Aller au contenu

rital94

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    39

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par rital94

  1. rital94
    Bonsoir Malgré une analyse avec malwarebyte et adwcleaner do search est toujours là . Quoi faire ? Au cas où cela serve voila le rapport ZHPdiag : ~ Rapport de ZHPDiag v2013.11.30.64 - Nicolas Coolman (30/11/2013) ~ Lancé par Maman d'amour (30/11/2013 18:55:59) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Deactivate by program ---\\ Navigateurs Internet MSIE: Internet Explorer v10.0.9200.16736 ---\\ Informations sur les produits Windows ~ Langage: Français Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ---\\ Logiciels de protection du système Avira Free Antivirus v14.0.1.749 Malwarebytes Anti-Malware version 1.75.0.1300 Spybot - Search & Destroy v2.1.21 Windows Defender W7 ---\\ Logiciels d'optimisation du système CCleaner v4.07 =>Piriform Ltd ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 11 Plugin Adobe Reader XI Java 7 Update 45 ---\\ Informations sur le système ~ Processor: AMD64 Family 16 Model 6 Stepping 2, AuthenticAMD ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 2815 MB (57% free) System Restore: Activé (Enable) System drive C: has 461 GB (79%) free of 577 GB ---\\ Mode de connexion au système ~ Computer Name: MAMANDAMOUR-PC ~ User Name: Maman d'amour ~ All Users Names: UpdatusUser, Maman d'amour, HomeGroupUser$, GRAZIELLA, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Maman d'amour\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Maman d'amour\AppData\Roaming\ ~ %Desktop% : C:\Users\Maman d'amour\Desktop\ ~ %Favorites% : C:\Users\Maman d'amour\Favorites\ ~ %LocalAppData% : C:\Users\Maman d'amour\AppData\Local\ ~ %StartMenu% : C:\Users\Maman d'amour\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 461 Go of 577 Go) D: CD-ROM drive (Not Inserted) E: Floppy drive, Flash card reader, USB Key (Not Inserted) F: Floppy drive, Flash card reader, USB Key (Not Inserted) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 49 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.9706C99DAEBE3FEAC811B239617E98C4] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.12/10/2013 - 09:45:20.) -- C:\Windows\System32\wininet.dll [2241536] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 3/2872 ~ Mes musiques (My Musics) : 4/85 ~ Mes Videos (My Videos) : 2/180 ~ Mes Favoris (My Favorites) : 1/90 ~ Mes Documents (My Documents) : 3/11625 ~ Mon Bureau (My Desktop) : 1/877 ~ Menu demarrer (Programs) : 1/81 ~ Hidden Files: Scanned in 00mn 01s ---\\ Processus lancés [MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2708] [MD5.6DCFADDA4F2A6D3396D13F0554D672E8] - (.Microsoft Corporation - Windows Live Family Safety Filter.) -- C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [884584] [PID.3008] [MD5.636D97B3BAF854511FF3F4093E895FED] - (.Google Inc. - Google Chrome.) -- C:\Users\Maman d'amour\AppData\Local\Google\Chrome\Application\chrome.exe [863184] [PID.3032] [MD5.F9F2E450BF37A98DC658404611AA97C7] - (.Pas de propriétaire - Hercules WiFi Station N Utility.) -- C:\Program Files (x86)\Hercules\WiFiStationN\WiFiN.exe [128296] [PID.3064] [MD5.B412B75E55FEA30E780185B002D3AE14] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576] [PID.3248] [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3308] [MD5.AF49D1C79EA49A7833017F290EE63B82] - (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784] [PID.3316] [MD5.CBDD25C4B42053D30000A9CFC24BE111] - (.Eastman Kodak Company - Camera detection stub.) -- C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe [108032] [PID.940] [MD5.5397E32E882C0148CEC13D9EACFB7157] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) -- C:\Program Files (x86)\Internet Explorer\IELowutil.exe [222208] [PID.5524] [MD5.58920E6A409046BA06548D9D139CE0F0] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608] [PID.3996] [MD5.85AF4805A6E0512F523170AD228758D3] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8260608] [PID.4788] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\Maman d'amour\AppData\Local\Google\Chrome\User Data\Default\Preferences G2 - GCE: Preference [user Data\Default] [booedmolknjekdopkepjjeckmjkdpfgl] Managerr v.0.1 (Activé) G2 - GCE: Preference [user Data\Default] [finjldehgjkbodfcolnccgkejloahbcm] Le Yams v.6.8 (Désactivé) G2 - GCE: Preference [user Data\Default] [flpcjncodpafbgdpnkljologafpionhb] Managera v.0.1 (Activé) G2 - GCE: Preference [user Data\Default] [imfaefgciinakhhijicamiodfbejphdb] RePlay.FR v.1.4.1 (Désactivé) G2 - GCE: Preference [user Data\Default] [lpibnckjjeaabeepofhfmmpjmnomohee] Word\u00B2 v.2.5 (Désactivé) G2 - GCE: Preference [user Data\Default] [njienacjggibaeolcbbjfnigbojkcggj] MyWebFace v.5.53.2.50612, (Désactivé) =>PUP.MyWebFace G2 - GCE: Preference [user Data\Default] [ojcgaoafcmbadjkfdippkdddgkeaipbn] DealPly Shopping v.3.5.3.0 (Désactivé) =>PUP.DealPly ~ Google Browser: 72 Legitimates Filtered in 00mn 15s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com =>PUP.DoSearches R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com =>PUP.DoSearches ~ IE Browser: 15 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [Public]: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe O4 - GS\Program [Public]: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe O4 - GS\QuickLaunch [Maman d'amour]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://do-search.com =>PUP.DoSearches O4 - GS\QuickLaunch [Maman d'amour]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe O4 - GS\TaskBar [Maman d'amour]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\Maman d'amour\AppData\Local\Google\Chrome\Application\chrome.exe http://do-search.com =>PUP.DoSearches O4 - GS\Program [Maman d'amour]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://do-search.com =>PUP.DoSearches O4 - GS\SystemTools [Maman d'amour]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://do-search.com =>PUP.DoSearches O4 - GS\Desktop [Maman d'amour]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\Maman d'amour\AppData\Local\Google\Chrome\Application\chrome.exe http://do-search.com =>PUP.DoSearches O4 - GS\Desktop [Maman d'amour]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://do-search.com =>PUP.DoSearches O4 - GS\Desktop [Maman d'amour]: Ordinateur.lnk - Clé orpheline O4 - GS\QuickLaunch [GRAZIELLA]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Program [GRAZIELLA]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\SystemTools [GRAZIELLA]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Desktop [GRAZIELLA]: Solitaire - Raccourci.lnk - Clé orpheline ~ Global Startup: 87 Legitimates Filtered in 00mn 01s ---\\ Applications lancées au démarrage du sytème (O4) O4 - GS\Startup [Public]: WiFi Station N.lnk . (...) -- C:\Program Files (x86)\Hercules\WiFiStationN\WiFiN.exe O4 - HKLM\..\Run: [fssui] . (.Microsoft Corporation - Windows Live Family Safety Filter.) -- C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe O4 - HKLM\..\Run: [bCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation O4 - HKCU\..\Run: [2F7F363D4E024E1206FC5C90C0443F22E99E25FF._service_run] . (.Google Inc. - Google Chrome.) -- C:\Users\Maman d'amour\AppData\Local\Google\Chrome\Application\chrome.exe O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Maman d'amour\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Maman d'amour\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe O4 - HKLM\..\Wow6432Node\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Wow6432Node\Run: [sDTray] . (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-172122536-2556622816-571697149-1000\..\Run: [2F7F363D4E024E1206FC5C90C0443F22E99E25FF._service_run] . (.Google Inc. - Google Chrome.) -- C:\Users\Maman d'amour\AppData\Local\Google\Chrome\Application\chrome.exe O4 - HKUS\S-1-5-21-172122536-2556622816-571697149-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Maman d'amour\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKUS\S-1-5-21-172122536-2556622816-571697149-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Maman d'amour\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc ~ Application: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.) O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.) ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{DFE4FEE7-4906-4336-AAB0-28550CC777ED}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{4F6ECF54-5221-490A-A141-352358F699B6}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{DFE4FEE7-4906-4336-AAB0-28550CC777ED}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{4F6ECF54-5221-490A-A141-352358F699B6}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{DFE4FEE7-4906-4336-AAB0-28550CC777ED}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{4F6ECF54-5221-490A-A141-352358F699B6}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (...) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (.not file.) =>Toolbar.Conduit ~ AppInit DLL: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: ForceWare Intelligent Application Manager (IAM) (ForceWare Intelligent Application Manager (IAM)) . (.Pas de propriétaire - app_filter Module.) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe O23 - Service: TeamViewer 7 (TeamViewer7) . (.TeamViewer GmbH - TeamViewer Remote Control Application.) - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe ~ Services: 17 Legitimates Filtered in 00mn 05s ---\\ Tâches planifiées en automatique (O39) [MD5.00000000000000000000000000000000] [APT] [4786] (...) -- C:\Users\Maman d'amour\AppData\Local\Temp\launchie.vbs \\B (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [bho_update] (...) -- C:\Program Files (x86)\Internet Explorer\Updater.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [HostsGuard] (...) -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [somotoUpdateCheckerAutoStart] (...) -- C:\Users\Maman d'amour\AppData\Local\FilesFrog Update Checker\update_checker.exe (.not file.) [0] =>Adware.MegaSearch [MD5.00000000000000000000000000000000] [APT] [{0518CFD9-FB1D-43E6-AF46-2FF10FB76855}] (...) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{1E8EA72B-BE89-4747-8FCB-CA22507149E2}] (...) -- C:\Program Files\TRENDnet\TEW-649UB\WlanCU.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{34C47850-97BF-4BD8-AC5C-F36D75C29DAA}] (...) -- C:\Users\Maman d'amour\Desktop\avast internet security\avast internet security 6.0.1125.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{3C06B6F4-1C6A-40C9-A5B1-36980E33C2CF}] (...) -- C:\Users\Maman d'amour\Downloads\HiJackThis.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{89E40B86-AE00-413F-86AE-A6F213FFFC52}] (...) -- C:\Users\Maman d'amour\Downloads\twister_en\setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{E2FDE73E-AE3A-4C46-A043-4F53561E7223}] (...) -- C:\Users\Maman d'amour\Desktop\setup(2).exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{FA4A9AB8-65F4-40E0-8C88-BBD8DDD11089}] (...) -- C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{FCA1AE4A-E783-4D87-9A23-3C3BA368E1F4}] (...) -- G:\avast internet security 6.0.1125.exe (.not file.) [0] ~ Scheduled Task: 106 Legitimates Filtered in 00mn 02s ---\\ HKCU & HKLM Software Keys [HKCU\Software\ForumerIT] =>Toolbar.Forumer [HKLM\Software\Wow6432Node\Grooveware Multimedia] ~ Key Software: 348 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 26/10/2013 - 11:47:44 - [6,330] ----D C:\Program Files (x86)\OOo4Kids 1.2 O43 - CFD: 08/11/2011 - 09:49:21 - [0,003] ----D C:\ProgramData\c5900000-b330-4e1f-f043-e63537f1bfa3 O43 - CFD: 22/04/2012 - 01:21:49 - [20,295] ----D C:\ProgramData\{FD7CAB3E-E895-4E98-9D68-A307CC601204} O43 - CFD: 30/11/2013 - 06:25:31 - [1,162] ----D C:\Users\Maman d'amour\AppData\Roaming\do-search =>PUP.DoSearches O43 - CFD: 30/04/2013 - 21:21:51 - [2,227] ----D C:\Users\Maman d'amour\AppData\Roaming\OOo4Kids O43 - CFD: 30/04/2013 - 21:20:29 - [0,201] ----D C:\Users\Maman d'amour\AppData\Local\Updater12765 =>PUP.CrossRider ~ 578 Dossiers CLSID vides (CLSID Empty Folders) ~ Program Folder: 799 Legitimates Filtered in 00mn 10s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 30/11/2013 - 07:35:20 ---A- . (...) -- C:\autoexec.bat [0] ~ Files: 17 Legitimates Filtered in 00mn 02s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.B3A3C3FF5A922550F6BCFC02CEDA1C17] - 24/11/2013 - 11:56:08 ---A- - C:\Windows\Prefetch\MONALBUMPHOTO_SETUPALT_3.5.TM-266263F1.pf O45 - LFCP:[MD5.A07212F1DF5BBCA7EB0BD825F7925150] - 24/11/2013 - 11:56:11 ---A- - C:\Windows\Prefetch\MONALBUMPHOTO_SETUPALT_3.5.EX-A69568A5.pf O45 - LFCP:[MD5.35178D9D12866A77716B3FC05417D683] - 24/11/2013 - 11:56:12 ---A- - C:\Windows\Prefetch\MONALBUMPHOTO_SETUPALT_3.5.TM-1507CC3E.pf O45 - LFCP:[MD5.C1AFBE0A01C7D618516EC83EFA59F26B] - 24/11/2013 - 21:12:41 ---A- - C:\Windows\Prefetch\7ZIPSETUP-7EABZHE.EXE-3D86D0A4.pf O45 - LFCP:[MD5.E1A8BEA094197E980C12061D766CE49B] - 24/11/2013 - 21:17:13 ---A- - C:\Windows\Prefetch\SMT_DO-SEARCH_201311131701.EX-036BFEC8.pf =>PUP.DoSearches O45 - LFCP:[MD5.0A0CE99F9B3159AD65647102E6EB5A31] - 24/11/2013 - 21:18:08 ---A- - C:\Windows\Prefetch\BAOFENG.EXE-2EAC8611.pf O45 - LFCP:[MD5.A9B9ACC554DDA50601987C8768143DB5] - 24/11/2013 - 21:18:25 ---A- - C:\Windows\Prefetch\BAOFENG.EXE-7FF55A4B.pf O45 - LFCP:[MD5.1C235B1C83C4AFC14F78ECE71BD5E329] - 24/11/2013 - 21:52:14 ---A- - C:\Windows\Prefetch\7Z920.EXE-DAE9F563.pf O45 - LFCP:[MD5.D09B9E1CFDD4BD17269593DA94D2A470] - 30/11/2013 - 07:28:18 ---A- - C:\Windows\Prefetch\WIFIN.EXE-7A3DAAF5.pf O45 - LFCP:[MD5.615054EEC3E373940CD70B1AC483BAFC] - 30/11/2013 - 10:35:05 ---A- - C:\Windows\Prefetch\FSUI.EXE-13784E92.pf ~ Prefetcher: 143 Legitimates Filtered in 00mn 00s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Clé de registre Shell MountPoints2 (MPKS) (O51) O51 - MPSK:{7ff54e90-8b8a-11e1-a9e8-00262d322d21}\AutoRun\command. (...) -- G:\KODAK_Software_Downloader.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Enumération des clés de registre StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\Hotkey Utility [Key] . (.Pas de propriétaire - Hotkey Utility.) -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe O53 - SMSR:HKLM\...\startupreg\Sweetpacks Communicator [Key] . (...) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM ~ SMSR Keys: 8 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 18 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 12 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496] O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232] O58 - SDL:[MD5.B9430166FEB246F6070A62B3554932C9] - 19/09/2012 - 10:02:08 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [102368] O58 - SDL:[MD5.C692C94FE55CAD0633440236022C27B3] - 19/09/2012 - 10:02:06 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [203104] O58 - SDL:[MD5.58C89A89D4AF0288DCF432EC0B358438] - 19/09/2012 - 10:02:08 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile Logging Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudserd.sys [203104] O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656] ~ Drivers: 18 Legitimates Filtered in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 27/11/2013 - 18:58:32 -SHA- . (...) -- C:\Users\Maman d'amour\Documents\Mes fichiers reçus\Thumbs.db [12288] O61 - LFC: 30/11/2013 - 18:56:55 ---A- . (...) -- C:\Users\Maman d'amour\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [269398] O61 - LFC: 30/11/2013 - 18:56:55 ---A- . (...) -- C:\Users\Maman d'amour\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4] O61 - LFC: 30/11/2013 - 18:57:03 ---A- . (...) -- C:\Users\Maman d'amour\AppData\Local\Google\Chrome\User Data\Local State [58230] O61 - LFC: 30/11/2013 - 18:57:47 ---A- . (...) -- C:\Users\Maman d'amour\AppData\Roaming\ZHP\Log.txt [62502] =>.Nicolas Coolman O61 - LFC: 30/11/2013 - 18:57:47 ---A- . (...) -- C:\Users\Maman d'amour\AppData\Roaming\ZHP\TestsZHPDiag.txt [3069] =>.Nicolas Coolman O61 - LFC: 30/11/2013 - 18:57:47 ---A- . (...) -- C:\Users\Maman d'amour\AppData\Roaming\ZHP\ZHPDiag.txt [76102] =>.Nicolas Coolman O61 - LFC: 30/11/2013 - 18:58:27 -SHA- . (...) -- C:\Users\Maman d'amour\Documents\Graziella\Thumbs.db [1500672] O61 - LFC: 30/11/2013 - 18:58:32 ---A- . (...) -- C:\Users\Maman d'amour\Downloads\adwcleaner (1).exe [1091882] O61 - LFC: 30/11/2013 - 18:58:32 -SHA- . (...) -- C:\Users\Maman d'amour\Documents\Sample Pictures\Thumbs.db [69120] O61 - LFC: 30/11/2013 - 18:58:32 -SHA- . (...) -- C:\Users\Maman d'amour\Documents\Scanned Documents\Thumbs.db [16896] O61 - LFC: 30/11/2013 - 18:58:33 ---A- . (...) -- C:\Users\Maman d'amour\Downloads\adwcleaner.exe [1091882] O61 - LFC: 30/11/2013 - 18:58:45 RSHA- . (...) -- C:\Users\Maman d'amour\ntuser.pol [664] ~ 9 Fichiers temporaires (Temporary files) ~ Files: 562 Legitimates Filtered in 02mn 15s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> <ChromeHTML.SQ6XNFMQIQ75ZFGY5JALQBAKMY>[HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.not file.) O68 - StartMenuInternet: <Google Chrome.SQ6XNFMQIQ75ZFGY5JALQBAKMY> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- C:\Users\Maman d'amour\AppData\Local\Google\Chrome\Application\chrome.exe" http://do-search.com =>PUP.DoSearches O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] 34C7BBDC99AC4BECBAD2E61CF033D36A - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.5C287A6C343E5311162F3B7246BD6265] [sPRF][08/11/2011] (...) -- C:\ProgramData\bdinstall.bin [116275] [MD5.3B32CAA07D672F8A2E0DF5CB3A873F45] [sPRF][22/06/2012] (...) -- C:\Users\Maman d'amour\AppData\Local\Temp\ESGScanner.sys [22704] [MD5.C59BDF3C0E8F946A6D9E8E3934485830] [sPRF][22/11/2013] (...) -- C:\Users\Maman d'amour\AppData\Local\Temp\Quarantine.exe [355225] [MD5.883DFC791AAF1298FCFC2BCF5471BBFC] [sPRF][30/11/2013] (...) -- C:\Users\Maman d'amour\AppData\Local\Temp\SHSetup.exe [46777424] =>Crapware.SpyHunter [MD5.7CF319F9EF25F03D7EA3C6F40AEE6FEA] [sPRF][01/04/2013] (...) -- C:\Users\Maman d'amour\AppData\Roaming\wklnhst.dat [108] [MD5.AA2DB43AE211068BAFBD1D99B7556F11] [sPRF][24/08/2013] (...) -- C:\Users\Maman d'amour\Desktop\direct-telecharger_pour_adobephotoshop.exe [118311] ~ Files: 9 Legitimates Filtered in 00mn 05s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.A3AEEC9A9B6984F2E22B90FDC9A23AB8] [WIS][26/11/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\2020be.msi [24993792] ~ WIS: 152 Legitimates Filtered in 00mn 14s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 12/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Demand 07/10/2013 240736 | (GamesAppIntegrationService) . (.WildTangent.) - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe SS - | Auto 07/09/2011 135664 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 07/09/2011 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 15/01/2010 935208 | (Nero BackItUp Scheduler 4.0) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SR - | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 27/11/2013 440376 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe SR - | Auto 27/11/2013 440376 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe SR - | Auto 10/08/2009 626208 | (ForceWare Intelligent Application Manager (IAM)) . (...) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe SR - | Auto 28/08/2009 1150496 | (Greg_Service) . (.Acer Incorporated.) - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe SR - | Auto 17/11/2010 53544 | (HerculesWiFi) . (.Guillemot Corporation.) - C:\Windows\SysWOW64\HerculesWiFiService.exe SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe SR - | Auto 10/08/2009 206880 | (nSvcIp) . (...) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe SR - | Auto 31/01/2013 878368 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe SR - | Auto 19/02/2013 1259296 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SR - | Auto 16/05/2013 1817560 | (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe SR - | Auto 16/05/2013 1033688 | (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe SR - | Auto 15/05/2013 171928 | (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe SR - | Auto 23/02/2012 2886528 | (TeamViewer7) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Auto 14/07/2009 27136 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 16s ---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80) Run by Maman d'amour at 30/11/2013 18:59:43 ~ OS 64 not supported by MBR tool ~ MBR: 0 Legitimates Filtered in 00mn 00s ---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Maman d'amour at 30/11/2013 18:59:45 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 02s ---\\ Scan Additionnel (O88) Database Version : 13004 - (30/11/2013) Clés trouvées (Keys found) : 27 Valeurs trouvées (Values found) : 6 Dossiers trouvés (Folders found) : 4 Fichiers trouvés (Files found) : 2 [HKLM\Software\Google\Chrome\Extensions\njienacjggibaeolcbbjfnigbojkcggj] =>PUP.MyWebFace^ [HKLM\Software\Google\Chrome\Extensions\ojcgaoafcmbadjkfdippkdddgkeaipbn] =>PUP.DealPly^ [HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Sweetpacks Communicator] =>PUP.SweetIM^ [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\omigaplussvc] =>Hijacker.OmigaPlus [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater] =>Hijacker.BabSolution [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\254796BF4AC84B64891B61C529A2E23F] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate] =>PUP.DealPly [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47] =>Adware.IMBooster [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856] =>Adware.IMBooster [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494] =>Adware.IMBooster [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\eSafeSvc] =>PUP.eSafeSecurity [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyLiveUpdateTaskMachineUA] =>PUP.DealPly [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836] =>PUP.SweetIM^ C:\Users\Maman d'amour\AppData\Local\Google\Chrome\User Data\Default\Extensions\njienacjggibaeolcbbjfnigbojkcggj =>PUP.MyWebFace^ C:\Users\Maman d'amour\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojcgaoafcmbadjkfdippkdddgkeaipbn =>PUP.DealPly^ C:\Users\Maman d'amour\AppData\Roaming\do-search =>PUP.DoSearches^ C:\Users\Maman d'amour\AppData\Local\Updater12765 =>PUP.CrossRider^ [HKCU\Software\ForumerIT] =>Toolbar.Forumer^ C:\Users\Maman d'amour\AppData\Local\Temp\SHSetup.exe =>Crapware.SpyHunter^ ~ Additionnel Scan: 281296 Items scanned in 00mn 17s ---\\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/27747161-pup-mywebface =>PUP.MyWebFace ~ http://nicolascoolman.webs.com/apps/blog/show/28060597-pup-dealply =>PUP.DealPly ~ http://nicolascoolman.webs.com/apps/blog/show/33477786-pup-dosearches =>PUP.DoSearches ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit ~ http://nicolascoolman.webs.com/apps/blog/show/26919368-adware-megasearch =>Adware.MegaSearch ~ http://nicolascoolman.webs.com/apps/blog/show/32729139-toolbar-forumer =>Toolbar.Forumer ~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider ~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM ~ http://nicolascoolman.webs.com/apps/blog/show/26609241-crapware-spyhunter =>Crapware.SpyHunter ~ http://nicolascoolman.webs.com/apps/blog/show/30152670-hijacker-omigaplus =>Hijacker.OmigaPlus ~ http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution =>Hijacker.BabSolution ~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma ~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster ~ http://nicolascoolman.webs.com/apps/blog/show/27588628-pup-esafesecurity =>PUP.eSafeSecurity ~ MSI: 14 link(s) detected in 00mn 17s ~ 2651 Legitimates filtered by white list End of the scan (547 lines in 04mn 03s)(0)
  2. rital94
    SX Check&Update Lien vers le tutoriel : Tutoriels - Security-X --- Windows Version : Windows 7 32 bits Service Pack : 1 UserName : CELSO 02/03/2012 17:35:06 version = v0.1.1 --- Windows Update Information : AUOptions : 2 Notify Download and Install --- Name : FlashPlayer ActiveX Version : 11.1.102.62 Flash Player ActiveX est à jour Name : FlashPlayer Plugin Version : 11.1.102.62 Flash Player Plugin est à jour Nom : Mozilla Firefox 10.0.2 (x86 fr) Version : 10.0.2 Java Information : Nom : Java 6 Update 31 Version : 6.0.310 Java 6 Update 31 est à jour Nom : Adobe Reader X (10.1.2) - Français Version : 10.1.2 Adobe Reader est à jour Nom : Internet Explorer Version : 9.0.8112.16421 tout est ok alors Mon Pc est tout neuf !! si oui un grand Merci pour votre devouement a mon egard jattends votre oaccord merci je viens d'essayé de lancer mon jeux trackmania Canyon et mon pc c'est eteint puis se realume au bout de 5 minutes !! y a t-il aussi mon ALIM qui serai infecté ??? coup de panique
  3. rital94
    SX Check&Update Lien vers le tutoriel : Tutoriels - Security-X --- Windows Version : Windows 7 32 bits Service Pack : 1 UserName : CELSO 02/03/2012 17:17:49 version = v0.1.1 --- Windows Update Information : AUOptions : 2 Notify Download and Install --- Name : FlashPlayer ActiveX Version : 10.2.152.26 Flash Player ActiveX n'est pas à jour! Name : FlashPlayer Plugin Version : 11.1.102.62 Flash Player Plugin est à jour Nom : Mozilla Firefox 10.0.2 (x86 fr) Version : 10.0.2 Java Information : Nom : Java 6 Update 26 Version : 6.0.260 Java 6 Update 26 n'est pas à jour! Nom : Adobe Reader X (10.1.2) - Français Version : 10.1.2 Adobe Reader est à jour Nom : Internet Explorer Version : 9.0.8112.16421
  4. rital94
    Rapport de ZHPDiag v1.28.32 par Nicolas Coolman, Update du 05/02/2012 Run by CELSO at 02/03/2012 15:28:00 Web site : ZHPDiag Outil de diagnostic Web site : Blog de NicolasCoolman - ZebHelpProcess - Skyrock.com State : Version à jour. ---\\ Web Browser MSIE: Internet Explorer v9.0.8112.16421 MFIE: Mozilla Firefox 10.0.2 v10.0.2 (Defaut) ---\\ Windows Product Information ~ Langage: Français Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows® 7, OEM_COA_NSLP channel Windows ID Activation : OK ~ Windows Partial Key : RCRT4 Windows License : OK ~ Windows Remaining Initializations Number : 4 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System Information ~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 3071 MB (52% free) System Restore: Activé (Enable) System drive C: has 364 GB (78%) free of 466 GB ---\\ Logged in mode ~ Computer Name: CELSO-PC ~ User Name: CELSO ~ All Users Names: UpdatusUser, HomeGroupUser$, CELSO, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\CELSO\AppData\Roaming\ ~ %Desktop% : C:\Users\CELSO\Desktop\ ~ %Favorites% : C:\Users\CELSO\Favorites\ ~ %LocalAppData% : C:\Users\CELSO\AppData\Local\ ~ %StartMenu% : C:\Users\CELSO\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\system32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 364 Go of 466 Go) D:\ CD-ROM drive (Not Inserted) E:\ CD-ROM drive (Free 0 Go of 0 Go) F:\ Hard drive, Flash drive, Thumb drive (Free 616 Go of 932 Go) G:\ Floppy drive, Flash card reader, USB Key (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyComputer: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SYSTEM\CurrentControlSet\Services] wscsvc : OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ~ Scan Security Center in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320] [MD5.51138BEEA3E2C21EC44D0932C71762A8] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) (.14/07/2009 - 02:14:31.) -- C:\Windows\system32\rundll32.exe [44544] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\system32\Wininit.exe [96256] [MD5.1D94FA7C81D2FFE494AF094619BA706F] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.14/12/2011 - 03:57:18.) -- C:\Windows\system32\wininet.dll [1127424] [MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 13:17:54.) -- C:\Windows\system32\Winlogon.exe [286720] [MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 13:21:24.) -- C:\Windows\system32\sppcomapi.dll [193536] [MD5.129F80D7868E30DF3E3DE33A1D3132B4] - (.Microsoft Corporation - DLL client de l’API uilisateur de Windows multi-utilisateurs.) (.20/11/2010 - 13:08:50.) -- C:\Windows\system32\fr-FR\user32.dll.mui [20480] [MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:18:03.) -- C:\Windows\system32\drivers\AFD.sys [338944] [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\drivers\atapi.sys [21584] [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\drivers\Cdfs.sys [70656] [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\drivers\Cdrom.sys [108544] [MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\drivers\DfsC.sys [78336] [MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\drivers\HDAudBus.sys [108544] [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\drivers\i8042prt.sys [80896] [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\drivers\IpNat.sys [101888] [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\drivers\MRxSmb.sys [123904] [MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\drivers\netBT.sys [187904] [MD5.81189C3D7763838E55C397759D49007A] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.11/03/2011 - 06:39:00.) -- C:\Windows\system32\drivers\ntfs.sys [1211264] [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\drivers\Parport.sys [79360] [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\drivers\Rasl2tp.sys [78848] [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\drivers\smb.sys [71168] [MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\drivers\tdx.sys [74752] [MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\drivers\volsnap.sys [245632] ~ Scan Generic Processes in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 119/6239 ~ Mes Videos (My Videos) : 2/58 ~ Mes Favoris (My Favorites) : Non accessible (Not found) ~ Mes Documents (My Documents) : 12/4903 ~ Mon Bureau (My Desktop) : 155/8291 ~ Menu demarrer (Programs) : 7/32 ~ Scan Hidden Files in 00mn 20s ---\\ Processus lancés [MD5.BF1FF06F5434AFAEAB6C3279E3BD2250] - (.Symantec Corporation - Symantec User Session.) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115560] [PID.2656] [MD5.F40E80C04475731C6ED5D19C48E45E3C] - (.Elaborate Bytes AG - Virtual CloneDrive Daemon.) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [85160] [PID.2664] [MD5.16E288B32BC5ED1A73D8D266B354AD5F] - (.cyberlink - brs.) -- C:\Program Files\CyberLink\Shared files\brs.exe [75048] [PID.2680] [MD5.60D0647A2DC2D397B84D0AFB0808F85D] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [460872] [PID.2800] [MD5.F7BA07E85A37CA30FFED726001754951] - (.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe [10871680] [PID.2872] [MD5.C687C23E093782DA238F6B972FCB717C] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1820480] [PID.3356] [MD5.FB9DFE1D04DFA81ABBD8493A52A23773] - (.Symantec Corporation - Symantec CMC SmcGui.) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe [1459528] [PID.3448] [MD5.5AC757AE411CBC603C33C85F81F8657D] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [924632] [PID.2848] [MD5.196F6E8FBC7043A867C8F428E40530E8] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [16856] [PID.2140] [MD5.D9C51528488EA0D98D3C4D02ABD16759] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.2652] [MD5.4AEEC870451AE02CB1A1596C9792CD66] - (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.) -- C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe [8517104] [PID.5264] [MD5.4309B75F125067EF805F3125B01FCC30] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [2210816] [PID.4524] ~ Scan Processes Running in 00mn 01s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\CELSO\AppData\Roaming\Mozilla\Firefox\Profiles\y5f7xqok.default\prefs.js M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml M0 - MFSP: prefs.js [CELSO - y5f7xqok.default] Google M2 - MFEP: prefs.js [CELSO - y5f7xqok.default\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}] [] Garmin Communicator v4.0.1.0 (.Garmin International.) P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.2.) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.5.9.620.) -- C:\Windows\System32\Adobe\Director\np32dsw.dll P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) -- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_26 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.1.10111.0.) -- C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll P2 - FPN: [HKLM] [@nvidia.com/3DVision] - (.NVIDIA Corporation - NVIDIA 3D Vision plugin for Mozilla browsers.) -- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll P2 - FPN: [HKLM] [@nvidia.com/3DVisionStreaming] - (.NVIDIA Corporation - NVIDIA 3D Vision Streaming plugin for Mozilla browsers.) -- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.2.) -- C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll P2 - FPN: [HKCU] [@Skype Limited.com/Facebook Video Calling Plugin] - (.Skype Limited - Facebook Video Calling Plugin.) -- C:\Users\CELSO\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll ~ Scan Firefox Browser in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Search Microsoft.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\System32\ieframe.dll R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1 ~ Scan IE Browser in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Scan Proxy management in 00mn 00s ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2) F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe ~ Scan Keys in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Scan Hosts File in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} . (.TechSmith Corporation - SnagIt Browser Helper Object for Internet E.) -- C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll ~ Scan BHO in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} . (.TechSmith Corporation - SnagIt Add-in for Internet Explorer.) -- C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll ~ Scan Toolbar in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe O4 - HKLM\..\Run: [ccApp] . (.Symantec Corporation - Symantec User Session.) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [VirtualCloneDrive] . (.Elaborate Bytes AG - Virtual CloneDrive Daemon.) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe O4 - HKLM\..\Run: [bDRegion] . (.cyberlink - brs.) -- C:\Program Files\CyberLink\Shared files\brs.