F78] - 29/02/2012 - 20:59:36 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-24C4200B.pf O45 - LFCP:[MD5.A03FAE84C2FEA18516645E0226C76D4D] - 29/02/2012 - 22:23:12 ---A- - C:\Windows\Prefetch\CCLEANER.EXE-CC440CDB.pf O45 - LFCP:[MD5.40A51DCDAEF83613B53EC6BC6BEB0881] - 29/02/2012 - 22:27:13 ---A- - C:\Windows\Prefetch\IGFXTRAY.EXE-95873609.pf O45 - LFCP:[MD5.420EFBB3D72226E532471E5935F9F9C7] - 29/02/2012 - 22:27:13 ---A- - C:\Windows\Prefetch\TEAMVIEWER_SERVICE.EXE-5B4FF1FB.pf O45 - LFCP:[MD5.3A99A7DDCC24900A01D9CAF2DE26E1CA] - 29/02/2012 - 22:33:45 ---A- - C:\Windows\Prefetch\DOSCAN.EXE-94F878AD.pf O45 - LFCP:[MD5.A9693F3EAEBAFB9190EC8862468F98AE] - 29/02/2012 - 22:33:45 ---A- - C:\Windows\Prefetch\NVTRAY.EXE-7D357916.pf O45 - LFCP:[MD5.AE1EE7509336813152FB52B93C27C2CC] - 29/02/2012 - 22:33:45 ---A- - C:\Windows\Prefetch\WLIDSVCM.EXE-AD2DE5FA.pf O45 - LFCP:[MD5.EE674F908DC2CECE2E11493D8FBABA90] - 29/02/2012 - 22:33:47 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-A9688DD8.pf O45 - LFCP:[MD5.EB25C8C52CE15964F7E58FD677C754B6] - 29/02/2012 - 22:33:50 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-98B8E418.pf O45 - LFCP:[MD5.8E11CF4AE900364788CBC5FA7D9C5B61] - 29/02/2012 - 22:34:05 ---A- - C:\Windows\Prefetch\WMPNSCFG.EXE-DF1DD51A.pf O45 - LFCP:[MD5.57AFDC86A36EB0666E45CD80D6F4EF3D] - 29/02/2012 - 22:34:22 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-135A30D8.pf O45 - LFCP:[MD5.8B9BF8DFE6A8C2E766943DF3F925C2AA] - 29/02/2012 - 22:34:22 ---A- - C:\Windows\Prefetch\WMPNETWK.EXE-BD0344CA.pf O45 - LFCP:[MD5.B9C900D1E0E6AD92CDF016B0A2324BF3] - 29/02/2012 - 22:36:04 ---A- - C:\Windows\Prefetch\TEAMVIEWER.EXE-6CB91050.pf O45 - LFCP:[MD5.FF8FA5F6AB5160EFF17A18726CBA6514] - 29/02/2012 - 22:57:16 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-AFD98684.pf ~ Scan Prefetcher in 00mn 03s ---\\ Déni du service (Local Security Authority) (O48) O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l’Éditeur de configuration de sécurité Windows.) -- C:\Windows\System32\scecli.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Package de sécurité Kerberos.) -- C:\Windows\System32\kerberos.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\TSpkg.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corp. - LiveSSP.) -- C:\Windows\System32\LIVESSP.dll ~ Scan Keys in 00mn 00s ---\\ Contrôle du Safe Boot (CSB) (O49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\system32\Drivers\ipnat.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\system32\Drivers\nsiproxy.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\system32\Drivers\rdpencdd.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys ~ Scan CSB in 00mn 00s ---\\ MountPoints2 Shell Key (O51) (None) ---\\ Trojan Driver Search Data (HKLM) (O52) O52 - TDSD: \Drivers32\"VIDC.I420"="lvcodec2.dll" . (.Logitech Inc. - Video Codec.) -- C:\Windows\System32\lvcodec2.dll O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\iccvid.dll O52 - TDSD: \Drivers32\"VIDC.XFR1"="xfcodec.dll" . (.Pas de propriétaire - Xfire Video Codec.) -- C:\Windows\System32\xfcodec.dll O52 - TDSD: \Drivers32\"vidc.VP60"="C:\Windows\system32\vp6vfw.dll" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll O52 - TDSD: \Drivers32\"vidc.VP61"="C:\Windows\system32\vp6vfw.dll" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm O52 - TDSD: \drivers.desc\"xfcodec.dll"="Xfire video codec [XFR1]" . (.Pas de propriétaire - Xfire Video Codec.) -- C:\Windows\System32\xfcodec.dll O52 - TDSD: \drivers.desc\"vp6vfw.dll"="EA VP6 Codec" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll ~ Scan Keys in 00mn 00s ---\\ ShareTools MSconfig StartupReg (O53) (None) ---\\ Microsoft Control Security Providers (O54) O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll ~ Scan Keys in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5 O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3 O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1 O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0 O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"= O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"= O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0 O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ Scan Keys in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [422976] O58 - SDL:[MD5.0C676BC278D5B59FF5ABD57BBE9123F2] - 14/07/2009 - 02:26:17 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [297552] O58 - SDL:[MD5.7C7B5EE4B7B822EC85321FE23A27DB33] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\system32\drivers\adpu320.sys [146512] O58 - SDL:[MD5.0D40BCF52EA90FC7DF2AEAB6503DEA44] - 14/07/2009 - 02:26:15 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [14400] O58 - SDL:[MD5.D320BF87125326F996D4904FE24300FC] - 11/03/2011 - 06:38:37 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\system32\drivers\amdsata.sys [80256] O58 - SDL:[MD5.EA43AF0C423FF267355F74E7A53BDABA] - 14/07/2009 - 02:26:15 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows fa.) -- C:\Windows\system32\drivers\amdsbs.sys [159312] O58 - SDL:[MD5.46387FB17B086D16DEA267D5BE23A2F2] - 11/03/2011 - 06:38:37 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\system32\drivers\amdxata.sys [22400] O58 - SDL:[MD5.2932004F49677BD84DBC72EDB754FFB3] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [76368] O58 - SDL:[MD5.5D6F36C46FD283AE1B57BD2E9FEB0BC7] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [86608] O58 - SDL:[MD5.CBE71C122434805CB73FFB6619F60598] - 16/07/2009 - 04:36:30 ---A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\Windows\system32\drivers\ASACPI.sys [13216] O58 - SDL:[MD5.19166026A93206F9C6A8CD3A1F010AE4] - 02/04/2009 - 13:30:14 ---A- . (...) -- C:\Windows\system32\drivers\ASUSHWIO.SYS [10296] O58 - SDL:[MD5.BD8869EB9CDE6BBE4508D869929869EE] - 13/07/2009 - 23:02:49 ---A- . (.Broadcom Corporation - Pilote unifié NDIS6.x Broadcom NetXtreme Gigabit Ethernet..) -- C:\Windows\system32\drivers\b57nd60x.sys [229888] O58 - SDL:[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - 13/07/2009 - 23:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [13568] O58 - SDL:[MD5.56801AD62213A41F6497F96DEE83755A] - 13/07/2009 - 23:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [5248] O58 - SDL:[MD5.845B8CE732E67F3B4133164868C666EA] - 14/07/2009 - 01:57:25 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [272128] O58 - SDL:[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - 13/07/2009 - 23:53:32 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [62336] O58 - SDL:[MD5.BD456606156BA17E60A04E18016AE54B] - 13/07/2009 - 23:53:33 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [12160] O58 - SDL:[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - 13/07/2009 - 23:53:33 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [11904] O58 - SDL:[MD5.1A231ABEC60FD316EC54C66715543CEC] - 13/07/2009 - 23:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\system32\drivers\bxvbdx.sys [430080] O58 - SDL:[MD5.0F5CA31BB3FDB5C1E63C170CFBECC93B] - 03/02/2007 - 10:25:56 ---A- . (.Logitech Inc. - Universal Serial Bus Camera Driver.) -- C:\Windows\system32\drivers\Camdrl.sys [1075360] O58 - SDL:[MD5.C537B1DB64D495B9B4717B4D6D9EDBF2] - 14/07/2009 - 02:26:21 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [15952] O58 - SDL:[MD5.8B30250D573A8F6B4BD23195160D8707] - 14/07/2009 - 02:20:28 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys [70720] O58 - SDL:[MD5.44996A2ADDD2DB7454F2CA40B67D8941] - 17/12/2009 - 23:25:12 ---A- . (.Elaborate Bytes AG - ElbyCD Windows NT/2000/XP I/O driver.) -- C:\Windows\system32\drivers\ElbyCDIO.sys [26024] O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [453712] O58 - SDL:[MD5.024E1B5CAC09731E4D868E64DBFB4AB0] - 13/07/2009 - 23:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\system32\drivers\evbdx.sys [3100160] O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\system32\drivers\hcw85cir.sys [26624] O58 - SDL:[MD5.295FDC419039090EB8B49FFDBB374549] - 14/07/2009 - 02:20:28 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\system32\drivers\HpSAMD.sys [67152] O58 - SDL:[MD5.5CD5F9A5444E6CDCB0AC89BD62D8B76E] - 11/03/2011 - 06:38:51 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\system32\drivers\iaStorV.sys [332160] O58 - SDL:[MD5.9467514EA189475A6E7FDC5D7BDE9D3F] - 23/09/2009 - 19:18:14 ---A- . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\system32\drivers\igdkmd32.sys [4808192] O58 - SDL:[MD5.4173FF5708F3236CF25195FECD742915] - 14/07/2009 - 02:20:36 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [41040] O58 - SDL:[MD5.F7CDABA15C7E853F0A11AF6D77FCA990] - 23/08/2009 - 04:06:38 ---A- . (.Atheros Communications, Inc. - Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20.) -- C:\Windows\system32\drivers\L1E62x86.sys [48640] O58 - SDL:[MD5.EB119A53CCF2ACC000AC71B065B78FEF] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [95824] O58 - SDL:[MD5.8ADE1C877256A22E49B75D1CC9161F9C] - 14/07/2009 - 02:20:37 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [89168] O58 - SDL:[MD5.DC9DC3D3DAA0E276FD2EC262E38B11E9] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas2.sys [54864] O58 - SDL:[MD5.0A036C7D7CAB643A7F07135AC47E0524] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [96848] O58 - SDL:[MD5.64BC29C3A0388BFC580BB8B1346F7659] - 03/02/2007 - 10:32:36 ---A- . (.Logitech Inc. - USB Statistic Driver.) -- C:\Windows\system32\drivers\LVUSBSta.sys [41504] O58 - SDL:[MD5.B7CA8CC3F978201856B6AB82F40953C3] - 10/12/2011 - 15:24:06 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys [20464] O58 - SDL:[MD5.0DB7527DB188C7D967A37BB51BBF3963] - 01/03/2012 - 14:43:07 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbamswissarmy.sys [40776] O58 - SDL:[MD5.0FFF5B045293002AB38EB1FD1FC2FB74] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7 for x86.) -- C:\Windows\system32\drivers\megasas.sys [30800] O58 - SDL:[MD5.DCBAB2920C75F390CAF1D29F675D03D6] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys [235584] O58 - SDL:[MD5.1D85C4B390B0EE09C7A46B91EFB2C097] - 14/07/2009 - 02:20:44 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [44624] O58 - SDL:[MD5.3D7FB57354703809B5F0C23287FAC1D6] - 17/01/2012 - 13:45:56 ---A- . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) -- C:\Windows\system32\drivers\nvhda32v.sys [148800] O58 - SDL:[MD5.F452E6AD3EDA2852F44BE492E283C40F] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 295.73.) -- C:\Windows\system32\drivers\nvlddmkm.sys [10816832] O58 - SDL:[MD5.B3E25EE28883877076E0E1FF877D02E0] - 11/03/2011 - 06:39:00 ---A- . (.NVIDIA Corporation - NVIDIA® nForce RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [117120] O58 - SDL:[MD5.4380E59A170D88C4F1022EFF6719A8A4] - 11/03/2011 - 06:39:00 ---A- . (.NVIDIA Corporation - NVIDIA® nForce Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [143744] O58 - SDL:[MD5.8BB94087CEF0256F5EAD973D7524BF58] - 29/12/2011 - 18:17:23 ---A- . (...) -- C:\Windows\system32\drivers\PnkBstrK.sys [22328] O58 - SDL:[MD5.AB95ECF1F6659A60DDC166D8315B0751] - 14/07/2009 - 02:19:04 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [1383488] O58 - SDL:[MD5.B4DD51DD25182244B86737DC51AF2270] - 14/07/2009 - 02:19:04 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [106064] O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/07/2009 - 21:50:20 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys [20480] O58 - SDL:[MD5.A9F0486851BECB6DDA1D89D381E71055] - 14/07/2009 - 02:19:04 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\system32\drivers\sisraid2.sys [40016] O58 - SDL:[MD5.3727097B55738E2F554972C3BE5BC1AA] - 14/07/2009 - 02:19:04 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys [77888] O58 - SDL:[MD5.5A293729E1F9FCE3A2106D1F5DC5E98A] - 08/03/2010 - 12:59:14 ---A- . (.Symantec Corporation - Symantec AutoProtect.) -- C:\Windows\system32\drivers\srtsp.sys [283184] O58 - SDL:[MD5.0DDB7FBA32BE09D8057063C0CEE24137] - 08/03/2010 - 12:59:14 ---A- . (.Symantec Corporation - Symantec AutoProtect.) -- C:\Windows\system32\drivers\srtspl.sys [320944] O58 - SDL:[MD5.A99719DFB61B61AA5026341BBB733C0A] - 08/03/2010 - 12:59:14 ---A- . (.Symantec Corporation - Symantec AutoProtect.) -- C:\Windows\system32\drivers\srtspx.sys [43696] O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 14/07/2009 - 02:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\system32\drivers\stexstor.sys [21072] O58 - SDL:[MD5.51B57CDA977170AC608D839DBFA1D3EE] - 03/09/2009 - 16:03:48 ---A- . (.Symantec Corporation - DNS Filter Driver.) -- C:\Windows\system32\drivers\symdns.sys [12720] O58 - SDL:[MD5.A54FF04BD6E75DC4D8CB6F3E352635E0] - 24/02/2011 - 19:29:35 ---A- . (.Symantec Corporation - Symantec Event Library.) -- C:\Windows\system32\drivers\SYMEVENT.SYS [124976] O58 - SDL:[MD5.A131D8360B01044517AA44529E2137D6] - 03/09/2009 - 16:03:48 ---A- . (.Symantec Corporation - Firewall Filter Driver.) -- C:\Windows\system32\drivers\symfw.sys [145968] O58 - SDL:[MD5.2B77868F02DAE02103380B824431B798] - 03/09/2009 - 16:03:48 ---A- . (.Symantec Corporation - IDS Filter Driver.) -- C:\Windows\system32\drivers\symids.sys [39856] O58 - SDL:[MD5.7D3ADDFE63E5227BD2DBD5692BAFB688] - 03/09/2009 - 16:03:52 ---A- . (.Symantec Corporation - NDIS Filter Driver.) -- C:\Windows\system32\drivers\symndisv.sys [38448] O58 - SDL:[MD5.394B2368212114D538316812AF60FDDD] - 03/09/2009 - 16:03:48 ---A- . (.Symantec Corporation - Redirector Filter Driver.) -- C:\Windows\system32\drivers\symredrv.sys [26416] O58 - SDL:[MD5.D46676BB414C7531BDFFE637A33F5033] - 03/09/2009 - 16:03:48 ---A- . (.Symantec Corporation - Network Dispatch Driver.) -- C:\Windows\system32\drivers\symtdi.sys [188080] O58 - SDL:[MD5.94D73B62E458FB56C9CE60AA96D914F9] - 09/08/2009 - 22:25:56 ---A- . (.Elaborate Bytes AG - VirtualCloneCD Driver.) -- C:\Windows\system32\drivers\VClone.sys [29696] O58 - SDL:[MD5.E43574F6A56A0EE11809B48C09E4FD3C] - 14/07/2009 - 02:19:10 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys [16976] O58 - SDL:[MD5.9DFA0CC2F8855A04816729651175B631] - 14/07/2009 - 02:19:11 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys [141904] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\system32\ANSI.SYS [9029] O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 22:40:44 ---A- . (...) -- C:\Windows\system32\country.sys [27097] O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 22:40:40 ---A- . (...) -- C:\Windows\system32\HIMEM.SYS [4768] O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\system32\KEY01.SYS [42809] O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\system32\KEYBOARD.SYS [42537] O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 22:40:23 ---A- . (...) -- C:\Windows\system32\NTDOS.SYS [27866] O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 22:40:31 ---A- . (...) -- C:\Windows\system32\NTDOS404.SYS [29146] O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 22:40:35 ---A- . (...) -- C:\Windows\system32\NTDOS411.SYS [29370] O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 22:40:39 ---A- . (...) -- C:\Windows\system32\NTDOS412.SYS [29274] O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 22:40:27 ---A- . (...) -- C:\Windows\system32\NTDOS804.SYS [29146] O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 22:40:11 ---A- . (...) -- C:\Windows\system32\NTIO.SYS [33952] O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 22:40:15 ---A- . (...) -- C:\Windows\system32\NTIO404.SYS [34672] O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 22:40:17 ---A- . (...) -- C:\Windows\system32\NTIO411.SYS [35776] O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 22:40:19 ---A- . (...) -- C:\Windows\system32\NTIO412.SYS [35536] O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 22:40:13 ---A- . (...) -- C:\Windows\system32\NTIO804.SYS [34672] ~ Scan Drivers in 00mn 02s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC:Last File Created 01/03/2012 - 11:30:42 ---A- C:\Users\CELSO\AppData\Local\Temp\VBE\MSForms.exd [147284] O61 - LFC:Last File Created 01/03/2012 - 11:31:04 ---A- C:\Users\CELSO\AppData\Roaming\Microsoft\Office\VB12.pip [144] O61 - LFC:Last File Created 01/03/2012 - 11:35:23 ---A- C:\Users\CELSO\AppData\Local\Symantec\Symantec Endpoint Protection\Logs\03012012.Log [12633729] O61 - LFC:Last File Created 01/03/2012 - 12:03:58 ---A- C:\Users\CELSO\AppData\Roaming\Microsoft\Office\Recent\Bureau.LNK [869] O61 - LFC:Last File Created 01/03/2012 - 12:03:58 ---A- C:\Users\CELSO\AppData\Roaming\Microsoft\Office\Recent\analyse symantec.csv.LNK [1046] O61 - LFC:Last File Created 01/03/2012 - 12:04:08 ---A- C:\Users\CELSO\AppData\Roaming\Microsoft\Office\Excel12.pip [1548] O61 - LFC:Last File Created 01/03/2012 - 12:10:51 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\6PcbXvOYPGrYpF1J8uz+rIO5qJ8= [31583] O61 - LFC:Last File Created 01/03/2012 - 12:33:18 ---A- C:\Users\All Users\Symantec\LiveUpdate\Downloads\1330588303jtun_nav2k8en120229002.m25 [760506] O61 - LFC:Last File Created 01/03/2012 - 12:33:18 ---A- C:\Users\All Users\Symantec\LiveUpdate\Downloads\sesc$20virus$20definitions$20win32$20v11_microdefsb.curdefs_symalllanguages_livetri.zip [3743] O61 - LFC:Last File Created 01/03/2012 - 12:33:30 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\definfo.dat [34] O61 - LFC:Last File Created 01/03/2012 - 12:33:39 ---A- C:\Users\All Users\Symantec\LiveUpdate\3.Product.Inventory.LiveUpdate [3040] O61 - LFC:Last File Created 01/03/2012 - 12:33:39 R--A- C:\Users\All Users\Symantec\LiveUpdate\3.Settings.LiveUpdate [510528] O61 - LFC:Last File Created 01/03/2012 - 12:33:40 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\usage.dat [54] O61 - LFC:Last File Created 01/03/2012 - 12:34:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\umcat_01.db [1312051] O61 - LFC:Last File Created 01/03/2012 - 12:34:04 R---- C:\Users\All Users\Symantec\LiveUpdate\Product.Inventory.LastGood.LiveUpdate [2992] O61 - LFC:Last File Created 01/03/2012 - 12:34:05 ---A- C:\Users\All Users\Symantec\LiveUpdate\2.Product.Inventory.LiveUpdate [2992] O61 - LFC:Last File Created 01/03/2012 - 12:34:05 R--A- C:\Users\All Users\Symantec\LiveUpdate\2.Settings.LiveUpdate [510528] O61 - LFC:Last File Created 01/03/2012 - 12:39:52 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\CQwZgLaSjnb0aSgnte0M7pXE7Cc= [4248] O61 - LFC:Last File Created 01/03/2012 - 12:51:01 ---A- C:\Users\CELSO\Downloads\ZHPDiag2.exe [3903203] O61 - LFC:Last File Created 01/03/2012 - 13:13:01 ---A- C:\Users\CELSO\AppData\Local\Windows Live\uxcore_WindowsLivePhotoViewer_00.etl [8192] O61 - LFC:Last File Created 01/03/2012 - 13:27:24 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\ErrorResponse.xml [2782] O61 - LFC:Last File Created 01/03/2012 - 13:29:41 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\vscanmsx.dat [2072] O61 - LFC:Last File Created 01/03/2012 - 13:41:14 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\D2Fs2FP9edNibi2FUnU68QJp2FHDruQ= [114017] O61 - LFC:Last File Created 01/03/2012 - 14:02:42 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\l2FYx9OQxlMWS5U0Vwd3u71EzGdU= [21680] O61 - LFC:Last File Created 01/03/2012 - 14:08:09 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\O6Zr0QCai9jdLxr60HNoo+ILm2F4= [1648] O61 - LFC:Last File Created 01/03/2012 - 14:11:59 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\OtEP2PNqnqlqG8huXJcuw81r13U= [23008] O61 - LFC:Last File Created 01/03/2012 - 14:12:43 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\1937460202.data [761] O61 - LFC:Last File Created 01/03/2012 - 14:12:43 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\5135358950.data [778] O61 - LFC:Last File Created 01/03/2012 - 14:12:43 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\5135358950.quar [131072] O61 - LFC:Last File Created 01/03/2012 - 14:12:43 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\8691035605.data [769] O61 - LFC:Last File Created 01/03/2012 - 14:12:43 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\8691035605.quar [98304] O61 - LFC:Last File Created 01/03/2012 - 14:12:44 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\0033104322.data [763] O61 - LFC:Last File Created 01/03/2012 - 14:12:44 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\0033104322.quar [142336] O61 - LFC:Last File Created 01/03/2012 - 14:12:44 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\0664123904.data [771] O61 - LFC:Last File Created 01/03/2012 - 14:12:44 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\0664123904.quar [98304] O61 - LFC:Last File Created 01/03/2012 - 14:12:44 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\1937460202.quar [98304] O61 - LFC:Last File Created 01/03/2012 - 14:12:44 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\2298142624.data [768] O61 - LFC:Last File Created 01/03/2012 - 14:12:44 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\2298142624.quar [137728] O61 - LFC:Last File Created 01/03/2012 - 14:12:44 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\8163806437.data [747] O61 - LFC:Last File Created 01/03/2012 - 14:12:44 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\9711662127.data [766] O61 - LFC:Last File Created 01/03/2012 - 14:12:44 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\9711662127.quar [98304] O61 - LFC:Last File Created 01/03/2012 - 14:12:45 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\2255608089.data [735] O61 - LFC:Last File Created 01/03/2012 - 14:12:45 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\2255608089.quar [98304] O61 - LFC:Last File Created 01/03/2012 - 14:12:45 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\6654799231.data [732] O61 - LFC:Last File Created 01/03/2012 - 14:12:45 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\8036900737.data [737] O61 - LFC:Last File Created 01/03/2012 - 14:12:45 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\8036900737.quar [137728] O61 - LFC:Last File Created 01/03/2012 - 14:12:45 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\8163806437.quar [131072] O61 - LFC:Last File Created 01/03/2012 - 14:12:45 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\8390609058.data [740] O61 - LFC:Last File Created 01/03/2012 - 14:12:45 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\8390609058.quar [98304] O61 - LFC:Last File Created 01/03/2012 - 14:12:45 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\9502101383.data [730] O61 - LFC:Last File Created 01/03/2012 - 14:12:45 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\9502101383.quar [98304] O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\1617154171.data [741] O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\1617154171.quar [98304] O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\2950400291.data [749] O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\2950400291.quar [98304] O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\3333145503.data [743] O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\3333145503.quar [142336] O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\4142721184.data [748] O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\4142721184.quar [137728] O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\5836691500.data [758] O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\5836691500.quar [131072] O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\6654799231.quar [142336] O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\6790898436.data [746] O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\6790898436.quar [98304] O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\9081189669.data [751] O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\9081189669.quar [98304] O61 - LFC:Last File Created 01/03/2012 - 14:12:49 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2012-03-01 (12-49-21).txt [7596] O61 - LFC:Last File Created 01/03/2012 - 14:13:02 ---A- C:\Users\CELSO\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt00.sqm [664] O61 - LFC:Last File Created 01/03/2012 - 14:13:03 ---A- C:\Users\CELSO\AppData\Local\Windows Live\uxcore_msnmsgr_00.etl [4096] O61 - LFC:Last File Created 01/03/2012 - 14:13:45 ---A- C:\Users\All Users\Symantec\Common Client\settings.bak [215060] O61 - LFC:Last File Created 01/03/2012 - 14:13:45 ---A- C:\Users\All Users\Symantec\Common Client\settings.dat [215060] O61 - LFC:Last File Created 01/03/2012 - 14:13:49 ---A- C:\Users\All Users\NVIDIA\Updatus\updtConfig.xml [2390] O61 - LFC:Last File Created 01/03/2012 - 14:13:54 ---A- C:\Users\All Users\Symantec\SavSubEng\submissions.idx [1940144] O61 - LFC:Last File Created 01/03/2012 - 14:16:13 ---A- C:\Users\All Users\NVIDIA\Resource.old [1139961] O61 - LFC:Last File Created 01/03/2012 - 14:16:56 R--A- C:\Users\All Users\Symantec\LiveUpdate\1.Settings.LiveUpdate [510528] O61 - LFC:Last File Created 01/03/2012 - 14:16:57 ---A- C:\Users\All Users\Symantec\LiveUpdate\1.Product.Inventory.LiveUpdate [2992] O61 - LFC:Last File Created 01/03/2012 - 14:18:56 ---A- C:\Users\All Users\NVIDIA\Updatus\updtclient.log.bak [131] O61 - LFC:Last File Created 01/03/2012 - 14:35:52 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\database.conf [432] O61 - LFC:Last File Created 01/03/2012 - 14:35:52 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref [6531208] O61 - LFC:Last File Created 01/03/2012 - 14:43:10 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\local.conf [757] O61 - LFC:Last File Created 01/03/2012 - 14:43:10 ---A- C:\Users\CELSO\AppData\Local\Temp\~DF5CF3D3764E743E9E.TMP [180224] O61 - LFC:Last File Created 01/03/2012 - 15:54:23 ---A- C:\Users\All Users\NVIDIA\Resource.dat [1139961] O61 - LFC:Last File Created 01/03/2012 - 15:55:11 R---- C:\Users\All Users\Symantec\LiveUpdate\Settings.LiveUpdate [510528] O61 - LFC:Last File Created 01/03/2012 - 15:55:12 ---A- C:\Users\All Users\Symantec\LiveUpdate\Product.Inventory.LiveUpdate [2992] O61 - LFC:Last File Created 01/03/2012 - 15:55:17 ---A- C:\Users\All Users\Symantec\LiveUpdate\Log.LiveUpdate [4058241] O61 - LFC:Last File Created 01/03/2012 - 15:55:33 ---A- C:\Users\All Users\Symantec\Symantec Endpoint Protection\Logs\03012012.Log [12015454] O61 - LFC:Last File Created 01/03/2012 - 15:57:02 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-2012-03-01.txt [2656] O61 - LFC:Last File Created 01/03/2012 - 15:57:04 ---A- C:\Users\All Users\NVIDIA\Updatus\journalBS.jour.dat [0] O61 - LFC:Last File Created 01/03/2012 - 23:59:59 ---A- C:\Users\All Users\Symantec\Symantec Endpoint Protection\Logs\02292012.Log [4263676] O61 - LFC:Last File Created 01/03/2012 - 23:59:59 ---A- C:\Users\CELSO\AppData\Local\Symantec\Symantec Endpoint Protection\Logs\02292012.Log [4261261] O61 - LFC:Last File Created 27/02/2012 - 00:36:57 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\EH2c3YNpItgAvkVJFx+swrz9tqQ= [22245] O61 - LFC:Last File Created 27/02/2012 - 12:34:23 ---A- C:\Users\All Users\Symantec\LiveUpdate\Downloads\1330305278jtun_nav2k8en120225008.m25 [665572] O61 - LFC:Last File Created 27/02/2012 - 13:40:30 ---A- C:\Users\CELSO\AppData\Local\Temp\4675724.od [134] O61 - LFC:Last File Created 27/02/2012 - 13:40:30 ---A- C:\Users\CELSO\AppData\Local\Temp\CVR588C.tmp.cvr [0] O61 - LFC:Last File Created 27/02/2012 - 13:40:43 ---A- C:\Users\CELSO\AppData\Roaming\Microsoft\Outlook\Outlook.NK2 [30607] O61 - LFC:Last File Created 27/02/2012 - 13:47:01 ---A- C:\Users\CELSO\AppData\Local\Temp\rpt-1.htm [360451] O61 - LFC:Last File Created 27/02/2012 - 14:07:12 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DataStore\40E22BD7-489A-4A86-A25B-67479DF899EF.SNAG [36888] O61 - LFC:Last File Created 27/02/2012 - 14:11:44 ---A- C:\Users\All Users\Symantec\Symantec Endpoint Protection\Logs\02272012.Log [975] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\CATALOG.DAT [3714] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\ESRDEF.BIN [7220045] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\TCDEFS.DAT [27565794] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\TCSCAN7.DAT [23983593] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\TCSCAN8.DAT [179342] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\TCSCAN9.DAT [695979] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\TINF.DAT [453] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\TINFL.DAT [1957] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\TSCAN1.DAT [74646] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\V.GRD [5257] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\V.SIG [2609] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\V1.SIG [2266] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\VIRSCAN.INF [106244] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\VIRSCAN1.DAT [1068152] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\VIRSCAN2.DAT [574728] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\VIRSCAN3.DAT [158096] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\VIRSCAN4.DAT [320439] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\VIRSCAN5.DAT [16242365] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\VIRSCAN6.DAT [399455] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\VIRSCAN7.DAT [239182097] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\VIRSCAN8.DAT [1022585] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\VIRSCAN9.DAT [6610224] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\WHATSNEW.TXT [41437] O61 - LFC:Last File Created 29/02/2012 - 17:52:58 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\Cat.DB [1329804] O61 - LFC:Last File Created 29/02/2012 - 17:54:13 ---A- C:\Users\All Users\Symantec\LiveUpdate\10.Product.Inventory.LiveUpdate [3040] O61 - LFC:Last File Created 29/02/2012 - 17:54:13 R--A- C:\Users\All Users\Symantec\LiveUpdate\10.Settings.LiveUpdate [509141] O61 - LFC:Last File Created 29/02/2012 - 17:56:37 ---A- C:\Users\CELSO\Documents\TmForever\Config\blacklist.txt [120] O61 - LFC:Last File Created 29/02/2012 - 17:56:37 ---A- C:\Users\CELSO\Documents\TmForever\Config\checksum.txt [363135] O61 - LFC:Last File Created 29/02/2012 - 17:56:37 ---A- C:\Users\CELSO\Documents\TmForever\Config\guestlist.txt [119] O61 - LFC:Last File Created 29/02/2012 - 19:32:42 ---A- C:\Users\All Users\Symantec\LiveUpdate\9.Product.Inventory.LiveUpdate [3040] O61 - LFC:Last File Created 29/02/2012 - 19:32:42 R--A- C:\Users\All Users\Symantec\LiveUpdate\9.Settings.LiveUpdate [509141] O61 - LFC:Last File Created 29/02/2012 - 19:42:40 ---A- C:\Users\All Users\Symantec\LiveUpdate\Downloads\1330541382jtun_nav2k8en120226016.m25 [1987680] O61 - LFC:Last File Created 29/02/2012 - 19:42:54 ---A- C:\Users\All Users\Symantec\LiveUpdate\8.Product.Inventory.LiveUpdate [3040] O61 - LFC:Last File Created 29/02/2012 - 19:42:54 R--A- C:\Users\All Users\Symantec\LiveUpdate\8.Settings.LiveUpdate [509835] O61 - LFC:Last File Created 29/02/2012 - 20:41:06 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\Ko5aPxTa5w1nO09UWz1xcIz5Vjg= [27779] O61 - LFC:Last File Created 29/02/2012 - 20:45:36 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\chats\NE1JVU9BeXFyWjI2YUhzSllvWGhjNXU2OGZJPQ==\channel.txt [231] O61 - LFC:Last File Created 29/02/2012 - 20:45:39 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\NE1JVU9BeXFyWjI2YUhzSllvWGhjNXU2OGZJPQ==\channels\cache.dat [4] O61 - LFC:Last File Created 29/02/2012 - 20:45:39 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\NE1JVU9BeXFyWjI2YUhzSllvWGhjNXU2OGZJPQ==\perm.dat [79438] O61 - LFC:Last File Created 29/02/2012 - 20:45:45 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\chats\NE1JVU9BeXFyWjI2YUhzSllvWGhjNXU2OGZJPQ==\channel.html [1059] O61 - LFC:Last File Created 29/02/2012 - 20:45:47 