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\System32\nvmctray.dll O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe ~ Scan Application in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - Global Startup: C:\Users\CELSO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Users\CELSO\Desktop\everest.exe - Raccourci.lnk . (...) -- F:\Logiciels 2011 Kevin\Everest.Corporate.Edtion.v2.80\everest.exe O4 - Global Startup: C:\Users\CELSO\Desktop\HijackThis.exe - Raccourci.lnk . (.Trend Micro Inc..) -- F:\Logiciel Maintenance & dvd Shrink,\HiJackThis\HijackThis.exe O4 - Global Startup: C:\Users\CELSO\Desktop\Jouer à ManiaPlanet.lnk . (...) -- C:\Program Files\ManiaPlanet\ManiaPlanetLauncher.exe O4 - Global Startup: C:\Users\CELSO\Desktop\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - Global Startup: C:\Users\CELSO\Desktop\PhotoFiltre.lnk . (.Antonio Da Cruz.) -- C:\Program Files\PhotoFiltre\photofiltre.exe O4 - Global Startup: C:\Users\CELSO\Desktop\Windows Live Messenger.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O4 - Global Startup: C:\Users\CELSO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Users\CELSO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk . (.Microsoft Corporation.) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE O4 - Global Startup: C:\Users\CELSO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe ~ Scan Global Startup in 00mn 09s ---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5) O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no ~ Scan IE Control Panel in 00mn 00s ---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8) O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\Program Files\MICROS~2\Office12\EXCEL.exe ~ Scan IE Menu Contextuel in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO ~ Scan IE Extra Buttons in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\System32\nlaapi.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d’affectation de noms de messagerie.) -- C:\Windows\System32\NapiNSP.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\System32\pnrpnsp.dll O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\System32\pnrpnsp.dll O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\System32\mswsock.dll O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\System32\winrnr.dll O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.dll O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.dll ~ Scan Winsock in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ~ Scan Objets ActiveX in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{2B015339-CF8E-4E76-9AF8-3D0CC9B1E0FA}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CS1\Services\Tcpip\..\{2B015339-CF8E-4E76-9AF8-3D0CC9B1E0FA}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CS2\Services\Tcpip\..\{2B015339-CF8E-4E76-9AF8-3D0CC9B1E0FA}: NameServer = 8.8.8.8,8.8.4.4 ~ Scan Domain in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\MSVidCtl.dll O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.dll O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files\Common Files\microsoft shared\Help\hxds.dll O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.dll O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\MSVidCtl.dll O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll ~ Scan Protocole Additionnel in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\system32\igfxdev.dll ~ Scan Winlogon in 00mn 00s ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. ~ Scan SSODL in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) . (.Symantec Corporation - Symantec Service Framework.) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) . (.Symantec Corporation - Symantec Service Framework.) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 295.7.) - C:\Windows\System32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) . (.NVIDIA Corporation - NVIDIA Settings Update Manager.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: PnkBstrA (PnkBstrA) . (...) - C:\Windows\System32\PnkBstrA.exe O23 - Service: Client de gestion Symantec (SmcService) . (.Symantec Corporation - Symantec CMC Smc.) - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) . (.Symantec Corporation - Symantec AntiVirus.) - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe O23 - Service: TeamViewer 7 (TeamViewer7) . (.TeamViewer GmbH - TeamViewer Remote Control Application.) - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: Power Control [2011/02/26 16:42:22] ({B154377D-700F-42cc-9474-23858FBDF4BD}) . (.CyberLink Corp. - Pas de description.) - C:\Program Files\CyberLink\PowerDVD9\NavFilter\000.fcl ~ Scan Services in 00mn 00s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Default MHTML Editor: Last - .(...) - (.not file.) ~ Scan Desktop Component in 00mn 00s ---\\ BootExecute (O34) O34 - HKLM BootExecute: (autocheck autochk *) - File not found ~ Scan Keys in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-501933425-2476989565-1232407324-1000Core.job O39 - APT:Automatic Planified Task - C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-501933425-2476989565-1232407324-1000UA.job O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [MD5.FCC7C432FBF465C38FD5D940580EF9B7] [APT] [FacebookUpdateTaskUserS-1-5-21-501933425-2476989565-1232407324-1000Core] (.Facebook Inc..) -- C:\Users\CELSO\AppData\Local\Facebook\Update\FacebookUpdate.exe [MD5.FCC7C432FBF465C38FD5D940580EF9B7] [APT] [FacebookUpdateTaskUserS-1-5-21-501933425-2476989565-1232407324-1000UA] (.Facebook Inc..) -- C:\Users\CELSO\AppData\Local\Facebook\Update\FacebookUpdate.exe [MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [MD5.00000000000000000000000000000000] [APT] [{97FAB673-36A2-4CD2-BA32-68A669238929}] (...) -- D:\setup.exe (.not file.) [MD5.028CD3C6E95FF807859FA47A96604890] [APT] [{9C1D237C-593F-4628-9A9E-507628D61569}] (...) -- F:\Logiciels 2011 Kevin\Everest.Corporate.Edtion.v2.80\everest.exe [MD5.B8F49232247D0825B2B82E08A9E10753] [APT] [{BDF7492F-AD9E-4DB2-A57A-F3F0436E4635}] (.Malwarebytes Corporation.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [MD5.00000000000000000000000000000000] [APT] [{C544CD80-0710-4A00-B5B5-9B489786A3FD}] (...) -- D:\setup.exe (.not file.) [MD5.5BC75CB78D32CC34428FC8584A3BD167] [APT] [{CFD75BF0-4D55-4DDC-A7EA-B3C0F143E5F4}] (.NVIDIA Corporation.) -- C:\Users\CELSO\Downloads\295.73-desktop-win7-winvista-32bit-international-whql.exe [MD5.028CD3C6E95FF807859FA47A96604890] [APT] [{D7E0FBA8-3269-4FAB-AC5B-FEF3502D6084}] (...) -- C:\Users\CELSO\Desktop\Everest\everest.exe [MD5.00000000000000000000000000000000] [APT] [{F07B0A95-A454-472A-B4B2-880372743DFF}] (...) -- D:\setup.exe (.not file.) ~ Scan Scheduled Task in 00mn 09s ---\\ Composants installés (ActiveSetup Installed Components) (O40) O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - Personnalisation d’IEAK.) -- C:\Windows\System32\iedkcs32.dll O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\regutils.dll O40 - ASIC: Microsoft Windows Media Player 12.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\System32\wmpdxm.dll O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Windows Media Player.) -- C:\Windows\system32\wmp.dll O40 - ASIC: Web Platform Customizations - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll ~ Scan Active Setup in 00mn 00s ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: C:\Windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\system32\DRIVERS\blbdrive.sys O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\drivers\cdrom.sys O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\system32\Drivers\dfsc.sys O41 - Driver: C:\Windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\system32\drivers\discache.sys O41 - Driver: (eeCtrl) . (.Symantec Corporation - Symantec Eraser Control Driver.) - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys O41 - Driver: (ElbyCDIO) . (.Elaborate Bytes AG - ElbyCD Windows NT/2000/XP I/O driver.) - C:\Windows\system32\Drivers\ElbyCDIO.sys O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\system32\DRIVERS\netbios.sys O41 - Driver: C:\Windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\system32\DRIVERS\netbt.sys O41 - Driver: C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\system32\drivers\nsiproxy.sys O41 - Driver: C:\Windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\system32\DRIVERS\pacer.sys O41 - Driver: C:\Windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\system32\DRIVERS\rdbss.sys O41 - Driver: C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\system32\DRIVERS\RDPCDD.sys O41 - Driver: C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\system32\drivers\rdpencdd.sys O41 - Driver: C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\system32\drivers\rdprefmp.sys O41 - Driver: (Serial) . (.Microsoft Corporation - Pilote de périphérique série.) - C:\Windows\system32\DRIVERS\serial.sys O41 - Driver: (SPBBCDrv) . (.Symantec Corporation - SPBBC Driver.) - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys O41 - Driver: (SRTSP) . (.Symantec Corporation - Symantec AutoProtect.) - C:\Windows\system32\Drivers\SRTSP.sys O41 - Driver: (SRTSPX) . (.Symantec Corporation - Symantec AutoProtect.) - C:\Windows\system32\Drivers\SRTSPX.sys O41 - Driver: (SYMTDI) . (.Symantec Corporation - Network Dispatch Driver.) - C:\Windows\system32\Drivers\SYMTDI.sys O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\system32\DRIVERS\tdx.sys O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\drivers\termdd.sys O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys O41 - Driver: C:\Windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\system32\DRIVERS\wanarp.sys O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\system32\DRIVERS\wfplwf.sys ~ Scan Drivers in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin O42 - Logiciel: Adobe Reader X (10.1.2) - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-AA1000000001} O42 - Logiciel: Adobe Shockwave Player 11.5 - (.Adobe Systems, Inc..) [HKLM] -- Adobe Shockwave Player O42 - Logiciel: Ashampoo Burning Studio 10 v.10.0.15 - (.Ashampoo GmbH & Co. KG.) [HKLM] -- Ashampoo Burning Studio 10_is1 O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner O42 - Logiciel: Call of Duty® 2 - (.Activision.) [HKLM] -- InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374} O42 - Logiciel: Call of Duty® 4 - Modern Warfare - (.Activision.) [HKLM] -- InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217} O42 - Logiciel: Call of Duty® 4 - Modern Warfare 1.7 Patch - (.Pas de propriétaire.) [HKLM] -- InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498} O42 - Logiciel: CyberLink PowerDVD 9 - (.CyberLink Corp..) [HKLM] -- InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8} O42 - Logiciel: CyberLink PowerDVD 9 - (.CyberLink Corp..) [HKLM] -- {A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8} O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF} O42 - Logiciel: Diz&Nfo v1.7d - (.Pas de propriétaire.) [HKLM] -- Diz&Nfo v1.7d_is1 O42 - Logiciel: FTPRush 2.1.4 - (.wftpserver.com.) [HKLM] -- FTP Rush_is1 O42 - Logiciel: Facebook Video Calling 1.1.1.1 - (.Skype Limited.) [HKLM] -- {624E54D0-E4F4-434F-9EF6-D4D066EE4348} O42 - Logiciel: Google Earth Plug-in - (.Google.) [HKLM] -- {2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E} O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} O42 - Logiciel: HomePlayer 1.5.9d - (.HomePlayer.) [HKLM] -- HomePlayer O42 - Logiciel: Intel® Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM] -- HDMI O42 - Logiciel: Intel® TV Wizard - (.Intel Corporation.) [HKLM] -- TVWiz O42 - Logiciel: Java 6 Update 26 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216024FF} O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM] -- {8E5233E1-7495-44FB-8DEB-4BE906D59619} O42 - Logiciel: Les Sims 2 - (.Pas de propriétaire.) [HKLM] -- {6E7DD182-9FC6-4651-0095-2E666CC6AF35} O42 - Logiciel: Les Sims 2 Fun en Famille Kit - (.Pas de propriétaire.) [HKLM] -- {6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0} O42 - Logiciel: LiveUpdate 3.3 (Symantec Corporation) - (.Symantec Corporation.) [HKLM] -- LiveUpdate O42 - Logiciel: Logiciel d'archivage WinRAR - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} O42 - Logiciel: Malwarebytes Anti-Malware version 1.60.1.1000 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1 O42 - Logiciel: ManiaPlanet - (.Nadeo.) [HKLM] -- ManiaPlanet_is1 O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6} O42 - Logiciel: Microsoft .NET Framework 4 Client Profile FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E} O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93} O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8} O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8} O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8} O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8} O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8} O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8} O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8} O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A} O42 - Logiciel: Microsoft Office Access MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0015-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Excel MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office File Validation Add-In - (.Microsoft Corporation.) [HKLM] -- {90140000-2005-0000-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office InfoPath MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0044-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Outlook MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001A-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] -- PROPLUS O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (Arabic) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (Dutch) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (German) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proofing (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002C-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC} O42 - Logiciel: Microsoft Office Publisher MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0019-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Shared MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Word MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {770657D0-A123-3C07-8E44-1C83EC895118} O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {710f4c1c-cc18-4c49-8cbf-51240c89a1a2} O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 - (.Microsoft Corporation.) [HKLM] -- {86CE85E6-DBAC-3FFD-B977-E4B79F83C909} O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475} O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 - (.Microsoft Corporation.) [HKLM] -- {9BE518E6-ECC6-35A9-88E4-87755C07200F} O42 - Logiciel: Mises à jour NVIDIA 1.7.11 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack O42 - Logiciel: Mozilla Firefox 10.0.2 (x86 fr) - (.Mozilla.) [HKLM] -- Mozilla Firefox 10.0.2 (x86 fr) O42 - Logiciel: NVIDIA Logiciel système PhysX 9.12.0209 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX O42 - Logiciel: NVIDIA PhysX - (.NVIDIA Corporation.) [HKLM] -- {4EAE665D-957A-4D04-9679-3AD582008877} O42 - Logiciel: NVIDIA Pilote 3D Vision 295.73 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision O42 - Logiciel: NVIDIA Pilote audio HD : 1.3.12.0 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver O42 - Logiciel: NVIDIA Pilote du contrôleur 3D Vision 295.73 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB O42 - Logiciel: NVIDIA Pilote graphique 295.73 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver O42 - Logiciel: NVIDIA Stereoscopic 3D Driver - (.NVIDIA Corporation.) [HKLM] -- NVIDIAStereo O42 - Logiciel: PVSonyDll - (.NVIDIA Corporation.) [HKLM] -- {3D3E663D-4E7E-4577-A560-7ECDDD45548A} O42 - Logiciel: PhotoFiltre - (.Pas de propriétaire.) [HKCU] -- PhotoFiltre O42 - Logiciel: Playviz 1.7.7 - (.Previznet.) [HKCU] -- Playviz 1.7.7 O42 - Logiciel: QuickPar 0.9 - (.Peter B. Clements.) [HKLM] -- QuickPar O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2478663 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2539636 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2572078 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2633870 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656351 O42 - Logiciel: Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09} O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{AEA16A27-0B97-4670-818F-A98D06EC0A6F} O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0EF0D4FB-BB23-4515-AAEA-1240AC2DA525} O42 - Logiciel: Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{5A8732F0-C20F-4A9B-A2A9-66FE7A586C35} O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663) - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}.KB2478663 O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}.KB2518870 O42 - Logiciel: SnagIt 9 - (.TechSmith Corporation.) [HKLM] -- {2FADA80A-5D89-4CC8-9ED7-445527754A83} O42 - Logiciel: Symantec Endpoint Protection - (.Symantec Corporation.) [HKLM] -- {3C1AE512-3C37-44FA-BA42-ABB721EC5B1D} O42 - Logiciel: TeamSpeak 3 Client - (.TeamSpeak Systems GmbH.) [HKLM] -- TeamSpeak 3 Client O42 - Logiciel: TeamViewer 7 - (.TeamViewer.) [HKLM] -- TeamViewer 7 O42 - Logiciel: TmNationsForever - (.Nadeo.) [HKLM] -- TmNationsForever_is1 O42 - Logiciel: Update for 2007 Microsoft Office System (KB967642) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D} O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2468871) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871 O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2533523) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523 O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2600217) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217 O42 - Logiciel: Update for Microsoft Office 2007 (KB2508958) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438} O42 - Logiciel: Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{B7873DF5-9E1C-45EE-8895-D29C6AE01202} O42 - Logiciel: Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C20964A7-5181-45E5-9E82-72F5D400DEBF} O42 - Logiciel: Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{97FF6C46-CE3A-47F6-BA6B-3D743ACA4054} O42 - Logiciel: Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{567103D1-96CD-4B76-93B9-2681A187DEFF} O42 - Logiciel: VLC media player 1.1.5 - (.VideoLAN.) [HKLM] -- VLC media player O42 - Logiciel: Virtual Plastic Surgery Software - VPSS v1.0 - (.Kaeria SARL.) [HKLM] -- Virtual Plastic Surgery Software - VPSS_is1 O42 - Logiciel: VirtualCloneDrive - (.Elaborate Bytes.) [HKLM] -- VirtualCloneDrive O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM] -- {34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5} O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {D45240D3-B6B3-4FF9-B243-54ECE3E10066} O42 - Logiciel: Windows Live ID Sign-in Assistant - (.Microsoft Corporation.) [HKLM] -- {C6150D8A-86ED-41D3-87BB-F3BB51B0B77F} O42 - Logiciel: Windows Live Installer - (.Microsoft Corporation.) [HKLM] -- {0B0F231F-CE6A-483D-AA23-77B364F75917} O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {AB61A2E9-37D3-485D-9085-19FBDF8CEF4A} O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {E5B21F11-6933-4E0B-A25C-7963E3C07D11} O42 - Logiciel: Windows Live PIMT Platform - (.Microsoft Corporation.) [HKLM] -- {83C292B7-38A5-440B-A731-07070E81A64F} O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM] -- {A9BDCA6B-3653-467B-AC83-94367DA3BFE3} O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM] -- {C893D8C0-1BA0-4517-B11C-E89B65E72F70} O42 - Logiciel: Windows Live SOXE - (.Microsoft Corporation.) [HKLM] -- {682B3E4F-696A-42DE-A41C-4C07EA1678B4} O42 - Logiciel: Windows Live SOXE Definitions - (.Microsoft Corporation.) [HKLM] -- {200FEC62-3C34-4D60-9CE8-EC372E01C08F} O42 - Logiciel: Windows Live UX Platform - (.Microsoft Corporation.) [HKLM] -- {CE95A79E-E4FC-4FFF-8A75-29F04B942FF2} O42 - Logiciel: Windows Live UX Platform Language Pack - (.Microsoft Corporation.) [HKLM] -- {05E379CC-F626-4E7D-8354-463865B303BF} O42 - Logiciel: Xfire (remove only) - (.Pas de propriétaire.) [HKLM] -- Xfire ---\\ HKCU & HKLM Software Keys [HKCU\Software\ASProtect] [HKCU\Software\ASUS] [HKCU\Software\Adobe] [HKCU\Software\AppDataLow\Software\Adobe] [HKCU\Software\AppDataLow\Software\Microsoft] [HKCU\Software\AppDataLow\Software] [HKCU\Software\AppDataLow] [HKCU\Software\Ashampoo] [HKCU\Software\Classes] [HKCU\Software\Clients] [HKCU\Software\CyberLink] [HKCU\Software\Digital River] [HKCU\Software\DivXNetworks] [HKCU\Software\Elaborate Bytes] [HKCU\Software\FTPRush] [HKCU\Software\Facebook] [HKCU\Software\Garmin] [HKCU\Software\Google] [HKCU\Software\Hewlett-Packard] [HKCU\Software\HookNetwork] [HKCU\Software\IM Providers] [HKCU\Software\INTEL] [HKCU\Software\ImInstaller] [HKCU\Software\IncrediMail] [HKCU\Software\JEDI-VCL] [HKCU\Software\JavaSoft] [HKCU\Software\Lake] [HKCU\Software\Lavalys] [HKCU\Software\Macromedia] [HKCU\Software\Malwarebytes' Anti-Malware] [HKCU\Software\MozillaPlugins] [HKCU\Software\Mozilla] [HKCU\Software\Mumble] [HKCU\Software\NVIDIA Corporation] [HKCU\Software\Netscape] [HKCU\Software\ODBC] [HKCU\Software\Piriform] [HKCU\Software\Policies] [HKCU\Software\SkypeRS] [HKCU\Software\Softonic] [HKCU\Software\Symantec] [HKCU\Software\Sysinternals] [HKCU\Software\TeamSpeak 3 Client] [HKCU\Software\TeamViewer] [HKCU\Software\TechSmith] [HKCU\Software\Trolltech] [HKCU\Software\Virtual Plastic Surgery Software - VPSS] [HKCU\Software\WinRAR] [HKCU\Software\Xfire] [HKCU\Software\YahooPartnerToolbar] [HKLM\Software\AGEIA Technologies] [HKLM\Software\ASUS] [HKLM\Software\ATI Technologies] [HKLM\Software\Activision] [HKLM\Software\Adobe] [HKLM\Software\AppDataLow] [HKLM\Software\Ashampoo] [HKLM\Software\BrowserChoice] [HKLM\Software\C07ft5Y] [HKLM\Software\Classes] [HKLM\Software\Clients] [HKLM\Software\CyberLink] [HKLM\Software\EA GAMES] [HKLM\Software\Elaborate Bytes] [HKLM\Software\Electronic Arts] [HKLM\Software\Even Balance] [HKLM\Software\Garmin] [HKLM\Software\Google] [HKLM\Software\Hewlett-Packard] [HKLM\Software\ImInstaller] [HKLM\Software\InstallShield] [HKLM\Software\Intel] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\Khronos] [HKLM\Software\Lake] [HKLM\Software\Licenses] [HKLM\Software\Logitech] [HKLM\Software\Macromedia] [HKLM\Software\Malwarebytes' Anti-Malware (Trial)] [HKLM\Software\Malwarebytes' Anti-Malware] [HKLM\Software\MozillaPlugins] [HKLM\Software\Mozilla] [HKLM\Software\NVIDIA Corporation] [HKLM\Software\ODBC] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\RegisteredApplications] [HKLM\Software\Sonic] [HKLM\Software\Symantec] [HKLM\Software\TeamViewer] [HKLM\Software\TechSmith] [HKLM\Software\Uniblue] [HKLM\Software\VideoLAN] [HKLM\Software\Volatile] [HKLM\Software\WinRAR] [HKLM\Software\Windows] [HKLM\Software\Wow6432Node] [HKLM\Software\mozilla.org] ~ Scan Softwares in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 19/05/2011 - 14:55:28 - [-669,815] ----D- C:\Program Files\Activision O43 - CFD: 17/06/2011 - 09:11:28 - [158,508] ----D- C:\Program Files\Adobe O43 - CFD: 17/05/2011 - 10:18:54 - [187,007] ----D- C:\Program Files\Ashampoo O43 - CFD: 16/05/2011 - 09:14:54 - [0,398] ----D- C:\Program Files\Call of Duty O43 - CFD: 25/02/2011 - 00:08:36 - [3,484] ----D- C:\Program Files\CCleaner O43 - CFD: 02/07/2011 - 01:15:00 - [383,219] ----D- C:\Program Files\Common Files O43 - CFD: 26/02/2011 - 16:42:44 - [192,712] ----D- C:\Program Files\CyberLink O43 - CFD: 26/02/2011 - 16:36:18 - [0,312] ----D- C:\Program Files\Diz&Nfo O43 - CFD: 02/03/2011 - 11:02:48 - [79,371] ----D- C:\Program Files\DVD Maker O43 - CFD: 11/07/2011 - 20:21:46 - [-1074,294] ----D- C:\Program Files\EA GAMES O43 - CFD: 24/02/2011 - 19:40:56 - [2,029] ----D- C:\Program Files\Elaborate Bytes O43 - CFD: 22/02/2011 - 17:00:46 - [0] -SH-D- C:\Program Files\Fichiers communs O43 - CFD: 11/04/2011 - 19:30:34 - [0,002] ----D- C:\Program Files\FileZilla FTP Client O43 - CFD: 11/04/2011 - 19:22:22 - [9,973] ----D- C:\Program Files\FTPRush O43 - CFD: 17/11/2011 - 00:58:02 - [58,807] ----D- C:\Program Files\Google O43 - CFD: 24/02/2011 - 19:44:56 - [135,712] ----D- C:\Program Files\HomePlayer O43 - CFD: 27/04/2011 - 11:40:52 - [45,979] ----D- C:\Program Files\HP O43 - CFD: 19/05/2011 - 15:11:36 - [20,592] ----D- C:\Program Files\InstallShield Installation Information O43 - CFD: 22/02/2011 - 17:16:46 - [11,571] ----D- C:\Program Files\Intel O43 - CFD: 15/02/2012 - 13:51:48 - [4,935] ----D- C:\Program Files\Internet Explorer O43 - CFD: 02/07/2011 - 01:14:30 - [84,449] ----D- C:\Program Files\Java O43 - CFD: 29/02/2012 - 22:31:50 - [11,412] ----D- C:\Program Files\Malwarebytes' Anti-Malware O43 - CFD: 20/10/2011 - 15:42:14 - [61,736] ----D- C:\Program Files\ManiaPlanet O43 - CFD: 14/07/2009 - 10:00:58 - [140,966] ----D- C:\Program Files\Microsoft Games O43 - CFD: 03/07/2011 - 06:55:04 - [479,611] ----D- C:\Program Files\Microsoft Office O43 - CFD: 24/02/2012 - 22:21:30 - [36,634] ----D- C:\Program Files\Microsoft Silverlight O43 - CFD: 22/02/2011 - 17:38:38 - [0,014] ----D- C:\Program Files\Microsoft Visual Studio O43 - CFD: 26/02/2011 - 16:46:36 - [3,554] ----D- C:\Program Files\Microsoft Works O43 - CFD: 03/03/2011 - 08:39:56 - [7,789] ----D- C:\Program Files\Microsoft.NET O43 - CFD: 26/02/2012 - 23:40:12 - [37,531] ----D- C:\Program Files\Mozilla Firefox O43 - CFD: 24/02/2011 - 19:14:18 - [0,025] ----D- C:\Program Files\MSBuild O43 - CFD: 24/02/2012 - 22:00:00 - [1004,957] ----D- C:\Program Files\NVIDIA Corporation O43 - CFD: 30/04/2011 - 13:40:44 - [3,528] ----D- C:\Program Files\PhotoFiltre O43 - CFD: 26/02/2011 - 16:33:38 - [0,898] ----D- C:\Program Files\QuickPar O43 - CFD: 14/07/2009 - 05:52:30 - [37,345] ----D- C:\Program Files\Reference Assemblies O43 - CFD: 24/02/2011 - 19:29:36 - [49,066] ----D- C:\Program Files\Symantec O43 - CFD: 14/02/2012 - 17:41:14 - [55,344] ----D- C:\Program Files\TeamSpeak 3 Client O43 - CFD: 06/12/2011 - 09:34:56 - [109,553] ----D- C:\Program Files\TeamViewer O43 - CFD: 24/02/2011 - 21:30:36 - [45,323] ----D- C:\Program Files\TechSmith O43 - CFD: 24/02/2011 - 21:53:26 - [713,725] ----D- C:\Program Files\TmNationsForever O43 - CFD: 14/07/2009 - 05:53:24 - [0] --H-D- C:\Program Files\Uninstall Information O43 - CFD: 22/02/2011 - 17:35:18 - [76,799] ----D- C:\Program Files\VideoLAN O43 - CFD: 17/07/2011 - 15:08:46 - [5,227] ----D- C:\Program Files\VPSS O43 - CFD: 11/04/2011 - 18:53:28 - [0] ----D- C:\Program Files\Wikikou O43 - CFD: 02/03/2011 - 11:02:44 - [2,909] ----D- C:\Program Files\Windows Defender O43 - CFD: 02/03/2011 - 11:02:48 - [6,689] ----D- C:\Program Files\Windows Journal O43 - CFD: 06/09/2011 - 16:01:34 - [62,208] ----D- C:\Program Files\Windows Live O43 - CFD: 02/03/2011 - 11:02:48 - [5,895] ----D- C:\Program Files\Windows Mail O43 - CFD: 02/03/2011 - 11:02:48 - [6,298] ----D- C:\Program Files\Windows Media Player O43 - CFD: 22/02/2011 - 17:00:46 - [11,632] ----D- C:\Program Files\Windows NT O43 - CFD: 02/03/2011 - 11:02:48 - [4,213] ----D- C:\Program Files\Windows Photo Viewer O43 - CFD: 02/03/2011 - 11:02:46 - [0,181] ----D- C:\Program Files\Windows Portable Devices O43 - CFD: 02/03/2011 - 11:02:48 - [6,374] ----D- C:\Program Files\Windows Sidebar O43 - CFD: 24/02/2011 - 19:18:30 - [4,827] ----D- C:\Program Files\WinRAR O43 - CFD: 18/12/2011 - 12:42:34 - [19,529] ----D- C:\Program Files\Xfire O43 - CFD: 02/03/2012 - 15:28:32 - [10,101] ----D- C:\Program Files\ZHPDiag O43 - CFD: 17/06/2011 - 09:11:32 - [3,651] ----D- C:\Program Files\Common Files\Adobe O43 - CFD: 24/02/2011 - 18:57:54 - [0] ----D- C:\Program Files\Common Files\BitDefender O43 - CFD: 26/02/2011 - 16:41:30 - [0,115] ----D- C:\Program Files\Common Files\CyberLink O43 - CFD: 22/02/2011 - 17:38:38 - [0,089] ----D- C:\Program Files\Common Files\DESIGNER O43 - CFD: 14/05/2011 - 00:43:46 - [2,770] ----D- C:\Program Files\Common Files\InstallShield O43 - CFD: 02/07/2011 - 01:15:00 - [1,201] ----D- C:\Program Files\Common Files\Java O43 - CFD: 24/02/2011 - 17:26:18 - [0,410] ----D- C:\Program Files\Common Files\logishrd O43 - CFD: 26/10/2011 - 10:19:44 - [273,937] ----D- C:\Program Files\Common Files\microsoft shared O43 - CFD: 14/07/2009 - 03:37:06 - [0,003] ----D- C:\Program Files\Common Files\Services O43 - CFD: 14/07/2009 - 03:37:06 - [39,200] ----D- C:\Program Files\Common Files\SpeechEngines O43 - CFD: 24/02/2011 - 19:30:46 - [19,589] ----D- C:\Program Files\Common Files\Symantec Shared O43 - CFD: 09/11/2011 - 10:23:44 - [42,256] ----D- C:\Program Files\Common Files\System O43 - CFD: 22/02/2011 - 17:40:38 - [0] ----D- C:\Program Files\Common Files\Windows Live O43 - CFD: 17/06/2011 - 09:11:30 - [0,000] ----D- C:\ProgramData\Adobe O43 - CFD: 14/07/2009 - 05:53:56 - [0] -SH-D- C:\ProgramData\Application Data O43 - CFD: 17/05/2011 - 10:19:20 - [0,344] ----D- C:\ProgramData\ashampoo O43 - CFD: 22/02/2011 - 17:00:46 - [0] -SH-D- C:\ProgramData\Bureau O43 - CFD: 26/02/2011 - 16:43:54 - [1,447] ----D- C:\ProgramData\CyberLink O43 - CFD: 14/07/2009 - 05:53:56 - [0] -SH-D- C:\ProgramData\Desktop O43 - CFD: 14/07/2009 - 05:53:56 - [0] -SH-D- C:\ProgramData\Documents O43 - CFD: 22/02/2011 - 17:00:46 - [0] -SH-D- C:\ProgramData\Favoris O43 - CFD: 14/07/2009 - 05:53:56 - [0] -SH-D- C:\ProgramData\Favorites O43 - CFD: 24/02/2011 - 18:34:58 - [0,000] ----D- C:\ProgramData\IM O43 - CFD: 19/05/2011 - 17:20:58 - [15,410] ----D- C:\ProgramData\Malwarebytes O43 - CFD: 04/02/2012 - 02:12:02 - [681,954] ----D- C:\ProgramData\ManiaPlanet O43 - CFD: 22/02/2011 - 17:00:46 - [0] -SH-D- C:\ProgramData\Menu Démarrer O43 - CFD: 25/02/2012 - 17:10:48 - [365,273] -S--D- C:\ProgramData\Microsoft O43 - CFD: 15/02/2012 - 13:07:46 - [0,061] ----D- C:\ProgramData\Microsoft Help O43 - CFD: 22/02/2011 - 17:00:46 - [0] -SH-D- C:\ProgramData\Modèles O43 - CFD: 02/03/2012 - 09:53:34 - [2,623] ----D- C:\ProgramData\NVIDIA O43 - CFD: 19/05/2011 - 14:40:56 - [0,909] ----D- C:\ProgramData\NVIDIA Corporation O43 - CFD: 14/07/2009 - 05:53:56 - [0] -SH-D- C:\ProgramData\Start Menu O43 - CFD: 01/03/2011 - 15:00:44 - [0,000] ----D- C:\ProgramData\Sun O43 - CFD: 24/02/2011 - 19:30:36 - [837,072] ----D- C:\ProgramData\Symantec O43 - CFD: 24/02/2011 - 21:30:40 - [0,888] ----D- C:\ProgramData\TechSmith O43 - CFD: 26/02/2011 - 16:37:48 - [0,051] ----D- C:\ProgramData\Temp O43 - CFD: 14/07/2009 - 05:53:56 - [0] -SH-D- C:\ProgramData\Templates O43 - CFD: 26/02/2011 - 21:33:28 - [551,981] ----D- C:\ProgramData\TmForever O43 - CFD: 18/12/2011 - 18:41:24 - [134,809] ----D- C:\ProgramData\Xfire O43 - CFD: 25/02/2011 - 09:45:56 - [3,856] ----D- C:\Users\CELSO\AppData\Roaming\Adobe O43 - CFD: 17/05/2011 - 10:20:08 - [0] ----D- C:\Users\CELSO\AppData\Roaming\Ashampoo O43 - CFD: 26/02/2011 - 16:43:54 - [0,002] ----D- C:\Users\CELSO\AppData\Roaming\CyberLink O43 - CFD: 11/04/2011 - 18:54:48 - [0,016] ----D- C:\Users\CELSO\AppData\Roaming\FileZilla O43 - CFD: 24/02/2012 - 21:40:38 - [0,175] ----D- C:\Users\CELSO\AppData\Roaming\FTPRush O43 - CFD: 29/11/2011 - 15:26:16 - [0,105] ----D- C:\Users\CELSO\AppData\Roaming\Garmin O43 - CFD: 22/02/2011 - 17:01:00 - [0] ----D- C:\Users\CELSO\AppData\Roaming\Identities O43 - CFD: 24/02/2011 - 18:37:26 - [0,030] ----D- C:\Users\CELSO\AppData\Roaming\Macromedia O43 - CFD: 19/05/2011 - 17:21:06 - [0,002] ----D- C:\Users\CELSO\AppData\Roaming\Malwarebytes O43 - CFD: 14/07/2009 - 10:00:24 - [0] ----D- C:\Users\CELSO\AppData\Roaming\Media Center Programs O43 - CFD: 01/02/2012 - 20:06:36 - [2,777] -S--D- C:\Users\CELSO\AppData\Roaming\Microsoft O43 - CFD: 24/02/2011 - 17:34:00 - [108,818] ----D- C:\Users\CELSO\AppData\Roaming\Mozilla O43 - CFD: 19/12/2011 - 18:55:54 - [1,087] ----D- C:\Users\CELSO\AppData\Roaming\Mumble O43 - CFD: 26/02/2011 - 16:45:08 - [0] ----D- C:\Users\CELSO\AppData\Roaming\NVIDIA O43 - CFD: 30/04/2011 - 13:52:22 - [0,002] ----D- C:\Users\CELSO\AppData\Roaming\PhotoFiltre O43 - CFD: 22/02/2011 - 17:21:16 - [0] ----D- C:\Users\CELSO\AppData\Roaming\QuickScan O43 - CFD: 24/02/2011 - 18:49:48 - [0,215] ----D- C:\Users\CELSO\AppData\Roaming\TeamViewer O43 - CFD: 24/02/2012 - 21:40:38 - [3,340] ----D- C:\Users\CELSO\AppData\Roaming\TS3Client O43 - CFD: 26/02/2011 - 19:04:34 - [0,192] ----D- C:\Users\CELSO\AppData\Roaming\Uniblue O43 - CFD: 27/10/2011 - 15:19:30 - [1,808] ----D- C:\Users\CELSO\AppData\Roaming\vlc O43 - CFD: 24/02/2011 - 19:19:00 - [1,180] ----D- C:\Users\CELSO\AppData\Roaming\WinRAR O43 - CFD: 29/01/2012 - 20:25:26 - [0,009] ----D- C:\Users\CELSO\AppData\Roaming\Xfire O43 - CFD: 25/02/2011 - 09:45:56 - [15,213] ----D- C:\Users\CELSO\AppData\Local\Adobe O43 - CFD: 22/02/2011 - 17:00:52 - [0] -SH-D- C:\Users\CELSO\AppData\Local\Application Data O43 - CFD: 17/05/2011 - 10:20:02 - [0,344] ----D- C:\Users\CELSO\AppData\Local\ashampoo O43 - CFD: 26/02/2011 - 16:45:02 - [0,007] ----D- C:\Users\CELSO\AppData\Local\Cyberlink O43 - CFD: 26/02/2012 - 01:59:02 - [0,425] ----D- C:\Users\CELSO\AppData\Local\Diagnostics O43 - CFD: 06/09/2011 - 16:42:20 - [0,093] ----D- C:\Users\CELSO\AppData\Local\Downloader O43 - CFD: 23/02/2012 - 21:36:50 - [0,299] ----D- C:\Users\CELSO\AppData\Local\ElevatedDiagnostics O43 - CFD: 03/12/2011 - 17:22:00 - [6,511] ----D- C:\Users\CELSO\AppData\Local\Facebook O43 - CFD: 30/04/2011 - 14:44:28 - [0] ----D- C:\Users\CELSO\AppData\Local\Google O43 - CFD: 22/02/2011 - 17:00:52 - [0] -SH-D- C:\Users\CELSO\AppData\Local\Historique O43 - CFD: 24/02/2011 - 18:37:20 - [8,655] ----D- C:\Users\CELSO\AppData\Local\IM O43 - CFD: 25/02/2012 - 17:10:48 - [534,566] ----D- C:\Users\CELSO\AppData\Local\Microsoft O43 - CFD: 22/09/2011 - 19:15:24 - [0,161] ----D- C:\Users\CELSO\AppData\Local\Microsoft Games O43 - CFD: 01/02/2012 - 20:06:34 - [0,101] ----D- C:\Users\CELSO\AppData\Local\Microsoft Help O43 - CFD: 05/10/2011 - 10:41:32 - [0,179] ----D- C:\Users\CELSO\AppData\Local\MigWiz O43 - CFD: 24/02/2011 - 17:33:30 - [246,159] ----D- C:\Users\CELSO\AppData\Local\Mozilla O43 - CFD: 20/05/2011 - 21:52:28 - [5,830] ----D- C:\Users\CELSO\AppData\Local\PunkBuster O43 - CFD: 24/02/2011 - 19:30:40 - [16,388] ----D- C:\Users\CELSO\AppData\Local\Symantec O43 - CFD: 24/02/2011 - 21:30:36 - [11,812] ----D- C:\Users\CELSO\AppData\Local\TechSmith O43 - CFD: 02/03/2012 - 15:26:44 - [0,235] ----D- C:\Users\CELSO\AppData\Local\Temp O43 - CFD: 22/02/2011 - 17:00:52 - [0] -SH-D- C:\Users\CELSO\AppData\Local\Temporary Internet Files O43 - CFD: 26/02/2011 - 17:30:34 - [-895,550] ----D- C:\Users\CELSO\AppData\Local\VirtualStore O43 - CFD: 02/03/2012 - 13:42:48 - [0,059] ----D- C:\Users\CELSO\AppData\Local\Windows Live O43 - CFD: 02/03/2012 - 13:41:56 - [0] ----D- C:\Users\CELSO\AppData\Local\{751660B0-AD1D-47EE-8D77-CFDECC81B923} ~ Scan Program Folder in 00mn 47s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.6C1C89CB058CF60FAE14BC1B200F23F1] - 02/03/2012 - 11:35:07 ---A- . (...) -- C:\Windows\WindowsUpdate.log [149005] O44 - LFC:[MD5.8E4A4137D4AFAE5A101E7DB18AA26848] - 02/03/2012 - 09:57:58 ---A- . (...) -- C:\Windows\system32\PerfStringBackup.INI [1549700] O44 - LFC:[MD5.459DCA304BF29FF3E81C6F774A79D707] - 02/03/2012 - 09:57:58 ---A- . (...) -- C:\Windows\system32\perfc009.dat [106190] O44 - LFC:[MD5.18CDC094A676FE47080CCD860EB295ED] - 02/03/2012 - 09:57:58 ---A- . (...) -- C:\Windows\system32\perfc00C.dat [130548] O44 - LFC:[MD5.99DEAE2A78FC7BC5B0BE5E775F904533] - 02/03/2012 - 09:57:58 ---A- . (...) -- C:\Windows\system32\perfh009.dat [615810] O44 - LFC:[MD5.F706069057D460C50F0D4C9F4B85C387] - 02/03/2012 - 09:57:58 ---A- . (...) -- C:\Windows\system32\perfh00C.dat [704242] O44 - LFC:[MD5.D74E3C688AA4F552EB9F55CB8EA67170] - 02/03/2012 - 09:53:33 ---A- . (...) -- C:\Windows\setupact.log [56] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 02/03/2012 - 09:53:33 ---A- . (...) -- C:\Windows\setuperr.log [0] O44 - LFC:[MD5.9277F24FAD5513EF65B08A9B6238A8AF] - 02/03/2012 - 09:53:31 -S-A- . (...) -- C:\Windows\bootstat.dat [67584] O44 - LFC:[MD5.6E459C97410A669FD20190EC4545520B] - 02/03/2012 - 09:53:19 ---A- . (...) -- C:\Windows\PFRO.log [774] O44 - LFC:[MD5.22F004E6413440C7A4E6E8C2D2F2836C] - 01/03/2012 - 16:13:31 ---A- . (...) -- C:\PhysicalDisk0_MBR.bin [512] O44 - LFC:[MD5.B7CA8CC3F978201856B6AB82F40953C3] - 29/02/2012 - 22:29:43 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys [20464] O44 - LFC:[MD5.24097AF73562086C5DC1B48412F02DA0] - 29/02/2012 - 22:27:34 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\Windows\system32\FlashPlayerCPLApp.cpl [414368] O44 - LFC:[MD5.1B6CABCAE393257233F0F916F7D99D4E] - 29/02/2012 - 22:27:10 ---A- . (...) -- C:\Windows\system32\lvcoinst.log [10700] O44 - LFC:[MD5.628BA691C30D52309016F01D011BE900] - 29/02/2012 - 17:53:41 ---A- . (...) -- C:\Windows\system32\FNTCACHE.DAT [409992] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 24/02/2012 - 21:59:58 ---A- . (...) -- C:\Windows\system32\nvdrssel.bin [0] O44 - LFC:[MD5.0195003E40E6EBB9B684C2FD1D13E38D] - 23/02/2012 - 22:29:34 ---A- . (.NVIDIA Corporation - Generic Coinstaller.) -- C:\Windows\system32\nvhdagenco3220103.dll [876864] O44 - LFC:[MD5.3D7FB57354703809B5F0C23287FAC1D6] - 23/02/2012 - 22:29:34 ---A- . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) -- C:\Windows\system32\drivers\nvhda32v.sys [148800] O44 - LFC:[MD5.A435BA6A5146800CC0335972A37CD7FD] - 23/02/2012 - 22:29:34 ---A- . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) -- C:\Windows\system32\nvhdap32.dll [27968] O44 - LFC:[MD5.188A70B814F4C77EA093A1CA34CC8F2D] - 10/02/2012 - 05:13:00 ---A- . (...) -- C:\Windows\system32\nvinfo.pb [8772] O44 - LFC:[MD5.1992D479AC7B804B699EFA8573230C94] - 10/02/2012 - 05:13:00 ---A- . (.Khronos Group - OpenCL Client DLL.) -- C:\Windows\system32\OpenCL.dll [61248] O44 - LFC:[MD5.2941DA00EFD5F801EFE442BABD8B3B6D] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - Display Driver Coinstaller.) -- C:\Windows\system32\nvdispco32.dll [1000256] O44 - LFC:[MD5.5055CA6E2C7041C1557B48CC1E487CAA] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - Generic Coinstaller.) -- C:\Windows\system32\nvgenco32.dll [881984] O44 - LFC:[MD5.9FD158015EE8F3B4971A76BC6E3B520F] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA CUDA Driver, Version 295.73.) -- C:\Windows\system32\nvcuda.dll [5892928] O44 - LFC:[MD5.D592EA592BFC42BBAA64B9A36E11A956] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA CUDA Video Decode API, Version 295.7.) -- C:\Windows\system32\nvcuvid.dll [2517312] O44 - LFC:[MD5.680BF097C8D195109590E8078C71F989] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA CUDA Video Encoder, Version 295.73.) -- C:\Windows\system32\nvcuvenc.dll [2437440] O44 - LFC:[MD5.7E6E761D5C5A4BCF19BA3149310770D2] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA Compatible OpenGL ICD.) -- C:\Windows\system32\nvoglv32.dll [19443520] O44 - LFC:[MD5.AD5DAA753919D0EBCC8CE85031E11550] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA Compiler, Version 295.73.) -- C:\Windows\system32\nvcompiler.dll [17543488] O44 - LFC:[MD5.C2B076639017CAB78DD63FF8F94BDD7C] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA D3D10 Driver, Version 295.73.) -- C:\Windows\system32\nvwgf2um.dll [7713088] O44 - LFC:[MD5.E9511F7F35D6A144C1B5F067209C1CBA] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA NVAPI Library, Version 295.73.) -- C:\Windows\system32\nvapi.dll [2301248] O44 - LFC:[MD5.91C8B1471CD7BDAE2FF6F062E25228BD] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA WDDM D3D Driver, Version 295.73.) -- C:\Windows\system32\nvd3dum.dll [15009600] O44 - LFC:[MD5.F452E6AD3EDA2852F44BE492E283C40F] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version.) -- C:\Windows\system32\drivers\nvlddmkm.sys [10816832] O44 - LFC:[MD5.CCDCF296BF51DD66F6341B188373A78E] - 10/02/2012 - 04:02:06 ---A- . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\nvcpl.dll [3881792] O44 - LFC:[MD5.788FCC23961A7D65372D6BF3709DD39B] - 10/02/2012 - 04:00:44 ---A- . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 295.7.) -- C:\Windows\system32\nvsvc.dll [2719040] O44 - LFC:[MD5.70145ADE9EFE2CE296DD5FC761B4969B] - 10/02/2012 - 04:00:26 ---A- . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 295.7.) -- C:\Windows\system32\nvvsvc.exe [645440] O44 - LFC:[MD5.A9EF3534BFF340D2FEFB052B0DD7C4DB] - 10/02/2012 - 04:00:26 ---A- . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\system32\nvmctray.dll [108352] O44 - LFC:[MD5.216CD1ABF4CEDB5F4554D1E9DC2E4FF6] - 10/02/2012 - 04:00:26 ---A- . (.NVIDIA Corporation - Pas de description.) -- C:\Windows\system32\nvshext.dll [62272] O44 - LFC:[MD5.31C523B4181F48BA6B7DC23EC1861433] - 10/02/2012 - 04:00:25 ---A- . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 295.7.) -- C:\Windows\system32\nvsvcr.dll [2561344] O44 - LFC:[MD5.F86A49D72D156947AB4B1F398F6B98EA] - 09/02/2012 - 20:05:44 ---A- . (...) -- C:\Windows\system32\nvStreaming.exe [416064] ~ Scan Files in 00mn 56s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.DC4E4A3DE35D8AC37DE31443E2DA1DDE] - 01/03/2012 - 17:56:46 ---A- - C:\Windows\Prefetch\REGEDIT.EXE-4748FE01.pf O45 - LFCP:[MD5.F684D4F4798C78695C098378C557F705] - 01/03/2012 - 18:11:45 ---A- - C:\Windows\Prefetch\SNAGIT32.EXE-8916D00C.pf O45 - LFCP:[MD5.9EEB9D9809506B39775C9DC1B4BCE408] - 01/03/2012 - 18:11:46 ---A- - C:\Windows\Prefetch\SNAGPRIV.EXE-D57D688F.pf O45 - LFCP:[MD5.874A9843B7977FC72791FE01E5FD1700] - 01/03/2012 - 19:14:13 ---A- - C:\Windows\Prefetch\DEFRAG.EXE-738093E8.pf O45 - LFCP:[MD5.EC36C99014EDAF3E75CAF7CB9508405D] - 01/03/2012 - 19:14:16 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-8DA0BAAD.pf O45 - LFCP:[MD5.66E32096BFBB7516EDF594986F03105B] - 01/03/2012 - 19:24:05 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-F452D79D.pf O45 - LFCP:[MD5.841020C9DF444D917F707737C5CF5FD2] - 01/03/2012 - 19:24:10 ---A- - C:\Windows\Prefetch\VSSVC.EXE-04D079CC.pf O45 - LFCP:[MD5.BF22C90674CC3435F9713634CF97B843] - 01/03/2012 - 20:19:17 ---A- - C:\Windows\Prefetch\WMPNSCFG.EXE-DF1DD51A.pf O45 - LFCP:[MD5.E0CB244FA1BDB784CEBC79986244184D] - 01/03/2012 - 20:24:47 ---A- - C:\Windows\Prefetch\CLEANMGR.EXE-B508FB28.pf O45 - LFCP:[MD5.6A5AE77C1BCDB25002D2E12C96FD6547] - 01/03/2012 - 21:21:14 ---A- - C:\Windows\Prefetch\MSFEEDSSYNC.EXE-1F01ED17.pf O45 - LFCP:[MD5.0D5CB7101B4A26B3A8F11E9D5F281286] - 01/03/2012 - 23:41:18 ---A- - C:\Windows\Prefetch\TASKMGR.EXE-72398DC0.pf O45 - LFCP:[MD5.7F89819BC9D10E912581975143776CF2] - 01/03/2012 - 23:41:52 ---A- - C:\Windows\Prefetch\CCLEANER.EXE-CC440CDB.pf O45 - LFCP:[MD5.5FE33C8AB84A8E8F09843C1ABEE773B5] - 02/03/2012 - 03:05:49 ---A- - C:\Windows\Prefetch\LOGONUI.EXE-1BEE4A84.pf O45 - LFCP:[MD5.1D811B16A4E5FE5A417637FBE33E376E] - 02/03/2012 - 03:06:15 ---A- - C:\Windows\Prefetch\SMCGUI.EXE-3A816A45.pf O45 - LFCP:[MD5.1C35146D701D4891C1FBC82E21D88323] - 02/03/2012 - 03:07:08 ---A- - C:\Windows\Prefetch\PfSvPerfStats.bin O45 - LFCP:[MD5.A748E05C293F2A82BE3669BB17B9037D] - 02/03/2012 - 09:54:22 ---A- - C:\Windows\Prefetch\ATBROKER.EXE-FF58B71D.pf O45 - LFCP:[MD5.52A1CC693EBE48F3E098238E143F06EE] - 02/03/2012 - 09:54:22 ---A- - C:\Windows\Prefetch\DWM.EXE-AEABE78B.pf O45 - LFCP:[MD5.2D12A98A03403AC87C093BB3170158C5] - 02/03/2012 - 09:54:22 ---A- - C:\Windows\Prefetch\EXPLORER.EXE-7A3328DA.pf O45 - LFCP:[MD5.47697F7DF4E9D511BAFEB6E1C5A19539] - 02/03/2012 - 09:54:22 ---A- - C:\Windows\Prefetch\SPOOLSV.EXE-E4D0FF39.pf O45 - LFCP:[MD5.068D28F858712133B3EB66ABB193F2F4] - 02/03/2012 - 09:54:22 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-11B57953.pf O45 - LFCP:[MD5.B165A1BF47ABD79B940938CF7D78F89F] - 02/03/2012 - 09:54:22 ---A- - C:\Windows\Prefetch\USERINIT.EXE-F39AB672.pf O45 - LFCP:[MD5.74BC4336B2EAFA7DBA759F593AB63812] - 02/03/2012 - 09:54:52 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-53B78AD0.pf O45 - LFCP:[MD5.8D20AF2869B668DFE771AC9AF5DBC3C2] - 02/03/2012 - 09:55:48 ---A- - C:\Windows\Prefetch\MSCORSVW.EXE-FAA88858.pf O45 - LFCP:[MD5.06E30D9A06A604299B35E863642600AE] - 02/03/2012 - 09:55:59 ---A- - C:\Windows\Prefetch\MBAMSERVICE.EXE-CACDA1F4.pf O45 - LFCP:[MD5.FADAEA9E5133061CE657D8B077870E9E] - 02/03/2012 - 09:56:01 ---A- - C:\Windows\Prefetch\DAEMONU.EXE-71078F74.pf O45 - LFCP:[MD5.FFB6EE3194F870EFF8105CE4CA1A6E23] - 02/03/2012 - 09:57:55 ---A- - C:\Windows\Prefetch\WMIADAP.EXE-369DF1CD.pf O45 - LFCP:[MD5.7034A387E0DBB9B2568C2E959C5121B8] - 02/03/2012 - 10:06:46 ---A- - C:\Windows\Prefetch\WERMGR.EXE-2A1BCBC7.pf O45 - LFCP:[MD5.2D0A8156FC52537638BDA93CF4DBCE9C] - 02/03/2012 - 10:06:48 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-D40FB18A.pf O45 - LFCP:[MD5.94EBC2340437EACDD2D5AA385FACE4B1] - 02/03/2012 - 10:08:31 ---A- - C:\Windows\Prefetch\FIREFOX.EXE-E60C0AA7.pf O45 - LFCP:[MD5.FC65E9796F719A0949E5AB5A62F872B7] - 02/03/2012 - 10:08:52 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-E2054E7F.pf O45 - LFCP:[MD5.FF14F8100DDF31ECE3F52CC397E0778F] - 02/03/2012 - 10:50:12 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-AFD98684.pf O45 - LFCP:[MD5.46DC36338E19E5C51555644021EDBD06] - 02/03/2012 - 10:51:48 ---A- - C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-1D5F6C6B.pf O45 - LFCP:[MD5.FADF9E383EBB55942233F23977B0E4F0] - 02/03/2012 - 11:35:03 ---A- - C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-031B6478.pf O45 - LFCP:[MD5.AAA2E6574F1DDE11C1317967726C11C6] - 02/03/2012 - 12:26:05 ---A- - C:\Windows\Prefetch\IGFXSRVC.EXE-67E7A62F.pf O45 - LFCP:[MD5.B18DADA05424DB8D3CF9417C7C7A529C] - 02/03/2012 - 12:28:01 ---A- - C:\Windows\Prefetch\NOTEPAD.EXE-EB1B961A.pf O45 - LFCP:[MD5.1CEF91067464E1B768CBA379B3B09D13] - 02/03/2012 - 12:33:55 ---A- - C:\Windows\Prefetch\MSOXMLED.EXE-C7C6174E.pf O45 - LFCP:[MD5.E7C5165BF0FE1878CBB2954C4A01D773] - 02/03/2012 - 12:34:01 ---A- - C:\Windows\Prefetch\IEXPLORE.EXE-1B894AFB.pf O45 - LFCP:[MD5.880E3AA1E3F08081B03C416E3AD37D07] - 02/03/2012 - 12:34:04 ---A- - C:\Windows\Prefetch\PREVHOST.EXE-205F609A.pf O45 - LFCP:[MD5.A4C5ED45BDE2120CA3081F7C153322B8] - 02/03/2012 - 12:38:27 ---A- - C:\Windows\Prefetch\SYMCORPUI.EXE-9552AFDC.pf O45 - LFCP:[MD5.6A992405226EC431E6FFBBC8C52ED0E6] - 02/03/2012 - 12:39:24 ---A- - C:\Windows\Prefetch\DWHWIZRD.EXE-3820D06C.pf O45 - LFCP:[MD5.B5C224697BCA05566B458977D9747AEE] - 02/03/2012 - 12:39:51 ---A- - C:\Windows\Prefetch\SAVUI.EXE-24D69985.pf O45 - LFCP:[MD5.194C6E9B77A4907664CA784571C0BAC8] - 02/03/2012 - 13:11:42 ---A- - C:\Windows\Prefetch\LUCALLBACKPROXY.EXE-9EFD4A00.pf O45 - LFCP:[MD5.699709683D392D2D88A5FBB454EF921C] - 02/03/2012 - 13:11:50 ---A- - C:\Windows\Prefetch\LUALL.EXE-C73A48CA.pf O45 - LFCP:[MD5.23DEFAE08F062AA2C9B42348260B1B34] - 02/03/2012 - 13:11:51 ---A- - C:\Windows\Prefetch\LUCOMS~1.EXE-95D7A512.pf O45 - LFCP:[MD5.CBC9C8F1D12C5DDBE9445AAC6EB8C226] - 02/03/2012 - 13:11:51 ---A- - C:\Windows\Prefetch\SESCLU.EXE-3C84D030.pf O45 - LFCP:[MD5.3FEC5F334C65F0F95CEABCE3EC93274C] - 02/03/2012 - 13:22:53 ---A- - C:\Windows\Prefetch\Layout.ini O45 - LFCP:[MD5.E37FA4F31593259652ADCBEF0DF67299] - 02/03/2012 - 13:28:10 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-6202E8F2.pf O45 - LFCP:[MD5.C415188A58CE2D98635E46787A45B5C9] - 02/03/2012 - 13:29:19 ---A- - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-501933425-2476989565-1232407324-1000.db O45 - LFCP:[MD5.210A9F3D5272B27A6BF017722FE16AF5] - 02/03/2012 - 13:29:19 ---A- - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-501933425-2476989565-1232407324-1000.db O45 - LFCP:[MD5.7E1DD4589CFC89C6ABB3BCDBEE90969A] - 02/03/2012 - 13:42:45 ---A- - C:\Windows\Prefetch\V8A0I9CB.EXE-640230D8.pf O45 - LFCP:[MD5.1ECC2A4963C9D6A1FF4A9F65BF555DCA] - 02/03/2012 - 13:50:36 ---A- - C:\Windows\Prefetch\ACRORD32.EXE-33939BD1.pf O45 - LFCP:[MD5.E1F8264EC53339C86D950029DBD1EBCC] - 02/03/2012 - 13:54:05 ---A- - C:\Windows\Prefetch\REGSVR32.EXE-55A4EE79.pf O45 - LFCP:[MD5.0F32E5E8D0EDD61F6DE4CD4450FE1889] - 02/03/2012 - 13:54:15 ---A- - C:\Windows\Prefetch\MBAM.EXE-CD3441D7.pf O45 - LFCP:[MD5.53A4BA9689EAE2DA19D7D4E2907B9546] - 02/03/2012 - 14:00:05 ---A- - C:\Windows\Prefetch\WINDOWSLIVEPHOTOVIEWER.EXE-6106E219.pf O45 - LFCP:[MD5.95FD8BB0F87CBF3D483E3689C800F4E0] - 02/03/2012 - 14:00:27 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-71214090.pf O45 - LFCP:[MD5.BC97582586240A8EA9E56A70329B454F] - 02/03/2012 - 14:06:09 ---A- - C:\Windows\Prefetch\OUTLOOK.EXE-B9F191EB.pf O45 - LFCP:[MD5.8128F254CC1EAC588967A9577CF0D786] - 02/03/2012 - 14:26:19 ---A- - C:\Windows\Prefetch\FACEBOOKUPDATE.EXE-956D9D42.pf O45 - LFCP:[MD5.DC8ADFBB3F793F3BBE43140783F5672C] - 02/03/2012 - 14:30:33 ---A- - C:\Windows\Prefetch\WERFAULT.EXE-B7E27BE5.pf O45 - LFCP:[MD5.22643B23D749D02682C6BE2C5F85404C] - 02/03/2012 - 14:43:41 ---A- - C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-AA7A1FDD.pf O45 - LFCP:[MD5.542D27A4B6CB32C85C7C9650A395C740] - 02/03/2012 - 14:43:41 ---A- - C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-AFAD3EF9.pf O45 - LFCP:[MD5.339F1DA85DABE57B9A86E0DC0B86231B] - 02/03/2012 - 14:58:06 ---A- - C:\Windows\Prefetch\MSNMSGR.EXE-DD43BBF4.pf O45 - LFCP:[MD5.AD63BAB155E74B0E505B243F9A2A143D] - 02/03/2012 - 15:02:12 ---A- - C:\Windows\Prefetch\GOOGLEUPDATE.EXE-8973CEDD.pf O45 - LFCP:[MD5.544EBE40943C72FDD936B85AF62AEFC4] - 02/03/2012 - 15:02:14 ---A- - C:\Windows\Prefetch\TASKENG.EXE-5BAF290C.pf O45 - LFCP:[MD5.7EAC2672581B500AD70E4C04AB049CD7] - 02/03/2012 - 15:04:20 ---A- - C:\Windows\Prefetch\NOTEPAD.EXE-3D2AFDB4.pf O45 - LFCP:[MD5.39516545C40BFA2D5546D7537998B0E4] - 02/03/2012 - 15:04:53 ---A- - C:\Windows\Prefetch\AgGlFaultHistory.db O45 - LFCP:[MD5.716B896E0BA2F164D2BB62B28CA0731D] - 02/03/2012 - 15:04:53 ---A- - C:\Windows\Prefetch\AgGlFgAppHistory.db O45 - LFCP:[MD5.38C48E2BB9C3D5302CE592D87107C317] - 02/03/2012 - 15:04:53 ---A- - C:\Windows\Prefetch\AgGlGlobalHistory.db O45 - LFCP:[MD5.B3D6665ED5BDB25860F3A8F007BE0C1A] - 02/03/2012 - 15:04:53 ---A- - C:\Windows\Prefetch\AgRobust.db O45 - LFCP:[MD5.B6B10270C7A28F879E1471061E392F0B] - 02/03/2012 - 15:13:27 ---A- - C:\Windows\Prefetch\TASKHOST.EXE-437C05A8.pf O45 - LFCP:[MD5.CD60C15BCF316AF287F45F9614A5E4BD] - 02/03/2012 - 15:15:47 ---A- - C:\Windows\Prefetch\WLCOMM.EXE-648065CA.pf O45 - LFCP:[MD5.048C95ABB1A480135E702D421D0D5F1B] - 02/03/2012 - 15:15:55 ---A- - C:\Windows\Prefetch\AUDIODG.EXE-D0D776AC.pf O45 - LFCP:[MD5.FAAC1F62D7E265A14D7275A6E9F4ACF8] - 02/03/2012 - 15:20:11 ---A- - C:\Windows\Prefetch\TS3CLIENT_WIN32.EXE-875B5789.pf O45 - LFCP:[MD5.04F4E0E6E2CAB22FE5849D119A8A0FD4] - 02/03/2012 - 15:26:55 ---A- - C:\Windows\Prefetch\CONSENT.EXE-65F6206D.pf O45 - LFCP:[MD5.81C375B71B6670CFB5A32994B3C92C58] - 02/03/2012 - 15:27:00 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-893DDF55.pf O45 - LFCP:[MD5.E9694238168BDAE456F8FFA1AD8C8F11] - 02/03/2012 - 15:27:05 ---A- - C:\Windows\Prefetch\ZHPDIAG.EXE-9D0EE457.pf O45 - LFCP:[MD5.06151EF6E6B69F43444AA35593A6BC85] - 02/03/2012 - 15:28:07 ---A- - C:\Windows\Prefetch\CONHOST.EXE-3218E401.pf O45 - LFCP:[MD5.B57272D348C363DBA18100EA46AB1BF1] - 02/03/2012 - 15:28:07 ---A- - C:\Windows\Prefetch\CSCRIPT.EXE-E4C98DEB.pf O45 - LFCP:[MD5.13ABEF422AF3F48DD09E375D9734EFFF] - 02/03/2012 - 15:28:12 ---A- - C:\Windows\Prefetch\WMIPRVSE.EXE-43972D0F.pf O45 - LFCP:[MD5.35E78A0FF043E0FBD9BD93CA164108AF] - 02/03/2012 - 15:28:13 ---A- - C:\Windows\Prefetch\SPPSVC.EXE-CBE91656.pf O45 - LFCP:[MD5.312DA2D3F2F2B7001EF8A8249D6146AF] - 02/03/2012 - 15:28:24 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-93CEEE07.pf O45 - LFCP:[MD5.3747AEEE3617C3196C79324659FCC330] - 02/03/2012 - 15:28:29 ---A- - C:\Windows\Prefetch\PV.EXE-8E63E86A.pf O45 - LFCP:[MD5.8BB581835F084853F1E466585A743F60] - 02/03/2012 - 15:28:48 ---A- - C:\Windows\Prefetch\CMD.EXE-89305D47.pf O45 - LFCP:[MD5.83F5D579EC53F2B5B4F2649C5CF48199] - 02/03/2012 - 15:28:48 ---A- - C:\Windows\Prefetch\SCHTASKS.EXE-2DE769BF.pf O45 - LFCP:[MD5.D718AFAE0178C28ECDFABDAE98BCBB41] - 26/02/2012 - 01:17:03 ---A- - C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf O45 - LFCP:[MD5.37A795C43426DC3899B266373DEBA6AB] - 26/02/2012 - 01:19:05 ---A- - C:\Windows\Prefetch\AgCx_SC4.db ~ Scan Prefetcher in 00mn 02s ---\\ Déni du service (Local Security Authority) (O48) O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l’Éditeur de configuration de sécurité Windows.) -- C:\Windows\System32\scecli.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Package de sécurité Kerberos.) -- C:\Windows\System32\kerberos.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\TSpkg.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corp. - LiveSSP.) -- C:\Windows\System32\LIVESSP.dll ~ Scan Keys in 00mn 00s ---\\ Contrôle du Safe Boot (CSB) (O49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\system32\Drivers\ipnat.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\system32\Drivers\nsiproxy.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\system32\Drivers\rdpencdd.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys ~ Scan CSB in 00mn 00s ---\\ MountPoints2 Shell Key (O51) (None) ---\\ Trojan Driver Search Data (HKLM) (O52) O52 - TDSD: \Drivers32\"VIDC.I420"="lvcodec2.dll" . (.Logitech Inc. - Video Codec.) -- C:\Windows\System32\lvcodec2.dll O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\iccvid.dll O52 - TDSD: \Drivers32\"VIDC.XFR1"="xfcodec.dll" . (.Pas de propriétaire - Xfire Video Codec.) -- C:\Windows\System32\xfcodec.dll O52 - TDSD: \Drivers32\"vidc.VP60"="C:\Windows\system32\vp6vfw.dll" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll O52 - TDSD: \Drivers32\"vidc.VP61"="C:\Windows\system32\vp6vfw.dll" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm O52 - TDSD: \drivers.desc\"xfcodec.dll"="Xfire video codec [XFR1]" . (.Pas de propriétaire - Xfire Video Codec.) -- C:\Windows\System32\xfcodec.dll O52 - TDSD: \drivers.desc\"vp6vfw.dll"="EA VP6 Codec" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll ~ Scan Keys in 00mn 00s ---\\ ShareTools MSconfig StartupReg (O53) (None) ---\\ Microsoft Control Security Providers (O54) O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll ~ Scan Keys in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5 O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3 O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1 O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0 O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"= O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"= O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0 O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ Scan Keys in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [422976] O58 - SDL:[MD5.0C676BC278D5B59FF5ABD57BBE9123F2] - 14/07/2009 - 02:26:17 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [297552] O58 - SDL:[MD5.7C7B5EE4B7B822EC85321FE23A27DB33] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\system32\drivers\adpu320.sys [146512] O58 - SDL:[MD5.0D40BCF52EA90FC7DF2AEAB6503DEA44] - 14/07/2009 - 02:26:15 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [14400] O58 - SDL:[MD5.D320BF87125326F996D4904FE24300FC] - 11/03/2011 - 06:38:37 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\system32\drivers\amdsata.sys [80256] O58 - SDL:[MD5.EA43AF0C423FF267355F74E7A53BDABA] - 14/07/2009 - 02:26:15 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows fa.) -- C:\Windows\system32\drivers\amdsbs.sys [159312] O58 - SDL:[MD5.46387FB17B086D16DEA267D5BE23A2F2] - 11/03/2011 - 06:38:37 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\system32\drivers\amdxata.sys [22400] O58 - SDL:[MD5.2932004F49677BD84DBC72EDB754FFB3] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [76368] O58 - SDL:[MD5.5D6F36C46FD283AE1B57BD2E9FEB0BC7] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [86608] O58 - SDL:[MD5.CBE71C122434805CB73FFB6619F60598] - 16/07/2009 - 04:36:30 ---A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\Windows\system32\drivers\ASACPI.sys [13216] O58 - SDL:[MD5.19166026A93206F9C6A8CD3A1F010AE4] - 02/04/2009 - 13:30:14 ---A- . (...) -- C:\Windows\system32\drivers\ASUSHWIO.SYS [10296] O58 - SDL:[MD5.BD8869EB9CDE6BBE4508D869929869EE] - 13/07/2009 - 23:02:49 ---A- . (.Broadcom Corporation - Pilote unifié NDIS6.x Broadcom NetXtreme Gigabit Ethernet..) -- C:\Windows\system32\drivers\b57nd60x.sys [229888] O58 - SDL:[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - 13/07/2009 - 23:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [13568] O58 - SDL:[MD5.56801AD62213A41F6497F96DEE83755A] - 13/07/2009 - 23:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [5248] O58 - SDL:[MD5.845B8CE732E67F3B4133164868C666EA] - 14/07/2009 - 01:57:25 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [272128] O58 - SDL:[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - 13/07/2009 - 23:53:32 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [62336] O58 - SDL:[MD5.BD456606156BA17E60A04E18016AE54B] - 13/07/2009 - 23:53:33 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [12160] O58 - SDL:[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - 13/07/2009 - 23:53:33 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [11904] O58 - SDL:[MD5.1A231ABEC60FD316EC54C66715543CEC] - 13/07/2009 - 23:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\system32\drivers\bxvbdx.sys [430080] O58 - SDL:[MD5.0F5CA31BB3FDB5C1E63C170CFBECC93B] - 03/02/2007 - 10:25:56 ---A- . (.Logitech Inc. - Universal Serial Bus Camera Driver.) -- C:\Windows\system32\drivers\Camdrl.sys [1075360] O58 - SDL:[MD5.C537B1DB64D495B9B4717B4D6D9EDBF2] - 14/07/2009 - 02:26:21 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [15952] O58 - SDL:[MD5.8B30250D573A8F6B4BD23195160D8707] - 14/07/2009 - 02:20:28 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys [70720] O58 - SDL:[MD5.44996A2ADDD2DB7454F2CA40B67D8941] - 17/12/2009 - 23:25:12 ---A- . (.Elaborate Bytes AG - ElbyCD Windows NT/2000/XP I/O driver.) -- C:\Windows\system32\drivers\ElbyCDIO.sys [26024] O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [453712] O58 - SDL:[MD5.024E1B5CAC09731E4D868E64DBFB4AB0] - 13/07/2009 - 23:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\system32\drivers\evbdx.sys [3100160] O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\system32\drivers\hcw85cir.sys [26624] O58 - SDL:[MD5.295FDC419039090EB8B49FFDBB374549] - 14/07/2009 - 02:20:28 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\system32\drivers\HpSAMD.sys [67152] O58 - SDL:[MD5.5CD5F9A5444E6CDCB0AC89BD62D8B76E] - 11/03/2011 - 06:38:51 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\system32\drivers\iaStorV.sys [332160] O58 - SDL:[MD5.9467514EA189475A6E7FDC5D7BDE9D3F] - 23/09/2009 - 19:18:14 ---A- . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\system32\drivers\igdkmd32.sys [4808192] O58 - SDL:[MD5.4173FF5708F3236CF25195FECD742915] - 14/07/2009 - 02:20:36 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [41040] O58 - SDL:[MD5.F7CDABA15C7E853F0A11AF6D77FCA990] - 23/08/2009 - 04:06:38 ---A- . (.Atheros Communications, Inc. - Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20.) -- C:\Windows\system32\drivers\L1E62x86.sys [48640] O58 - SDL:[MD5.EB119A53CCF2ACC000AC71B065B78FEF] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [95824] O58 - SDL:[MD5.8ADE1C877256A22E49B75D1CC9161F9C] - 14/07/2009 - 02:20:37 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [89168] O58 - SDL:[MD5.DC9DC3D3DAA0E276FD2EC262E38B11E9] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas2.sys [54864] O58 - SDL:[MD5.0A036C7D7CAB643A7F07135AC47E0524] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [96848] O58 - SDL:[MD5.64BC29C3A0388BFC580BB8B1346F7659] - 03/02/2007 - 10:32:36 ---A- . (.Logitech Inc. - USB Statistic Driver.) -- C:\Windows\system32\drivers\LVUSBSta.sys [41504] O58 - SDL:[MD5.B7CA8CC3F978201856B6AB82F40953C3] - 10/12/2011 - 15:24:06 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys [20464] O58 - SDL:[MD5.0FFF5B045293002AB38EB1FD1FC2FB74] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7 for x86.) -- C:\Windows\system32\drivers\megasas.sys [30800] O58 - SDL:[MD5.DCBAB2920C75F390CAF1D29F675D03D6] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys [235584] O58 - SDL:[MD5.1D85C4B390B0EE09C7A46B91EFB2C097] - 14/07/2009 - 02:20:44 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [44624] O58 - SDL:[MD5.3D7FB57354703809B5F0C23287FAC1D6] - 17/01/2012 - 13:45:56 ---A- . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) -- C:\Windows\system32\drivers\nvhda32v.sys [148800] O58 - SDL:[MD5.F452E6AD3EDA2852F44BE492E283C40F] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 295.73.) -- C:\Windows\system32\drivers\nvlddmkm.sys [10816832] O58 - SDL:[MD5.B3E25EE28883877076E0E1FF877D02E0] - 11/03/2011 - 06:39:00 ---A- . (.NVIDIA Corporation - NVIDIA® nForce RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [117120] O58 - SDL:[MD5.4380E59A170D88C4F1022EFF6719A8A4] - 11/03/2011 - 06:39:00 ---A- . (.NVIDIA Corporation - NVIDIA® nForce Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [143744] O58 - SDL:[MD5.8BB94087CEF0256F5EAD973D7524BF58] - 29/12/2011 - 18:17:23 ---A- . (...) -- C:\Windows\system32\drivers\PnkBstrK.sys [22328] O58 - SDL:[MD5.AB95ECF1F6659A60DDC166D8315B0751] - 14/07/2009 - 02:19:04 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [1383488] O58 - SDL:[MD5.B4DD51DD25182244B86737DC51AF2270] - 14/07/2009 - 02:19:04 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [106064] O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/07/2009 - 21:50:20 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys [20480] O58 - SDL:[MD5.A9F0486851BECB6DDA1D89D381E71055] - 14/07/2009 - 02:19:04 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\system32\drivers\sisraid2.sys [40016] O58 - SDL:[MD5.3727097B55738E2F554972C3BE5BC1AA] - 14/07/2009 - 02:19:04 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys [77888] O58 - SDL:[MD5.5A293729E1F9FCE3A2106D1F5DC5E98A] - 08/03/2010 - 12:59:14 ---A- . (.Symantec Corporation - Symantec AutoProtect.) -- C:\Windows\system32\drivers\srtsp.sys [283184] O58 - SDL:[MD5.0DDB7FBA32BE09D8057063C0CEE24137] - 08/03/2010 - 12:59:14 ---A- . (.Symantec Corporation - Symantec AutoProtect.) -- C:\Windows\system32\drivers\srtspl.sys [320944] O58 - SDL:[MD5.A99719DFB61B61AA5026341BBB733C0A] - 08/03/2010 - 12:59:14 ---A- . (.Symantec Corporation - Symantec AutoProtect.) -- C:\Windows\system32\drivers\srtspx.sys [43696] O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 14/07/2009 - 02:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\system32\drivers\stexstor.sys [21072] O58 - SDL:[MD5.51B57CDA977170AC608D839DBFA1D3EE] - 03/09/2009 - 16:03:48 ---A- . (.Symantec Corporation - DNS Filter Driver.) -- C:\Windows\system32\drivers\symdns.sys [12720] O58 - SDL:[MD5.A54FF04BD6E75DC4D8CB6F3E352635E0] - 24/02/2011 - 19:29:35 ---A- . (.Symantec Corporation - Symantec Event Library.) -- C:\Windows\system32\drivers\SYMEVENT.SYS [124976] O58 - SDL:[MD5.A131D8360B01044517AA44529E2137D6] - 03/09/2009 - 16:03:48 ---A- . (.Symantec Corporation - Firewall Filter Driver.) -- C:\Windows\system32\drivers\symfw.sys [145968] O58 - SDL:[MD5.2B77868F02DAE02103380B824431B798] - 03/09/2009 - 16:03:48 ---A- . (.Symantec Corporation - IDS Filter Driver.) -- C:\Windows\system32\drivers\symids.sys [39856] O58 - SDL:[MD5.7D3ADDFE63E5227BD2DBD5692BAFB688] - 03/09/2009 - 16:03:52 ---A- . (.Symantec Corporation - NDIS Filter Driver.) -- C:\Windows\system32\drivers\symndisv.sys [38448] O58 - SDL:[MD5.394B2368212114D538316812AF60FDDD] - 03/09/2009 - 16:03:48 ---A- . (.Symantec Corporation - Redirector Filter Driver.) -- C:\Windows\system32\drivers\symredrv.sys [26416] O58 - SDL:[MD5.D46676BB414C7531BDFFE637A33F5033] - 03/09/2009 - 16:03:48 ---A- . (.Symantec Corporation - Network Dispatch Driver.) -- C:\Windows\system32\drivers\symtdi.sys [188080] O58 - SDL:[MD5.94D73B62E458FB56C9CE60AA96D914F9] - 09/08/2009 - 22:25:56 ---A- . (.Elaborate Bytes AG - VirtualCloneCD Driver.) -- C:\Windows\system32\drivers\VClone.sys [29696] O58 - SDL:[MD5.E43574F6A56A0EE11809B48C09E4FD3C] - 14/07/2009 - 02:19:10 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys [16976] O58 - SDL:[MD5.9DFA0CC2F8855A04816729651175B631] - 14/07/2009 - 02:19:11 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys [141904] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\system32\ANSI.SYS [9029] O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 22:40:44 ---A- . (...) -- C:\Windows\system32\country.sys [27097] O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 22:40:40 ---A- . (...) -- C:\Windows\system32\HIMEM.SYS [4768] O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\system32\KEY01.SYS [42809] O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\system32\KEYBOARD.SYS [42537] O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 22:40:23 ---A- . (...) -- C:\Windows\system32\NTDOS.SYS [27866] O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 22:40:31 ---A- . (...) -- C:\Windows\system32\NTDOS404.SYS [29146] O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 22:40:35 ---A- . (...) -- C:\Windows\system32\NTDOS411.SYS [29370] O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 22:40:39 ---A- . (...) -- C:\Windows\system32\NTDOS412.SYS [29274] O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 22:40:27 ---A- . (...) -- C:\Windows\system32\NTDOS804.SYS [29146] O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 22:40:11 ---A- . (...) -- C:\Windows\system32\NTIO.SYS [33952] O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 22:40:15 ---A- . (...) -- C:\Windows\system32\NTIO404.SYS [34672] O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 22:40:17 ---A- . (...) -- C:\Windows\system32\NTIO411.SYS [35776] O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 22:40:19 ---A- . (...) -- C:\Windows\system32\NTIO412.SYS [35536] O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 22:40:13 ---A- . (...) -- C:\Windows\system32\NTIO804.SYS [34672] ~ Scan Drivers in 00mn 04s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\CATALOG.DAT [3714] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\ESRDEF.BIN [7220045] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\TCDEFS.DAT [27594416] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\TCSCAN7.DAT [23986652] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\TCSCAN8.DAT [179342] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\TCSCAN9.DAT [696000] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\TINF.DAT [453] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\TINFL.DAT [1957] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\TSCAN1.DAT [74646] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\V.GRD [5257] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\V.SIG [2609] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\V1.SIG [2266] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\VIRSCAN1.DAT [1068187] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\VIRSCAN2.DAT [574728] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\VIRSCAN3.DAT [158096] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\VIRSCAN4.DAT [320439] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\VIRSCAN5.DAT [16243155] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\VIRSCAN6.DAT [399471] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\VIRSCAN7.DAT [239646130] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\VIRSCAN8.DAT [1023024] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\VIRSCAN9.DAT [6609958] O61 - LFC:Last File Created 01/03/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\WHATSNEW.TXT [41437] O61 - LFC:Last File Created 01/03/2012 - 11:31:04 ---A- C:\Users\CELSO\AppData\Roaming\Microsoft\Office\VB12.pip [144] O61 - LFC:Last File Created 01/03/2012 - 11:35:23 ---A- C:\Users\CELSO\AppData\Local\Symantec\Symantec Endpoint Protection\Logs\03012012.Log [12633729] O61 - LFC:Last File Created 01/03/2012 - 12:04:08 ---A- C:\Users\CELSO\AppData\Roaming\Microsoft\Office\Excel12.pip [1548] O61 - LFC:Last File Created 01/03/2012 - 12:33:39 ---A- C:\Users\All Users\Symantec\LiveUpdate\6.Product.Inventory.LiveUpdate [3040] O61 - LFC:Last File Created 01/03/2012 - 12:33:39 R--A- C:\Users\All Users\Symantec\LiveUpdate\6.Settings.LiveUpdate [510528] O61 - LFC:Last File Created 01/03/2012 - 12:34:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\umcat_01.db [1312051] O61 - LFC:Last File Created 01/03/2012 - 12:34:05 ---A- C:\Users\All Users\Symantec\LiveUpdate\5.Product.Inventory.LiveUpdate [2992] O61 - LFC:Last File Created 01/03/2012 - 12:34:05 R--A- C:\Users\All Users\Symantec\LiveUpdate\5.Settings.LiveUpdate [510528] O61 - LFC:Last File Created 01/03/2012 - 12:51:01 ---A- C:\Users\CELSO\Downloads\ZHPDiag2.exe [3903203] O61 - LFC:Last File Created 01/03/2012 - 14:16:56 R--A- C:\Users\All Users\Symantec\LiveUpdate\4.Settings.LiveUpdate [510528] O61 - LFC:Last File Created 01/03/2012 - 14:16:57 ---A- C:\Users\All Users\Symantec\LiveUpdate\4.Product.Inventory.LiveUpdate [2992] O61 - LFC:Last File Created 01/03/2012 - 15:54:23 ---A- C:\Users\All Users\NVIDIA\Resource.old [1139961] O61 - LFC:Last File Created 01/03/2012 - 15:55:11 R--A- C:\Users\All Users\Symantec\LiveUpdate\3.Settings.LiveUpdate [510528] O61 - LFC:Last File Created 01/03/2012 - 15:55:12 ---A- C:\Users\All Users\Symantec\LiveUpdate\3.Product.Inventory.LiveUpdate [2992] O61 - LFC:Last File Created 01/03/2012 - 15:55:33 ---A- C:\Users\All Users\Symantec\Symantec Endpoint Protection\Logs\03012012.Log [12015454] O61 - LFC:Last File Created 01/03/2012 - 15:57:02 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-2012-03-01.txt [2656] O61 - LFC:Last File Created 01/03/2012 - 18:12:12 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DataStore\AppIcons\ZHPFix.exe.Nettoyeur de rapport ZHPDiag.Nicolas Coolman.1.1.2.3380.ico [16478] O61 - LFC:Last File Created 01/03/2012 - 18:12:12 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DataStore\AppIcons\explorer.exe.Explorateur Windows.Microsoft Corporation.6.1.7601.17567.ico [187373] O61 - LFC:Last File Created 01/03/2012 - 18:12:12 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DataStore\AppIcons\firefox.exe.Firefox.Mozilla Corporation.10.0.2.0.ico [295606] O61 - LFC:Last File Created 01/03/2012 - 18:24:02 ---A- C:\Users\CELSO\AppData\Local\Temp\5454231.od [134] O61 - LFC:Last File Created 01/03/2012 - 18:24:02 ---A- C:\Users\CELSO\AppData\Local\Temp\CVR3997.tmp.cvr [0] O61 - LFC:Last File Created 01/03/2012 - 18:42:01 ---A- C:\Users\CELSO\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC [1164] O61 - LFC:Last File Created 01/03/2012 - 20:43:49 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\EH2c3YNpItgAvkVJFx+swrz9tqQ= [22245] O61 - LFC:Last File Created 01/03/2012 - 21:29:47 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\fCaQjDMHcU0YaYwab1DzQzEcHc8= [27470] O61 - LFC:Last File Created 01/03/2012 - 21:48:00 ---A- C:\Users\CELSO\Downloads\Replays.rar [13840131] O61 - LFC:Last File Created 01/03/2012 - 23:16:24 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\T8Ufk8dNAknNYO2LQZRZB2qr+eQ= [2355] O61 - LFC:Last File Created 01/03/2012 - 23:17:51 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\UZnPQ2FW1QKnUT04RMrne1PzjAnY= [3434] O61 - LFC:Last File Created 01/03/2012 - 23:55:08 ---A- C:\Users\CELSO\AppData\Local\Temp\25319898.od [134] O61 - LFC:Last File Created 01/03/2012 - 23:55:08 ---A- C:\Users\CELSO\AppData\Local\Temp\CVR59CA.tmp.cvr [0] O61 - LFC:Last File Created 01/03/2012 - 23:59:59 ---A- C:\Users\All Users\Symantec\Symantec Endpoint Protection\Logs\02292012.Log [4263676] O61 - LFC:Last File Created 01/03/2012 - 23:59:59 ---A- C:\Users\CELSO\AppData\Local\Symantec\Symantec Endpoint Protection\Logs\02292012.Log [4261261] O61 - LFC:Last File Created 02/03/2012 - 00:15:58 ---A- C:\Users\CELSO\AppData\Local\Temp\26570402.od [134] O61 - LFC:Last File Created 02/03/2012 - 00:15:58 ---A- C:\Users\CELSO\AppData\Local\Temp\CVR6EA2.tmp.cvr [0] O61 - LFC:Last File Created 02/03/2012 - 03:05:45 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\Tray.bin [1520] O61 - LFC:Last File Created 02/03/2012 - 03:05:48 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DrawQuickStyles.xml [74] O61 - LFC:Last File Created 02/03/2012 - 03:05:48 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\ImageQuickStyles.xml [80] O61 - LFC:Last File Created 02/03/2012 - 03:06:04 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DataStore\SnagIt900.sdf [479232] O61 - LFC:Last File Created 02/03/2012 - 03:06:46 ---A- C:\Users\All Users\Symantec\Common Client\settings.bak [215060] O61 - LFC:Last File Created 02/03/2012 - 03:06:46 ---A- C:\Users\All Users\Symantec\Common Client\settings.dat [215060] O61 - LFC:Last File Created 02/03/2012 - 03:06:53 ---A- C:\Users\All Users\Symantec\SavSubEng\submissions.idx [1940144] O61 - LFC:Last File Created 02/03/2012 - 03:06:54 ---A- C:\Users\All Users\NVIDIA\Updatus\updtConfig.xml [2388] O61 - LFC:Last File Created 02/03/2012 - 03:06:55 ---A- C:\Users\All Users\NVIDIA\Updatus\updtclient.log.bak [357] O61 - LFC:Last File Created 02/03/2012 - 09:53:32 ---A- C:\Users\All Users\NVIDIA\Resource.dat [1139961] O61 - LFC:Last File Created 02/03/2012 - 09:53:59 ---A- C:\Users\All Users\Symantec\LiveUpdate\2.Product.Inventory.LiveUpdate [2992] O61 - LFC:Last File Created 02/03/2012 - 09:53:59 R--A- C:\Users\All Users\Symantec\LiveUpdate\2.Settings.LiveUpdate [510528] O61 - LFC:Last File Created 02/03/2012 - 09:55:51 ---A- C:\Users\All Users\NVIDIA\Updatus\journalBS.jour.dat [0] O61 - LFC:Last File Created 02/03/2012 - 12:39:09 ---A- C:\Users\All Users\Symantec\LiveUpdate\Downloads\minitri.flg [1] O61 - LFC:Last File Created 02/03/2012 - 12:39:10 ---A- C:\Users\All Users\Symantec\LiveUpdate\Downloads\decomposer_1.0.0_symalllanguages_livetri.zip [2660] O61 - LFC:Last File Created 02/03/2012 - 12:39:10 ---A- C:\Users\All Users\Symantec\LiveUpdate\Downloads\sesc$20submission$20control$20data_11.0_symalllanguages_livetri.zip [2624] O61 - LFC:Last File Created 02/03/2012 - 12:39:10 ---A- C:\Users\All Users\Symantec\LiveUpdate\Downloads\sesc$20virus$20definitions$20win32$20v11_microdefsb.curdefs_symalllanguages_livetri.zip [3790] O61 - LFC:Last File Created 02/03/2012 - 12:39:10 ---A- C:\Users\All Users\Symantec\LiveUpdate\Downloads\sesc$20virus$20definitions$20win32$20v11_microdefsb.feb_symalllanguages_livetri.zip [2949] O61 - LFC:Last File Created 02/03/2012 - 12:39:11 ---A- C:\Users\All Users\Symantec\LiveUpdate\Downloads\1330669341jtun_nav2k8en120229034.m25 [876525] O61 - LFC:Last File Created 02/03/2012 - 12:39:22 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\definfo.dat [34] O61 - LFC:Last File Created 02/03/2012 - 12:39:27 ---A- C:\Users\All Users\Symantec\LiveUpdate\1.Product.Inventory.LiveUpdate [3040] O61 - LFC:Last File Created 02/03/2012 - 12:39:27 R--A- C:\Users\All Users\Symantec\LiveUpdate\1.Settings.LiveUpdate [511221] O61 - LFC:Last File Created 02/03/2012 - 12:39:28 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\usage.dat [54] O61 - LFC:Last File Created 02/03/2012 - 12:41:28 ---A- C:\Users\All Users\Symantec\Symantec Endpoint Protection\Logs\03022012.Log [1312] O61 - LFC:Last File Created 02/03/2012 - 12:41:28 ---A- C:\Users\CELSO\AppData\Local\Symantec\Symantec Endpoint Protection\Logs\03022012.Log [580] O61 - LFC:Last File Created 02/03/2012 - 13:08:18 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\N0FqWUdpRzJzOVdhSWR1Mi83OEVtek5DcTU4PQ==\channels\cache.dat [4] O61 - LFC:Last File Created 02/03/2012 - 13:08:18 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\N0FqWUdpRzJzOVdhSWR1Mi83OEVtek5DcTU4PQ==\perm.dat [79436] O61 - LFC:Last File Created 02/03/2012 - 13:08:19 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\resolved.dat [112] O61 - LFC:Last File Created 02/03/2012 - 13:08:19 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\subscribemode.dat [90] O61 - LFC:Last File Created 02/03/2012 - 13:08:20 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\chats\N0FqWUdpRzJzOVdhSWR1Mi83OEVtek5DcTU4PQ==\channel.html [71447] O61 - LFC:Last File Created 02/03/2012 - 13:11:49 ---A- C:\Users\All Users\Symantec\LiveUpdate\Product.Inventory.LiveUpdate [2992] O61 - LFC:Last File Created 02/03/2012 - 13:11:49 R---- C:\Users\All Users\Symantec\LiveUpdate\Product.Inventory.LastGood.LiveUpdate [2992] O61 - LFC:Last File Created 02/03/2012 - 13:11:49 R---- C:\Users\All Users\Symantec\LiveUpdate\Settings.LiveUpdate [511221] O61 - LFC:Last File Created 02/03/2012 - 13:11:54 ---A- C:\Users\All Users\Symantec\LiveUpdate\Log.LiveUpdate [4127844] O61 - LFC:Last File Created 02/03/2012 - 14:00:05 ---A- C:\Users\CELSO\AppData\Local\Windows Live\uxcore_WindowsLivePhotoViewer_00.etl [8192] O61 - LFC:Last File Created 02/03/2012 - 14:06:08 ---A- C:\Users\CELSO\AppData\Local\Temp\15198569.od [134] O61 - LFC:Last File Created 02/03/2012 - 14:06:08 ---A- C:\Users\CELSO\AppData\Local\Temp\CVRE969.tmp.cvr [0] O61 - LFC:Last File Created 02/03/2012 - 14:23:30 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\vscanmsx.dat [2072] O61 - LFC:Last File Created 02/03/2012 - 14:34:07 ---A- C:\Users\CELSO\AppData\Roaming\Microsoft\Outlook\Outlook.NK2 [31295] O61 - LFC:Last File Created 02/03/2012 - 14:34:07 ---A- C:\Users\CELSO\AppData\Roaming\Microsoft\Outlook\Outlook.xml [3609] O61 - LFC:Last File Created 02/03/2012 - 14:34:07 ---A- C:\Users\CELSO\AppData\Roaming\Microsoft\Outlook\outcmd.dat [1862] O61 - LFC:Last File Created 02/03/2012 - 14:58:03 ----- C:\Users\CELSO\AppData\Local\Windows Live\uxcore_msnmsgr_00.etl [0] O61 - LFC:Last File Created 02/03/2012 - 15:01:04 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\local.conf [757] O61 - LFC:Last File Created 02/03/2012 - 15:01:10 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\database.conf [432] O61 - LFC:Last File Created 02/03/2012 - 15:01:10 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref [6542191] O61 - LFC:Last File Created 02/03/2012 - 15:03:50 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-2012-03-02.txt [2958] O61 - LFC:Last File Created 02/03/2012 - 15:04:10 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2012-03-02 (13-54-46).txt [2194] O61 - LFC:Last File Created 02/03/2012 - 15:15:45 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\ErrorResponse.xml [2782] O61 - LFC:Last File Created 02/03/2012 - 15:16:00 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\LOFVk2xI5ySk9SiT4qgRUN76D40= [8335] O61 - LFC:Last File Created 02/03/2012 - 15:20:08 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\ts3clientui_qt.conf [4833] O61 - LFC:Last File Created 02/03/2012 - 15:20:09 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\chats\N0FqWUdpRzJzOVdhSWR1Mi83OEVtek5DcTU4PQ==\channel.txt [8834] O61 - LFC:Last File Created 02/03/2012 - 15:20:39 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\chats\N0FqWUdpRzJzOVdhSWR1Mi83OEVtek5DcTU4PQ==\server.html [230656] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120301.033\VIRSCAN.INF [106244] O61 - LFC:Last File Created 29/02/2012 - 17:52:58 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\Cat.DB [1329804] O61 - LFC:Last File Created 29/02/2012 - 17:56:37 ---A- C:\Users\CELSO\Documents\TmForever\Config\blacklist.txt [120] O61 - LFC:Last File Created 29/02/2012 - 17:56:37 ---A- C:\Users\CELSO\Documents\TmForever\Config\checksum.txt [363135] O61 - LFC:Last File Created 29/02/2012 - 17:56:37 ---A- C:\Users\CELSO\Documents\TmForever\Config\guestlist.txt [119] O61 - LFC:Last File Created 29/02/2012 - 20:45:36 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\chats\NE1JVU9BeXFyWjI2YUhzSllvWGhjNXU2OGZJPQ==\channel.txt [231] O61 - LFC:Last File Created 29/02/2012 - 20:45:39 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\NE1JVU9BeXFyWjI2YUhzSllvWGhjNXU2OGZJPQ==\channels\cache.dat [4] O61 - LFC:Last File Created 29/02/2012 - 20:45:39 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\NE1JVU9BeXFyWjI2YUhzSllvWGhjNXU2OGZJPQ==\perm.dat [79438] O61 - LFC:Last File Created 29/02/2012 - 20:45:45 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\chats\NE1JVU9BeXFyWjI2YUhzSllvWGhjNXU2OGZJPQ==\channel.html [1059] O61 - LFC:Last File Created 29/02/2012 - 20:49:07 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\ts3clientui_qt.secrets.conf [1198] O61 - LFC:Last File Created 29/02/2012 - 20:49:10 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\V1VVY1dkVmtBNW0rM0p2ZENkQVNwZnVqL0pZPQ==\icons\dummy.png [109] O61 - LFC:Last File Created 29/02/2012 - 20:49:10 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\remote\downloads.csil.fr\manager\teamspeak\customers-banners\510-213.251.151.138-9509.6b04c2b318b48e6f1e590825bdc9714234ac41f1.29.02.2012.21.33.54.jpg [42922] O61 - LFC:Last File Created 29/02/2012 - 20:49:24 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\chats\V1VVY1dkVmtBNW0rM0p2ZENkQVNwZnVqL0pZPQ==\channel.html [194] O61 - LFC:Last File Created 29/02/2012 - 20:58:28 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\umcat_02.db [1308039] O61 - LFC:Last File Created 29/02/2012 - 20:58:49 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\V1VVY1dkVmtBNW0rM0p2ZENkQVNwZnVqL0pZPQ==\clients\avatar_ljedojdaaaeeidbmhnjokpfpibgmemaacmlcjaaf [19959] O61 - LFC:Last File Created 29/02/2012 - 20:59:01 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\V1VVY1dkVmtBNW0rM0p2ZENkQVNwZnVqL0pZPQ==\clients\avatar_dobmnnckfihhhjnnengekhjonmipfkmcnahkcggl [11057] O61 - LFC:Last File Created 29/02/2012 - 20:59:24 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\V1VVY1dkVmtBNW0rM0p2ZENkQVNwZnVqL0pZPQ==\clients\avatar_kjbkpaccmbblhidcainhoblifiliaocnjfakiden [13969] O61 - LFC:Last File Created 29/02/2012 - 21:00:57 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\V1VVY1dkVmtBNW0rM0p2ZENkQVNwZnVqL0pZPQ==\channels\cache.dat [4] O61 - LFC:Last File Created 29/02/2012 - 21:00:57 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\V1VVY1dkVmtBNW0rM0p2ZENkQVNwZnVqL0pZPQ==\perm.dat [79438] O61 - LFC:Last File Created 29/02/2012 - 21:00:59 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\chats\NE1JVU9BeXFyWjI2YUhzSllvWGhjNXU2OGZJPQ==\server.html [4134] O61 - LFC:Last File Created 29/02/2012 - 22:02:16 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DataStore\AppIcons\SavUI.exe.Symantec AntiVirus.Symantec Corporation.11.0.6070.422.ico [107710] O61 - LFC:Last File Created 29/02/2012 - 22:02:16 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DataStore\AppIcons\SymCorpUI.exe.Symantec AntiVirus.Symantec Corporation.11.0.6070.422.ico [107710] O61 - LFC:Last File Created 29/02/2012 - 22:02:16 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DataStore\AppIcons\msnmsgr.exe.Windows Live Messenger.Microsoft Corporation.15.4.3538.513.ico [80395] O61 - LFC:Last File Created 29/02/2012 - 22:08:23 ---A- C:\Users\All Users\Symantec\LiveUpdate\10.Product.Inventory.LiveUpdate [2992] O61 - LFC:Last File Created 29/02/2012 - 22:08:23 R--A- C:\Users\All Users\Symantec\LiveUpdate\10.Settings.LiveUpdate [509835] O61 - LFC:Last File Created 29/02/2012 - 22:08:43 ---A- C:\Users\All Users\Symantec\LiveUpdate\9.Product.Inventory.LiveUpdate [2992] O61 - LFC:Last File Created 29/02/2012 - 22:08:43 R--A- C:\Users\All Users\Symantec\LiveUpdate\9.Settings.LiveUpdate [509835] O61 - LFC:Last File Created 29/02/2012 - 22:26:42 ---A- C:\Users\All Users\Symantec\LiveUpdate\8.Product.Inventory.LiveUpdate [2992] O61 - LFC:Last File Created 29/02/2012 - 22:26:42 R--A- C:\Users\All Users\Symantec\LiveUpdate\8.Settings.LiveUpdate [509835] O61 - LFC:Last File Created 29/02/2012 - 22:29:58 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\link.txt [115] O61 - LFC:Last File Created 29/02/2012 - 22:29:58 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe [9502424] O61 - LFC:Last File Created 29/02/2012 - 22:29:58 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\news.txt [78] O61 - LFC:Last File Created 29/02/2012 - 22:33:23 R--A- C:\Users\All Users\Symantec\LiveUpdate\7.Settings.LiveUpdate [509835] O61 - LFC:Last File Created 29/02/2012 - 22:33:25 ---A- C:\Users\All Users\Symantec\LiveUpdate\7.Product.Inventory.LiveUpdate [2992] O61 - LFC:Last File Created 29/02/2012 - 22:37:50 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\exclusions.dat [2] O61 - LFC:Last File Created 29/02/2012 - 22:37:56 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\manifest.conf [514] O61 - LFC:Last File Created 29/02/2012 - 22:37:56 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\news.conf [282] O61 - LFC:Last File Created 29/02/2012 - 22:43:56 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\5542903943.data [668] O61 - LFC:Last File Created 29/02/2012 - 22:43:57 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\5542903943.quar [98304] O61 - LFC:Last File Created 29/02/2012 - 23:57:24 ---A- C:\Users\CELSO\Downloads\adwcleaner.exe [602051] O61 - LFC:Last File Created 29/02/2012 - 23:57:47 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-2012-02-29.txt [1478] O61 - LFC:Last File Created 30/12/1899 - 03:05:35 --HA- C:\Users\CELSO\AppData\Local\IconCache.db [2590285] ~ Scan Files in 09mn 42s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 1.28 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ Scan ADS in 00mn 00s ---\\ Liste des services Legacy (O64) O64 - Services: CurCS - 13/02/2012 - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (eeCtrl) .(.Symantec Corporation - Symantec Eraser Control Driver.) - LEGACY_EECTRL O64 - Services: CurCS - 17/12/2009 - C:\Windows\system32\Drivers\ElbyCDIO.sys (ElbyCDIO) .(.Elaborate Bytes AG - ElbyCD Windows NT/2000/XP I/O driver.) - LEGACY_ELBYCDIO O64 - Services: CurCS - 13/02/2012 - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (EraserUtilRebootDrv) .(.Symantec Corporation - Symantec Eraser Utility Driver.) - LEGACY_ERASERUTILREBOOTDRV O64 - Services: CurCS - 10/12/2011 - C:\Windows\system32\drivers\mbam.sys (MBAMProtector) .(.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) - LEGACY_MBAMPROTECTOR O64 - Services: CurCS - ??\??\???? - C:\Windows\system32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV O64 - Services: CurCS - 18/12/2009 - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (SPBBCDrv) .(.Symantec Corporation - SPBBC Driver.) - LEGACY_SPBBCDRV O64 - Services: CurCS - 08/03/2010 - C:\Windows\system32\Drivers\SRTSP.sys (SRTSP) .(.Symantec Corporation - Symantec AutoProtect.) - LEGACY_SRTSP O64 - Services: CurCS - 08/03/2010 - C:\Windows\system32\Drivers\SRTSPX.sys (SRTSPX) .(.Symantec Corporation - Symantec AutoProtect.) - LEGACY_SRTSPX O64 - Services: CurCS - 24/02/2011 - C:\Windows\system32\Drivers\SYMEVENT.sys (SymEvent) .(.Symantec Corporation - Symantec Event Library.) - LEGACY_SYMEVENT O64 - Services: CurCS - 03/09/2009 - C:\Windows\system32\Drivers\SYMREDRV.sys (SYMREDRV) .(.Symantec Corporation - Redirector Filter Driver.) - LEGACY_SYMREDRV O64 - Services: CurCS - 03/09/2009 - C:\Windows\system32\Drivers\SYMTDI.sys (SYMTDI) .(.Symantec Corporation - Network Dispatch Driver.) - LEGACY_SYMTDI O64 - Services: CurCS - 15/12/2009 - C:\Program Files\CyberLink\PowerDVD9\NavFilter\000.fcl ({B154377D-700F-42cc-9474-23858FBDF4BD}) .(.CyberLink Corp. - Pas de description.) - LEGACY_{B154377D-700F-42CC-9474-23858FBDF4BD} ~ Scan Services in 00mn 03s ---\\ Liste des fichiers non signés (O65) (None) ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\system32\control.exe O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\system32\eventvwr.exe O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\system32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\system32\control.exe O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> <evtfile>[HKCR\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\system32\eventvwr.exe O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\system32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe ~ Scan Keys in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe ~ Scan Keys in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - Bing ~ Scan Keys in 00mn 00s ---\\ Recherche des services démarrés par Svchost (O83) O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Service Expérience d’application.) -- C:\Windows\system32\aelupsvc.dll [62464] O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\system32\certprop.dll [67584] O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\system32\certprop.dll [67584] O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL du service Serveur.) -- C:\Windows\system32\srvsvc.dll [168960] O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Client de stratégie de groupe.) -- C:\Windows\system32\gpsvc.dll [593408] O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extension IKE.) -- C:\Windows\system32\ikeext.dll [674304] O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Service Audio Windows.) -- C:\Windows\system32\Audiosrv.dll [473600] O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gestionnaire de numérotation automatique d’accès distant.) -- C:\Windows\system32\rasauto.dll [90624] O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gestionnaire de connexions d’accès distant.) -- C:\Windows\system32\rasmans.dll [286208] O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gestionnaire d’interface dynamique.) -- C:\Windows\system32\mprdim.dll [75264] O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Service de notification d’événements système (SENS).) -- C:\Windows\system32\sens.dll [49664] O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Composants de l’application d’assistance à Microsoft NAT.) -- C:\Windows\system32\ipnathlp.dll [300544] O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Serveur de téléphonie Microsoft® Windows.) -- C:\Windows\system32\tapisrv.dll [242176] O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gestionnaire des connexions distantes du serveur hôte de session Burea.) -- C:\Windows\system32\termsrv.dll [521216] O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Agent de mise à jour automatique Windows Update.) -- C:\Windows\system32\wuaueng.dll [1914368] O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Service de transfert intelligent en arrière-plan.) -- C:\Windows\system32\qmgr.dll [585728] O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\Windows\system32\shsvcs.dll [328192] O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service offrant une connectivité IPv6 sur un réseau IPv4..) -- C:\Windows\system32\iphlpsvc.dll [499712] O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de service d’ouverture de session secondaire.) -- C:\Windows\system32\seclogon.dll [21504] O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Service Informations d’application.) -- C:\Windows\system32\appinfo.dll [47104] O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Service de découverte iSCSI.) -- C:\Windows\system32\iscsiexe.dll [114688] O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Service Planificateur de classes multimédias.) -- C:\Windows\system32\mmcss.dll [49664] O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Rapports et solutions aux problèmes.) -- C:\Windows\system32\wercplsupport.dll [61440] O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Service EAPHost Microsoft.) -- C:\Windows\system32\eapsvc.dll [98304] O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\system32\profsvc.dll [164352] O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Service du Planificateur de tâches.) -- C:\Windows\system32\schedsvc.dll [750592] O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Service Gestion des clés.) -- C:\Windows\system32\kmsvc.dll [71168] O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Service Configuration des services Bureau à distance.) -- C:\Windows\system32\sessenv.dll [113664] O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\system32\wbem\WMIsvc.dll [168960] O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL du service Explorateur d’ordinateurs.) -- C:\Windows\system32\browser.dll [102400] O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL du service des thèmes Windows Shell.) -- C:\Windows\system32\themeservice.dll [37376] O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Service BDE.) -- C:\Windows\system32\bdesvc.dll [76800] ~ Scan Services in 00mn 00s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.A719B9EE6116B496F4000C0B1311EA13] [sPRF][26/02/2011] (...) -- C:\Users\CELSO\AppData\Roaming\PnkBstrK.sys [22328] [MD5.371D4542D9EC5C1D90809F578D177429] [sPRF][29/02/2012] (...) -- C:\Users\CELSO\Desktop\adwcleaner.exe [602051] [MD5.4D930392BD13F448ED474CE2C41DFADA] [sPRF][03/02/2011] (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller 10.2 r152.) -- C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [2871968] ~ Scan Files in 00mn 01s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "{768764A5-EE18-4CF0-A7C2-C06CA2470F4E}" | In - Private - P6 - TRUE | .(.Symantec Corporation - Symantec CMC Smc.) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe O87 - FAEL: "{B39930D3-0685-4B0B-B436-D92E51467FD0}" | In - Private - P17 - TRUE | .(.Symantec Corporation - Symantec CMC Smc.) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe O87 - FAEL: "{D0C64FAF-F625-4A2A-9DA8-0480DF218DAF}" | In - Private - P6 - TRUE | .(.Symantec Corporation - Symantec Network Access Control.) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.exe O87 - FAEL: "{21A47798-3CA9-4853-A8A4-13571D36B9D8}" | In - Private - P17 - TRUE | .(.Symantec Corporation - Symantec Network Access Control.) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.exe O87 - FAEL: "{FF9446F0-997A-4989-8FAE-165400FA773B}" | In - Private - P6 - TRUE | .(.Symantec Corporation - Symantec User Session.) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe O87 - FAEL: "{99B7EAE7-A241-42FE-A376-D00EC6BEC35E}" | In - Private - P17 - TRUE | .(.Symantec Corporation - Symantec User Session.) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe O87 - FAEL: "{90A8D7F2-D7E0-4D88-88FC-538BEB05D43E}" | In - Private - P6 - TRUE | .(...) -- C:\Program Files\HomePlayer\HomePlayer.exe O87 - FAEL: "{D1641D63-D1D2-4D22-AAAB-E6996B6BBC47}" | In - Private - P17 - TRUE | .(...) -- C:\Program Files\HomePlayer\HomePlayer.exe O87 - FAEL: "{CBD46927-16E3-4645-A333-E3E96ADBF20D}" | In - Private - P6 - TRUE | .(...) -- C:\Program Files\HomePlayer\VLC\vlc.exe O87 - FAEL: "{C463970E-9993-4131-A162-DB36ABC82DE5}" | In - Private - P17 - TRUE | .(...) -- C:\Program Files\HomePlayer\VLC\vlc.exe O87 - FAEL: "{9F525B69-8322-43D5-AB5E-3D926DB5FE19}" | In - None - P17 - TRUE | .(.CyberLink Corp. - CyberLink PowerDVD Cinema Main Program.) -- C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe O87 - FAEL: "{2779ED72-2D8F-458E-A553-532462A26773}" | In - None - P17 - TRUE | .(.CyberLink Corp. - PowerDVD 9.0.) -- C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe O87 - FAEL: "{07DDECF6-849F-4176-A6E7-16D105249038}" | In - Private - P6 - TRUE | .(...) -- C:\Windows\System32\PnkBstrA.exe O87 - FAEL: "{C35DE4CF-48BA-4FAC-AC6D-7FC5A9D31068}" | In - Private - P17 - TRUE | .(...) -- C:\Windows\System32\PnkBstrA.exe O87 - FAEL: "{D063662A-F9C5-4B72-91F6-89FE80620588}" | In - Private - P6 - TRUE | .(...) -- C:\Windows\System32\PnkBstrB.exe O87 - FAEL: "{49A573E0-A040-4386-A288-BA6A270E7775}" | In - Private - P17 - TRUE | .(...) -- C:\Windows\System32\PnkBstrB.exe O87 - FAEL: "{F129F5CC-FD1D-4D97-88D6-27AEC1428462}" | In - Private - P6 - TRUE | .(...) -- C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe O87 - FAEL: "{2736B1FE-2EC8-4A6D-9689-3F53070D4C57}" | In - Private - P17 - TRUE | .(...) -- C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe O87 - FAEL: "TCP Query User{A58B5EAA-3EF6-47B9-8C18-7CFFBC9C96C8}C:\program files\xfire\xfire.exe" | In - Private - P6 - TRUE | .(.Xfire Inc. - Xfire.) -- C:\Program Files\Xfire\Xfire.exe O87 - FAEL: "UDP Query User{5AB11151-291C-4248-825E-AC23CEF8AD9B}C:\program files\xfire\xfire.exe" | In - Private - P17 - TRUE | .(.Xfire Inc. - Xfire.) -- C:\Program Files\Xfire\Xfire.exe O87 - FAEL: "TCP Query User{199EC9F2-7B18-4BC7-8498-4E0B0854367A}C:\program files\tmnationsforever\tmforever.exe" | In - Private - P6 - TRUE | .(...) -- C:\Program Files\TmNationsForever\TmForever.exe O87 - FAEL: "UDP Query User{59FFB152-C260-4FF9-984F-ADB091E925A6}C:\program files\tmnationsforever\tmforever.exe" | In - Private - P17 - TRUE | .(...) -- C:\Program Files\TmNationsForever\TmForever.exe O87 - FAEL: "TCP Query User{927922A5-396E-4280-BFFD-C530A1F34AC0}C:\program files\activision\call of duty 2\cod2mp_s.exe" | In - Private - P6 - TRUE | .(...) -- C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe O87 - FAEL: "UDP Query User{C9A7C4FE-57EB-4D32-945C-7F465208635F}C:\program files\activision\call of duty 2\cod2mp_s.exe" | In - Private - P17 - TRUE | .(...) -- C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe O87 - FAEL: "TCP Query User{8C2CCB46-F6A4-4475-8FEF-E0570A54DCC4}C:\program files\google\google earth\plugin\geplugin.exe" | In - Private - P6 - TRUE | .(.Google - Google Earth.) -- C:\Program Files\Google\Google Earth\plugin\geplugin.exe O87 - FAEL: "UDP Query User{782CF56E-D15C-44DA-96F7-2F3319969315}C:\program files\google\google earth\plugin\geplugin.exe" | In - Private - P17 - TRUE | .(.Google - Google Earth.) -- C:\Program Files\Google\Google Earth\plugin\geplugin.exe O87 - FAEL: "TCP Query User{E90365DB-56C7-408B-A978-E040D9463AA0}C:\program files\maniaplanet\maniaplanet.exe" | In - Private - P6 - TRUE | .(.Nadeo - ManiaPlanet.) -- C:\Program Files\ManiaPlanet\ManiaPlanet.exe O87 - FAEL: "UDP Query User{C40BA7F3-76AE-4350-AA3B-8B9302382B9A}C:\program files\maniaplanet\maniaplanet.exe" | In - Private - P17 - TRUE | .(.Nadeo - ManiaPlanet.) -- C:\Program Files\ManiaPlanet\ManiaPlanet.exe O87 - FAEL: "{CB517CEE-EE2B-4FD8-AB90-821D40EA15FC}" | In - Private - P6 - TRUE | .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe O87 - FAEL: "{20628F0E-FE6A-4BC7-BC7A-0609D0C70DB5}" | In - Private - P17 - TRUE | .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe O87 - FAEL: "{A853B28D-A101-4BE2-9D3A-2278AE00E5F2}" | In - Private - P6 - TRUE | .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe O87 - FAEL: "{A91ACAA4-41F8-4335-8F0B-1DDAAD02A7AF}" | In - Private - P17 - TRUE | .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe O87 - FAEL: "{1FB1CC51-A200-4A1E-AD1B-B8332BE8A238}" | In - None - P17 - TRUE | .(.Skype Limited - Facebook Video Calling.) -- C:\Users\CELSO\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe O87 - FAEL: "{469EE70C-48E3-442E-824B-E93B994E478E}" | In - Private - P6 - FALSE | .(.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O87 - FAEL: "{50002BA1-1F53-4912-A50B-859A2842C1B2}" | In - Private - P17 - FALSE | .(.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O87 - FAEL: "TCP Query User{0D8BB620-31ED-40A2-9352-07C707B29323}C:\program files\tmnationsforever\tmforever.exe" | In - Public - P6 - TRUE | .(...) -- C:\Program Files\TmNationsForever\TmForever.exe O87 - FAEL: "UDP Query User{0865982E-E7D0-4E3A-851E-382BEDD64A2D}C:\program files\tmnationsforever\tmforever.exe" | In - Public - P17 - TRUE | .(...) -- C:\Program Files\TmNationsForever\TmForever.exe ~ Scan Firewall in 00mn 02s ---\\ Scan Additionnel (O88) Database Version : 9066 - (05/02/2012) Clés trouvées (Keys found) : 1 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 [HKLM\Software\Xfire\OpenCandy] =>Adware.OpenCandy ~ Scan Additionnel in 00mn 05s ---\\ Recherche détournement de DNS routeur (O89) Serveur : google-public-dns-a.google.com Address: 8.8.8.8 Nom : www-cctld.l.google.com Address: 173.194.67.94 Aliases: www.google.fr ~ Scan DNS in 00mn 03s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 03/01/2012 63928 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 25/01/2010 108392 | (ccEvtMgr) . (.Symantec Corporation.) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe SR - | Auto 25/01/2010 108392 | (ccSetMgr) . (.Symantec Corporation.) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe SS - | Auto 30/04/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 30/04/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 17/02/2010 3093880 | (LiveUpdate) . (.Symantec Corporation.) - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.exe SR - | Auto 13/01/2012 652360 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe SR - | Auto 10/02/2012 645440 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe SR - | Auto 10/02/2012 2348352 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SR - | Auto 75136 | (PnkBstrA) . (...) - C:\Windows\System32\PnkBstrA.exe SR - | Auto 16/04/2010 1881368 | (SmcService) . (.Symantec Corporation.) - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe SS - | Disabled 01/04/2010 349512 | (SNAC) . (.Symantec Corporation.) - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.exe SR - | Auto 09/02/2012 382272 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe SR - | Auto 23/04/2010 1831024 | (Symantec AntiVirus) . (.Symantec Corporation.) - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe SR - | Auto 02/12/2011 2923392 | (TeamViewer7) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe SR - | Auto 14/07/2009 20992 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 15/12/2009 87536 | ({B154377D-700F-42cc-9474-23858FBDF4BD}) . (.CyberLink Corp..) - C:\Program Files\CyberLink\PowerDVD9\NavFilter\000.fcl ~ Scan Services in 00mn 07s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover Run by CELSO at 02/03/2012 15:42:45 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys 1 ntkrnlpa!IofCallDriver[0x8304052A] -> \Device\Harddisk0\DR0[0x86563A38] 3 CLASSPNP[0x8B79459E] -> ntkrnlpa!IofCallDriver[0x8304052A] -> [0x860DE7E0] 5 ACPI[0x8B2C63D4] -> ntkrnlpa!IofCallDriver[0x8304052A] -> \Device\Ide\IdeDeviceP2T0L0-2[0x860D0908] kernel: MBR read successfully user & kernel MBR OK ~ Scan MBR in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by CELSO at 02/03/2012 15:42:47 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ Scan MBR in 00mn 04s End of the scan (1496 lines in 14mn 46s)(0)
  5. rital94
    je viens de refaire une analyse complet voila ce qui la retrouver que faire svp Malwarebytes Anti-Malware (Essai) 1.60.1.1000 www.malwarebytes.org Version de la base de données: v2012.03.02.02 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 CELSO :: CELSO-PC [administrateur] Protection: Activé 02/03/2012 13:54:46 mbam-log-2012-03-02 (13-54-46).txt Type d'examen: Examen complet Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 366882 Temps écoulé: 1 heure(s), 9 minute(s), 24 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 0 (Aucun élément nuisible détecté) (fin) un trojan.Agent 29/02/2012,21h43 file F:\Logiciel Mantenance&dvd Shrink,\cdkey-rzr-cod4.exe mis en quarantaine "dois- le supprimer ou pas " merci exuser moi c'etait deja mis en quarantaine Malwarebites
  6. rital94
    je voulais simplement mettre une simple image mais que dois-je faire maintenant es-ce que mon pc est propre ou pas windoows est -il propre merci car je suis nul en informatique donc j'attends votre feu vert merci Mr pear
  7. rital94
    bonjour Mr pear je suis a votre disposition toute la journée pour executé vos directives merci que dois-je faire maintenant svp Mr pear merci d'avance
  8. rital94
    merci de ton aide sympa
  9. rital94
    desole mauvaise manipulation imposible de vous mettre une image !!!