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\N0FqWUdpRzJzOVdhSWR1Mi83OEVtek5DcTU4PQ==\channels\cache.dat [4] O61 - LFC:Last File Created 29/02/2012 - 20:45:47 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\N0FqWUdpRzJzOVdhSWR1Mi83OEVtek5DcTU4PQ==\perm.dat [79436] O61 - LFC:Last File Created 29/02/2012 - 20:49:07 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\ts3clientui_qt.secrets.conf [1198] O61 - LFC:Last File Created 29/02/2012 - 20:49:10 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\V1VVY1dkVmtBNW0rM0p2ZENkQVNwZnVqL0pZPQ==\icons\dummy.png [109] O61 - LFC:Last File Created 29/02/2012 - 20:49:10 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\remote\downloads.csil.fr\manager\teamspeak\customers-banners\510-213.251.151.138-9509.6b04c2b318b48e6f1e590825bdc9714234ac41f1.29.02.2012.21.33.54.jpg [42922] O61 - LFC:Last File Created 29/02/2012 - 20:49:10 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\chats\N0FqWUdpRzJzOVdhSWR1Mi83OEVtek5DcTU4PQ==\channel.html [71187] O61 - LFC:Last File Created 29/02/2012 - 20:49:24 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\chats\V1VVY1dkVmtBNW0rM0p2ZENkQVNwZnVqL0pZPQ==\channel.html [194] O61 - LFC:Last File Created 29/02/2012 - 20:58:28 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\umcat_02.db [1308039] O61 - LFC:Last File Created 29/02/2012 - 20:58:49 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\V1VVY1dkVmtBNW0rM0p2ZENkQVNwZnVqL0pZPQ==\clients\avatar_ljedojdaaaeeidbmhnjokpfpibgmemaacmlcjaaf [19959] O61 - LFC:Last File Created 29/02/2012 - 20:59:01 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\V1VVY1dkVmtBNW0rM0p2ZENkQVNwZnVqL0pZPQ==\clients\avatar_dobmnnckfihhhjnnengekhjonmipfkmcnahkcggl [11057] O61 - LFC:Last File Created 29/02/2012 - 20:59:19 ---A- C:\Users\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F800000\4FCE8397.VBN [79903] O61 - LFC:Last File Created 29/02/2012 - 20:59:24 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\V1VVY1dkVmtBNW0rM0p2ZENkQVNwZnVqL0pZPQ==\clients\avatar_kjbkpaccmbblhidcainhoblifiliaocnjfakiden [13969] O61 - LFC:Last File Created 29/02/2012 - 20:59:26 ---A- C:\Users\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F800000.VBN [7531] O61 - LFC:Last File Created 29/02/2012 - 21:00:57 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\V1VVY1dkVmtBNW0rM0p2ZENkQVNwZnVqL0pZPQ==\channels\cache.dat [4] O61 - LFC:Last File Created 29/02/2012 - 21:00:57 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\V1VVY1dkVmtBNW0rM0p2ZENkQVNwZnVqL0pZPQ==\perm.dat [79438] O61 - LFC:Last File Created 29/02/2012 - 21:00:58 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\resolved.dat [112] O61 - LFC:Last File Created 29/02/2012 - 21:00:58 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\subscribemode.dat [90] O61 - LFC:Last File Created 29/02/2012 - 21:00:59 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\chats\NE1JVU9BeXFyWjI2YUhzSllvWGhjNXU2OGZJPQ==\server.html [4134] O61 - LFC:Last File Created 29/02/2012 - 21:00:59 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\ts3clientui_qt.conf [4828] O61 - LFC:Last File Created 29/02/2012 - 21:05:56 ---A- C:\Users\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F800002.VBN [3582140] O61 - LFC:Last File Created 29/02/2012 - 21:43:19 ---A- C:\Users\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F800003.VBN [3582140] O61 - LFC:Last File Created 29/02/2012 - 21:48:01 ---A- C:\Users\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F800004.VBN [1454589] O61 - LFC:Last File Created 29/02/2012 - 21:48:01 ---A- C:\Users\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F800005.VBN [1453597] O61 - LFC:Last File Created 29/02/2012 - 21:50:37 ---A- C:\Users\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F800006.VBN [3582140] O61 - LFC:Last File Created 29/02/2012 - 22:02:16 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DataStore\AppIcons\SavUI.exe.Symantec AntiVirus.Symantec Corporation.11.0.6070.422.ico [107710] O61 - LFC:Last File Created 29/02/2012 - 22:02:16 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DataStore\AppIcons\SymCorpUI.exe.Symantec AntiVirus.Symantec Corporation.11.0.6070.422.ico [107710] O61 - LFC:Last File Created 29/02/2012 - 22:02:16 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DataStore\AppIcons\explorer.exe.Explorateur Windows.Microsoft Corporation.6.1.7601.17567.ico [187373] O61 - LFC:Last File Created 29/02/2012 - 22:02:16 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DataStore\AppIcons\firefox.exe.Firefox.Mozilla Corporation.10.0.2.0.ico [295606] O61 - LFC:Last File Created 29/02/2012 - 22:02:16 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DataStore\AppIcons\msnmsgr.exe.Windows Live Messenger.Microsoft Corporation.15.4.3538.513.ico [80395] O61 - LFC:Last File Created 29/02/2012 - 22:08:23 ---A- C:\Users\All Users\Symantec\LiveUpdate\7.Product.Inventory.LiveUpdate [2992] O61 - LFC:Last File Created 29/02/2012 - 22:08:23 R--A- C:\Users\All Users\Symantec\LiveUpdate\7.Settings.LiveUpdate [509835] O61 - LFC:Last File Created 29/02/2012 - 22:08:43 ---A- C:\Users\All Users\Symantec\LiveUpdate\6.Product.Inventory.LiveUpdate [2992] O61 - LFC:Last File Created 29/02/2012 - 22:08:43 R--A- C:\Users\All Users\Symantec\LiveUpdate\6.Settings.LiveUpdate [509835] O61 - LFC:Last File Created 29/02/2012 - 22:09:27 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DataStore\SnagIt900.sdf [479232] O61 - LFC:Last File Created 29/02/2012 - 22:23:17 ---A- C:\Users\CELSO\AppData\Local\Temp\~DFD922FE550D133114.TMP [81920] O61 - LFC:Last File Created 29/02/2012 - 22:23:17 ---A- C:\Users\CELSO\AppData\Local\Temp\~DFE0DD2415462B9944.TMP [81920] O61 - LFC:Last File Created 29/02/2012 - 22:23:23 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DrawQuickStyles.xml [74] O61 - LFC:Last File Created 29/02/2012 - 22:23:23 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\ImageQuickStyles.xml [80] O61 - LFC:Last File Created 29/02/2012 - 22:23:23 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\Tray.bin [1474] O61 - LFC:Last File Created 29/02/2012 - 22:26:42 ---A- C:\Users\All Users\Symantec\LiveUpdate\5.Product.Inventory.LiveUpdate [2992] O61 - LFC:Last File Created 29/02/2012 - 22:26:42 R--A- C:\Users\All Users\Symantec\LiveUpdate\5.Settings.LiveUpdate [509835] O61 - LFC:Last File Created 29/02/2012 - 22:26:49 ---A- C:\Users\CELSO\AppData\Local\Temp\9241.dir\InstallFlashPlayer.exe [3765920] O61 - LFC:Last File Created 29/02/2012 - 22:29:58 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\link.txt [115] O61 - LFC:Last File Created 29/02/2012 - 22:29:58 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe [9502424] O61 - LFC:Last File Created 29/02/2012 - 22:29:58 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\news.txt [78] O61 - LFC:Last File Created 29/02/2012 - 22:33:23 R--A- C:\Users\All Users\Symantec\LiveUpdate\4.Settings.LiveUpdate [509835] O61 - LFC:Last File Created 29/02/2012 - 22:33:25 ---A- C:\Users\All Users\Symantec\LiveUpdate\4.Product.Inventory.LiveUpdate [2992] O61 - LFC:Last File Created 29/02/2012 - 22:37:50 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\exclusions.dat [2] O61 - LFC:Last File Created 29/02/2012 - 22:37:56 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\manifest.conf [514] O61 - LFC:Last File Created 29/02/2012 - 22:37:56 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\news.conf [282] O61 - LFC:Last File Created 29/02/2012 - 22:43:56 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\5542903943.data [668] O61 - LFC:Last File Created 29/02/2012 - 22:43:57 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\5542903943.quar [98304] O61 - LFC:Last File Created 29/02/2012 - 22:47:49 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\kcFudxBbsirDWQg8GXmnc01ZUT4= [21877] O61 - LFC:Last File Created 29/02/2012 - 23:57:24 ---A- C:\Users\CELSO\Downloads\adwcleaner.exe [602051] O61 - LFC:Last File Created 29/02/2012 - 23:57:47 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-2012-02-29.txt [1478] O61 - LFC:Last File Created 30/12/1899 - 12:03:58 --H-- C:\Users\CELSO\AppData\Roaming\Microsoft\Office\Recent\index.dat [61] O61 - LFC:Last File Created 30/12/1899 - 14:13:20 --HA- C:\Users\CELSO\AppData\Local\IconCache.db [2587061] ~ Scan Files in 10mn 03s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 1.28 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ Scan ADS in 00mn 00s ---\\ Liste des services Legacy (O64) O64 - Services: CurCS - 13/02/2012 - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (eeCtrl) .(.Symantec Corporation - Symantec Eraser Control Driver.) - LEGACY_EECTRL O64 - Services: CurCS - 17/12/2009 - C:\Windows\system32\Drivers\ElbyCDIO.sys (ElbyCDIO) .(.Elaborate Bytes AG - ElbyCD Windows NT/2000/XP I/O driver.) - LEGACY_ELBYCDIO O64 - Services: CurCS - 13/02/2012 - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (EraserUtilRebootDrv) .(.Symantec Corporation - Symantec Eraser Utility Driver.) - LEGACY_ERASERUTILREBOOTDRV O64 - Services: CurCS - 10/12/2011 - C:\Windows\system32\drivers\mbam.sys (MBAMProtector) .(.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) - LEGACY_MBAMPROTECTOR O64 - Services: CurCS - 01/03/2012 - C:\Windows\system32\drivers\mbamswissarmy.sys (MBAMSwissArmy) .(.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) - LEGACY_MBAMSWISSARMY O64 - Services: CurCS - ??\??\???? - C:\Windows\system32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV O64 - Services: CurCS - 18/12/2009 - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (SPBBCDrv) .(.Symantec Corporation - SPBBC Driver.) - LEGACY_SPBBCDRV O64 - Services: CurCS - 08/03/2010 - C:\Windows\system32\Drivers\SRTSP.sys (SRTSP) .(.Symantec Corporation - Symantec AutoProtect.) - LEGACY_SRTSP O64 - Services: CurCS - 08/03/2010 - C:\Windows\system32\Drivers\SRTSPX.sys (SRTSPX) .(.Symantec Corporation - Symantec AutoProtect.) - LEGACY_SRTSPX O64 - Services: CurCS - 24/02/2011 - C:\Windows\system32\Drivers\SYMEVENT.sys (SymEvent) .(.Symantec Corporation - Symantec Event Library.) - LEGACY_SYMEVENT O64 - Services: CurCS - 03/09/2009 - C:\Windows\system32\Drivers\SYMREDRV.sys (SYMREDRV) .(.Symantec Corporation - Redirector Filter Driver.) - LEGACY_SYMREDRV O64 - Services: CurCS - 03/09/2009 - C:\Windows\system32\Drivers\SYMTDI.sys (SYMTDI) .(.Symantec Corporation - Network Dispatch Driver.) - LEGACY_SYMTDI O64 - Services: CurCS - 15/12/2009 - C:\Program Files\CyberLink\PowerDVD9\NavFilter\000.fcl ({B154377D-700F-42cc-9474-23858FBDF4BD}) .(.CyberLink Corp. - Pas de description.) - LEGACY_{B154377D-700F-42CC-9474-23858FBDF4BD} ~ Scan Services in 00mn 15s ---\\ Liste des fichiers non signés (O65) (None) ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\system32\control.exe O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\system32\eventvwr.exe O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\system32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\system32\control.exe O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> <evtfile>[HKCR\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\system32\eventvwr.exe O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\system32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe ~ Scan Keys in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe ~ Scan Keys in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: C:\Users\CELSO\AppData\Roaming\Mozilla\Firefox\Profiles\y5f7xqok.default\searchplugins\askcom.xml O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - Bing O69 - SBI: SearchScopes [HKCU] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - (Ask Search) - http://websearch.ask.com ~ Scan Keys in 00mn 00s ---\\ Crack & Keygen Files (O82) C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\keygen.exe C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\oodpe_8_5_1932_fra.exe C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen.rar C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\keygen.exe C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\oodpe_8_5_1932_fra.exe C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen.rar F:\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\keygen.exe F:\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\oodpe_8_5_1932_fra.exe F:\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj01.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj02.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj03.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj04.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj05.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj06.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj07.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj08.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj09.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj10.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj11.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj12.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj13.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj14.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj15.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj16.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj17.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj18.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj19.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj20.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj21.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part01.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part02.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part03.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part04.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part05.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part06.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part07.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part08.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part09.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part10.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part11.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part12.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part13.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part14.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part15.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part16.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part17.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part18.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part19.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part20.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part21.rar F:\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\keygen.exe F:\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\oodpe_8_5_1932_fra.exe F:\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen.rar ~ Scan Files in 01mn 25s ---\\ Recherche des services démarrés par Svchost (O83) O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Service Expérience d’application.) -- C:\Windows\system32\aelupsvc.dll [62464] O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\system32\certprop.dll [67584] O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\system32\certprop.dll [67584] O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL du service Serveur.) -- C:\Windows\system32\srvsvc.dll [168960] O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Client de stratégie de groupe.) -- C:\Windows\system32\gpsvc.dll [593408] O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extension IKE.) -- C:\Windows\system32\ikeext.dll [674304] O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Service Audio Windows.) -- C:\Windows\system32\Audiosrv.dll [473600] O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gestionnaire de numérotation automatique d’accès distant.) -- C:\Windows\system32\rasauto.dll [90624] O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gestionnaire de connexions d’accès distant.) -- C:\Windows\system32\rasmans.dll [286208] O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gestionnaire d’interface dynamique.) -- C:\Windows\system32\mprdim.dll [75264] O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Service de notification d’événements système (SENS).) -- C:\Windows\system32\sens.dll [49664] O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Composants de l’application d’assistance à Microsoft NAT.) -- C:\Windows\system32\ipnathlp.dll [300544] O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Serveur de téléphonie Microsoft® Windows.) -- C:\Windows\system32\tapisrv.dll [242176] O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gestionnaire des connexions distantes du serveur hôte de session Burea.) -- C:\Windows\system32\termsrv.dll [521216] O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Agent de mise à jour automatique Windows Update.) -- C:\Windows\system32\wuaueng.dll [1914368] O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Service de transfert intelligent en arrière-plan.) -- C:\Windows\system32\qmgr.dll [585728] O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\Windows\system32\shsvcs.dll [328192] O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service offrant une connectivité IPv6 sur un réseau IPv4..) -- C:\Windows\system32\iphlpsvc.dll [499712] O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de service d’ouverture de session secondaire.) -- C:\Windows\system32\seclogon.dll [21504] O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Service Informations d’application.) -- C:\Windows\system32\appinfo.dll [47104] O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Service de découverte iSCSI.) -- C:\Windows\system32\iscsiexe.dll [114688] O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Service Planificateur de classes multimédias.) -- C:\Windows\system32\mmcss.dll [49664] O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Rapports et solutions aux problèmes.) -- C:\Windows\system32\wercplsupport.dll [61440] O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Service EAPHost Microsoft.) -- C:\Windows\system32\eapsvc.dll [98304] O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\system32\profsvc.dll [164352] O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Service du Planificateur de tâches.) -- C:\Windows\system32\schedsvc.dll [750592] O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Service Gestion des clés.) -- C:\Windows\system32\kmsvc.dll [71168] O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Service Configuration des services Bureau à distance.) -- C:\Windows\system32\sessenv.dll [113664] O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\system32\wbem\WMIsvc.dll [168960] O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL du service Explorateur d’ordinateurs.) -- C:\Windows\system32\browser.dll [102400] O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL du service des thèmes Windows Shell.) -- C:\Windows\system32\themeservice.dll [37376] O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Service BDE.) -- C:\Windows\system32\bdesvc.dll [76800] ~ Scan Services in 00mn 00s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.A719B9EE6116B496F4000C0B1311EA13] [sPRF][26/02/2011] (...) -- C:\Users\CELSO\AppData\Roaming\PnkBstrK.sys [22328] [MD5.371D4542D9EC5C1D90809F578D177429] [sPRF][29/02/2012] (...) -- C:\Users\CELSO\Desktop\adwcleaner.exe [602051] [MD5.4D930392BD13F448ED474CE2C41DFADA] [sPRF][03/02/2011] (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller 10.2 r152.) -- C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [2871968] ~ Scan Files in 00mn 00s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "NetPres-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.) O87 - FAEL: "NetPres-Out-TCP-NoScope" |Out - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.) O87 - FAEL: "NetPres-WSD-In-UDP" |In - None - P17 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.) O87 - FAEL: "NetPres-WSD-Out-UDP" |Out - None - P17 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.) O87 - FAEL: "NetPres-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.) O87 - FAEL: "NetPres-Out-TCP" |Out - Public - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.) O87 - FAEL: "{6BEEBFC0-890F-4FE6-95D2-CA3B464DE353}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe (.not file.) O87 - FAEL: "{1BD6DC99-87C4-4937-826B-910BAE2DD02A}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe (.not file.) O87 - FAEL: "{1A15E680-3D45-4FC9-A726-1A974CFE5FF9}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe (.not file.) O87 - FAEL: "{0E87757C-0474-4D04-AC62-54285AFEF89E}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe (.not file.) O87 - FAEL: "{565E73E7-951A-4F8C-B01F-D13CC3A7C4B7}" | In - Private - P6 - TRUE | .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version6\TeamViewer.exe O87 - FAEL: "{05162694-0646-465C-A3A2-F8B381D0353F}" | In - Private - P17 - TRUE | .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version6\TeamViewer.exe O87 - FAEL: "{1AB9F83E-D904-4D7A-B1CB-15DF44FBBFD2}" | In - Private - P6 - TRUE | .