  10. rital94
    Rapport de ZHPFix 1.12.3380 par Nicolas Coolman, Update du 05/02/2011 Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-01-03-2012-17-56-48.txt Run by CELSO at 01/03/2012 17:56:48 Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601) Web site : ZHPFix Fix de rapport Web site : Blog de NicolasCoolman - ZebHelpProcess - Skyrock.com ========== Processus mémoire ========== SUPPRIME Memory Process: C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\keygen.exe SUPPRIME Memory Process: C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\oodpe_8_5_1932_fra.exe SUPPRIME Memory Process: F:\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\keygen.exe SUPPRIME Memory Process: F:\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\oodpe_8_5_1932_fra.exe SUPPRIME Memory Process: F:\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\keygen.exe SUPPRIME Memory Process: F:\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\oodpe_8_5_1932_fra.exe ========== Clé(s) du Registre ========== SUPPRIME Key: SearchScopes :{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} ABSENT Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} ========== Valeur(s) du Registre ========== SUPPRIME {6BEEBFC0-890F-4FE6-95D2-CA3B464DE353} SUPPRIME {1BD6DC99-87C4-4937-826B-910BAE2DD02A} SUPPRIME {1A15E680-3D45-4FC9-A726-1A974CFE5FF9} SUPPRIME {0E87757C-0474-4D04-AC62-54285AFEF89E} SUPPRIME {AD6BF7BE-7D0A-4112-9536-DEAD743DD93A} SUPPRIME {E02CD5AE-0A58-4241-9DE2-CC86585E3A32} SUPPRIME [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} ABSENT Valeur Standard Profile: FirewallRaz : ABSENT Valeur Domain Profile: FirewallRaz : SUPPRIME FirewallRaz (Domain) : NetPres-In-TCP-NoScope SUPPRIME FirewallRaz (Domain) : NetPres-Out-TCP-NoScope SUPPRIME FirewallRaz (None) : NetPres-WSD-In-UDP SUPPRIME FirewallRaz (None) : NetPres-WSD-Out-UDP SUPPRIME FirewallRaz (Public) : NetPres-In-TCP SUPPRIME FirewallRaz (Public) : NetPres-Out-TCP SUPPRIME FirewallRaz (Private) : {6DDFD881-6916-4CAD-928A-CFB6C4C28F8E} SUPPRIME FirewallRaz (Private) : {B2E79365-8139-4ACF-B9AE-816CD7BF2CFD} ========== Elément(s) de donnée du Registre ========== SUPPRIME R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page ========== Dossier(s) ========== SUPPRIME Folder: C:\Users\CELSO\AppData\Roaming\OpenCandy SUPPRIME Folder: C:\Users\CELSO\AppData\Local\OpenCandy SUPPRIME Folder: c:\users\celso\appdata\locallow\shopperreports3 SUPPRIME Folder: C:\Users\CELSO\AppData\Local\{21323798-F0F1-46C1-93F5-4D78751EDA46} SUPPRIME Folder: C:\Users\CELSO\AppData\Local\{68DB5F03-B576-48F7-85FE-84B19F380F95} SUPPRIME Folder: C:\Users\CELSO\AppData\Local\{83DA3416-C940-4A57-800C-0BC28D0F7B1B} SUPPRIME Folder: C:\Users\CELSO\AppData\Local\{A8D7FA30-AE5A-4015-90E3-7A07465B2017} SUPPRIME Folder: C:\Users\CELSO\AppData\Local\{DCCAC3E5-0625-43BD-9A0A-BCABC323C64F} SUPPRIME Flash Cookies: 26 SUPPRIME Temporaires Windows: : 105 ========== Fichier(s) ========== ABSENT Folder/File: c:\users\celso\appdata\roaming\opencandy ABSENT Folder/File: c:\users\celso\appdata\local\opencandy SUPPRIME File: c:\users\celso\desktop\sauvegarde\logiciel maintenance & dvd shrink,\o&o\o&o defrag pro v8.5.1932fr + keygen\keygen.exe SUPPRIME File***: c:\users\celso\desktop\sauvegarde\logiciel maintenance & dvd shrink,\o&o\o&o defrag pro v8.5.1932fr + keygen\oodpe_8_5_1932_fra.exe SUPPRIME File: C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen.rar SUPPRIME File: f:\logiciel maintenance & dvd shrink,\o&o\o&o defrag pro v8.5.1932fr + keygen\keygen.exe SUPPRIME File: f:\logiciel maintenance & dvd shrink,\o&o\o&o defrag pro v8.5.1932fr + keygen\oodpe_8_5_1932_fra.exe SUPPRIME File: F:\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj01.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj02.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj03.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj04.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj05.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj06.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj07.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj08.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj09.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj10.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj11.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj12.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj13.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj14.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj15.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj16.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj17.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj18.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj19.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj20.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj21.zip SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part01.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part02.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part03.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part04.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part05.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part06.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part07.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part08.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part09.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part10.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part11.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part12.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part13.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part14.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part15.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part16.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part17.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part18.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part19.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part20.rar SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part21.rar SUPPRIME File: f:\sauvegarde\logiciel maintenance & dvd shrink,\o&o\o&o defrag pro v8.5.1932fr + keygen\keygen.exe SUPPRIME File: f:\sauvegarde\logiciel maintenance & dvd shrink,\o&o\o&o defrag pro v8.5.1932fr + keygen\oodpe_8_5_1932_fra.exe SUPPRIME File: F:\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen.rar SUPPRIME File: c:\users\celso\appdata\roaming\mozilla\firefox\profiles\y5f7xqok.default\searchplugins\askcom.xml ABSENT File: c:\users\celso\appdata\roaming\mozilla\firefox\profiles\y5f7xqok.default\searchplugins\askcom.xml SUPPRIME Flash Cookies: 10 SUPPRIME Temporaires Windows: : 249 ========== Tache planifiée ========== SUPPRIME Task: {3297A559-5B5F-4C7C-B424-1361C06D20FE} SUPPRIME Task: {87C5EE51-F534-4BED-BEB0-CF23AD2C062F} ========== Autre ========== NON TRAITE PROCESSUS MALWARE (Rootkit, trojan, ver, spyware, adware,...) NON TRAITE PROCESSUS SUPERFLU DU SYSTEME NON TRAITE TOOLBAR INUTILE (Navigateur internet) ========== Récapitulatif ========== 6 : Processus mémoire 2 : Clé(s) du Registre 17 : Valeur(s) du Registre 1 : Elément(s) de donnée du Registre 10 : Dossier(s) 57 : Fichier(s) 2 : Tache planifiée 3 : Autre End of clean in 00mn 21s ========== Chemin de fichier rapport ========== C:\ZHP\ZHPFix[R1].txt - 01/03/2012 17:56:48 [9840]
  11. rital94

    je vous remerci enormement de traite mon probleme

    car etant moi même novice sur ce domaine

    je suis sous windoows 7

    Merci

  12. rital94
    Rapport de ZHPDiag v1.28.32 par Nicolas Coolman, Update du 05/02/2012 Run by CELSO at 01/03/2012 15:56:50 Web site : ZHPDiag Outil de diagnostic Web site : Blog de NicolasCoolman - ZebHelpProcess - Skyrock.com State : Version à jour. ---\\ Web Browser MSIE: Internet Explorer v9.0.8112.16421 MFIE: Mozilla Firefox 10.0.2 v10.0.2 (Defaut) ---\\ Windows Product Information ~ Langage: Français Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows® 7, OEM_COA_NSLP channel Windows ID Activation : OK ~ Windows Partial Key : RCRT4 Windows License : OK ~ Windows Remaining Initializations Number : 4 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System Information ~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 3071 MB (61% free) System Restore: Activé (Enable) System drive C: has 343 GB (73%) free of 466 GB ---\\ Logged in mode ~ Computer Name: CELSO-PC ~ User Name: CELSO ~ All Users Names: UpdatusUser, HomeGroupUser$, CELSO, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\CELSO\AppData\Roaming\ ~ %Desktop% : C:\Users\CELSO\Desktop\ ~ %Favorites% : C:\Users\CELSO\Favorites\ ~ %LocalAppData% : C:\Users\CELSO\AppData\Local\ ~ %StartMenu% : C:\Users\CELSO\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\system32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 343 Go of 466 Go) D:\ CD-ROM drive (Not Inserted) E:\ CD-ROM drive (Free 0 Go of 0 Go) F:\ Hard drive, Flash drive, Thumb drive (Free 613 Go of 932 Go) G:\ Floppy drive, Flash card reader, USB Key (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyComputer: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SYSTEM\CurrentControlSet\Services] wscsvc : OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ~ Scan Security Center in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320] [MD5.51138BEEA3E2C21EC44D0932C71762A8] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) (.14/07/2009 - 02:14:31.) -- C:\Windows\system32\rundll32.exe [44544] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\system32\Wininit.exe [96256] [MD5.1D94FA7C81D2FFE494AF094619BA706F] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.14/12/2011 - 03:57:18.) -- C:\Windows\system32\wininet.dll [1127424] [MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 13:17:54.) -- C:\Windows\system32\Winlogon.exe [286720] [MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 13:21:24.) -- C:\Windows\system32\sppcomapi.dll [193536] [MD5.129F80D7868E30DF3E3DE33A1D3132B4] - (.Microsoft Corporation - DLL client de l’API uilisateur de Windows multi-utilisateurs.) (.20/11/2010 - 13:08:50.) -- C:\Windows\system32\fr-FR\user32.dll.mui [20480] [MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:18:03.) -- C:\Windows\system32\drivers\AFD.sys [338944] [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\drivers\atapi.sys [21584] [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\drivers\Cdfs.sys [70656] [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\drivers\Cdrom.sys [108544] [MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\drivers\DfsC.sys [78336] [MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\drivers\HDAudBus.sys [108544] [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\drivers\i8042prt.sys [80896] [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\drivers\IpNat.sys [101888] [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\drivers\MRxSmb.sys [123904] [MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\drivers\netBT.sys [187904] [MD5.81189C3D7763838E55C397759D49007A] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.11/03/2011 - 06:39:00.) -- C:\Windows\system32\drivers\ntfs.sys [1211264] [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\drivers\Parport.sys [79360] [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\drivers\Rasl2tp.sys [78848] [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\drivers\smb.sys [71168] [MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\drivers\tdx.sys [74752] [MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\drivers\volsnap.sys [245632] ~ Scan Generic Processes in 00mn 01s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 119/6239 ~ Mes Videos (My Videos) : 2/58 ~ Mes Favoris (My Favorites) : Non accessible (Not found) ~ Mes Documents (My Documents) : 12/4903 ~ Mon Bureau (My Desktop) : 221/15712 ~ Menu demarrer (Programs) : 7/32 ~ Scan Hidden Files in 00mn 35s ---\\ Processus lancés [MD5.BF1FF06F5434AFAEAB6C3279E3BD2250] - (.Symantec Corporation - Symantec User Session.) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115560] [PID.1724] [MD5.F40E80C04475731C6ED5D19C48E45E3C] - (.Elaborate Bytes AG - Virtual CloneDrive Daemon.) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [85160] [PID.2088] [MD5.16E288B32BC5ED1A73D8D266B354AD5F] - (.cyberlink - brs.) -- C:\Program Files\CyberLink\Shared files\brs.exe [75048] [PID.2108] [MD5.C687C23E093782DA238F6B972FCB717C] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1820480] [PID.2364] [MD5.60D0647A2DC2D397B84D0AFB0808F85D] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [460872] [PID.2376] [MD5.FB9DFE1D04DFA81ABBD8493A52A23773] - (.Symantec Corporation - Symantec CMC SmcGui.) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe [1459528] [PID.2964] [MD5.F7BA07E85A37CA30FFED726001754951] - (.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe [10871680] [PID.3516] [MD5.5AC757AE411CBC603C33C85F81F8657D] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [924632] [PID.4424] [MD5.4309B75F125067EF805F3125B01FCC30] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [2210816] [PID.5124] ~ Scan Processes Running in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\CELSO\AppData\Roaming\Mozilla\Firefox\Profiles\y5f7xqok.default\prefs.js M3 - MFPP: Plugins - [CELSO] -- C:\Users\CELSO\AppData\Roaming\Mozilla\Firefox\Profiles\y5f7xqok.default\searchplugins\askcom.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml M0 - MFSP: prefs.js [CELSO - y5f7xqok.default] Google M2 - MFEP: prefs.js [CELSO - y5f7xqok.default\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}] [] Garmin Communicator v4.0.1.0 (.Garmin International.) P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.2.) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.5.9.620.) -- C:\Windows\System32\Adobe\Director\np32dsw.dll P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) -- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_26 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.1.10111.0.) -- C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll P2 - FPN: [HKLM] [@nvidia.com/3DVision] - (.NVIDIA Corporation - NVIDIA 3D Vision plugin for Mozilla browsers.) -- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll P2 - FPN: [HKLM] [@nvidia.com/3DVisionStreaming] - (.NVIDIA Corporation - NVIDIA 3D Vision Streaming plugin for Mozilla browsers.) -- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.2.) -- C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll P2 - FPN: [HKCU] [@Skype Limited.com/Facebook Video Calling Plugin] - (.Skype Limited - Facebook Video Calling Plugin.) -- C:\Users\CELSO\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll ~ Scan Firefox Browser in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Search Microsoft.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\System32\ieframe.dll R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1 ~ Scan IE Browser in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Scan Proxy management in 00mn 00s ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2) F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe ~ Scan Keys in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Scan Hosts File in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} . (.TechSmith Corporation - SnagIt Browser Helper Object for Internet E.) -- C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll ~ Scan BHO in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} . (.TechSmith Corporation - SnagIt Add-in for Internet Explorer.) -- C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll ~ Scan Toolbar in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe O4 - HKLM\..\Run: [ccApp] . (.Symantec Corporation - Symantec User Session.) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [VirtualCloneDrive] . (.Elaborate Bytes AG - Virtual CloneDrive Daemon.) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe O4 - HKLM\..\Run: [bDRegion] . (.cyberlink - brs.) -- C:\Program Files\CyberLink\Shared files\brs.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\System32\nvmctray.dll O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe ~ Scan Application in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - Global Startup: C:\Users\CELSO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Users\CELSO\Desktop\everest.exe - Raccourci.lnk . (...) -- F:\Logiciels 2011 Kevin\Everest.Corporate.Edtion.v2.80\everest.exe O4 - Global Startup: C:\Users\CELSO\Desktop\HijackThis.exe - Raccourci.lnk . (.Trend Micro Inc..) -- F:\Logiciel Maintenance & dvd Shrink,\HiJackThis\HijackThis.exe O4 - Global Startup: C:\Users\CELSO\Desktop\Jouer à ManiaPlanet.lnk . (...) -- C:\Program Files\ManiaPlanet\ManiaPlanetLauncher.exe O4 - Global Startup: C:\Users\CELSO\Desktop\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - Global Startup: C:\Users\CELSO\Desktop\PhotoFiltre.lnk . (.Antonio Da Cruz.) -- C:\Program Files\PhotoFiltre\photofiltre.exe O4 - Global Startup: C:\Users\CELSO\Desktop\Windows Live Messenger.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O4 - Global Startup: C:\Users\CELSO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Users\CELSO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk . (.Microsoft Corporation.) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE O4 - Global Startup: C:\Users\CELSO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe ~ Scan Global Startup in 00mn 00s ---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5) O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no ~ Scan IE Control Panel in 00mn 00s ---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8) O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\Program Files\MICROS~2\Office12\EXCEL.exe ~ Scan IE Menu Contextuel in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO ~ Scan IE Extra Buttons in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\System32\nlaapi.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d’affectation de noms de messagerie.) -- C:\Windows\System32\NapiNSP.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\System32\pnrpnsp.dll O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\System32\pnrpnsp.dll O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\System32\mswsock.dll O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\System32\winrnr.dll O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.dll O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.dll ~ Scan Winsock in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ~ Scan Objets ActiveX in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{2B015339-CF8E-4E76-9AF8-3D0CC9B1E0FA}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CS1\Services\Tcpip\..\{2B015339-CF8E-4E76-9AF8-3D0CC9B1E0FA}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CS2\Services\Tcpip\..\{2B015339-CF8E-4E76-9AF8-3D0CC9B1E0FA}: NameServer = 8.8.8.8,8.8.4.4 ~ Scan Domain in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\MSVidCtl.dll O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.dll O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files\Common Files\microsoft shared\Help\hxds.dll O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.dll O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\MSVidCtl.dll O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll ~ Scan Protocole Additionnel in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\system32\igfxdev.dll ~ Scan Winlogon in 00mn 00s ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. ~ Scan SSODL in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) . (.Symantec Corporation - Symantec Service Framework.) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) . (.Symantec Corporation - Symantec Service Framework.) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 295.7.) - C:\Windows\System32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) . (.NVIDIA Corporation - NVIDIA Settings Update Manager.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: PnkBstrA (PnkBstrA) . (...) - C:\Windows\System32\PnkBstrA.exe O23 - Service: Client de gestion Symantec (SmcService) . (.Symantec Corporation - Symantec CMC Smc.) - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) . (.Symantec Corporation - Symantec AntiVirus.) - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe O23 - Service: TeamViewer 6 (TeamViewer6) . (.TeamViewer GmbH - TeamViewer Remote Control Application.) - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: TeamViewer 7 (TeamViewer7) . (.TeamViewer GmbH - TeamViewer Remote Control Application.) - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: Power Control [2011/02/26 16:42:22] ({B154377D-700F-42cc-9474-23858FBDF4BD}) . (.CyberLink Corp. - Pas de description.) - C:\Program Files\CyberLink\PowerDVD9\NavFilter\000.fcl ~ Scan Services in 00mn 00s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Default MHTML Editor: Last - .(...) - (.not file.) ~ Scan Desktop Component in 00mn 00s ---\\ BootExecute (O34) O34 - HKLM BootExecute: (autocheck autochk *) - File not found ~ Scan Keys in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-501933425-2476989565-1232407324-1000Core.job O39 - APT:Automatic Planified Task - C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-501933425-2476989565-1232407324-1000UA.job O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [MD5.FCC7C432FBF465C38FD5D940580EF9B7] [APT] [FacebookUpdateTaskUserS-1-5-21-501933425-2476989565-1232407324-1000Core] (.Facebook Inc..) -- C:\Users\CELSO\AppData\Local\Facebook\Update\FacebookUpdate.exe [MD5.FCC7C432FBF465C38FD5D940580EF9B7] [APT] [FacebookUpdateTaskUserS-1-5-21-501933425-2476989565-1232407324-1000UA] (.Facebook Inc..) -- C:\Users\CELSO\AppData\Local\Facebook\Update\FacebookUpdate.exe [MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [MD5.00000000000000000000000000000000] [APT] [{3297A559-5B5F-4C7C-B424-1361C06D20FE}] (...) -- D:\Directx\dxsetup.exe (.not file.) [MD5.00000000000000000000000000000000] [APT] [{87C5EE51-F534-4BED-BEB0-CF23AD2C062F}] (...) -- C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrinké\pacht cod2\pbsetup.exe (.not file.) [MD5.00000000000000000000000000000000] [APT] [{97FAB673-36A2-4CD2-BA32-68A669238929}] (...) -- D:\setup.exe (.not file.) [MD5.028CD3C6E95FF807859FA47A96604890] [APT] [{9C1D237C-593F-4628-9A9E-507628D61569}] (...) -- F:\Logiciels 2011 Kevin\Everest.Corporate.Edtion.v2.80\everest.exe [MD5.B8F49232247D0825B2B82E08A9E10753] [APT] [{BDF7492F-AD9E-4DB2-A57A-F3F0436E4635}] (.Malwarebytes Corporation.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [MD5.00000000000000000000000000000000] [APT] [{C544CD80-0710-4A00-B5B5-9B489786A3FD}] (...) -- D:\setup.exe (.not file.) [MD5.5BC75CB78D32CC34428FC8584A3BD167] [APT] [{CFD75BF0-4D55-4DDC-A7EA-B3C0F143E5F4}] (.NVIDIA Corporation.) -- C:\Users\CELSO\Downloads\295.73-desktop-win7-winvista-32bit-international-whql.exe [MD5.028CD3C6E95FF807859FA47A96604890] [APT] [{D7E0FBA8-3269-4FAB-AC5B-FEF3502D6084}] (...) -- C:\Users\CELSO\Desktop\Everest\everest.exe [MD5.00000000000000000000000000000000] [APT] [{F07B0A95-A454-472A-B4B2-880372743DFF}] (...) -- D:\setup.exe (.not file.) ~ Scan Scheduled Task in 00mn 07s ---\\ Composants installés (ActiveSetup Installed Components) (O40) O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - Personnalisation d’IEAK.) -- C:\Windows\System32\iedkcs32.dll O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\regutils.dll O40 - ASIC: Microsoft Windows Media Player 12.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\System32\wmpdxm.dll O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Windows Media Player.) -- C:\Windows\system32\wmp.dll O40 - ASIC: Web Platform Customizations - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll ~ Scan Active Setup in 00mn 00s ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: C:\Windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\system32\DRIVERS\blbdrive.sys O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\drivers\cdrom.sys O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\system32\Drivers\dfsc.sys O41 - Driver: C:\Windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\system32\drivers\discache.sys O41 - Driver: (eeCtrl) . (.Symantec Corporation - Symantec Eraser Control Driver.) - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys O41 - Driver: (ElbyCDIO) . (.Elaborate Bytes AG - ElbyCD Windows NT/2000/XP I/O driver.) - C:\Windows\system32\Drivers\ElbyCDIO.sys O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\system32\DRIVERS\netbios.sys O41 - Driver: C:\Windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\system32\DRIVERS\netbt.sys O41 - Driver: C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\system32\drivers\nsiproxy.sys O41 - Driver: C:\Windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\system32\DRIVERS\pacer.sys O41 - Driver: C:\Windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\system32\DRIVERS\rdbss.sys O41 - Driver: C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\system32\DRIVERS\RDPCDD.sys O41 - Driver: C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\system32\drivers\rdpencdd.sys O41 - Driver: C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\system32\drivers\rdprefmp.sys O41 - Driver: (Serial) . (.Microsoft Corporation - Pilote de périphérique série.) - C:\Windows\system32\DRIVERS\serial.sys O41 - Driver: (SPBBCDrv) . (.Symantec Corporation - SPBBC Driver.) - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys O41 - Driver: (SRTSP) . (.Symantec Corporation - Symantec AutoProtect.) - C:\Windows\system32\Drivers\SRTSP.sys O41 - Driver: (SRTSPX) . (.Symantec Corporation - Symantec AutoProtect.) - C:\Windows\system32\Drivers\SRTSPX.sys O41 - Driver: (SYMTDI) . (.Symantec Corporation - Network Dispatch Driver.) - C:\Windows\system32\Drivers\SYMTDI.sys O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\system32\DRIVERS\tdx.sys O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\drivers\termdd.sys O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys O41 - Driver: C:\Windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\system32\DRIVERS\wanarp.sys O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\system32\DRIVERS\wfplwf.sys ~ Scan Drivers in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin O42 - Logiciel: Adobe Reader X (10.1.2) - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-AA1000000001} O42 - Logiciel: Adobe Shockwave Player 11.5 - (.Adobe Systems, Inc..) [HKLM] -- Adobe Shockwave Player O42 - Logiciel: Ashampoo Burning Studio 10 v.10.0.15 - (.Ashampoo GmbH & Co. KG.) [HKLM] -- Ashampoo Burning Studio 10_is1 O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner O42 - Logiciel: Call of Duty® 2 - (.Activision.) [HKLM] -- InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374} O42 - Logiciel: Call of Duty® 4 - Modern Warfare - (.Activision.) [HKLM] -- InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217} O42 - Logiciel: Call of Duty® 4 - Modern Warfare 1.7 Patch - (.Pas de propriétaire.) [HKLM] -- InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498} O42 - Logiciel: CyberLink PowerDVD 9 - (.CyberLink Corp..) [HKLM] -- InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8} O42 - Logiciel: CyberLink PowerDVD 9 - (.CyberLink Corp..) [HKLM] -- {A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8} O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF} O42 - Logiciel: Diz&Nfo v1.7d - (.Pas de propriétaire.) [HKLM] -- Diz&Nfo v1.7d_is1 O42 - Logiciel: FTPRush 2.1.4 - (.wftpserver.com.) [HKLM] -- FTP Rush_is1 O42 - Logiciel: Facebook Video Calling 1.1.1.1 - (.Skype Limited.) [HKLM] -- {624E54D0-E4F4-434F-9EF6-D4D066EE4348} O42 - Logiciel: Google Earth Plug-in - (.Google.) [HKLM] -- {2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E} O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} O42 - Logiciel: HomePlayer 1.5.9d - (.HomePlayer.) [HKLM] -- HomePlayer O42 - Logiciel: Intel® Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM] -- HDMI O42 - Logiciel: Intel® TV Wizard - (.Intel Corporation.) [HKLM] -- TVWiz O42 - Logiciel: Java 6 Update 26 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216024FF} O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM] -- {8E5233E1-7495-44FB-8DEB-4BE906D59619} O42 - Logiciel: Les Sims 2 - (.Pas de propriétaire.) [HKLM] -- {6E7DD182-9FC6-4651-0095-2E666CC6AF35} O42 - Logiciel: Les Sims 2 Fun en Famille Kit - (.Pas de propriétaire.) [HKLM] -- {6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0} O42 - Logiciel: LiveUpdate 3.3 (Symantec Corporation) - (.Symantec Corporation.) [HKLM] -- LiveUpdate O42 - Logiciel: Logiciel d'archivage WinRAR - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} O42 - Logiciel: Malwarebytes Anti-Malware version 1.60.1.1000 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1 O42 - Logiciel: ManiaPlanet - (.Nadeo.) [HKLM] -- ManiaPlanet_is1 O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6} O42 - Logiciel: Microsoft .NET Framework 4 Client Profile FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E} O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93} O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8} O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8} O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8} O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8} O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8} O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8} O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8} O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A} O42 - Logiciel: Microsoft Office Access MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0015-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Excel MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office File Validation Add-In - (.Microsoft Corporation.) [HKLM] -- {90140000-2005-0000-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office InfoPath MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0044-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Outlook MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001A-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] -- PROPLUS O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (Arabic) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (Dutch) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (German) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proofing (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002C-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC} O42 - Logiciel: Microsoft Office Publisher MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0019-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Shared MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Word MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {770657D0-A123-3C07-8E44-1C83EC895118} O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {710f4c1c-cc18-4c49-8cbf-51240c89a1a2} O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 - (.Microsoft Corporation.) [HKLM] -- {86CE85E6-DBAC-3FFD-B977-E4B79F83C909} O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475} O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 - (.Microsoft Corporation.) [HKLM] -- {9BE518E6-ECC6-35A9-88E4-87755C07200F} O42 - Logiciel: Mises à jour NVIDIA 1.7.11 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack O42 - Logiciel: Mozilla Firefox 10.0.2 (x86 fr) - (.Mozilla.) [HKLM] -- Mozilla Firefox 10.0.2 (x86 fr) O42 - Logiciel: NVIDIA Logiciel système PhysX 9.12.0209 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX O42 - Logiciel: NVIDIA PhysX - (.NVIDIA Corporation.) [HKLM] -- {4EAE665D-957A-4D04-9679-3AD582008877} O42 - Logiciel: NVIDIA Pilote 3D Vision 295.73 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision O42 - Logiciel: NVIDIA Pilote audio HD : 1.3.12.0 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver O42 - Logiciel: NVIDIA Pilote du contrôleur 3D Vision 295.73 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB O42 - Logiciel: NVIDIA Pilote graphique 295.73 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver O42 - Logiciel: NVIDIA Stereoscopic 3D Driver - (.NVIDIA Corporation.) [HKLM] -- NVIDIAStereo O42 - Logiciel: PVSonyDll - (.NVIDIA Corporation.) [HKLM] -- {3D3E663D-4E7E-4577-A560-7ECDDD45548A} O42 - Logiciel: PhotoFiltre - (.Pas de propriétaire.) [HKCU] -- PhotoFiltre O42 - Logiciel: Playviz 1.7.7 - (.Previznet.) [HKCU] -- Playviz 1.7.7 O42 - Logiciel: QuickPar 0.9 - (.Peter B. Clements.) [HKLM] -- QuickPar O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2478663 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2539636 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2572078 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2633870 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656351 O42 - Logiciel: Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09} O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{AEA16A27-0B97-4670-818F-A98D06EC0A6F} O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0EF0D4FB-BB23-4515-AAEA-1240AC2DA525} O42 - Logiciel: Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{5A8732F0-C20F-4A9B-A2A9-66FE7A586C35} O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663) - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}.KB2478663 O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}.KB2518870 O42 - Logiciel: SnagIt 9 - (.TechSmith Corporation.) [HKLM] -- {2FADA80A-5D89-4CC8-9ED7-445527754A83} O42 - Logiciel: Symantec Endpoint Protection - (.Symantec Corporation.) [HKLM] -- {3C1AE512-3C37-44FA-BA42-ABB721EC5B1D} O42 - Logiciel: TeamSpeak 3 Client - (.TeamSpeak Systems GmbH.) [HKLM] -- TeamSpeak 3 Client O42 - Logiciel: TeamViewer 6 - (.TeamViewer GmbH.) [HKLM] -- TeamViewer 6 O42 - Logiciel: TeamViewer 7 - (.TeamViewer.) [HKLM] -- TeamViewer 7 O42 - Logiciel: TmNationsForever - (.Nadeo.) [HKLM] -- TmNationsForever_is1 O42 - Logiciel: Update for 2007 Microsoft Office System (KB967642) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D} O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2468871) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871 O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2533523) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523 O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2600217) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217 O42 - Logiciel: Update for Microsoft Office 2007 (KB2508958) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438} O42 - Logiciel: Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{B7873DF5-9E1C-45EE-8895-D29C6AE01202} O42 - Logiciel: Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C20964A7-5181-45E5-9E82-72F5D400DEBF} O42 - Logiciel: Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{97FF6C46-CE3A-47F6-BA6B-3D743ACA4054} O42 - Logiciel: Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{567103D1-96CD-4B76-93B9-2681A187DEFF} O42 - Logiciel: VLC media player 1.1.5 - (.VideoLAN.) [HKLM] -- VLC media player O42 - Logiciel: Virtual Plastic Surgery Software - VPSS v1.0 - (.Kaeria SARL.) [HKLM] -- Virtual Plastic Surgery Software - VPSS_is1 O42 - Logiciel: VirtualCloneDrive - (.Elaborate