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe O87 - FAEL: "{9F679F8F-4057-4EFD-B052-3093E62B57C6}" | In - Private - P17 - TRUE | .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe O87 - FAEL: "{768764A5-EE18-4CF0-A7C2-C06CA2470F4E}" | In - Private - P6 - TRUE | .(.Symantec Corporation - Symantec CMC Smc.) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe O87 - FAEL: "{B39930D3-0685-4B0B-B436-D92E51467FD0}" | In - Private - P17 - TRUE | .(.Symantec Corporation - Symantec CMC Smc.) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe O87 - FAEL: "{D0C64FAF-F625-4A2A-9DA8-0480DF218DAF}" | In - Private - P6 - TRUE | .(.Symantec Corporation - Symantec Network Access Control.) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.exe O87 - FAEL: "{21A47798-3CA9-4853-A8A4-13571D36B9D8}" | In - Private - P17 - TRUE | .(.Symantec Corporation - Symantec Network Access Control.) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.exe O87 - FAEL: "{FF9446F0-997A-4989-8FAE-165400FA773B}" | In - Private - P6 - TRUE | .(.Symantec Corporation - Symantec User Session.) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe O87 - FAEL: "{99B7EAE7-A241-42FE-A376-D00EC6BEC35E}" | In - Private - P17 - TRUE | .(.Symantec Corporation - Symantec User Session.) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe O87 - FAEL: "{6DDFD881-6916-4CAD-928A-CFB6C4C28F8E}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\IncMail.exe (.not file.) O87 - FAEL: "{B2E79365-8139-4ACF-B9AE-816CD7BF2CFD}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\IncMail.exe (.not file.) O87 - FAEL: "{AD6BF7BE-7D0A-4112-9536-DEAD743DD93A}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\ImApp.exe (.not file.) O87 - FAEL: "{E02CD5AE-0A58-4241-9DE2-CC86585E3A32}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\ImApp.exe (.not file.) O87 - FAEL: "{90A8D7F2-D7E0-4D88-88FC-538BEB05D43E}" | In - Private - P6 - TRUE | .(...) -- C:\Program Files\HomePlayer\HomePlayer.exe O87 - FAEL: "{D1641D63-D1D2-4D22-AAAB-E6996B6BBC47}" | In - Private - P17 - TRUE | .(...) -- C:\Program Files\HomePlayer\HomePlayer.exe O87 - FAEL: "{CBD46927-16E3-4645-A333-E3E96ADBF20D}" | In - Private - P6 - TRUE | .(...) -- C:\Program Files\HomePlayer\VLC\vlc.exe O87 - FAEL: "{C463970E-9993-4131-A162-DB36ABC82DE5}" | In - Private - P17 - TRUE | .(...) -- C:\Program Files\HomePlayer\VLC\vlc.exe O87 - FAEL: "{9F525B69-8322-43D5-AB5E-3D926DB5FE19}" | In - None - P17 - TRUE | .(.CyberLink Corp. - CyberLink PowerDVD Cinema Main Program.) -- C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe O87 - FAEL: "{2779ED72-2D8F-458E-A553-532462A26773}" | In - None - P17 - TRUE | .(.CyberLink Corp. - PowerDVD 9.0.) -- C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe O87 - FAEL: "{07DDECF6-849F-4176-A6E7-16D105249038}" | In - Private - P6 - TRUE | .(...) -- C:\Windows\System32\PnkBstrA.exe O87 - FAEL: "{C35DE4CF-48BA-4FAC-AC6D-7FC5A9D31068}" | In - Private - P17 - TRUE | .(...) -- C:\Windows\System32\PnkBstrA.exe O87 - FAEL: "{D063662A-F9C5-4B72-91F6-89FE80620588}" | In - Private - P6 - TRUE | .(...) -- C:\Windows\System32\PnkBstrB.exe O87 - FAEL: "{49A573E0-A040-4386-A288-BA6A270E7775}" | In - Private - P17 - TRUE | .(...) -- C:\Windows\System32\PnkBstrB.exe O87 - FAEL: "{F129F5CC-FD1D-4D97-88D6-27AEC1428462}" | In - Private - P6 - TRUE | .(...) -- C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe O87 - FAEL: "{2736B1FE-2EC8-4A6D-9689-3F53070D4C57}" | In - Private - P17 - TRUE | .(...) -- C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe O87 - FAEL: "TCP Query User{A58B5EAA-3EF6-47B9-8C18-7CFFBC9C96C8}C:\program files\xfire\xfire.exe" | In - Private - P6 - TRUE | .(.Xfire Inc. - Xfire.) -- C:\Program Files\Xfire\Xfire.exe O87 - FAEL: "UDP Query User{5AB11151-291C-4248-825E-AC23CEF8AD9B}C:\program files\xfire\xfire.exe" | In - Private - P17 - TRUE | .(.Xfire Inc. - Xfire.) -- C:\Program Files\Xfire\Xfire.exe O87 - FAEL: "TCP Query User{199EC9F2-7B18-4BC7-8498-4E0B0854367A}C:\program files\tmnationsforever\tmforever.exe" | In - Private - P6 - TRUE | .(...) -- C:\Program Files\TmNationsForever\TmForever.exe O87 - FAEL: "UDP Query User{59FFB152-C260-4FF9-984F-ADB091E925A6}C:\program files\tmnationsforever\tmforever.exe" | In - Private - P17 - TRUE | .(...) -- C:\Program Files\TmNationsForever\TmForever.exe O87 - FAEL: "TCP Query User{927922A5-396E-4280-BFFD-C530A1F34AC0}C:\program files\activision\call of duty 2\cod2mp_s.exe" | In - Private - P6 - TRUE | .(...) -- C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe O87 - FAEL: "UDP Query User{C9A7C4FE-57EB-4D32-945C-7F465208635F}C:\program files\activision\call of duty 2\cod2mp_s.exe" | In - Private - P17 - TRUE | .(...) -- C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe O87 - FAEL: "TCP Query User{8C2CCB46-F6A4-4475-8FEF-E0570A54DCC4}C:\program files\google\google earth\plugin\geplugin.exe" | In - Private - P6 - TRUE | .(.Google - Google Earth.) -- C:\Program Files\Google\Google Earth\plugin\geplugin.exe O87 - FAEL: "UDP Query User{782CF56E-D15C-44DA-96F7-2F3319969315}C:\program files\google\google earth\plugin\geplugin.exe" | In - Private - P17 - TRUE | .(.Google - Google Earth.) -- C:\Program Files\Google\Google Earth\plugin\geplugin.exe O87 - FAEL: "TCP Query User{E90365DB-56C7-408B-A978-E040D9463AA0}C:\program files\maniaplanet\maniaplanet.exe" | In - Private - P6 - TRUE | .(.Nadeo - ManiaPlanet.) -- C:\Program Files\ManiaPlanet\ManiaPlanet.exe O87 - FAEL: "UDP Query User{C40BA7F3-76AE-4350-AA3B-8B9302382B9A}C:\program files\maniaplanet\maniaplanet.exe" | In - Private - P17 - TRUE | .(.Nadeo - ManiaPlanet.) -- C:\Program Files\ManiaPlanet\ManiaPlanet.exe O87 - FAEL: "{CB517CEE-EE2B-4FD8-AB90-821D40EA15FC}" | In - Private - P6 - TRUE | .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe O87 - FAEL: "{20628F0E-FE6A-4BC7-BC7A-0609D0C70DB5}" | In - Private - P17 - TRUE | .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe O87 - FAEL: "{A853B28D-A101-4BE2-9D3A-2278AE00E5F2}" | In - Private - P6 - TRUE | .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe O87 - FAEL: "{A91ACAA4-41F8-4335-8F0B-1DDAAD02A7AF}" | In - Private - P17 - TRUE | .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe O87 - FAEL: "{1FB1CC51-A200-4A1E-AD1B-B8332BE8A238}" | In - None - P17 - TRUE | .(.Skype Limited - Facebook Video Calling.) -- C:\Users\CELSO\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe O87 - FAEL: "{469EE70C-48E3-442E-824B-E93B994E478E}" | In - Private - P6 - FALSE | .(.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O87 - FAEL: "{50002BA1-1F53-4912-A50B-859A2842C1B2}" | In - Private - P17 - FALSE | .(.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O87 - FAEL: "TCP Query User{0D8BB620-31ED-40A2-9352-07C707B29323}C:\program files\tmnationsforever\tmforever.exe" | In - Public - P6 - TRUE | .(...) -- C:\Program Files\TmNationsForever\TmForever.exe O87 - FAEL: "UDP Query User{0865982E-E7D0-4E3A-851E-382BEDD64A2D}C:\program files\tmnationsforever\tmforever.exe" | In - Public - P17 - TRUE | .(...) -- C:\Program Files\TmNationsForever\TmForever.exe ~ Scan Firewall in 00mn 02s ---\\ Scan Additionnel (O88) Database Version : 9066 - (05/02/2012) Clés trouvées (Keys found) : 2 Valeurs trouvées (Values found) : 1 Dossiers trouvés (Folders found) : 4 Fichiers trouvés (Files found) : 0 [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}] =>Toolbar.Agent [HKLM\Software\Xfire\OpenCandy] =>Adware.OpenCandy [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Toolbar.AskSBar C:\Users\CELSO\AppData\Roaming\OpenCandy =>Adware.OpenCandy C:\Users\CELSO\AppData\Local\OpenCandy =>Adware.OpenCandy C:\Users\CELSO\AppData\LocalLow\ShopperReports3 =>Adware.ShopperReports ~ Scan Additionnel in 00mn 05s ---\\ Recherche détournement de DNS routeur (O89) Serveur : google-public-dns-a.google.com Address: 8.8.8.8 Nom : www-cctld.l.google.com Address: 173.194.67.94 Aliases: www.google.fr ~ Scan DNS in 00mn 02s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 03/01/2012 63928 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 25/01/2010 108392 | (ccEvtMgr) . (.Symantec Corporation.) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe SR - | Auto 25/01/2010 108392 | (ccSetMgr) . (.Symantec Corporation.) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe SS - | Auto 30/04/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 30/04/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 17/02/2010 3093880 | (LiveUpdate) . (.Symantec Corporation.) - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.exe SR - | Auto 13/01/2012 652360 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe SR - | Auto 10/02/2012 645440 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe SR - | Auto 10/02/2012 2348352 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SR - | Auto 75136 | (PnkBstrA) . (...) - C:\Windows\System32\PnkBstrA.exe SR - | Auto 16/04/2010 1881368 | (SmcService) . (.Symantec Corporation.) - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe SS - | Disabled 01/04/2010 349512 | (SNAC) . (.Symantec Corporation.) - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.exe SR - | Auto 09/02/2012 382272 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe SR - | Auto 23/04/2010 1831024 | (Symantec AntiVirus) . (.Symantec Corporation.) - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe SR - | Auto 07/12/2010 2228008 | (TeamViewer6) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe SR - | Auto 02/12/2011 2923392 | (TeamViewer7) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe SR - | Auto 14/07/2009 20992 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 15/12/2009 87536 | ({B154377D-700F-42cc-9474-23858FBDF4BD}) . (.CyberLink Corp..) - C:\Program Files\CyberLink\PowerDVD9\NavFilter\000.fcl ~ Scan Services in 00mn 05s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover Run by CELSO at 01/03/2012 16:13:31 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys 1 ntkrnlpa!IofCallDriver[0x8304B52A] -> \Device\Harddisk0\DR0[0x865699E0] 3 CLASSPNP[0x8B78859E] -> ntkrnlpa!IofCallDriver[0x8304B52A] -> [0x860AB918] 5 ACPI[0x8B2943D4] -> ntkrnlpa!IofCallDriver[0x8304B52A] -> \Device\Ide\IdeDeviceP2T0L0-2[0x860D0908] kernel: MBR read successfully user & kernel MBR OK ~ Scan MBR in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by CELSO at 01/03/2012 16:13:33 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ Scan MBR in 00mn 04s End of the scan (1690 lines in 16mn 43s)(54)
- le 1 mars 2012
- 20 réponses
Windows infecté

rital94 a répondu à un(e) sujet de rital94 dans Analyses et éradication malwares

Malwarebytes Anti-Malware (Essai) 1.60.1.1000 www.malwarebytes.org Version de la base de données: v2012.02.29.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 CELSO :: CELSO-PC [administrateur] Protection: Activé 01/03/2012 12:49:21 mbam-log-2012-03-01 (12-49-21).txt Type d'examen: Examen complet Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 376010 Temps écoulé: 1 heure(s), 12 minute(s), 52 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 20 C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\cdkey-rzr-cod4.exe (Trojan.Agent.CK) -> Mis en quarantaine et supprimé avec succès. C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\changer de voix\KeyGen.exe (RiskWare.Tool.CK) -> Mis en quarantaine et supprimé avec succès. C:\Users\CELSO\Desktop\Sauvegarde\Logiciels 2011 Kevin\Cod4fr\COD4\rzr-cod4.exe (Trojan.Agent.CK) -> Mis en quarantaine et supprimé avec succès. C:\Users\CELSO\Desktop\Sauvegarde\Logiciels 2011 Kevin\Cod4fr\COD4\cod4\rzr-cod4.exe (Trojan.Agent.CK) -> Mis en quarantaine et supprimé avec succès. C:\Users\CELSO\Desktop\Sauvegarde\Logiciels 2011 Kevin\Cod4fr\COD4\cod4\cod4\rzr-cod4.exe (Trojan.Agent.CK) -> Mis en quarantaine et supprimé avec succès. C:\Users\CELSO\Desktop\Sauvegarde\Logiciels 2011 Kevin\PowerDVD v9\CORE10k.EXE (Dont.Steal.Our.Software) -> Mis en quarantaine et supprimé avec succès. C:\Users\CELSO\Desktop\Sauvegarde\Logiciels 2011 Kevin\PowerDVD v9\keygen.exe (Trojan.Dropper.PGen) -> Mis en quarantaine et supprimé avec succès. F:\Logiciel Maintenance & dvd Shrink,\changer de voix\KeyGen.exe (RiskWare.Tool.CK) -> Mis en quarantaine et supprimé avec succès. F:\Logiciels 2011 Kevin\Cod4fr\COD4\rzr-cod4.exe (Trojan.Agent.CK) -> Mis en quarantaine et supprimé avec succès. F:\Logiciels 2011 Kevin\Cod4fr\COD4\cod4\rzr-cod4.exe (Trojan.Agent.CK) -> Mis en quarantaine et supprimé avec succès. F:\Logiciels 2011 Kevin\Cod4fr\COD4\cod4\cod4\rzr-cod4.exe (Trojan.Agent.CK) -> Mis en quarantaine et supprimé avec succès. F:\Logiciels 2011 Kevin\PowerDVD v9\CORE10k.EXE (Dont.Steal.Our.Software) -> Mis en quarantaine et supprimé avec succès. F:\Logiciels 2011 Kevin\PowerDVD v9\keygen.exe (Trojan.Dropper.PGen) -> Mis en quarantaine et supprimé avec succès. F:\Sauvegarde\Logiciel Maintenance & dvd Shrink,\cdkey-rzr-cod4.exe (Trojan.Agent.CK) -> Mis en quarantaine et supprimé avec succès. F:\Sauvegarde\Logiciel Maintenance & dvd Shrink,\changer de voix\KeyGen.exe (RiskWare.Tool.CK) -> Mis en quarantaine et supprimé avec succès. F:\Sauvegarde\Logiciels 2011 Kevin\Cod4fr\COD4\rzr-cod4.exe (Trojan.Agent.CK) -> Mis en quarantaine et supprimé avec succès. F:\Sauvegarde\Logiciels 2011 Kevin\Cod4fr\COD4\cod4\rzr-cod4.exe (Trojan.Agent.CK) -> Mis en quarantaine et supprimé avec succès. F:\Sauvegarde\Logiciels 2011 Kevin\Cod4fr\COD4\cod4\cod4\rzr-cod4.exe (Trojan.Agent.CK) -> Mis en quarantaine et supprimé avec succès. F:\Sauvegarde\Logiciels 2011 Kevin\PowerDVD v9\CORE10k.EXE (Dont.Steal.Our.Software) -> Mis en quarantaine et supprimé avec succès. F:\Sauvegarde\Logiciels 2011 Kevin\PowerDVD v9\keygen.exe (Trojan.Dropper.PGen) -> Mis en quarantaine et supprimé avec succès. (fin) 20:51:49 CELSO MESSAGE Protection started successfully 20:51:52 CELSO MESSAGE IP Protection started successfully /02/29 22:38:20 +0100 CELSO-PC CELSO MESSAGE Starting protection 2012/02/29 22:38:22 +0100 CELSO-PC CELSO MESSAGE Protection started successfully 2012/02/29 22:38:25 +0100 CELSO-PC CELSO MESSAGE Starting IP protection 2012/02/29 22:38:26 +0100 CELSO-PC CELSO MESSAGE IP Protection started successfully 2012/02/29 22:43:56 +0100 CELSO-PC CELSO DETECTION F:\Logiciel Maintenance & dvd Shrink,\cdkey-rzr-cod4.exe Trojan.Agent.CK QUARANTINE 2012/02/29 22:47:26 +0100 CELSO-PC CELSO MESSAGE Executing scheduled update: Daily 2012/02/29 22:47:28 +0100 CELSO-PC CELSO MESSAGE Database already up-to-date 2012/02/29 23:57:47 +0100 CELSO-PC CELSO DETECTION
- le 1 mars 2012
- 20 réponses
Windows infecté