Bytes.) [HKLM] -- VirtualCloneDrive O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM] -- {34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5} O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {D45240D3-B6B3-4FF9-B243-54ECE3E10066} O42 - Logiciel: Windows Live ID Sign-in Assistant - (.Microsoft Corporation.) [HKLM] -- {C6150D8A-86ED-41D3-87BB-F3BB51B0B77F} O42 - Logiciel: Windows Live Installer - (.Microsoft Corporation.) [HKLM] -- {0B0F231F-CE6A-483D-AA23-77B364F75917} O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {AB61A2E9-37D3-485D-9085-19FBDF8CEF4A} O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {E5B21F11-6933-4E0B-A25C-7963E3C07D11} O42 - Logiciel: Windows Live PIMT Platform - (.Microsoft Corporation.) [HKLM] -- {83C292B7-38A5-440B-A731-07070E81A64F} O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM] -- {A9BDCA6B-3653-467B-AC83-94367DA3BFE3} O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM] -- {C893D8C0-1BA0-4517-B11C-E89B65E72F70} O42 - Logiciel: Windows Live SOXE - (.Microsoft Corporation.) [HKLM] -- {682B3E4F-696A-42DE-A41C-4C07EA1678B4} O42 - Logiciel: Windows Live SOXE Definitions - (.Microsoft Corporation.) [HKLM] -- {200FEC62-3C34-4D60-9CE8-EC372E01C08F} O42 - Logiciel: Windows Live UX Platform - (.Microsoft Corporation.) [HKLM] -- {CE95A79E-E4FC-4FFF-8A75-29F04B942FF2} O42 - Logiciel: Windows Live UX Platform Language Pack - (.Microsoft Corporation.) [HKLM] -- {05E379CC-F626-4E7D-8354-463865B303BF} O42 - Logiciel: Xfire (remove only) - (.Pas de propriétaire.) [HKLM] -- Xfire ---\\ HKCU & HKLM Software Keys [HKCU\Software\ASProtect] [HKCU\Software\ASUS] [HKCU\Software\Adobe] [HKCU\Software\AppDataLow\Software\Adobe] [HKCU\Software\AppDataLow\Software\Microsoft] [HKCU\Software\AppDataLow\Software] [HKCU\Software\AppDataLow] [HKCU\Software\Ashampoo] [HKCU\Software\Classes] [HKCU\Software\Clients] [HKCU\Software\CyberLink] [HKCU\Software\Digital River] [HKCU\Software\DivXNetworks] [HKCU\Software\Elaborate Bytes] [HKCU\Software\FTPRush] [HKCU\Software\Facebook] [HKCU\Software\Garmin] [HKCU\Software\Google] [HKCU\Software\Hewlett-Packard] [HKCU\Software\HookNetwork] [HKCU\Software\IM Providers] [HKCU\Software\INTEL] [HKCU\Software\ImInstaller] [HKCU\Software\IncrediMail] [HKCU\Software\JEDI-VCL] [HKCU\Software\JavaSoft] [HKCU\Software\Lake] [HKCU\Software\Lavalys] [HKCU\Software\Macromedia] [HKCU\Software\Malwarebytes' Anti-Malware] [HKCU\Software\MozillaPlugins] [HKCU\Software\Mozilla] [HKCU\Software\Mumble] [HKCU\Software\NVIDIA Corporation] [HKCU\Software\Netscape] [HKCU\Software\ODBC] [HKCU\Software\Piriform] [HKCU\Software\Policies] [HKCU\Software\SkypeRS] [HKCU\Software\Softonic] [HKCU\Software\Symantec] [HKCU\Software\Sysinternals] [HKCU\Software\TeamSpeak 3 Client] [HKCU\Software\TeamViewer] [HKCU\Software\TechSmith] [HKCU\Software\Trolltech] [HKCU\Software\Virtual Plastic Surgery Software - VPSS] [HKCU\Software\WinRAR] [HKCU\Software\Xfire] [HKCU\Software\YahooPartnerToolbar] [HKLM\Software\AGEIA Technologies] [HKLM\Software\ASUS] [HKLM\Software\ATI Technologies] [HKLM\Software\Activision] [HKLM\Software\Adobe] [HKLM\Software\AppDataLow] [HKLM\Software\Ashampoo] [HKLM\Software\BrowserChoice] [HKLM\Software\C07ft5Y] [HKLM\Software\Classes] [HKLM\Software\Clients] [HKLM\Software\CyberLink] [HKLM\Software\EA GAMES] [HKLM\Software\Elaborate Bytes] [HKLM\Software\Electronic Arts] [HKLM\Software\Even Balance] [HKLM\Software\Garmin] [HKLM\Software\Google] [HKLM\Software\Hewlett-Packard] [HKLM\Software\ImInstaller] [HKLM\Software\InstallShield] [HKLM\Software\Intel] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\Khronos] [HKLM\Software\Lake] [HKLM\Software\Licenses] [HKLM\Software\Logitech] [HKLM\Software\Macromedia] [HKLM\Software\Malwarebytes' Anti-Malware (Trial)] [HKLM\Software\Malwarebytes' Anti-Malware] [HKLM\Software\MozillaPlugins] [HKLM\Software\Mozilla] [HKLM\Software\NVIDIA Corporation] [HKLM\Software\ODBC] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\RegisteredApplications] [HKLM\Software\Sonic] [HKLM\Software\Symantec] [HKLM\Software\TeamViewer] [HKLM\Software\TechSmith] [HKLM\Software\Uniblue] [HKLM\Software\VideoLAN] [HKLM\Software\Volatile] [HKLM\Software\WinRAR] [HKLM\Software\Windows] [HKLM\Software\Wow6432Node] [HKLM\Software\mozilla.org] ~ Scan Softwares in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 19/05/2011 - 14:55:28 - [-669,815] ----D- C:\Program Files\Activision O43 - CFD: 17/06/2011 - 09:11:28 - [158,508] ----D- C:\Program Files\Adobe O43 - CFD: 17/05/2011 - 10:18:54 - [187,007] ----D- C:\Program Files\Ashampoo O43 - CFD: 16/05/2011 - 09:14:54 - [0,398] ----D- C:\Program Files\Call of Duty O43 - CFD: 25/02/2011 - 00:08:36 - [3,484] ----D- C:\Program Files\CCleaner O43 - CFD: 02/07/2011 - 01:15:00 - [383,219] ----D- C:\Program Files\Common Files O43 - CFD: 26/02/2011 - 16:42:44 - [192,712] ----D- C:\Program Files\CyberLink O43 - CFD: 26/02/2011 - 16:36:18 - [0,312] ----D- C:\Program Files\Diz&Nfo O43 - CFD: 02/03/2011 - 11:02:48 - [79,371] ----D- C:\Program Files\DVD Maker O43 - CFD: 11/07/2011 - 20:21:46 - [-1074,294] ----D- C:\Program Files\EA GAMES O43 - CFD: 24/02/2011 - 19:40:56 - [2,029] ----D- C:\Program Files\Elaborate Bytes O43 - CFD: 22/02/2011 - 17:00:46 - [0] -SH-D- C:\Program Files\Fichiers communs O43 - CFD: 11/04/2011 - 19:30:34 - [0,002] ----D- C:\Program Files\FileZilla FTP Client O43 - CFD: 11/04/2011 - 19:22:22 - [9,973] ----D- C:\Program Files\FTPRush O43 - CFD: 17/11/2011 - 00:58:02 - [58,807] ----D- C:\Program Files\Google O43 - CFD: 24/02/2011 - 19:44:56 - [135,712] ----D- C:\Program Files\HomePlayer O43 - CFD: 27/04/2011 - 11:40:52 - [45,979] ----D- C:\Program Files\HP O43 - CFD: 19/05/2011 - 15:11:36 - [20,592] ----D- C:\Program Files\InstallShield Installation Information O43 - CFD: 22/02/2011 - 17:16:46 - [11,571] ----D- C:\Program Files\Intel O43 - CFD: 15/02/2012 - 13:51:48 - [4,935] ----D- C:\Program Files\Internet Explorer O43 - CFD: 02/07/2011 - 01:14:30 - [84,449] ----D- C:\Program Files\Java O43 - CFD: 29/02/2012 - 22:31:50 - [11,412] ----D- C:\Program Files\Malwarebytes' Anti-Malware O43 - CFD: 20/10/2011 - 15:42:14 - [61,736] ----D- C:\Program Files\ManiaPlanet O43 - CFD: 14/07/2009 - 10:00:58 - [140,966] ----D- C:\Program Files\Microsoft Games O43 - CFD: 03/07/2011 - 06:55:04 - [479,611] ----D- C:\Program Files\Microsoft Office O43 - CFD: 24/02/2012 - 22:21:30 - [36,634] ----D- C:\Program Files\Microsoft Silverlight O43 - CFD: 22/02/2011 - 17:38:38 - [0,014] ----D- C:\Program Files\Microsoft Visual Studio O43 - CFD: 26/02/2011 - 16:46:36 - [3,554] ----D- C:\Program Files\Microsoft Works O43 - CFD: 03/03/2011 - 08:39:56 - [7,789] ----D- C:\Program Files\Microsoft.NET O43 - CFD: 26/02/2012 - 23:40:12 - [37,531] ----D- C:\Program Files\Mozilla Firefox O43 - CFD: 24/02/2011 - 19:14:18 - [0,025] ----D- C:\Program Files\MSBuild O43 - CFD: 24/02/2012 - 22:00:00 - [1004,957] ----D- C:\Program Files\NVIDIA Corporation O43 - CFD: 30/04/2011 - 13:40:44 - [3,528] ----D- C:\Program Files\PhotoFiltre O43 - CFD: 26/02/2011 - 16:33:38 - [0,898] ----D- C:\Program Files\QuickPar O43 - CFD: 14/07/2009 - 05:52:30 - [37,345] ----D- C:\Program Files\Reference Assemblies O43 - CFD: 24/02/2011 - 19:29:36 - [49,065] ----D- C:\Program Files\Symantec O43 - CFD: 14/02/2012 - 17:41:14 - [55,344] ----D- C:\Program Files\TeamSpeak 3 Client O43 - CFD: 06/12/2011 - 09:34:56 - [146,431] ----D- C:\Program Files\TeamViewer O43 - CFD: 24/02/2011 - 21:30:36 - [45,323] ----D- C:\Program Files\TechSmith O43 - CFD: 24/02/2011 - 21:53:26 - [713,725] ----D- C:\Program Files\TmNationsForever O43 - CFD: 14/07/2009 - 05:53:24 - [0] --H-D- C:\Program Files\Uninstall Information O43 - CFD: 22/02/2011 - 17:35:18 - [76,799] ----D- C:\Program Files\VideoLAN O43 - CFD: 17/07/2011 - 15:08:46 - [5,227] ----D- C:\Program Files\VPSS O43 - CFD: 11/04/2011 - 18:53:28 - [0] ----D- C:\Program Files\Wikikou O43 - CFD: 02/03/2011 - 11:02:44 - [2,909] ----D- C:\Program Files\Windows Defender O43 - CFD: 02/03/2011 - 11:02:48 - [6,689] ----D- C:\Program Files\Windows Journal O43 - CFD: 06/09/2011 - 16:01:34 - [62,208] ----D- C:\Program Files\Windows Live O43 - CFD: 02/03/2011 - 11:02:48 - [5,895] ----D- C:\Program Files\Windows Mail O43 - CFD: 02/03/2011 - 11:02:48 - [6,298] ----D- C:\Program Files\Windows Media Player O43 - CFD: 22/02/2011 - 17:00:46 - [11,632] ----D- C:\Program Files\Windows NT O43 - CFD: 02/03/2011 - 11:02:48 - [4,213] ----D- C:\Program Files\Windows Photo Viewer O43 - CFD: 02/03/2011 - 11:02:46 - [0,181] ----D- C:\Program Files\Windows Portable Devices O43 - CFD: 02/03/2011 - 11:02:48 - [6,374] ----D- C:\Program Files\Windows Sidebar O43 - CFD: 24/02/2011 - 19:18:30 - [4,827] ----D- C:\Program Files\WinRAR O43 - CFD: 18/12/2011 - 12:42:34 - [19,529] ----D- C:\Program Files\Xfire O43 - CFD: 01/03/2012 - 15:57:36 - [10,100] ----D- C:\Program Files\ZHPDiag O43 - CFD: 17/06/2011 - 09:11:32 - [3,651] ----D- C:\Program Files\Common Files\Adobe O43 - CFD: 24/02/2011 - 18:57:54 - [0] ----D- C:\Program Files\Common Files\BitDefender O43 - CFD: 26/02/2011 - 16:41:30 - [0,115] ----D- C:\Program Files\Common Files\CyberLink O43 - CFD: 22/02/2011 - 17:38:38 - [0,089] ----D- C:\Program Files\Common Files\DESIGNER O43 - CFD: 14/05/2011 - 00:43:46 - [2,770] ----D- C:\Program Files\Common Files\InstallShield O43 - CFD: 02/07/2011 - 01:15:00 - [1,201] ----D- C:\Program Files\Common Files\Java O43 - CFD: 24/02/2011 - 17:26:18 - [0,410] ----D- C:\Program Files\Common Files\logishrd O43 - CFD: 26/10/2011 - 10:19:44 - [273,937] ----D- C:\Program Files\Common Files\microsoft shared O43 - CFD: 14/07/2009 - 03:37:06 - [0,003] ----D- C:\Program Files\Common Files\Services O43 - CFD: 14/07/2009 - 03:37:06 - [39,200] ----D- C:\Program Files\Common Files\SpeechEngines O43 - CFD: 24/02/2011 - 19:30:46 - [19,589] ----D- C:\Program Files\Common Files\Symantec Shared O43 - CFD: 09/11/2011 - 10:23:44 - [42,256] ----D- C:\Program Files\Common Files\System O43 - CFD: 22/02/2011 - 17:40:38 - [0] ----D- C:\Program Files\Common Files\Windows Live O43 - CFD: 17/06/2011 - 09:11:30 - [0,000] ----D- C:\ProgramData\Adobe O43 - CFD: 14/07/2009 - 05:53:56 - [0] -SH-D- C:\ProgramData\Application Data O43 - CFD: 17/05/2011 - 10:19:20 - [0,344] ----D- C:\ProgramData\ashampoo O43 - CFD: 22/02/2011 - 17:00:46 - [0] -SH-D- C:\ProgramData\Bureau O43 - CFD: 26/02/2011 - 16:43:54 - [1,447] ----D- C:\ProgramData\CyberLink O43 - CFD: 14/07/2009 - 05:53:56 - [0] -SH-D- C:\ProgramData\Desktop O43 - CFD: 14/07/2009 - 05:53:56 - [0] -SH-D- C:\ProgramData\Documents O43 - CFD: 22/02/2011 - 17:00:46 - [0] -SH-D- C:\ProgramData\Favoris O43 - CFD: 14/07/2009 - 05:53:56 - [0] -SH-D- C:\ProgramData\Favorites O43 - CFD: 24/02/2011 - 18:34:58 - [0,000] ----D- C:\ProgramData\IM O43 - CFD: 19/05/2011 - 17:20:58 - [15,396] ----D- C:\ProgramData\Malwarebytes O43 - CFD: 04/02/2012 - 02:12:02 - [681,954] ----D- C:\ProgramData\ManiaPlanet O43 - CFD: 22/02/2011 - 17:00:46 - [0] -SH-D- C:\ProgramData\Menu Démarrer O43 - CFD: 25/02/2012 - 17:10:48 - [341,524] -S--D- C:\ProgramData\Microsoft O43 - CFD: 15/02/2012 - 13:07:46 - [0,061] ----D- C:\ProgramData\Microsoft Help O43 - CFD: 22/02/2011 - 17:00:46 - [0] -SH-D- C:\ProgramData\Modèles O43 - CFD: 01/03/2012 - 15:54:24 - [2,623] ----D- C:\ProgramData\NVIDIA O43 - CFD: 19/05/2011 - 14:40:56 - [0,909] ----D- C:\ProgramData\NVIDIA Corporation O43 - CFD: 14/07/2009 - 05:53:56 - [0] -SH-D- C:\ProgramData\Start Menu O43 - CFD: 01/03/2011 - 15:00:44 - [0,000] ----D- C:\ProgramData\Sun O43 - CFD: 24/02/2011 - 19:30:36 - [852,586] ----D- C:\ProgramData\Symantec O43 - CFD: 24/02/2011 - 21:30:40 - [0,888] ----D- C:\ProgramData\TechSmith O43 - CFD: 26/02/2011 - 16:37:48 - [0,051] ----D- C:\ProgramData\Temp O43 - CFD: 14/07/2009 - 05:53:56 - [0] -SH-D- C:\ProgramData\Templates O43 - CFD: 26/02/2011 - 21:33:28 - [551,981] ----D- C:\ProgramData\TmForever O43 - CFD: 18/12/2011 - 18:41:24 - [134,809] ----D- C:\ProgramData\Xfire O43 - CFD: 25/02/2011 - 09:45:56 - [3,856] ----D- C:\Users\CELSO\AppData\Roaming\Adobe O43 - CFD: 17/05/2011 - 10:20:08 - [0] ----D- C:\Users\CELSO\AppData\Roaming\Ashampoo O43 - CFD: 26/02/2011 - 16:43:54 - [0,002] ----D- C:\Users\CELSO\AppData\Roaming\CyberLink O43 - CFD: 11/04/2011 - 18:54:48 - [0,016] ----D- C:\Users\CELSO\AppData\Roaming\FileZilla O43 - CFD: 24/02/2012 - 21:40:38 - [0,175] ----D- C:\Users\CELSO\AppData\Roaming\FTPRush O43 - CFD: 29/11/2011 - 15:26:16 - [0,105] ----D- C:\Users\CELSO\AppData\Roaming\Garmin O43 - CFD: 22/02/2011 - 17:01:00 - [0] ----D- C:\Users\CELSO\AppData\Roaming\Identities O43 - CFD: 24/02/2011 - 18:37:26 - [0,055] ----D- C:\Users\CELSO\AppData\Roaming\Macromedia O43 - CFD: 19/05/2011 - 17:21:06 - [2,229] ----D- C:\Users\CELSO\AppData\Roaming\Malwarebytes O43 - CFD: 14/07/2009 - 10:00:24 - [0] ----D- C:\Users\CELSO\AppData\Roaming\Media Center Programs O43 - CFD: 01/02/2012 - 20:06:36 - [2,825] -S--D- C:\Users\CELSO\AppData\Roaming\Microsoft O43 - CFD: 24/02/2011 - 17:34:00 - [108,977] ----D- C:\Users\CELSO\AppData\Roaming\Mozilla O43 - CFD: 19/12/2011 - 18:55:54 - [1,087] ----D- C:\Users\CELSO\AppData\Roaming\Mumble O43 - CFD: 26/02/2011 - 16:45:08 - [0] ----D- C:\Users\CELSO\AppData\Roaming\NVIDIA O43 - CFD: 26/02/2011 - 18:57:26 - [8,253] ----D- C:\Users\CELSO\AppData\Roaming\OpenCandy O43 - CFD: 30/04/2011 - 13:52:22 - [0,002] ----D- C:\Users\CELSO\AppData\Roaming\PhotoFiltre O43 - CFD: 22/02/2011 - 17:21:16 - [0] ----D- C:\Users\CELSO\AppData\Roaming\QuickScan O43 - CFD: 24/02/2011 - 18:49:48 - [0,215] ----D- C:\Users\CELSO\AppData\Roaming\TeamViewer O43 - CFD: 24/02/2012 - 21:40:38 - [3,332] ----D- C:\Users\CELSO\AppData\Roaming\TS3Client O43 - CFD: 26/02/2011 - 19:04:34 - [0,192] ----D- C:\Users\CELSO\AppData\Roaming\Uniblue O43 - CFD: 27/10/2011 - 15:19:30 - [1,808] ----D- C:\Users\CELSO\AppData\Roaming\vlc O43 - CFD: 24/02/2011 - 19:19:00 - [1,180] ----D- C:\Users\CELSO\AppData\Roaming\WinRAR O43 - CFD: 29/01/2012 - 20:25:26 - [0,009] ----D- C:\Users\CELSO\AppData\Roaming\Xfire O43 - CFD: 25/02/2011 - 09:45:56 - [15,213] ----D- C:\Users\CELSO\AppData\Local\Adobe O43 - CFD: 22/02/2011 - 17:00:52 - [0] -SH-D- C:\Users\CELSO\AppData\Local\Application Data O43 - CFD: 17/05/2011 - 10:20:02 - [0,344] ----D- C:\Users\CELSO\AppData\Local\ashampoo O43 - CFD: 26/02/2011 - 16:45:02 - [0,007] ----D- C:\Users\CELSO\AppData\Local\Cyberlink O43 - CFD: 26/02/2012 - 01:59:02 - [0,425] ----D- C:\Users\CELSO\AppData\Local\Diagnostics O43 - CFD: 06/09/2011 - 16:42:20 - [0,093] ----D- C:\Users\CELSO\AppData\Local\Downloader O43 - CFD: 23/02/2012 - 21:36:50 - [0,299] ----D- C:\Users\CELSO\AppData\Local\ElevatedDiagnostics O43 - CFD: 03/12/2011 - 17:22:00 - [6,511] ----D- C:\Users\CELSO\AppData\Local\Facebook O43 - CFD: 30/04/2011 - 14:44:28 - [0] ----D- C:\Users\CELSO\AppData\Local\Google O43 - CFD: 22/02/2011 - 17:00:52 - [0] -SH-D- C:\Users\CELSO\AppData\Local\Historique O43 - CFD: 24/02/2011 - 18:37:20 - [8,655] ----D- C:\Users\CELSO\AppData\Local\IM O43 - CFD: 25/02/2012 - 17:10:48 - [562,774] ----D- C:\Users\CELSO\AppData\Local\Microsoft O43 - CFD: 22/09/2011 - 19:15:24 - [0,161] ----D- C:\Users\CELSO\AppData\Local\Microsoft Games O43 - CFD: 01/02/2012 - 20:06:34 - [0,101] ----D- C:\Users\CELSO\AppData\Local\Microsoft Help O43 - CFD: 05/10/2011 - 10:41:32 - [0,179] ----D- C:\Users\CELSO\AppData\Local\MigWiz O43 - CFD: 24/02/2011 - 17:33:30 - [374,556] ----D- C:\Users\CELSO\AppData\Local\Mozilla O43 - CFD: 27/02/2011 - 10:06:50 - [0] ----D- C:\Users\CELSO\AppData\Local\OpenCandy O43 - CFD: 20/05/2011 - 21:52:28 - [5,830] ----D- C:\Users\CELSO\AppData\Local\PunkBuster O43 - CFD: 24/02/2011 - 19:30:40 - [16,387] ----D- C:\Users\CELSO\AppData\Local\Symantec O43 - CFD: 24/02/2011 - 21:30:36 - [11,797] ----D- C:\Users\CELSO\AppData\Local\TechSmith O43 - CFD: 01/03/2012 - 15:54:52 - [5,908] ----D- C:\Users\CELSO\AppData\Local\Temp O43 - CFD: 22/02/2011 - 17:00:52 - [0] -SH-D- C:\Users\CELSO\AppData\Local\Temporary Internet Files O43 - CFD: 26/02/2011 - 17:30:34 - [-895,550] ----D- C:\Users\CELSO\AppData\Local\VirtualStore O43 - CFD: 01/03/2012 - 11:57:28 - [0,063] ----D- C:\Users\CELSO\AppData\Local\Windows Live O43 - CFD: 26/02/2012 - 12:36:26 - [0] ----D- C:\Users\CELSO\AppData\Local\{21323798-F0F1-46C1-93F5-4D78751EDA46} O43 - CFD: 27/02/2012 - 00:37:40 - [0] ----D- C:\Users\CELSO\AppData\Local\{68DB5F03-B576-48F7-85FE-84B19F380F95} O43 - CFD: 29/02/2012 - 19:37:48 - [0] ----D- C:\Users\CELSO\AppData\Local\{83DA3416-C940-4A57-800C-0BC28D0F7B1B} O43 - CFD: 01/03/2012 - 11:56:40 - [0] ----D- C:\Users\CELSO\AppData\Local\{A8D7FA30-AE5A-4015-90E3-7A07465B2017} O43 - CFD: 27/02/2012 - 13:24:00 - [0] ----D- C:\Users\CELSO\AppData\Local\{DCCAC3E5-0625-43BD-9A0A-BCABC323C64F} ~ Scan Program Folder in 01mn 45s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.1A913E8696E8F2CD758CDB0C9C0D22C2] - 01/03/2012 - 15:58:39 ---A- . (...) -- C:\Windows\WindowsUpdate.log [124493] O44 - LFC:[MD5.8E6310F248C4B6CCAD05C42287356DDD] - 01/03/2012 - 15:54:26 ---A- . (...) -- C:\Windows\setupact.log [843] O44 - LFC:[MD5.5F81096EC16A3977668FFE7893758BC1] - 01/03/2012 - 15:54:22 -S-A- . (...) -- C:\Windows\bootstat.dat [67584] O44 - LFC:[MD5.0DB7527DB188C7D967A37BB51BBF3963] - 01/03/2012 - 14:43:07 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbamswissarmy.sys [40776] O44 - LFC:[MD5.8E4A4137D4AFAE5A101E7DB18AA26848] - 01/03/2012 - 14:20:57 ---A- . (...) -- C:\Windows\system32\PerfStringBackup.INI [1549700] O44 - LFC:[MD5.459DCA304BF29FF3E81C6F774A79D707] - 01/03/2012 - 14:20:57 ---A- . (...) -- C:\Windows\system32\perfc009.dat [106190] O44 - LFC:[MD5.18CDC094A676FE47080CCD860EB295ED] - 01/03/2012 - 14:20:57 ---A- . (...) -- C:\Windows\system32\perfc00C.dat [130548] O44 - LFC:[MD5.99DEAE2A78FC7BC5B0BE5E775F904533] - 01/03/2012 - 14:20:57 ---A- . (...) -- C:\Windows\system32\perfh009.dat [615810] O44 - LFC:[MD5.F706069057D460C50F0D4C9F4B85C387] - 01/03/2012 - 14:20:57 ---A- . (...) -- C:\Windows\system32\perfh00C.dat [704242] O44 - LFC:[MD5.02440C2665C6DE0E48321979042C3BB0] - 01/03/2012 - 14:15:35 ---A- . (...) -- C:\Windows\PFRO.log [5612] O44 - LFC:[MD5.B7CA8CC3F978201856B6AB82F40953C3] - 29/02/2012 - 22:29:43 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys [20464] O44 - LFC:[MD5.24097AF73562086C5DC1B48412F02DA0] - 29/02/2012 - 22:27:34 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\Windows\system32\FlashPlayerCPLApp.cpl [414368] O44 - LFC:[MD5.1B6CABCAE393257233F0F916F7D99D4E] - 29/02/2012 - 22:27:10 ---A- . (...) -- C:\Windows\system32\lvcoinst.log [10700] O44 - LFC:[MD5.628BA691C30D52309016F01D011BE900] - 29/02/2012 - 17:53:41 ---A- . (...) -- C:\Windows\system32\FNTCACHE.DAT [409992] O44 - LFC:[MD5.F7CD5E9902D3B778759B467046A104F4] - 26/02/2012 - 14:37:22 ---A- . (...) -- C:\Windows\MEMORY.DMP [407791962] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 26/02/2012 - 11:40:31 ---A- . (...) -- C:\Windows\setuperr.log [0] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 24/02/2012 - 21:59:58 ---A- . (...) -- C:\Windows\system32\nvdrssel.bin [0] O44 - LFC:[MD5.0195003E40E6EBB9B684C2FD1D13E38D] - 23/02/2012 - 22:29:34 ---A- . (.NVIDIA Corporation - Generic Coinstaller.) -- C:\Windows\system32\nvhdagenco3220103.dll [876864] O44 - LFC:[MD5.3D7FB57354703809B5F0C23287FAC1D6] - 23/02/2012 - 22:29:34 ---A- . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) -- C:\Windows\system32\drivers\nvhda32v.sys [148800] O44 - LFC:[MD5.A435BA6A5146800CC0335972A37CD7FD] - 23/02/2012 - 22:29:34 ---A- . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) -- C:\Windows\system32\nvhdap32.dll [27968] O44 - LFC:[MD5.188A70B814F4C77EA093A1CA34CC8F2D] - 10/02/2012 - 05:13:00 ---A- . (...) -- C:\Windows\system32\nvinfo.pb [8772] O44 - LFC:[MD5.1992D479AC7B804B699EFA8573230C94] - 10/02/2012 - 05:13:00 ---A- . (.Khronos Group - OpenCL Client DLL.) -- C:\Windows\system32\OpenCL.dll [61248] O44 - LFC:[MD5.2941DA00EFD5F801EFE442BABD8B3B6D] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - Display Driver Coinstaller.) -- C:\Windows\system32\nvdispco32.dll [1000256] O44 - LFC:[MD5.5055CA6E2C7041C1557B48CC1E487CAA] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - Generic Coinstaller.) -- C:\Windows\system32\nvgenco32.dll [881984] O44 - LFC:[MD5.9FD158015EE8F3B4971A76BC6E3B520F] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA CUDA Driver, Version 295.73.) -- C:\Windows\system32\nvcuda.dll [5892928] O44 - LFC:[MD5.D592EA592BFC42BBAA64B9A36E11A956] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA CUDA Video Decode API, Version 295.7.) -- C:\Windows\system32\nvcuvid.dll [2517312] O44 - LFC:[MD5.680BF097C8D195109590E8078C71F989] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA CUDA Video Encoder, Version 295.73.) -- C:\Windows\system32\nvcuvenc.dll [2437440] O44 - LFC:[MD5.7E6E761D5C5A4BCF19BA3149310770D2] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA Compatible OpenGL ICD.) -- C:\Windows\system32\nvoglv32.dll [19443520] O44 - LFC:[MD5.AD5DAA753919D0EBCC8CE85031E11550] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA Compiler, Version 295.73.) -- C:\Windows\system32\nvcompiler.dll [17543488] O44 - LFC:[MD5.C2B076639017CAB78DD63FF8F94BDD7C] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA D3D10 Driver, Version 295.73.) -- C:\Windows\system32\nvwgf2um.dll [7713088] O44 - LFC:[MD5.E9511F7F35D6A144C1B5F067209C1CBA] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA NVAPI Library, Version 295.73.) -- C:\Windows\system32\nvapi.dll [2301248] O44 - LFC:[MD5.91C8B1471CD7BDAE2FF6F062E25228BD] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA WDDM D3D Driver, Version 295.73.) -- C:\Windows\system32\nvd3dum.dll [15009600] O44 - LFC:[MD5.F452E6AD3EDA2852F44BE492E283C40F] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version.) -- C:\Windows\system32\drivers\nvlddmkm.sys [10816832] O44 - LFC:[MD5.CCDCF296BF51DD66F6341B188373A78E] - 10/02/2012 - 04:02:06 ---A- . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\nvcpl.dll [3881792] O44 - LFC:[MD5.788FCC23961A7D65372D6BF3709DD39B] - 10/02/2012 - 04:00:44 ---A- . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 295.7.) -- C:\Windows\system32\nvsvc.dll [2719040] O44 - LFC:[MD5.70145ADE9EFE2CE296DD5FC761B4969B] - 10/02/2012 - 04:00:26 ---A- . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 295.7.) -- C:\Windows\system32\nvvsvc.exe [645440] O44 - LFC:[MD5.A9EF3534BFF340D2FEFB052B0DD7C4DB] - 10/02/2012 - 04:00:26 ---A- . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\system32\nvmctray.dll [108352] O44 - LFC:[MD5.216CD1ABF4CEDB5F4554D1E9DC2E4FF6] - 10/02/2012 - 04:00:26 ---A- . (.NVIDIA Corporation - Pas de description.) -- C:\Windows\system32\nvshext.dll [62272] O44 - LFC:[MD5.31C523B4181F48BA6B7DC23EC1861433] - 10/02/2012 - 04:00:25 ---A- . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 295.7.) -- C:\Windows\system32\nvsvcr.dll [2561344] O44 - LFC:[MD5.F86A49D72D156947AB4B1F398F6B98EA] - 09/02/2012 - 20:05:44 ---A- . (...) -- C:\Windows\system32\nvStreaming.exe [416064] ~ Scan Files in 01mn 30s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.D1455CB244C17F3C1C65F4C8C37AB0F9] - 01/03/2012 - 00:00:32 ---A- - C:\Windows\Prefetch\IGFXSRVC.EXE-67E7A62F.pf O45 - LFCP:[MD5.66EC6C9259E3629EE562EA4382822DA6] - 01/03/2012 - 10:00:04 ---A- - C:\Windows\Prefetch\SDCLT.EXE-2D2C4DDD.pf O45 - LFCP:[MD5.AF1846277C34292616C5085D193BCBC8] - 01/03/2012 - 10:47:19 ---A- - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-501933425-2476989565-1232407324-1000.db O45 - LFCP:[MD5.BE7D3D5D7A5EB25EE9B1670514BFFD8C] - 01/03/2012 - 10:47:19 ---A- - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-501933425-2476989565-1232407324-1000.db O45 - LFCP:[MD5.033ED07152FD57EE2550BA4CFC7C166D] - 01/03/2012 - 11:15:36 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-6202E8F2.pf O45 - LFCP:[MD5.66B0868507D65A5280382A10CF9F7922] - 01/03/2012 - 11:33:31 ---A- - C:\Windows\Prefetch\TASKMGR.EXE-72398DC0.pf O45 - LFCP:[MD5.3F5ECAF35CC4DA8E9E25D6477967E139] - 01/03/2012 - 11:35:24 ---A- - C:\Windows\Prefetch\SAVUI.EXE-24D69985.pf O45 - LFCP:[MD5.1457C57F0ED10A783D231975CC9AC1A9] - 01/03/2012 - 11:36:00 ---A- - C:\Windows\Prefetch\RTVSCAN.EXE-C249E232.pf O45 - LFCP:[MD5.A458A60B690FE85CAAB2F8EA34425B4D] - 01/03/2012 - 11:55:35 ---A- - C:\Windows\Prefetch\Layout.ini O45 - LFCP:[MD5.1658BA17A31F9DF1A9B97BCC506D64E7] - 01/03/2012 - 11:55:42 ---A- - C:\Windows\Prefetch\DEFRAG.EXE-738093E8.pf O45 - LFCP:[MD5.552395E86CF2536BC0AE58E7378B824A] - 01/03/2012 - 11:55:46 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-8DA0BAAD.pf O45 - LFCP:[MD5.770E51B33B322558188FCABF1E7506C7] - 01/03/2012 - 12:05:24 ---A- - C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-1D5F6C6B.pf O45 - LFCP:[MD5.48B094BB8948FB7530D78B652BF402B1] - 01/03/2012 - 12:32:56 ---A- - C:\Windows\Prefetch\SYMCORPUI.EXE-9552AFDC.pf O45 - LFCP:[MD5.57C0BA3A6E03B761D3EC2F9003100360] - 01/03/2012 - 12:33:11 ---A- - C:\Windows\Prefetch\SESCLU.EXE-3C84D030.pf O45 - LFCP:[MD5.AB32680DE97764346233E01E07DDB479] - 01/03/2012 - 12:33:42 ---A- - C:\Windows\Prefetch\DWHWIZRD.EXE-3820D06C.pf O45 - LFCP:[MD5.ECEE279E98A97F37127159C6ED859DD1] - 01/03/2012 - 12:33:57 ---A- - C:\Windows\Prefetch\LUCALLBACKPROXY.EXE-9EFD4A00.pf O45 - LFCP:[MD5.F42A5770FD721C5165D19773C327D05F] - 01/03/2012 - 12:34:02 ---A- - C:\Windows\Prefetch\LUALL.EXE-C73A48CA.pf O45 - LFCP:[MD5.CAED425DE3EF7D7DF2EC14F9B5F09AAC] - 01/03/2012 - 12:34:04 ---A- - C:\Windows\Prefetch\LUCOMS~1.EXE-95D7A512.pf O45 - LFCP:[MD5.E50588886F551443D9F862D831109CFE] - 01/03/2012 - 13:13:01 ---A- - C:\Windows\Prefetch\WINDOWSLIVEPHOTOVIEWER.EXE-6106E219.pf O45 - LFCP:[MD5.0E362D054BEB2FDB2F21225685FE0915] - 01/03/2012 - 13:14:40 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-71214090.pf O45 - LFCP:[MD5.48352CCA6FD22F7EADDE2A10F111940D] - 01/03/2012 - 13:19:11 ---A- - C:\Windows\Prefetch\MSNMSGR.EXE-DD43BBF4.pf O45 - LFCP:[MD5.16A3EDF15B88C108F74B682459B12B45] - 01/03/2012 - 13:27:28 ---A- - C:\Windows\Prefetch\WLCOMM.EXE-648065CA.pf O45 - LFCP:[MD5.6396441F8C5833761FA2F6AB10AE136E] - 01/03/2012 - 14:11:07 ---A- - C:\Windows\Prefetch\TASKHOST.EXE-437C05A8.pf O45 - LFCP:[MD5.23690CC18E519D622F79661D7CB4B9A9] - 01/03/2012 - 14:13:17 ---A- - C:\Windows\Prefetch\SMCGUI.EXE-3A816A45.pf O45 - LFCP:[MD5.F91958A425723E65962542B0C220F072] - 01/03/2012 - 14:14:03 ---A- - C:\Windows\Prefetch\PfSvPerfStats.bin O45 - LFCP:[MD5.BA919E067236E62387CA4ECBAED2AFE6] - 01/03/2012 - 14:17:26 ---A- - C:\Windows\Prefetch\ATBROKER.EXE-FF58B71D.pf O45 - LFCP:[MD5.AA7B9BE4CA2BBBCA1320EFE98AAEE991] - 01/03/2012 - 14:17:26 ---A- - C:\Windows\Prefetch\EXPLORER.EXE-7A3328DA.pf O45 - LFCP:[MD5.2E7E3988E771E5A302DEA97CD560D1D0] - 01/03/2012 - 14:17:44 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-DB4C36D7.pf O45 - LFCP:[MD5.67E78FCC5C64790CA40E9F573F5879CA] - 01/03/2012 - 14:20:01 ---A- - C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-031B6478.pf O45 - LFCP:[MD5.FD1916240921849CAE6E4F6142FFA816] - 01/03/2012 - 14:26:01 ---A- - C:\Windows\Prefetch\FACEBOOKUPDATE.EXE-956D9D42.pf O45 - LFCP:[MD5.A390832436D67BE393174902135C8FC5] - 01/03/2012 - 14:29:32 ---A- - C:\Windows\Prefetch\WERMGR.EXE-2A1BCBC7.pf O45 - LFCP:[MD5.71171B892E97F5A509F0A3B5BB69EA27] - 01/03/2012 - 14:29:37 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-D40FB18A.pf O45 - LFCP:[MD5.D474CADE406451590DE9E2BAD84949EE] - 01/03/2012 - 14:31:38 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-E2054E7F.pf O45 - LFCP:[MD5.73F92170944857ED43D93BE042045C30] - 01/03/2012 - 14:43:07 ---A- - C:\Windows\Prefetch\REGSVR32.EXE-55A4EE79.pf O45 - LFCP:[MD5.FA2A94819CF7BD01CE5E884E2C1FB822] - 01/03/2012 - 14:44:34 ---A- - C:\Windows\Prefetch\NOTEPAD.EXE-EB1B961A.pf O45 - LFCP:[MD5.741ECE1B33098A0E6F95FF47C69F878C] - 01/03/2012 - 14:57:31 ---A- - C:\Windows\Prefetch\AgRobust.db O45 - LFCP:[MD5.5917F9DD5A3FBA1270A1814C387F5508] - 01/03/2012 - 14:57:32 ---A- - C:\Windows\Prefetch\AgGlGlobalHistory.db O45 - LFCP:[MD5.61DD173EF1D7BAB171C119732752B2B3] - 01/03/2012 - 14:57:34 ---A- - C:\Windows\Prefetch\AgGlFaultHistory.db O45 - LFCP:[MD5.7E3459B0BC331D817905B86772DF8868] - 01/03/2012 - 14:57:39 ---A- - C:\Windows\Prefetch\AgGlFgAppHistory.db O45 - LFCP:[MD5.09FC76687539940E5F5824834EBB1548] - 01/03/2012 - 15:02:10 ---A- - C:\Windows\Prefetch\TASKENG.EXE-5BAF290C.pf O45 - LFCP:[MD5.C39A9C64377A4301D255098CCDD9D6B2] - 01/03/2012 - 15:55:32 ---A- - C:\Windows\Prefetch\AUDIODG.EXE-D0D776AC.pf O45 - LFCP:[MD5.50EF1165A2B5713890241C20EAF24603] - 01/03/2012 - 15:55:32 ---A- - C:\Windows\Prefetch\LOGONUI.EXE-1BEE4A84.pf O45 - LFCP:[MD5.B4FE636460758CE872554C42443F07A6] - 01/03/2012 - 15:55:32 ---A- - C:\Windows\Prefetch\MPNOTIFY.EXE-55171BA9.pf O45 - LFCP:[MD5.319DFEC7F0BC9ABF455B9D722319F29D] - 01/03/2012 - 15:55:32 ---A- - C:\Windows\Prefetch\NVVSVC.EXE-261BA731.pf O45 - LFCP:[MD5.84622CC93602BFD931CB6DC70AEDD31B] - 01/03/2012 - 15:55:32 ---A- - C:\Windows\Prefetch\NVXDSYNC.EXE-297C5BB3.pf O45 - LFCP:[MD5.D0E5DD10D9BBE46C55A03797E24B71AE] - 01/03/2012 - 15:55:32 ---A- - C:\Windows\Prefetch\SMC.EXE-6A4099C4.pf O45 - LFCP:[MD5.C7C47F671923C4D31F33AA76AD1F9303] - 01/03/2012 - 15:55:32 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-7643E300.pf O45 - LFCP:[MD5.705010C4B12B6D632747886440D58C48] - 01/03/2012 - 15:55:58 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-53B78AD0.pf O45 - LFCP:[MD5.712BAFCBCFED7F9ACF7CE66413948AF2] - 01/03/2012 - 15:56:07 ---A- - C:\Windows\Prefetch\FIREFOX.EXE-E60C0AA7.pf O45 - LFCP:[MD5.EC2F0B40CD50A2D185BD269C30E56AFC] - 01/03/2012 - 15:56:39 ---A- - C:\Windows\Prefetch\CONSENT.EXE-65F6206D.pf O45 - LFCP:[MD5.B20501FB8B6ECFC6CCDEECFD6522C36D] - 01/03/2012 - 15:56:44 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-893DDF55.pf O45 - LFCP:[MD5.CFEE0A94A47BC6C28DF56A27F80C04D7] - 01/03/2012 - 15:56:54 ---A- - C:\Windows\Prefetch\MSCORSVW.EXE-FAA88858.pf O45 - LFCP:[MD5.A3867A1CB6C40D2A9D4CB24400810DEF] - 01/03/2012 - 15:56:55 ---A- - C:\Windows\Prefetch\GOOGLEUPDATE.EXE-8973CEDD.pf O45 - LFCP:[MD5.D840C0836643E437A48F4A6A9C3E341C] - 01/03/2012 - 15:56:56 ---A- - C:\Windows\Prefetch\CONHOST.EXE-3218E401.pf O45 - LFCP:[MD5.61B2E5B1021932E913306170C6AF1187] - 01/03/2012 - 15:57:01 ---A- - C:\Windows\Prefetch\WMIPRVSE.EXE-43972D0F.pf O45 - LFCP:[MD5.B2F31767D7F711C6A76E9988BBD32D58] - 01/03/2012 - 15:57:02 ---A- - C:\Windows\Prefetch\SPPSVC.EXE-CBE91656.pf O45 - LFCP:[MD5.DF8001E24715C13250C993BB42A57EE1] - 01/03/2012 - 15:57:11 ---A- - C:\Windows\Prefetch\DAEMONU.EXE-71078F74.pf O45 - LFCP:[MD5.5A141FE46FB4E7BB0A93C17B1E3B83A6] - 01/03/2012 - 15:58:25 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-93CEEE07.pf O45 - LFCP:[MD5.7B6CD4CF19C875949D007659C4927C3A] - 01/03/2012 - 15:59:01 ---A- - C:\Windows\Prefetch\WMIADAP.EXE-369DF1CD.pf O45 - LFCP:[MD5.A4BE90A66BB86EE842387B5B9018257A] - 01/03/2012 - 16:00:31 ---A- - C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-AA7A1FDD.pf O45 - LFCP:[MD5.EE71A8BA81F85D821F21F22D5CC0FFE7] - 01/03/2012 - 16:00:31 ---A- - C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-AFAD3EF9.pf O45 - LFCP:[MD5.D718AFAE0178C28ECDFABDAE98BCBB41] - 26/02/2012 - 01:17:03 ---A- - C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf O45 - LFCP:[MD5.37A795C43426DC3899B266373DEBA6AB] - 26/02/2012 - 01:19:05 ---A- - C:\Windows\Prefetch\AgCx_SC4.db O45 - LFCP:[MD5.EFDEDB0650EE819A315A17727E79429C] - 26/02/2012 - 01:55:55 ---A- - C:\Windows\Prefetch\MSDT.EXE-3D8E9353.pf O45 - LFCP:[MD5.6EB7FF03D6F6AED5857A350FE3375096] - 26/02/2012 - 12:37:14 ---A- - C:\Windows\Prefetch\HCHNZI0V.EXE-AF52E1C1.pf O45 - LFCP:[MD5.5DC05BF34206CB64208287A7E6A7FC5F] - 26/02/2012 - 13:20:34 ---A- - C:\Windows\Prefetch\ACRORD32.EXE-33939BD1.pf O45 - LFCP:[MD5.40CE1179A49429E7AA34E0ED5D286714] - 26/02/2012 - 13:20:58 ---A- - C:\Windows\Prefetch\ADOBEARM.EXE-ACA00A4A.pf O45 - LFCP:[MD5.D165DA6516F7647364B31222CE7271F2] - 26/02/2012 - 14:41:08 ---A- - C:\Windows\Prefetch\SC.EXE-BC6DAF49.pf O45 - LFCP:[MD5.5DA4E2AA91516F0DC1D68C10A33C0A8A] - 26/02/2012 - 17:42:26 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-85E123DD.pf O45 - LFCP:[MD5.40E3549A7DD8D13B92DE50669533BBBA] - 26/02/2012 - 17:58:54 ---A- - C:\Windows\Prefetch\FTPRUSH.EXE-91557209.pf O45 - LFCP:[MD5.F89C4586170974646D3F4607A4B8FB04] - 26/02/2012 - 19:28:55 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-B6C9169C.pf O45 - LFCP:[MD5.973B90477200CD4334737367E885243E] - 26/02/2012 - 19:40:19 ---A- - C:\Windows\Prefetch\TEAMVIEWER_DESKTOP.EXE-80FF783D.pf O45 - LFCP:[MD5.77BADE0B22DD74497A70DF98D845B8B3] - 26/02/2012 - 20:42:01 ---A- - C:\Windows\Prefetch\WINRAR.EXE-6F42D4E7.pf O45 - LFCP:[MD5.D9F534785F33E8CF862272DC65103C66] - 26/02/2012 - 20:50:36 ---A- - C:\Windows\Prefetch\VLC.EXE-CE8E9BE1.pf O45 - LFCP:[MD5.46C0F6104C6BF5EE5AA037CC814D9BBA] - 26/02/2012 - 23:40:11 ---A- - C:\Windows\Prefetch\UPDATER.EXE-CE019E81.pf O45 - LFCP:[MD5.234666BA890272ED97261245A275BB22] - 26/02/2012 - 23:40:14 ---A- - C:\Windows\Prefetch\HELPER.EXE-36267E56.pf O45 - LFCP:[MD5.E9905E9F099DD55B1C622A226D9CB280] - 27/02/2012 - 00:38:26 ---A- - C:\Windows\Prefetch\WPBXI4ES.EXE-A21BCFAC.pf O45 - LFCP:[MD5.07AB1871F65DFAD2E7D07D8291CFF8A9] - 27/02/2012 - 12:25:00 ---A- - C:\Windows\Prefetch\PNKBSTRA.EXE-C7CBC1AC.pf O45 - LFCP:[MD5.03BCE3FDF70D4C74015051AB41884030] - 27/02/2012 - 12:25:00 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-7488A139.pf O45 - LFCP:[MD5.37B79138545EE1C62B6E52632465C14A] - 27/02/2012 - 13:19:07 ---A- - C:\Windows\Prefetch\NTVDM.EXE-42770598.pf O45 - LFCP:[MD5.B044EAA4ABA086FD29876D2B8B8D39BF] - 27/02/2012 - 13:24:47 ---A- - C:\Windows\Prefetch\D2QDACY9.EXE-A0D40668.pf O45 - LFCP:[MD5.BABE80A355C683E4F2BFD6AD6232C43B] - 27/02/2012 - 13:40:37 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-5408F669.pf O45 - LFCP:[MD5.5A55EE2DE132ED0F9D82303F175EE5C8] - 27/02/2012 - 13:40:40 ---A- - C:\Windows\Prefetch\OUTLOOK.EXE-B9F191EB.pf O45 - LFCP:[MD5.AE6887AC571CEAFC466F42D84D9329D7] - 27/02/2012 - 13:41:28 ---A- - C:\Windows\Prefetch\VCDMOUNT.EXE-6E08686D.pf O45 - LFCP:[MD5.D830E649E4B76E00675AEED046F44134] - 27/02/2012 - 13:42:06 ---A- - C:\Windows\Prefetch\EVEREST.EXE-2253DFA1.pf O45 - LFCP:[MD5.642EFD781B70E89850B55ACA5165ABAC] - 27/02/2012 - 13:42:16 ---A- - C:\Windows\Prefetch\EVEREST.BIN-15E1F87C.pf O45 - LFCP:[MD5.4F84A466C0450DB74842888076B83737] - 27/02/2012 - 13:55:30 ---A- - C:\Windows\Prefetch\PREVHOST.EXE-205F609A.pf O45 - LFCP:[MD5.6DA29E4EA6A331BD0ACBF046851D80A5] - 29/02/2012 - 16:01:03 ---A- - C:\Windows\Prefetch\CCSVCHST.EXE-18A52415.pf O45 - LFCP:[MD5.2A13743E3CBFC263F3B5C97EE8543C9D] - 29/02/2012 - 16:01:03 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-2A6E95B3.pf O45 - LFCP:[MD5.C42959DDE04BF4C6DAB36CB5FB3CBACF] - 29/02/2012 - 16:01:25 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-1C4796DF.pf O45 - LFCP:[MD5.29BE153F149E09EE5B3AA1B144B5056E] - 29/02/2012 - 17:54:42 ---A- - C:\Windows\Prefetch\LSASS.EXE-8DBFE3B9.pf O45 - LFCP:[MD5.D63960C85509EEBB1233147D1704FF63] - 29/02/2012 - 17:54:42 ---A- - C:\Windows\Prefetch\LSM.EXE-20DE9C3F.pf O45 - LFCP:[MD5.6F728761911DFF761A1F9F8ACC0AE547] - 29/02/2012 - 17:54:42 ---A- - C:\Windows\Prefetch\NVSCPAPISVR.EXE-5AFC19BA.pf O45 - LFCP:[MD5.D081717DF5B4603AF13CAEBC804C42AE] - 29/02/2012 - 17:54:42 ---A- - C:\Windows\Prefetch\SERVICES.EXE-2260497F.pf O45 - LFCP:[MD5.6957322F32EE0FA49434DED454FF9172] - 29/02/2012 - 17:54:42 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-F4BAF363.pf O45 - LFCP:[MD5.8D71787A793FF8781F845D940512C0CB] - 29/02/2012 - 17:54:42 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-F5AA802A.pf O45 - LFCP:[MD5.46607303B2AFABCF43FF9CA40A2D3157] - 29/02/2012 - 19:33:20 ---A- - C:\Windows\Prefetch\DINOTIFY.EXE-06EB7C61.pf O45 - LFCP:[MD5.5DCC2C4454C31F7355EE7D132EDA95D6] - 29/02/2012 - 19:33:20 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-903E43EF.pf O45 - LFCP:[MD5.43B5137AD7DC8004FD600F047F7D3705] - 29/02/2012 - 19:33:20 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-4D8DA32A.pf O45 - LFCP:[MD5.77702A0BC875DD3AA3EF3D49812B70BC] - 29/02/2012 - 19:33:20 ---A- - C:\Windows\Prefetch\WUDFHOST.EXE-81420B07.pf O45 - LFCP:[MD5.A1ED1EF21376C509EBD97D218CA51EFB] - 29/02/2012 - 19:33:42 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-C300C0AC.pf O45 - LFCP:[MD5.EDFA2A097F58D186392735C956A75A9A] - 29/02/2012 - 19:34:01 ---A- - C:\Windows\Prefetch\REGEDIT.EXE-4748FE01.pf O45 - LFCP:[MD5.2CAF10BB738494353C37295C2E52B172] - 29/02/2012 - 19:34:05 ---A- - C:\Windows\Prefetch\DRVINST.EXE-5F8E77CD.pf O45 - LFCP:[MD5.8EE67C3D496346EF1DC68B0442231A0D] - 29/02/2012 - 19:34:45 ---A- - C:\Windows\Prefetch\WUAUCLT.EXE-830BCC14.pf O45 - LFCP:[MD5.C2236A45C90D85D4C9AFE73A5107A9C1] - 29/02/2012 - 19:35:00 ---A- - C:\Windows\Prefetch\HELPPANE.EXE-D1016F9E.pf O45 - LFCP:[MD5.79BC080A3A2043817BD27B0E79D9F192] - 29/02/2012 - 19:35:35 ---A- - C:\Windows\Prefetch\SNAGIT32.EXE-8916D00C.pf O45 - LFCP:[MD5.77A02E92F5CAC4DE452504FD55C5B72E] - 29/02/2012 - 19:35:35 ---A- - C:\Windows\Prefetch\TSCHELP.EXE-C62FC814.pf O45 - LFCP:[MD5.B7DF72B4AB03952B4ED544AE2575DE2A] - 29/02/2012 - 19:35:36 ---A- - C:\Windows\Prefetch\SNAGPRIV.EXE-D57D688F.pf O45 - LFCP:[MD5.9A519052DE042569FDCEB734713A557D] - 29/02/2012 - 19:35:40 ---A- - C:\Windows\Prefetch\SNAGITEDITOR.EXE-2A4D5296.pf O45 - LFCP:[MD5.DFDF02F1ECF34599373B7159899954C3] - 29/02/2012 - 19:35:42 ---A- - C:\Windows\Prefetch\COMUPDATUS.EXE-CCAFFC58.pf O45 - LFCP:[MD5.7B51C28B7A8B12460ED7632397A4A935] - 29/02/2012 - 19:38:46 ---A- - C:\Windows\Prefetch\TQDTG1Q5.EXE-E074CAFD.pf O45 - LFCP:[MD5.FC91F1AD341B149856261E2F58FB56B5] - 29/02/2012 - 20:05:10 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-125D4518.pf O45 - LFCP:[MD5.154102003CE4A28E6BB66A93A85D9883] - 29/02/2012 - 20:12:12 ---A- - C:\Windows\Prefetch\CSC.EXE-4EF173D0.pf O45 - LFCP:[MD5.B4BBB2DC94E0EEDEDA3176834FA6C4F2] - 29/02/2012 - 20:12:12 ---A- - C:\Windows\Prefetch\CVTRES.EXE-419E4E46.pf O45 - LFCP:[MD5.CA2770A900524A45D17DD02E439C523B] - 29/02/2012 - 20:12:15 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-F452D79D.pf O45 - LFCP:[MD5.84B743278A36149F17374BB056482FFC] - 29/02/2012 - 20:12:19 ---A- - C:\Windows\Prefetch\SDIAGNHOST.EXE-67CD1457.pf O45 - LFCP:[MD5.4E40F309CD626AE059CD8783AD8E975E] - 29/02/2012 - 20:12:22 ---A- - C:\Windows\Prefetch\W32TM.EXE-5D2265F4.pf O45 - LFCP:[MD5.4089679E826C50251DFB7ACB79262C41] - 29/02/2012 - 20:12:23 ---A- - C:\Windows\Prefetch\VSSVC.EXE-04D079CC.pf O45 - LFCP:[MD5.E650C3B99C2420E5B311224D577A3C90] - 29/02/2012 - 20:12:24 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-8FD92526.pf O45 - LFCP:[MD5.4B626E4A3B4EB439625276AA8254AF35] - 29/02/2012 - 20:12:31 ---A- - C:\Windows\Prefetch\PING.EXE-B29F6629.pf O45 - LFCP:[MD5.A234896963CE4220F4A250F82FDAA19C] - 29/02/2012 - 20:37:24 ---A- - C:\Windows\Prefetch\MSFEEDSSYNC.EXE-1F01ED17.pf O45 - LFCP:[MD5.5C16F08AC9859E3F07D3C68BFC11CEB7] - 29/02/2012 - 20:39:26 ---A- - C:\Windows\Prefetch\IELOWUTIL.EXE-79D45B69.pf O45 - LFCP:[MD5.BA7C6AD302FC0C7E2C5BAC957A0888E9] - 29/02/2012 - 20:45:29 ---A- - C:\Windows\Prefetch\TS3CLIENT_WIN32.EXE-875B5789.pf O45 - LFCP:[MD5.050D1E8A2494AFAEEE25EFAEB5C7C897] - 29/02/2012 - 20:59:32 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-40C05CA3.pf O45 - LFCP:[MD5.D3094B0E2E354596C4C0D9654C173F78] - 29/02/2012 - 20:59:36 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-24C4200B.pf O45 - LFCP:[MD5.A03FAE84C2FEA18516645E0226C76D4D] - 29/02/2012 - 22:23:12 ---A- - C:\Windows\Prefetch\CCLEANER.EXE-CC440CDB.pf O45 - LFCP:[MD5.40A51DCDAEF83613B53EC6BC6BEB0881] - 29/02/2012 - 22:27:13 ---A- - C:\Windows\Prefetch\IGFXTRAY.EXE-95873609.pf O45 - LFCP:[MD5.420EFBB3D72226E532471E5935F9F9C7] - 29/02/2012 - 22:27:13 ---A- - C:\Windows\Prefetch\TEAMVIEWER_SERVICE.EXE-5B4FF1FB.pf O45 - LFCP:[MD5.3A99A7DDCC24900A01D9CAF2DE26E1CA] - 29/02/2012 - 22:33:45 ---A- - C:\Windows\Prefetch\DOSCAN.EXE-94F878AD.pf O45 - LFCP:[MD5.A9693F3EAEBAFB9190EC8862468F98AE] - 29/02/2012 - 22:33:45 ---A- - C:\Windows\Prefetch\NVTRAY.EXE-7D357916.pf O45 - LFCP:[MD5.AE1EE7509336813152FB52B93C27C2CC] - 29/02/2012 - 22:33:45 ---A- - C:\Windows\Prefetch\WLIDSVCM.EXE-AD2DE5FA.pf O45 - LFCP:[MD5.EE674F908DC2CECE2E11493D8FBABA90] - 29/02/2012 - 22:33:47 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-A9688DD8.pf O45 - LFCP:[MD5.EB25C8C52CE15964F7E58FD677C754B6] - 29/02/2012 - 22:33:50 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-98B8E418.pf O45 - LFCP:[MD5.8E11CF4AE900364788CBC5FA7D9C5B61] - 29/02/2012 - 22:34:05 ---A- - C:\Windows\Prefetch\WMPNSCFG.EXE-DF1DD51A.pf O45 - LFCP:[MD5.57AFDC86A36EB0666E45CD80D6F4EF3D] - 29/02/2012 - 22:34:22 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-135A30D8.pf O45 - LFCP:[MD5.8B9BF8DFE6A8C2E766943DF3F925C2AA] - 29/02/2012 - 22:34:22 ---A- - C:\Windows\Prefetch\WMPNETWK.EXE-BD0344CA.pf O45 - LFCP:[MD5.B9C900D1E0E6AD92CDF016B0A2324BF3] - 29/02/2012 - 22:36:04 ---A- - C:\Windows\Prefetch\TEAMVIEWER.EXE-6CB91050.pf O45 - LFCP:[MD5.FF8FA5F6AB5160EFF17A18726CBA6514] - 29/02/2012 - 22:57:16 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-AFD98684.pf ~ Scan Prefetcher in 00mn 03s ---\\ Déni du service (Local Security Authority) (O48) O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l’Éditeur de configuration de sécurité Windows.) -- C:\Windows\System32\scecli.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Package de sécurité Kerberos.) -- C:\Windows\System32\kerberos.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\TSpkg.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corp. - LiveSSP.) -- C:\Windows\System32\LIVESSP.dll ~ Scan Keys in 00mn 00s ---\\ Contrôle du Safe Boot (CSB) (O49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\system32\Drivers\ipnat.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\system32\Drivers\nsiproxy.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\system32\Drivers\rdpencdd.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys ~ Scan CSB in 00mn 00s ---\\ MountPoints2 Shell Key (O51) (None) ---\\ Trojan Driver Search Data (HKLM) (O52) O52 - TDSD: \Drivers32\"VIDC.I420"="lvcodec2.dll" . (.Logitech Inc. - Video Codec.) -- C:\Windows\System32\lvcodec2.dll O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\iccvid.dll O52 - TDSD: \Drivers32\"VIDC.XFR1"="xfcodec.dll" . (.Pas de propriétaire - Xfire Video Codec.) -- C:\Windows\System32\xfcodec.dll O52 - TDSD: \Drivers32\"vidc.VP60"="C:\Windows\system32\vp6vfw.dll" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll O52 - TDSD: \Drivers32\"vidc.VP61"="C:\Windows\system32\vp6vfw.dll" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm O52 - TDSD: \drivers.desc\"xfcodec.dll"="Xfire video codec [XFR1]" . (.Pas de propriétaire - Xfire Video Codec.) -- C:\Windows\System32\xfcodec.dll O52 - TDSD: \drivers.desc\"vp6vfw.dll"="EA VP6 Codec" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll ~ Scan Keys in 00mn 00s ---\\ ShareTools MSconfig StartupReg (O53) (None) ---\\ Microsoft Control Security Providers (O54) O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll ~ Scan Keys in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5 O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3 O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1 O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0 O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"= O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"= O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0 O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ Scan Keys in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [422976] O58 - SDL:[MD5.0C676BC278D5B59FF5ABD57BBE9123F2] - 14/07/2009 - 02:26:17 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [297552] O58 - SDL:[MD5.7C7B5EE4B7B822EC85321FE23A27DB33] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\system32\drivers\adpu320.sys [146512] O58 - SDL:[MD5.0D40BCF52EA90FC7DF2AEAB6503DEA44] - 14/07/2009 - 02:26:15 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [14400] O58 - SDL:[MD5.D320BF87125326F996D4904FE24300FC] - 11/03/2011 - 06:38:37 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\system32\drivers\amdsata.sys [80256] O58 - SDL:[MD5.EA43AF0C423FF267355F74E7A53BDABA] - 14/07/2009 - 02:26:15 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows fa.) -- C:\Windows\system32\drivers\amdsbs.sys [159312] O58 - SDL:[MD5.46387FB17B086D16DEA267D5BE23A2F2] - 11/03/2011 - 06:38:37 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\system32\drivers\amdxata.sys [22400] O58 - SDL:[MD5.2932004F49677BD84DBC72EDB754FFB3] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [76368] O58 - SDL:[MD5.5D6F36C46FD283AE1B57BD2E9FEB0BC7] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [86608] O58 - SDL:[MD5.CBE71C122434805CB73FFB6619F60598] - 16/07/2009 - 04:36:30 ---A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\Windows\system32\drivers\ASACPI.sys [13216] O58 - SDL:[MD5.19166026A93206F9C6A8CD3A1F010AE4] - 02/04/2009 - 13:30:14 ---A- . (...) -- C:\Windows\system32\drivers\ASUSHWIO.SYS [10296] O58 - SDL:[MD5.BD8869EB9CDE6BBE4508D869929869EE] - 13/07/2009 - 23:02:49 ---A- . (.Broadcom Corporation - Pilote unifié NDIS6.x Broadcom NetXtreme Gigabit Ethernet..) -- C:\Windows\system32\drivers\b57nd60x.sys [229888] O58 - SDL:[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - 13/07/2009 - 23:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [13568] O58 - SDL:[MD5.56801AD62213A41F6497F96DEE83755A] - 13/07/2009 - 23:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [5248] O58 - SDL:[MD5.845B8CE732E67F3B4133164868C666EA] - 14/07/2009 - 01:57:25 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [272128] O58 - SDL:[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - 13/07/2009 - 23:53:32 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [62336] O58 - SDL:[MD5.BD456606156BA17E60A04E18016AE54B] - 13/07/2009 - 23:53:33 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [12160] O58 - SDL:[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - 13/07/2009 - 23:53:33 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [11904] O58 - SDL:[MD5.1A231ABEC60FD316EC54C66715543CEC] - 13/07/2009 - 23:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\system32\drivers\bxvbdx.sys [430080] O58 - SDL:[MD5.0F5CA31BB3FDB5C1E63C170CFBECC93B] - 03/02/2007 - 10:25:56 ---A- . (.Logitech Inc. - Universal Serial Bus Camera Driver.) -- C:\Windows\system32\drivers\Camdrl.sys [1075360] O58 - SDL:[MD5.C537B1DB64D495B9B4717B4D6D9EDBF2] - 14/07/2009 - 02:26:21 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [15952] O58 - SDL:[MD5.8B30250D573A8F6B4BD23195160D8707] - 14/07/2009 - 02:20:28 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys [70720] O58 - SDL:[MD5.44996A2ADDD2DB7454F2CA40B67D8941] - 17/12/2009 - 23:25:12 ---A- . (.Elaborate Bytes AG - ElbyCD Windows NT/2000/XP I/O driver.) -- C:\Windows\system32\drivers\ElbyCDIO.sys [26024] O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [453712] O58 - SDL:[MD5.024E1B5CAC09731E4D868E64DBFB4AB0] - 13/07/2009 - 23:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\system32\drivers\evbdx.sys [3100160] O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\system32\drivers\hcw85cir.sys [26624] O58 - SDL:[MD5.295FDC419039090EB8B49FFDBB374549] - 14/07/2009 - 02:20:28 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\system32\drivers\HpSAMD.sys [67152] O58 - SDL:[MD5.5CD5F9A5444E6CDCB0AC89BD62D8B76E] - 11/03/2011 - 06:38:51 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\system32\drivers\iaStorV.sys [332160] O58 - SDL:[MD5.9467514EA189475A6E7FDC5D7BDE9D3F] - 23/09/2009 - 19:18:14 ---A- . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\system32\drivers\igdkmd32.sys [4808192] O58 - SDL:[MD5.4173FF5708F3236CF25195FECD742915] - 14/07/2009 - 02:20:36 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [41040] O58 - SDL:[MD5.F7CDABA15C7E853F0A11AF6D77FCA990] - 23/08/2009 - 04:06:38 ---A- . (.Atheros Communications, Inc. - Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20.) -- C:\Windows\system32\drivers\L1E62x86.sys [48640] O58 - SDL:[MD5.EB119A53CCF2ACC000AC71B065B78FEF] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [95824] O58 - SDL:[MD5.8ADE1C877256A22E49B75D1CC9161F9C] - 14/07/2009 - 02:20:37 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [89168] O58 - SDL:[MD5.DC9DC3D3DAA0E276FD2EC262E38B11E9] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas2.sys [54864] O58 - SDL:[MD5.0A036C7D7CAB643A7F07135AC47E0524] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [96848] O58 - SDL:[MD5.64BC29C3A0388BFC580BB8B1346F7659] - 03/02/2007 - 10:32:36 ---A- . (.Logitech Inc. - USB Statistic Driver.) -- C:\Windows\system32\drivers\LVUSBSta.sys [41504] O58 - SDL:[MD5.B7CA8CC3F978201856B6AB82F40953C3] - 10/12/2011 - 15:24:06 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys [20464] O58 - SDL:[MD5.0DB7527DB188C7D967A37BB51BBF3963] - 01/03/2012 - 14:43:07 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbamswissarmy.sys [40776] O58 - SDL:[MD5.0FFF5B045293002AB38EB1FD1FC2FB74] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7 for x86.) -- C:\Windows\system32\drivers\megasas.sys [30800] O58 - SDL:[MD5.DCBAB2920C75F390CAF1D29F675D03D6] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys [235584] O58 - SDL:[MD5.1D85C4B390B0EE09C7A46B91EFB2C097] - 14/07/2009 - 02:20:44 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [44624] O58 - SDL:[MD5.3D7FB57354703809B5F0C23287FAC1D6] - 17/01/2012 - 13:45:56 ---A- . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) -- C:\Windows\system32\drivers\nvhda32v.sys [148800] O58 - SDL:[MD5.F452E6AD3EDA2852F44BE492E283C40F] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 295.73.) -- C:\Windows\system32\drivers\nvlddmkm.sys [10816832] O58 - SDL:[MD5.B3E25EE28883877076E0E1FF877D02E0] - 11/03/2011 - 06:39:00 ---A- . (.NVIDIA Corporation - NVIDIA® nForce RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [117120] O58 - SDL:[MD5.4380E59A170D88C4F1022EFF6719A8A4] - 11/03/2011 - 06:39:00 ---A- . (.NVIDIA Corporation - NVIDIA® nForce Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [143744] O58 - SDL:[MD5.8BB94087CEF0256F5EAD973D7524BF58] - 29/12/2011 - 18:17:23 ---A- . (...) -- C:\Windows\system32\drivers\PnkBstrK.sys [22328] O58 - SDL:[MD5.AB95ECF1F6659A60DDC166D8315B0751] - 14/07/2009 - 02:19:04 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [1383488] O58 - SDL:[MD5.B4DD51DD25182244B86737DC51AF2270] - 14/07/2009 - 02:19:04 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [106064] O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/07/2009 - 21:50:20 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys [20480] O58 - SDL:[MD5.A9F0486851BECB6DDA1D89D381E71055] - 14/07/2009 - 02:19:04 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\system32\drivers\sisraid2.sys [40016] O58 - SDL:[MD5.3727097B55738E2F554972C3BE5BC1AA] - 14/07/2009 - 02:19:04 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys [77888] O58 - SDL:[MD5.5A293729E1F9FCE3A2106D1F5DC5E98A] - 08/03/2010 - 12:59:14 ---A- . (.Symantec Corporation - Symantec AutoProtect.) -- C:\Windows\system32\drivers\srtsp.sys [283184] O58 - SDL:[MD5.0DDB7FBA32BE09D8057063C0CEE24137] - 08/03/2010 - 12:59:14 ---A- . (.Symantec Corporation - Symantec AutoProtect.) -- C:\Windows\system32\drivers\srtspl.sys [320944] O58 - SDL:[MD5.A99719DFB61B61AA5026341BBB733C0A] - 08/03/2010 - 12:59:14 ---A- . (.Symantec Corporation - Symantec AutoProtect.) -- C:\Windows\system32\drivers\srtspx.sys [43696] O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 14/07/2009 - 02:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\system32\drivers\stexstor.sys [21072] O58 - SDL:[MD5.51B57CDA977170AC608D839DBFA1D3EE] - 03/09/2009 - 16:03:48 ---A- . (.Symantec Corporation - DNS Filter Driver.) -- C:\Windows\system32\drivers\symdns.sys [12720] O58 - SDL:[MD5.A54FF04BD6E75DC4D8CB6F3E352635E0] - 24/02/2011 - 19:29:35 ---A- . (.Symantec Corporation - Symantec Event Library.) -- C:\Windows\system32\drivers\SYMEVENT.SYS [124976] O58 - SDL:[MD5.A131D8360B01044517AA44529E2137D6] - 03/09/2009 - 16:03:48 ---A- . (.Symantec Corporation - Firewall Filter Driver.) -- C:\Windows\system32\drivers\symfw.sys [145968] O58 - SDL:[MD5.2B77868F02DAE02103380B824431B798] - 03/09/2009 - 16:03:48 ---A- . (.Symantec Corporation - IDS Filter Driver.) -- C:\Windows\system32\drivers\symids.sys [39856] O58 - SDL:[MD5.7D3ADDFE63E5227BD2DBD5692BAFB688] - 03/09/2009 - 16:03:52 ---A- . (.Symantec Corporation - NDIS Filter Driver.) -- C:\Windows\system32\drivers\symndisv.sys [38448] O58 - SDL:[MD5.394B2368212114D538316812AF60FDDD] - 03/09/2009 - 16:03:48 ---A- . (.Symantec Corporation - Redirector Filter Driver.) -- C:\Windows\system32\drivers\symredrv.sys [26416] O58 - SDL:[MD5.D46676BB414C7531BDFFE637A33F5033] - 03/09/2009 - 16:03:48 ---A- . (.Symantec Corporation - Network Dispatch Driver.) -- C:\Windows\system32\drivers\symtdi.sys [188080] O58 - SDL:[MD5.94D73B62E458FB56C9CE60AA96D914F9] - 09/08/2009 - 22:25:56 ---A- . (.Elaborate Bytes AG - VirtualCloneCD Driver.) -- C:\Windows\system32\drivers\VClone.sys [29696] O58 - SDL:[MD5.E43574F6A56A0EE11809B48C09E4FD3C] - 14/07/2009 - 02:19:10 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys [16976] O58 - SDL:[MD5.9DFA0CC2F8855A04816729651175B631] - 14/07/2009 - 02:19:11 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys [141904] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\system32\ANSI.SYS [9029] O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 22:40:44 ---A- . (...) -- C:\Windows\system32\country.sys [27097] O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 22:40:40 ---A- . (...) -- C:\Windows\system32\HIMEM.SYS [4768] O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\system32\KEY01.SYS [42809] O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\system32\KEYBOARD.SYS [42537] O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 22:40:23 ---A- . (...) -- C:\Windows\system32\NTDOS.SYS [27866] O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 22:40:31 ---A- . (...) -- C:\Windows\system32\NTDOS404.SYS [29146] O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 22:40:35 ---A- . (...) -- C:\Windows\system32\NTDOS411.SYS [29370] O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 22:40:39 ---A- . (...) -- C:\Windows\system32\NTDOS412.SYS [29274] O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 22:40:27 ---A- . (...) -- C:\Windows\system32\NTDOS804.SYS [29146] O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 22:40:11 ---A- . (...) -- C:\Windows\system32\NTIO.SYS [33952] O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 22:40:15 ---A- . (...) -- C:\Windows\system32\NTIO404.SYS [34672] O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 22:40:17 ---A- . (...) -- C:\Windows\system32\NTIO411.SYS [35776] O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 22:40:19 ---A- . (...) -- C:\Windows\system32\NTIO412.SYS [35536] O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 22:40:13 ---A- . (...) -- C:\Windows\system32\NTIO804.SYS [34672] ~ Scan Drivers in 00mn 02s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC:Last File Created 01/03/2012 - 11:30:42 ---A- C:\Users\CELSO\AppData\Local\Temp\VBE\MSForms.exd [147284] O61 - LFC:Last File Created 01/03/2012 - 11:31:04 ---A- C:\Users\CELSO\AppData\Roaming\Microsoft\Office\VB12.pip [144] O61 - LFC:Last File Created 01/03/2012 - 11:35:23 ---A- C:\Users\CELSO\AppData\Local\Symantec\Symantec Endpoint Protection\Logs\03012012.Log [12633729] O61 - LFC:Last File Created 01/03/2012 - 12:03:58 ---A- C:\Users\CELSO\AppData\Roaming\Microsoft\Office\Recent\Bureau.LNK [869] O61 - LFC:Last File Created 01/03/2012 - 12:03:58 ---A- C:\Users\CELSO\AppData\Roaming\Microsoft\Office\Recent\analyse symantec.csv.LNK [1046] O61 - LFC:Last File Created 01/03/2012 - 12:04:08 ---A- C:\Users\CELSO\AppData\Roaming\Microsoft\Office\Excel12.pip [1548] O61 - LFC:Last File Created 01/03/2012 - 12:10:51 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\6PcbXvOYPGrYpF1J8uz+rIO5qJ8= [31583] O61 - LFC:Last File Created 01/03/2012 - 12:33:18 ---A- C:\Users\All Users\Symantec\LiveUpdate\Downloads\1330588303jtun_nav2k8en120229002.m25 [760506] O61 - LFC:Last File Created 01/03/2012 - 12:33:18 ---A- C:\Users\All Users\Symantec\LiveUpdate\Downloads\sesc$20virus$20definitions$20win32$20v11_microdefsb.curdefs_symalllanguages_livetri.zip [3743] O61 - LFC:Last File Created 01/03/2012 - 12:33:30 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\definfo.dat [34] O61 - LFC:Last File Created 01/03/2012 - 12:33:39 ---A- C:\Users\All Users\Symantec\LiveUpdate\3.Product.Inventory.LiveUpdate [3040] O61 - LFC:Last File Created 01/03/2012 - 12:33:39 R--A- C:\Users\All Users\Symantec\LiveUpdate\3.Settings.LiveUpdate [510528] O61 - LFC:Last File Created 01/03/2012 - 12:33:40 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\usage.dat [54] O61 - LFC:Last File Created 01/03/2012 - 12:34:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\umcat_01.db [1312051] O61 - LFC:Last File Created 01/03/2012 - 12:34:04 R---- C:\Users\All Users\Symantec\LiveUpdate\Product.Inventory.LastGood.LiveUpdate [2992] O61 - LFC:Last File Created 01/03/2012 - 12:34:05 ---A- C:\Users\All Users\Symantec\LiveUpdate\2.Product.Inventory.LiveUpdate [2992] O61 - LFC:Last File Created 01/03/2012 - 12:34:05 R--A- C:\Users\All Users\Symantec\LiveUpdate\2.Settings.LiveUpdate [510528] O61 - LFC:Last File Created 01/03/2012 - 12:39:52 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\CQwZgLaSjnb0aSgnte0M7pXE7Cc= [4248] O61 - LFC:Last File Created 01/03/2012 - 12:51:01 ---A- C:\Users\CELSO\Downloads\ZHPDiag2.exe [3903203] O61 - LFC:Last File Created 01/03/2012 - 13:13:01 ---A- C:\Users\CELSO\AppData\Local\Windows Live\uxcore_WindowsLivePhotoViewer_00.etl [8192] O61 - LFC:Last File Created 01/03/2012 - 13:27:24 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\ErrorResponse.xml [2782] O61 - LFC:Last File Created 01/03/2012 - 13:29:41 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\vscanmsx.dat [2072] O61 - LFC:Last File Created 01/03/2012 - 13:41:14 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\D2Fs2FP9edNibi2FUnU68QJp2FHDruQ= [114017] O61 - LFC:Last File Created 01/03/2012 - 14:02:42 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\l2FYx9OQxlMWS5U0Vwd3u71EzGdU= [21680] O61 - LFC:Last File Created 01/03/2012 - 14:08:09 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\O6Zr0QCai9jdLxr60HNoo+ILm2F4= [1648] O61 - LFC:Last File Created 01/03/2012 - 14:11:59 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\OtEP2PNqnqlqG8huXJcuw81r13U= [23008] O61 - LFC:Last File Created 01/03/2012 - 14:12:43 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\1937460202.data [761] O61 - LFC:Last File Created 01/03/2012 - 14:12:43 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\5135358950.data [778] O61 - LFC:Last File Created 01/03/2012 - 14:12:43 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\5135358950.quar [131072] O61 - LFC:Last File Created 01/03/2012 - 14:12:43 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\8691035605.data [769] O61 - LFC:Last File Created 01/03/2012 - 14:12:43 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\8691035605.quar [98304] O61 - LFC:Last File Created 01/03/2012 - 14:12:44 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\0033104322.data [763] O61 - LFC:Last File Created 01/03/2012 - 14:12:44 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\0033104322.quar [142336] O61 - LFC:Last File Created 01/03/2012 - 14:12:44 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\0664123904.data [771] O61 - LFC:Last File Created 01/03/2012 - 14:12:44 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\0664123904.quar [98304] O61 - LFC:Last File Created 01/03/2012 - 14:12:44 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\1937460202.quar [98304] O61 - LFC:Last File Created 01/03/2012 - 14:12:44 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\2298142624.data [768] O61 - LFC:Last File Created 01/03/2012 - 14:12:44 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\2298142624.quar [137728] O61 - LFC:Last File Created 01/03/2012 - 14:12:44 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\8163806437.data [747] O61 - LFC:Last File Created 01/03/2012 - 14:12:44 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\9711662127.data [766] O61 - LFC:Last File Created 01/03/2012 - 14:12:44 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\9711662127.quar [98304] O61 - LFC:Last File Created 01/03/2012 - 14:12:45 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\2255608089.data [735] O61 - LFC:Last File Created 01/03/2012 - 14:12:45 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\2255608089.quar [98304] O61 - LFC:Last File Created 01/03/2012 - 14:12:45 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\6654799231.data [732] O61 - LFC:Last File Created 01/03/2012 - 14:12:45 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\8036900737.data [737] O61 - LFC:Last File Created 01/03/2012 - 14:12:45 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\8036900737.quar [137728] O61 - LFC:Last File Created 01/03/2012 - 14:12:45 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\8163806437.quar [131072] O61 - LFC:Last File Created 01/03/2012 - 14:12:45 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\8390609058.data [740] O61 - LFC:Last File Created 01/03/2012 - 14:12:45 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\8390609058.quar [98304] O61 - LFC:Last File Created 01/03/2012 - 14:12:45 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\9502101383.data [730] O61 - LFC:Last File Created 01/03/2012 - 14:12:45 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\9502101383.quar [98304] O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\1617154171.data [741] O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\1617154171.quar [98304] O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\2950400291.data [749] O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\2950400291.quar [98304] O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\3333145503.data [743] O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\3333145503.quar [142336] O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\4142721184.data [748] O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\4142721184.quar [137728] O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\5836691500.data [758] O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\5836691500.quar [131072] O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\6654799231.quar [142336] O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\6790898436.data [746] O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\6790898436.quar [98304] O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\9081189669.data [751] O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\9081189669.quar [98304] O61 - LFC:Last File Created 01/03/2012 - 14:12:49 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2012-03-01 (12-49-21).txt [7596] O61 - LFC:Last File Created 01/03/2012 - 14:13:02 ---A- C:\Users\CELSO\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt00.sqm [664] O61 - LFC:Last File Created 01/03/2012 - 14:13:03 ---A- C:\Users\CELSO\AppData\Local\Windows Live\uxcore_msnmsgr_00.etl [4096] O61 - LFC:Last File Created 01/03/2012 - 14:13:45 ---A- C:\Users\All Users\Symantec\Common Client\settings.bak [215060] O61 - LFC:Last File Created 01/03/2012 - 14:13:45 ---A- C:\Users\All Users\Symantec\Common Client\settings.dat [215060] O61 - LFC:Last File Created 01/03/2012 - 14:13:49 ---A- C:\Users\All Users\NVIDIA\Updatus\updtConfig.xml [2390] O61 - LFC:Last File Created 01/03/2012 - 14:13:54 ---A- C:\Users\All Users\Symantec\SavSubEng\submissions.idx [1940144] O61 - LFC:Last File Created 01/03/2012 - 14:16:13 ---A- C:\Users\All Users\NVIDIA\Resource.old [1139961] O61 - LFC:Last File Created 01/03/2012 - 14:16:56 R--A- C:\Users\All Users\Symantec\LiveUpdate\1.Settings.LiveUpdate [510528] O61 - LFC:Last File Created 01/03/2012 - 14:16:57 ---A- C:\Users\All Users\Symantec\LiveUpdate\1.Product.Inventory.LiveUpdate [2992] O61 - LFC:Last File Created 01/03/2012 - 14:18:56 ---A- C:\Users\All Users\NVIDIA\Updatus\updtclient.log.bak [131] O61 - LFC:Last File Created 01/03/2012 - 14:35:52 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\database.conf [432] O61 - LFC:Last File Created 01/03/2012 - 14:35:52 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref [6531208] O61 - LFC:Last File Created 01/03/2012 - 14:43:10 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\local.conf [757] O61 - LFC:Last File Created 01/03/2012 - 14:43:10 ---A- C:\Users\CELSO\AppData\Local\Temp\~DF5CF3D3764E743E9E.TMP [180224] O61 - LFC:Last File Created 01/03/2012 - 15:54:23 ---A- C:\Users\All Users\NVIDIA\Resource.dat [1139961] O61 - LFC:Last File Created 01/03/2012 - 15:55:11 R---- C:\Users\All Users\Symantec\LiveUpdate\Settings.LiveUpdate [510528] O61 - LFC:Last File Created 01/03/2012 - 15:55:12 ---A- C:\Users\All Users\Symantec\LiveUpdate\Product.Inventory.LiveUpdate [2992] O61 - LFC:Last File Created 01/03/2012 - 15:55:17 ---A- C:\Users\All Users\Symantec\LiveUpdate\Log.LiveUpdate [4058241] O61 - LFC:Last File Created 01/03/2012 - 15:55:33 ---A- C:\Users\All Users\Symantec\Symantec Endpoint Protection\Logs\03012012.Log [12015454] O61 - LFC:Last File Created 01/03/2012 - 15:57:02 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-2012-03-01.txt [2656] O61 - LFC:Last File Created 01/03/2012 - 15:57:04 ---A- C:\Users\All Users\NVIDIA\Updatus\journalBS.jour.dat [0] O61 - LFC:Last File Created 01/03/2012 - 23:59:59 ---A- C:\Users\All Users\Symantec\Symantec Endpoint Protection\Logs\02292012.Log [4263676] O61 - LFC:Last File Created 01/03/2012 - 23:59:59 ---A- C:\Users\CELSO\AppData\Local\Symantec\Symantec Endpoint Protection\Logs\02292012.Log [4261261] O61 - LFC:Last File Created 27/02/2012 - 00:36:57 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\EH2c3YNpItgAvkVJFx+swrz9tqQ= [22245] O61 - LFC:Last File Created 27/02/2012 - 12:34:23 ---A- C:\Users\All Users\Symantec\LiveUpdate\Downloads\1330305278jtun_nav2k8en120225008.m25 [665572] O61 - LFC:Last File Created 27/02/2012 - 13:40:30 ---A- C:\Users\CELSO\AppData\Local\Temp\4675724.od [134] O61 - LFC:Last File Created 27/02/2012 - 13:40:30 ---A- C:\Users\CELSO\AppData\Local\Temp\CVR588C.tmp.cvr [0] O61 - LFC:Last File Created 27/02/2012 - 13:40:43 ---A- C:\Users\CELSO\AppData\Roaming\Microsoft\Outlook\Outlook.NK2 [30607] O61 - LFC:Last File Created 27/02/2012 - 13:47:01 ---A- C:\Users\CELSO\AppData\Local\Temp\rpt-1.htm [360451] O61 - LFC:Last File Created 27/02/2012 - 14:07:12 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DataStore\40E22BD7-489A-4A86-A25B-67479DF899EF.SNAG [36888] O61 - LFC:Last File Created 27/02/2012 - 14:11:44 ---A- C:\Users\All Users\Symantec\Symantec Endpoint Protection\Logs\02272012.Log [975] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\CATALOG.DAT [3714] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\ESRDEF.BIN [7220045] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\TCDEFS.DAT [27565794] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\TCSCAN7.DAT [23983593] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\TCSCAN8.DAT [179342] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\TCSCAN9.DAT [695979] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\TINF.DAT [453] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\TINFL.DAT [1957] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\TSCAN1.DAT [74646] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\V.GRD [5257] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\V.SIG [2609] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\V1.SIG [2266] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\VIRSCAN.INF [106244] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\VIRSCAN1.DAT [1068152] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\VIRSCAN2.DAT [574728] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\VIRSCAN3.DAT [158096] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\VIRSCAN4.DAT [320439] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\VIRSCAN5.DAT [16242365] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\VIRSCAN6.DAT [399455] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\VIRSCAN7.DAT [239182097] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\VIRSCAN8.DAT [1022585] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\VIRSCAN9.DAT [6610224] O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\WHATSNEW.TXT [41437] O61 - LFC:Last File Created 29/02/2012 - 17:52:58 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\Cat.DB [1329804] O61 - LFC:Last File Created 29/02/2012 - 17:54:13 ---A- C:\Users\All Users\Symantec\LiveUpdate\10.Product.Inventory.LiveUpdate [3040] O61 - LFC:Last File Created 29/02/2012 - 17:54:13 R--A- C:\Users\All Users\Symantec\LiveUpdate\10.Settings.LiveUpdate [509141] O61 - LFC:Last File Created 29/02/2012 - 17:56:37 ---A- C:\Users\CELSO\Documents\TmForever\Config\blacklist.txt [120] O61 - LFC:Last File Created 29/02/2012 - 17:56:37 ---A- C:\Users\CELSO\Documents\TmForever\Config\checksum.txt [363135] O61 - LFC:Last File Created 29/02/2012 - 17:56:37 ---A- C:\Users\CELSO\Documents\TmForever\Config\guestlist.txt [119] O61 - LFC:Last File Created 29/02/2012 - 19:32:42 ---A- C:\Users\All Users\Symantec\LiveUpdate\9.Product.Inventory.LiveUpdate [3040] O61 - LFC:Last File Created 29/02/2012 - 19:32:42 R--A- C:\Users\All Users\Symantec\LiveUpdate\9.Settings.LiveUpdate [509141] O61 - LFC:Last File Created 29/02/2012 - 19:42:40 ---A- C:\Users\All Users\Symantec\LiveUpdate\Downloads\1330541382jtun_nav2k8en120226016.m25 [1987680] O61 - LFC:Last File Created 29/02/2012 - 19:42:54 ---A- C:\Users\All Users\Symantec\LiveUpdate\8.Product.Inventory.LiveUpdate [3040] O61 - LFC:Last File Created 29/02/2012 - 19:42:54 R--A- C:\Users\All Users\Symantec\LiveUpdate\8.Settings.LiveUpdate [509835] O61 - LFC:Last File Created 29/02/2012 - 20:41:06 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\Ko5aPxTa5w1nO09UWz1xcIz5Vjg= [27779] O61 - LFC:Last File Created 29/02/2012 - 20:45:36 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\chats\NE1JVU9BeXFyWjI2YUhzSllvWGhjNXU2OGZJPQ==\channel.txt [231] O61 - LFC:Last File Created 29/02/2012 - 20:45:39 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\NE1JVU9BeXFyWjI2YUhzSllvWGhjNXU2OGZJPQ==\channels\cache.dat [4] O61 - LFC:Last File Created 29/02/2012 - 20:45:39 