rital94 a répondu à un(e) sujet de rital94 dans Analyses et éradication malwares

Rapport de ZHPDiag v1.28.32 par Nicolas Coolman, Update du 05/02/2012 Run by CELSO at 01/03/2012 13:14:32 Web site : ZHPDiag Outil de diagnostic Web site : Blog de NicolasCoolman - ZebHelpProcess - Skyrock.com Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601) State : Version à jour. Boot mode: Normal (Normal boot) Logged in as Administrator ---\\ Web Browser MSIE: Internet Explorer v9.0.8112.16421 MFIE: Mozilla Firefox 10.0.2 v10.0.2 (Defaut) ---\\ Processus lancés [MD5.FB9DFE1D04DFA81ABBD8493A52A23773] - (.Symantec Corporation - Symantec CMC SmcGui.) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe [1459528] [PID.2360] [MD5.C687C23E093782DA238F6B972FCB717C] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1820480] [PID.2612] [MD5.F7BA07E85A37CA30FFED726001754951] - (.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe [10871680] [PID.3304] [MD5.BF1FF06F5434AFAEAB6C3279E3BD2250] - (.Symantec Corporation - Symantec User Session.) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115560] [PID.3964] [MD5.F40E80C04475731C6ED5D19C48E45E3C] - (.Elaborate Bytes AG - Virtual CloneDrive Daemon.) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [85160] [PID.3984] [MD5.16E288B32BC5ED1A73D8D266B354AD5F] - (.cyberlink - brs.) -- C:\Program Files\CyberLink\Shared files\brs.exe [75048] [PID.4004] [MD5.60D0647A2DC2D397B84D0AFB0808F85D] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [460872] [PID.1916] [MD5.D9C51528488EA0D98D3C4D02ABD16759] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.5748] [MD5.5AC757AE411CBC603C33C85F81F8657D] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [924632] [PID.4400] [MD5.196F6E8FBC7043A867C8F428E40530E8] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [16856] [PID.5884] [MD5.B8F49232247D0825B2B82E08A9E10753] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [981680] [PID.5524] [MD5.4309B75F125067EF805F3125B01FCC30] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [2210816] [PID.5984] ~ Scan Processes Running in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\CELSO\AppData\Roaming\Mozilla\Firefox\Profiles\y5f7xqok.default\prefs.js M3 - MFPP: Plugins - [CELSO] -- C:\Users\CELSO\AppData\Roaming\Mozilla\Firefox\Profiles\y5f7xqok.default\searchplugins\askcom.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml M0 - MFSP: prefs.js [CELSO - y5f7xqok.default] Google M2 - MFEP: prefs.js [CELSO - y5f7xqok.default\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}] [] Garmin Communicator v4.0.1.0 (.Garmin International.) P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.2.) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.5.9.620.) -- C:\Windows\System32\Adobe\Director\np32dsw.dll P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) -- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_26 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.1.10111.0.) -- C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll P2 - FPN: [HKLM] [@nvidia.com/3DVision] - (.NVIDIA Corporation - NVIDIA 3D Vision plugin for Mozilla browsers.) -- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll P2 - FPN: [HKLM] [@nvidia.com/3DVisionStreaming] - (.NVIDIA Corporation - NVIDIA 3D Vision Streaming plugin for Mozilla browsers.) -- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.2.) -- C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll P2 - FPN: [HKCU] [@Skype Limited.com/Facebook Video Calling Plugin] - (.Skype Limited - Facebook Video Calling Plugin.) -- C:\Users\CELSO\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll ~ Scan Firefox Browser in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Search Microsoft.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\System32\ieframe.dll R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1 ~ Scan IE Browser in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Scan Proxy management in 00mn 00s ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2) F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe ~ Scan Keys in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Scan Hosts File in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} . (.TechSmith Corporation - SnagIt Browser Helper Object for Internet E.) -- C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll ~ Scan BHO in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} . (.TechSmith Corporation - SnagIt Add-in for Internet Explorer.) -- C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll ~ Scan Toolbar in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe O4 - HKLM\..\Run: [ccApp] . (.Symantec Corporation - Symantec User Session.) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [VirtualCloneDrive] . (.Elaborate Bytes AG - Virtual CloneDrive Daemon.) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe O4 - HKLM\..\Run: [bDRegion] . (.cyberlink - brs.) -- C:\Program Files\CyberLink\Shared files\brs.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\System32\nvmctray.dll O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe ~ Scan Application in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - Global Startup: C:\Users\CELSO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Users\CELSO\Desktop\everest.exe - Raccourci.lnk . (...) -- F:\Logiciels 2011 Kevin\Everest.Corporate.Edtion.v2.80\everest.exe O4 - Global Startup: C:\Users\CELSO\Desktop\HijackThis.exe - Raccourci.lnk . (.Trend Micro Inc..) -- F:\Logiciel Maintenance & dvd Shrink,\HiJackThis\HijackThis.exe O4 - Global Startup: C:\Users\CELSO\Desktop\Jouer à ManiaPlanet.lnk . (...) -- C:\Program Files\ManiaPlanet\ManiaPlanetLauncher.exe O4 - Global Startup: C:\Users\CELSO\Desktop\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - Global Startup: C:\Users\CELSO\Desktop\PhotoFiltre.lnk . (.Antonio Da Cruz.) -- C:\Program Files\PhotoFiltre\photofiltre.exe O4 - Global Startup: C:\Users\CELSO\Desktop\Windows Live Messenger.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O4 - Global Startup: C:\Users\CELSO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Users\CELSO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk . (.Microsoft Corporation.) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE O4 - Global Startup: C:\Users\CELSO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe ~ Scan Global Startup in 00mn 00s ---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5) O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no ~ Scan IE Control Panel in 00mn 00s ---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8) O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\Program Files\MICROS~2\Office12\EXCEL.exe ~ Scan IE Menu Contextuel in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO ~ Scan IE Extra Buttons in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\System32\nlaapi.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d’affectation de noms de messagerie.) -- C:\Windows\System32\NapiNSP.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\System32\pnrpnsp.dll O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\System32\pnrpnsp.dll O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\System32\mswsock.dll O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\System32\winrnr.dll O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.dll O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.dll ~ Scan Winsock in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ~ Scan Objets ActiveX in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{2B015339-CF8E-4E76-9AF8-3D0CC9B1E0FA}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CS1\Services\Tcpip\..\{2B015339-CF8E-4E76-9AF8-3D0CC9B1E0FA}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CS2\Services\Tcpip\..\{2B015339-CF8E-4E76-9AF8-3D0CC9B1E0FA}: NameServer = 8.8.8.8,8.8.4.4 ~ Scan Domain in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\MSVidCtl.dll O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.dll O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files\Common Files\microsoft shared\Help\hxds.dll O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.dll O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\MSVidCtl.dll O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll ~ Scan Protocole Additionnel in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\system32\igfxdev.dll ~ Scan Winlogon in 00mn 00s ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. ~ Scan SSODL in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) . (.Symantec Corporation - Symantec Service Framework.) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) . (.Symantec Corporation - Symantec Service Framework.) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 295.7.) - C:\Windows\System32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) . (.NVIDIA Corporation - NVIDIA Settings Update Manager.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: PnkBstrA (PnkBstrA) . (...) - C:\Windows\System32\PnkBstrA.exe O23 - Service: Client de gestion Symantec (SmcService) . (.Symantec Corporation - Symantec CMC Smc.) - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) . (.Symantec Corporation - Symantec AntiVirus.) - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe O23 - Service: TeamViewer 6 (TeamViewer6) . (.TeamViewer GmbH - TeamViewer Remote Control Application.) - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: TeamViewer 7 (TeamViewer7) . (.TeamViewer GmbH - TeamViewer Remote Control Application.) - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: Power Control [2011/02/26 16:42:22] ({B154377D-700F-42cc-9474-23858FBDF4BD}) . (.CyberLink Corp. - Pas de description.) - C:\Program Files\CyberLink\PowerDVD9\NavFilter\000.fcl ~ Scan Services in 00mn 00s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Default MHTML Editor: Last - .(...) - (.not file.) ~ Scan Desktop Component in 00mn 00s End of the scan (256 lines in 00mn 01s)(0)
- le 1 mars 2012
- 20 réponses
Windows infecté

rital94 a répondu à un(e) sujet de rital94 dans Analyses et éradication malwares

mon rapport de malxarebites que j'ai poster je dois le refaire ?? dois-je cocher toutes les case pour l'analyse ou simplement le disque c et F
- le 1 mars 2012
- 20 réponses

Connexion

rital94

Compteur de contenus

Inscription

Dernière visite

À propos de rital94

Profile Information

rital94's Achievements

Member (4/12)

Réputation sur la communauté

Se débarrasser de Do-Search

Windows infecté

Windows infecté

Windows infecté

Windows infecté

Windows infecté

Windows infecté

Windows infecté

Windows infecté

Windows infecté

rital94

pear

Windows infecté

Windows infecté

Windows infecté

Windows infecté

Zebulon

Outils en ligne

Naviguer