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\NE1JVU9BeXFyWjI2YUhzSllvWGhjNXU2OGZJPQ==\perm.dat [79438] O61 - LFC:Last File Created 29/02/2012 - 20:45:45 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\chats\NE1JVU9BeXFyWjI2YUhzSllvWGhjNXU2OGZJPQ==\channel.html [1059] O61 - LFC:Last File Created 29/02/2012 - 20:45:47 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\N0FqWUdpRzJzOVdhSWR1Mi83OEVtek5DcTU4PQ==\channels\cache.dat [4] O61 - LFC:Last File Created 29/02/2012 - 20:45:47 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\N0FqWUdpRzJzOVdhSWR1Mi83OEVtek5DcTU4PQ==\perm.dat [79436] O61 - LFC:Last File Created 29/02/2012 - 20:49:07 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\ts3clientui_qt.secrets.conf [1198] O61 - LFC:Last File Created 29/02/2012 - 20:49:10 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\V1VVY1dkVmtBNW0rM0p2ZENkQVNwZnVqL0pZPQ==\icons\dummy.png [109] O61 - LFC:Last File Created 29/02/2012 - 20:49:10 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\remote\downloads.csil.fr\manager\teamspeak\customers-banners\510-213.251.151.138-9509.6b04c2b318b48e6f1e590825bdc9714234ac41f1.29.02.2012.21.33.54.jpg [42922] O61 - LFC:Last File Created 29/02/2012 - 20:49:10 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\chats\N0FqWUdpRzJzOVdhSWR1Mi83OEVtek5DcTU4PQ==\channel.html [71187] O61 - LFC:Last File Created 29/02/2012 - 20:49:24 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\chats\V1VVY1dkVmtBNW0rM0p2ZENkQVNwZnVqL0pZPQ==\channel.html [194] O61 - LFC:Last File Created 29/02/2012 - 20:58:28 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\umcat_02.db [1308039] O61 - LFC:Last File Created 29/02/2012 - 20:58:49 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\V1VVY1dkVmtBNW0rM0p2ZENkQVNwZnVqL0pZPQ==\clients\avatar_ljedojdaaaeeidbmhnjokpfpibgmemaacmlcjaaf [19959] O61 - LFC:Last File Created 29/02/2012 - 20:59:01 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\V1VVY1dkVmtBNW0rM0p2ZENkQVNwZnVqL0pZPQ==\clients\avatar_dobmnnckfihhhjnnengekhjonmipfkmcnahkcggl [11057] O61 - LFC:Last File Created 29/02/2012 - 20:59:19 ---A- C:\Users\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F800000\4FCE8397.VBN [79903] O61 - LFC:Last File Created 29/02/2012 - 20:59:24 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\V1VVY1dkVmtBNW0rM0p2ZENkQVNwZnVqL0pZPQ==\clients\avatar_kjbkpaccmbblhidcainhoblifiliaocnjfakiden [13969] O61 - LFC:Last File Created 29/02/2012 - 20:59:26 ---A- C:\Users\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F800000.VBN [7531] O61 - LFC:Last File Created 29/02/2012 - 21:00:57 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\V1VVY1dkVmtBNW0rM0p2ZENkQVNwZnVqL0pZPQ==\channels\cache.dat [4] O61 - LFC:Last File Created 29/02/2012 - 21:00:57 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\V1VVY1dkVmtBNW0rM0p2ZENkQVNwZnVqL0pZPQ==\perm.dat [79438] O61 - LFC:Last File Created 29/02/2012 - 21:00:58 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\resolved.dat [112] O61 - LFC:Last File Created 29/02/2012 - 21:00:58 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\subscribemode.dat [90] O61 - LFC:Last File Created 29/02/2012 - 21:00:59 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\chats\NE1JVU9BeXFyWjI2YUhzSllvWGhjNXU2OGZJPQ==\server.html [4134] O61 - LFC:Last File Created 29/02/2012 - 21:00:59 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\ts3clientui_qt.conf [4828] O61 - LFC:Last File Created 29/02/2012 - 21:05:56 ---A- C:\Users\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F800002.VBN [3582140] O61 - LFC:Last File Created 29/02/2012 - 21:43:19 ---A- C:\Users\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F800003.VBN [3582140] O61 - LFC:Last File Created 29/02/2012 - 21:48:01 ---A- C:\Users\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F800004.VBN [1454589] O61 - LFC:Last File Created 29/02/2012 - 21:48:01 ---A- C:\Users\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F800005.VBN [1453597] O61 - LFC:Last File Created 29/02/2012 - 21:50:37 ---A- C:\Users\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F800006.VBN [3582140] O61 - LFC:Last File Created 29/02/2012 - 22:02:16 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DataStore\AppIcons\SavUI.exe.Symantec AntiVirus.Symantec Corporation.11.0.6070.422.ico [107710] O61 - LFC:Last File Created 29/02/2012 - 22:02:16 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DataStore\AppIcons\SymCorpUI.exe.Symantec AntiVirus.Symantec Corporation.11.0.6070.422.ico [107710] O61 - LFC:Last File Created 29/02/2012 - 22:02:16 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DataStore\AppIcons\explorer.exe.Explorateur Windows.Microsoft Corporation.6.1.7601.17567.ico [187373] O61 - LFC:Last File Created 29/02/2012 - 22:02:16 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DataStore\AppIcons\firefox.exe.Firefox.Mozilla Corporation.10.0.2.0.ico [295606] O61 - LFC:Last File Created 29/02/2012 - 22:02:16 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DataStore\AppIcons\msnmsgr.exe.Windows Live Messenger.Microsoft Corporation.15.4.3538.513.ico [80395] O61 - LFC:Last File Created 29/02/2012 - 22:08:23 ---A- C:\Users\All Users\Symantec\LiveUpdate\7.Product.Inventory.LiveUpdate [2992] O61 - LFC:Last File Created 29/02/2012 - 22:08:23 R--A- C:\Users\All Users\Symantec\LiveUpdate\7.Settings.LiveUpdate [509835] O61 - LFC:Last File Created 29/02/2012 - 22:08:43 ---A- C:\Users\All Users\Symantec\LiveUpdate\6.Product.Inventory.LiveUpdate [2992] O61 - LFC:Last File Created 29/02/2012 - 22:08:43 R--A- C:\Users\All Users\Symantec\LiveUpdate\6.Settings.LiveUpdate [509835] O61 - LFC:Last File Created 29/02/2012 - 22:09:27 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DataStore\SnagIt900.sdf [479232] O61 - LFC:Last File Created 29/02/2012 - 22:23:17 ---A- C:\Users\CELSO\AppData\Local\Temp\~DFD922FE550D133114.TMP [81920] O61 - LFC:Last File Created 29/02/2012 - 22:23:17 ---A- C:\Users\CELSO\AppData\Local\Temp\~DFE0DD2415462B9944.TMP [81920] O61 - LFC:Last File Created 29/02/2012 - 22:23:23 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DrawQuickStyles.xml [74] O61 - LFC:Last File Created 29/02/2012 - 22:23:23 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\ImageQuickStyles.xml [80] O61 - LFC:Last File Created 29/02/2012 - 22:23:23 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\Tray.bin [1474] O61 - LFC:Last File Created 29/02/2012 - 22:26:42 ---A- C:\Users\All Users\Symantec\LiveUpdate\5.Product.Inventory.LiveUpdate [2992] O61 - LFC:Last File Created 29/02/2012 - 22:26:42 R--A- C:\Users\All Users\Symantec\LiveUpdate\5.Settings.LiveUpdate [509835] O61 - LFC:Last File Created 29/02/2012 - 22:26:49 ---A- C:\Users\CELSO\AppData\Local\Temp\9241.dir\InstallFlashPlayer.exe [3765920] O61 - LFC:Last File Created 29/02/2012 - 22:29:58 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\link.txt [115] O61 - LFC:Last File Created 29/02/2012 - 22:29:58 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe [9502424] O61 - LFC:Last File Created 29/02/2012 - 22:29:58 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\news.txt [78] O61 - LFC:Last File Created 29/02/2012 - 22:33:23 R--A- C:\Users\All Users\Symantec\LiveUpdate\4.Settings.LiveUpdate [509835] O61 - LFC:Last File Created 29/02/2012 - 22:33:25 ---A- C:\Users\All Users\Symantec\LiveUpdate\4.Product.Inventory.LiveUpdate [2992] O61 - LFC:Last File Created 29/02/2012 - 22:37:50 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\exclusions.dat [2] O61 - LFC:Last File Created 29/02/2012 - 22:37:56 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\manifest.conf [514] O61 - LFC:Last File Created 29/02/2012 - 22:37:56 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\news.conf [282] O61 - LFC:Last File Created 29/02/2012 - 22:43:56 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\5542903943.data [668] O61 - LFC:Last File Created 29/02/2012 - 22:43:57 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\5542903943.quar [98304] O61 - LFC:Last File Created 29/02/2012 - 22:47:49 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\kcFudxBbsirDWQg8GXmnc01ZUT4= [21877] O61 - LFC:Last File Created 29/02/2012 - 23:57:24 ---A- C:\Users\CELSO\Downloads\adwcleaner.exe [602051] O61 - LFC:Last File Created 29/02/2012 - 23:57:47 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-2012-02-29.txt [1478] O61 - LFC:Last File Created 30/12/1899 - 12:03:58 --H-- C:\Users\CELSO\AppData\Roaming\Microsoft\Office\Recent\index.dat [61] O61 - LFC:Last File Created 30/12/1899 - 14:13:20 --HA- C:\Users\CELSO\AppData\Local\IconCache.db [2587061] ~ Scan Files in 10mn 03s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 1.28 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ Scan ADS in 00mn 00s ---\\ Liste des services Legacy (O64) O64 - Services: CurCS - 13/02/2012 - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (eeCtrl) .(.Symantec Corporation - Symantec Eraser Control Driver.) - LEGACY_EECTRL O64 - Services: CurCS - 17/12/2009 - C:\Windows\system32\Drivers\ElbyCDIO.sys (ElbyCDIO) .(.Elaborate Bytes AG - ElbyCD Windows NT/2000/XP I/O driver.) - LEGACY_ELBYCDIO O64 - Services: CurCS - 13/02/2012 - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (EraserUtilRebootDrv) .(.Symantec Corporation - Symantec Eraser Utility Driver.) - LEGACY_ERASERUTILREBOOTDRV O64 - Services: CurCS - 10/12/2011 - C:\Windows\system32\drivers\mbam.sys (MBAMProtector) .(.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) - LEGACY_MBAMPROTECTOR O64 - Services: CurCS - 01/03/2012 - C:\Windows\system32\drivers\mbamswissarmy.sys (MBAMSwissArmy) .(.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) - LEGACY_MBAMSWISSARMY O64 - Services: CurCS - ??\??\???? - C:\Windows\system32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV O64 - Services: CurCS - 18/12/2009 - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (SPBBCDrv) .(.Symantec Corporation - SPBBC Driver.) - LEGACY_SPBBCDRV O64 - Services: CurCS - 08/03/2010 - C:\Windows\system32\Drivers\SRTSP.sys (SRTSP) .(.Symantec Corporation - Symantec AutoProtect.) - LEGACY_SRTSP O64 - Services: CurCS - 08/03/2010 - C:\Windows\system32\Drivers\SRTSPX.sys (SRTSPX) .(.Symantec Corporation - Symantec AutoProtect.) - LEGACY_SRTSPX O64 - Services: CurCS - 24/02/2011 - C:\Windows\system32\Drivers\SYMEVENT.sys (SymEvent) .(.Symantec Corporation - Symantec Event Library.) - LEGACY_SYMEVENT O64 - Services: CurCS - 03/09/2009 - C:\Windows\system32\Drivers\SYMREDRV.sys (SYMREDRV) .(.Symantec Corporation - Redirector Filter Driver.) - LEGACY_SYMREDRV O64 - Services: CurCS - 03/09/2009 - C:\Windows\system32\Drivers\SYMTDI.sys (SYMTDI) .(.Symantec Corporation - Network Dispatch Driver.) - LEGACY_SYMTDI O64 - Services: CurCS - 15/12/2009 - C:\Program Files\CyberLink\PowerDVD9\NavFilter\000.fcl ({B154377D-700F-42cc-9474-23858FBDF4BD}) .(.CyberLink Corp. - Pas de description.) - LEGACY_{B154377D-700F-42CC-9474-23858FBDF4BD} ~ Scan Services in 00mn 15s ---\\ Liste des fichiers non signés (O65) (None) ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\system32\control.exe O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\system32\eventvwr.exe O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\system32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\system32\control.exe O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> <evtfile>[HKCR\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\system32\eventvwr.exe O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\system32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe ~ Scan Keys in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe ~ Scan Keys in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: C:\Users\CELSO\AppData\Roaming\Mozilla\Firefox\Profiles\y5f7xqok.default\searchplugins\askcom.xml O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - Bing O69 - SBI: SearchScopes [HKCU] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - (Ask Search) - http://websearch.ask.com ~ Scan Keys in 00mn 00s ---\\ Crack & Keygen Files (O82) C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\keygen.exe C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\oodpe_8_5_1932_fra.exe C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen.rar C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\keygen.exe C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\oodpe_8_5_1932_fra.exe C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen.rar F:\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\keygen.exe F:\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\oodpe_8_5_1932_fra.exe F:\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj01.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj02.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj03.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj04.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj05.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj06.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj07.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj08.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj09.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj10.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj11.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj12.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj13.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj14.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj15.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj16.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj17.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj18.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj19.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj20.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj21.zip F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part01.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part02.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part03.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part04.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part05.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part06.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part07.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part08.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part09.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part10.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part11.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part12.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part13.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part14.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part15.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part16.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part17.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part18.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part19.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part20.rar F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part21.rar F:\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\keygen.exe F:\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\oodpe_8_5_1932_fra.exe F:\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen.rar ~ Scan Files in 01mn 25s ---\\ Recherche des services démarrés par Svchost (O83) O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Service Expérience d’application.) -- C:\Windows\system32\aelupsvc.dll [62464] O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\system32\certprop.dll [67584] O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\system32\certprop.dll [67584] O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL du service Serveur.) -- C:\Windows\system32\srvsvc.dll [168960] O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Client de stratégie de groupe.) -- C:\Windows\system32\gpsvc.dll [593408] O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extension IKE.) -- C:\Windows\system32\ikeext.dll [674304] O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Service Audio Windows.) -- C:\Windows\system32\Audiosrv.dll [473600] O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gestionnaire de numérotation automatique d’accès distant.) -- C:\Windows\system32\rasauto.dll [90624] O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gestionnaire de connexions d’accès distant.) -- C:\Windows\system32\rasmans.dll [286208] O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gestionnaire d’interface dynamique.) -- C:\Windows\system32\mprdim.dll [75264] O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Service de notification d’événements système (SENS).) -- C:\Windows\system32\sens.dll [49664] O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Composants de l’application d’assistance à Microsoft NAT.) -- C:\Windows\system32\ipnathlp.dll [300544] O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Serveur de téléphonie Microsoft® Windows.) -- C:\Windows\system32\tapisrv.dll [242176] O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gestionnaire des connexions distantes du serveur hôte de session Burea.) -- C:\Windows\system32\termsrv.dll [521216] O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Agent de mise à jour automatique Windows Update.) -- C:\Windows\system32\wuaueng.dll [1914368] O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Service de transfert intelligent en arrière-plan.) -- C:\Windows\system32\qmgr.dll [585728] O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\Windows\system32\shsvcs.dll [328192] O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service offrant une connectivité IPv6 sur un réseau IPv4..) -- C:\Windows\system32\iphlpsvc.dll [499712] O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de service d’ouverture de session secondaire.) -- C:\Windows\system32\seclogon.dll [21504] O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Service Informations d’application.) -- C:\Windows\system32\appinfo.dll [47104] O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Service de découverte iSCSI.) -- C:\Windows\system32\iscsiexe.dll [114688] O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Service Planificateur de classes multimédias.) -- C:\Windows\system32\mmcss.dll [49664] O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Rapports et solutions aux problèmes.) -- C:\Windows\system32\wercplsupport.dll [61440] O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Service EAPHost Microsoft.) -- C:\Windows\system32\eapsvc.dll [98304] O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\system32\profsvc.dll [164352] O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Service du Planificateur de tâches.) -- C:\Windows\system32\schedsvc.dll [750592] O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Service Gestion des clés.) -- C:\Windows\system32\kmsvc.dll [71168] O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Service Configuration des services Bureau à distance.) -- C:\Windows\system32\sessenv.dll [113664] O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\system32\wbem\WMIsvc.dll [168960] O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL du service Explorateur d’ordinateurs.) -- C:\Windows\system32\browser.dll [102400] O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL du service des thèmes Windows Shell.) -- C:\Windows\system32\themeservice.dll [37376] O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Service BDE.) -- C:\Windows\system32\bdesvc.dll [76800] ~ Scan Services in 00mn 00s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.A719B9EE6116B496F4000C0B1311EA13] [sPRF][26/02/2011] (...) -- C:\Users\CELSO\AppData\Roaming\PnkBstrK.sys [22328] [MD5.371D4542D9EC5C1D90809F578D177429] [sPRF][29/02/2012] (...) -- C:\Users\CELSO\Desktop\adwcleaner.exe [602051] [MD5.4D930392BD13F448ED474CE2C41DFADA] [sPRF][03/02/2011] (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller 10.2 r152.) -- C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [2871968] ~ Scan Files in 00mn 00s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "NetPres-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.) O87 - FAEL: "NetPres-Out-TCP-NoScope" |Out - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.) O87 - FAEL: "NetPres-WSD-In-UDP" |In - None - P17 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.) O87 - FAEL: "NetPres-WSD-Out-UDP" |Out - None - P17 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.) O87 - FAEL: "NetPres-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.) O87 - FAEL: "NetPres-Out-TCP" |Out - Public - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.) O87 - FAEL: "{6BEEBFC0-890F-4FE6-95D2-CA3B464DE353}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe (.not file.) O87 - FAEL: "{1BD6DC99-87C4-4937-826B-910BAE2DD02A}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe (.not file.) O87 - FAEL: "{1A15E680-3D45-4FC9-A726-1A974CFE5FF9}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe (.not file.) O87 - FAEL: "{0E87757C-0474-4D04-AC62-54285AFEF89E}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe (.not file.) O87 - FAEL: "{565E73E7-951A-4F8C-B01F-D13CC3A7C4B7}" | In - Private - P6 - TRUE | .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version6\TeamViewer.exe O87 - FAEL: "{05162694-0646-465C-A3A2-F8B381D0353F}" | In - Private - P17 - TRUE | .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version6\TeamViewer.exe O87 - FAEL: "{1AB9F83E-D904-4D7A-B1CB-15DF44FBBFD2}" | In - Private - P6 - TRUE | .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe O87 - FAEL: "{9F679F8F-4057-4EFD-B052-3093E62B57C6}" | In - Private - P17 - TRUE | .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe O87 - FAEL: "{768764A5-EE18-4CF0-A7C2-C06CA2470F4E}" | In - Private - P6 - TRUE | .(.Symantec Corporation - Symantec CMC Smc.) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe O87 - FAEL: "{B39930D3-0685-4B0B-B436-D92E51467FD0}" | In - Private - P17 - TRUE | .(.Symantec Corporation - Symantec CMC Smc.) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe O87 - FAEL: "{D0C64FAF-F625-4A2A-9DA8-0480DF218DAF}" | In - Private - P6 - TRUE | .(.Symantec Corporation - Symantec Network Access Control.) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.exe O87 - FAEL: "{21A47798-3CA9-4853-A8A4-13571D36B9D8}" | In - Private - P17 - TRUE | .(.Symantec Corporation - Symantec Network Access Control.) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.exe O87 - FAEL: "{FF9446F0-997A-4989-8FAE-165400FA773B}" | In - Private - P6 - TRUE | .(.Symantec Corporation - Symantec User Session.) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe O87 - FAEL: "{99B7EAE7-A241-42FE-A376-D00EC6BEC35E}" | In - Private - P17 - TRUE | .(.Symantec Corporation - Symantec User Session.) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe O87 - FAEL: "{6DDFD881-6916-4CAD-928A-CFB6C4C28F8E}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\IncMail.exe (.not file.) O87 - FAEL: "{B2E79365-8139-4ACF-B9AE-816CD7BF2CFD}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\IncMail.exe (.not file.) O87 - FAEL: "{AD6BF7BE-7D0A-4112-9536-DEAD743DD93A}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\ImApp.exe (.not file.) O87 - FAEL: "{E02CD5AE-0A58-4241-9DE2-CC86585E3A32}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\ImApp.exe (.not file.) O87 - FAEL: "{90A8D7F2-D7E0-4D88-88FC-538BEB05D43E}" | In - Private - P6 - TRUE | .(...) -- C:\Program Files\HomePlayer\HomePlayer.exe O87 - FAEL: "{D1641D63-D1D2-4D22-AAAB-E6996B6BBC47}" | In - Private - P17 - TRUE | .(...) -- C:\Program Files\HomePlayer\HomePlayer.exe O87 - FAEL: "{CBD46927-16E3-4645-A333-E3E96ADBF20D}" | In - Private - P6 - TRUE | .(...) -- C:\Program Files\HomePlayer\VLC\vlc.exe O87 - FAEL: "{C463970E-9993-4131-A162-DB36ABC82DE5}" | In - Private - P17 - TRUE | .(...) -- C:\Program Files\HomePlayer\VLC\vlc.exe O87 - FAEL: "{9F525B69-8322-43D5-AB5E-3D926DB5FE19}" | In - None - P17 - TRUE | .(.CyberLink Corp. - CyberLink PowerDVD Cinema Main Program.) -- C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe O87 - FAEL: "{2779ED72-2D8F-458E-A553-532462A26773}" | In - None - P17 - TRUE | .(.CyberLink Corp. - PowerDVD 9.0.) -- C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe O87 - FAEL: "{07DDECF6-849F-4176-A6E7-16D105249038}" | In - Private - P6 - TRUE | .(...) -- C:\Windows\System32\PnkBstrA.exe O87 - FAEL: "{C35DE4CF-48BA-4FAC-AC6D-7FC5A9D31068}" | In - Private - P17 - TRUE | .(...) -- C:\Windows\System32\PnkBstrA.exe O87 - FAEL: "{D063662A-F9C5-4B72-91F6-89FE80620588}" | In - Private - P6 - TRUE | .(...) -- C:\Windows\System32\PnkBstrB.exe O87 - FAEL: "{49A573E0-A040-4386-A288-BA6A270E7775}" | In - Private - P17 - TRUE | .(...) -- C:\Windows\System32\PnkBstrB.exe O87 - FAEL: "{F129F5CC-FD1D-4D97-88D6-27AEC1428462}" | In - Private - P6 - TRUE | .(...) -- C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe O87 - FAEL: "{2736B1FE-2EC8-4A6D-9689-3F53070D4C57}" | In - Private - P17 - TRUE | .(...) -- C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe O87 - FAEL: "TCP Query User{A58B5EAA-3EF6-47B9-8C18-7CFFBC9C96C8}C:\program files\xfire\xfire.exe" | In - Private - P6 - TRUE | .(.Xfire Inc. - Xfire.) -- C:\Program Files\Xfire\Xfire.exe O87 - FAEL: "UDP Query User{5AB11151-291C-4248-825E-AC23CEF8AD9B}C:\program files\xfire\xfire.exe" | In - Private - P17 - TRUE | .(.Xfire Inc. - Xfire.) -- C:\Program Files\Xfire\Xfire.exe O87 - FAEL: "TCP Query User{199EC9F2-7B18-4BC7-8498-4E0B0854367A}C:\program files\tmnationsforever\tmforever.exe" | In - Private - P6 - TRUE | .(...) -- C:\Program Files\TmNationsForever\TmForever.exe O87 - FAEL: "UDP Query User{59FFB152-C260-4FF9-984F-ADB091E925A6}C:\program files\tmnationsforever\tmforever.exe" | In - Private - P17 - TRUE | .(...) -- C:\Program Files\TmNationsForever\TmForever.exe O87 - FAEL: "TCP Query User{927922A5-396E-4280-BFFD-C530A1F34AC0}C:\program files\activision\call of duty 2\cod2mp_s.exe" | In - Private - P6 - TRUE | .(...) -- C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe O87 - FAEL: "UDP Query User{C9A7C4FE-57EB-4D32-945C-7F465208635F}C:\program files\activision\call of duty 2\cod2mp_s.exe" | In - Private - P17 - TRUE | .(...) -- C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe O87 - FAEL: "TCP Query User{8C2CCB46-F6A4-4475-8FEF-E0570A54DCC4}C:\program files\google\google earth\plugin\geplugin.exe" | In - Private - P6 - TRUE | .(.Google - Google Earth.) -- C:\Program Files\Google\Google Earth\plugin\geplugin.exe O87 - FAEL: "UDP Query User{782CF56E-D15C-44DA-96F7-2F3319969315}C:\program files\google\google earth\plugin\geplugin.exe" | In - Private - P17 - TRUE | .(.Google - Google Earth.) -- C:\Program Files\Google\Google Earth\plugin\geplugin.exe O87 - FAEL: "TCP Query User{E90365DB-56C7-408B-A978-E040D9463AA0}C:\program files\maniaplanet\maniaplanet.exe" | In - Private - P6 - TRUE | .(.Nadeo - ManiaPlanet.) -- C:\Program Files\ManiaPlanet\ManiaPlanet.exe O87 - FAEL: "UDP Query User{C40BA7F3-76AE-4350-AA3B-8B9302382B9A}C:\program files\maniaplanet\maniaplanet.exe" | In - Private - P17 - TRUE | .(.Nadeo - ManiaPlanet.) -- C:\Program Files\ManiaPlanet\ManiaPlanet.exe O87 - FAEL: "{CB517CEE-EE2B-4FD8-AB90-821D40EA15FC}" | In - Private - P6 - TRUE | .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe O87 - FAEL: "{20628F0E-FE6A-4BC7-BC7A-0609D0C70DB5}" | In - Private - P17 - TRUE | .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe O87 - FAEL: "{A853B28D-A101-4BE2-9D3A-2278AE00E5F2}" | In - Private - P6 - TRUE | .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe O87 - FAEL: "{A91ACAA4-41F8-4335-8F0B-1DDAAD02A7AF}" | In - Private - P17 - TRUE | .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe O87 - FAEL: "{1FB1CC51-A200-4A1E-AD1B-B8332BE8A238}" | In - None - P17 - TRUE | .(.Skype Limited - Facebook Video Calling.) -- C:\Users\CELSO\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe O87 - FAEL: "{469EE70C-48E3-442E-824B-E93B994E478E}" | In - Private - P6 - FALSE | .(.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O87 - FAEL: "{50002BA1-1F53-4912-A50B-859A2842C1B2}" | In - Private - P17 - FALSE | .(.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O87 - FAEL: "TCP Query User{0D8BB620-31ED-40A2-9352-07C707B29323}C:\program files\tmnationsforever\tmforever.exe" | In - Public - P6 - TRUE | .(...) -- C:\Program Files\TmNationsForever\TmForever.exe O87 - FAEL: "UDP Query User{0865982E-E7D0-4E3A-851E-382BEDD64A2D}C:\program files\tmnationsforever\tmforever.exe" | In - Public - P17 - TRUE | .(...) -- C:\Program Files\TmNationsForever\TmForever.exe ~ Scan Firewall in 00mn 02s ---\\ Scan Additionnel (O88) Database Version : 9066 - (05/02/2012) Clés trouvées (Keys found) : 2 Valeurs trouvées (Values found) : 1 Dossiers trouvés (Folders found) : 4 Fichiers trouvés (Files found) : 0 [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}] =>Toolbar.Agent [HKLM\Software\Xfire\OpenCandy] =>Adware.OpenCandy [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Toolbar.AskSBar C:\Users\CELSO\AppData\Roaming\OpenCandy =>Adware.OpenCandy C:\Users\CELSO\AppData\Local\OpenCandy =>Adware.OpenCandy C:\Users\CELSO\AppData\LocalLow\ShopperReports3 =>Adware.ShopperReports ~ Scan Additionnel in 00mn 05s ---\\ Recherche détournement de DNS routeur (O89) Serveur : google-public-dns-a.google.com Address: 8.8.8.8 Nom : www-cctld.l.google.com Address: 173.194.67.94 Aliases: www.google.fr ~ Scan DNS in 00mn 02s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 03/01/2012 63928 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 25/01/2010 108392 | (ccEvtMgr) . (.Symantec Corporation.) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe SR - | Auto 25/01/2010 108392 | (ccSetMgr) . (.Symantec Corporation.) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe SS - | Auto 30/04/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 30/04/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 17/02/2010 3093880 | (LiveUpdate) . (.Symantec Corporation.) - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.exe SR - | Auto 13/01/2012 652360 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe SR - | Auto 10/02/2012 645440 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe SR - | Auto 10/02/2012 2348352 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SR - | Auto 75136 | (PnkBstrA) . (...) - C:\Windows\System32\PnkBstrA.exe SR - | Auto 16/04/2010 1881368 | (SmcService) . (.Symantec Corporation.) - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe SS - | Disabled 01/04/2010 349512 | (SNAC) . (.Symantec Corporation.) - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.exe SR - | Auto 09/02/2012 382272 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe SR - | Auto 23/04/2010 1831024 | (Symantec AntiVirus) . (.Symantec Corporation.) - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe SR - | Auto 07/12/2010 2228008 | (TeamViewer6) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe SR - | Auto 02/12/2011 2923392 | (TeamViewer7) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe SR - | Auto 14/07/2009 20992 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 15/12/2009 87536 | ({B154377D-700F-42cc-9474-23858FBDF4BD}) . (.CyberLink Corp..) - C:\Program Files\CyberLink\PowerDVD9\NavFilter\000.fcl ~ Scan Services in 00mn 05s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover Run by CELSO at 01/03/2012 16:13:31 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys 1 ntkrnlpa!IofCallDriver[0x8304B52A] -> \Device\Harddisk0\DR0[0x865699E0] 3 CLASSPNP[0x8B78859E] -> ntkrnlpa!IofCallDriver[0x8304B52A] -> [0x860AB918] 5 ACPI[0x8B2943D4] -> ntkrnlpa!IofCallDriver[0x8304B52A] -> \Device\Ide\IdeDeviceP2T0L0-2[0x860D0908] kernel: MBR read successfully user & kernel MBR OK ~ Scan MBR in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by CELSO at 01/03/2012 16:13:33 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ Scan MBR in 00mn 04s End of the scan (1690 lines in 16mn 43s)(54)
  13. rital94
    Malwarebytes Anti-Malware (Essai) 1.60.1.1000 www.malwarebytes.org Version de la base de données: v2012.02.29.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 CELSO :: CELSO-PC [administrateur] Protection: Activé 01/03/2012 12:49:21 mbam-log-2012-03-01 (12-49-21).txt Type d'examen: Examen complet Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 376010 Temps écoulé: 1 heure(s), 12 minute(s), 52 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 20 C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\cdkey-rzr-cod4.exe (Trojan.Agent.CK) -> Mis en quarantaine et supprimé avec succès. C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\changer de voix\KeyGen.exe (RiskWare.Tool.CK) -> Mis en quarantaine et supprimé avec succès. C:\Users\CELSO\Desktop\Sauvegarde\Logiciels 2011 Kevin\Cod4fr\COD4\rzr-cod4.exe (Trojan.Agent.CK) -> Mis en quarantaine et supprimé avec succès. C:\Users\CELSO\Desktop\Sauvegarde\Logiciels 2011 Kevin\Cod4fr\COD4\cod4\rzr-cod4.exe (Trojan.Agent.CK) -> Mis en quarantaine et supprimé avec succès. C:\Users\CELSO\Desktop\Sauvegarde\Logiciels 2011 Kevin\Cod4fr\COD4\cod4\cod4\rzr-cod4.exe (Trojan.Agent.CK) -> Mis en quarantaine et supprimé avec succès. C:\Users\CELSO\Desktop\Sauvegarde\Logiciels 2011 Kevin\PowerDVD v9\CORE10k.EXE (Dont.Steal.Our.Software) -> Mis en quarantaine et supprimé avec succès. C:\Users\CELSO\Desktop\Sauvegarde\Logiciels 2011 Kevin\PowerDVD v9\keygen.exe (Trojan.Dropper.PGen) -> Mis en quarantaine et supprimé avec succès. F:\Logiciel Maintenance & dvd Shrink,\changer de voix\KeyGen.exe (RiskWare.Tool.CK) -> Mis en quarantaine et supprimé avec succès. F:\Logiciels 2011 Kevin\Cod4fr\COD4\rzr-cod4.exe (Trojan.Agent.CK) -> Mis en quarantaine et supprimé avec succès. F:\Logiciels 2011 Kevin\Cod4fr\COD4\cod4\rzr-cod4.exe (Trojan.Agent.CK) -> Mis en quarantaine et supprimé avec succès. F:\Logiciels 2011 Kevin\Cod4fr\COD4\cod4\cod4\rzr-cod4.exe (Trojan.Agent.CK) -> Mis en quarantaine et supprimé avec succès. F:\Logiciels 2011 Kevin\PowerDVD v9\CORE10k.EXE (Dont.Steal.Our.Software) -> Mis en quarantaine et supprimé avec succès. F:\Logiciels 2011 Kevin\PowerDVD v9\keygen.exe (Trojan.Dropper.PGen) -> Mis en quarantaine et supprimé avec succès. F:\Sauvegarde\Logiciel Maintenance & dvd Shrink,\cdkey-rzr-cod4.exe (Trojan.Agent.CK) -> Mis en quarantaine et supprimé avec succès. F:\Sauvegarde\Logiciel Maintenance & dvd Shrink,\changer de voix\KeyGen.exe (RiskWare.Tool.CK) -> Mis en quarantaine et supprimé avec succès. F:\Sauvegarde\Logiciels 2011 Kevin\Cod4fr\COD4\rzr-cod4.exe (Trojan.Agent.CK) -> Mis en quarantaine et supprimé avec succès. F:\Sauvegarde\Logiciels 2011 Kevin\Cod4fr\COD4\cod4\rzr-cod4.exe (Trojan.Agent.CK) -> Mis en quarantaine et supprimé avec succès. F:\Sauvegarde\Logiciels 2011 Kevin\Cod4fr\COD4\cod4\cod4\rzr-cod4.exe (Trojan.Agent.CK) -> Mis en quarantaine et supprimé avec succès. F:\Sauvegarde\Logiciels 2011 Kevin\PowerDVD v9\CORE10k.EXE (Dont.Steal.Our.Software) -> Mis en quarantaine et supprimé avec succès. F:\Sauvegarde\Logiciels 2011 Kevin\PowerDVD v9\keygen.exe (Trojan.Dropper.PGen) -> Mis en quarantaine et supprimé avec succès. (fin) 20:51:49 CELSO MESSAGE Protection started successfully 20:51:52 CELSO MESSAGE IP Protection started successfully /02/29 22:38:20 +0100 CELSO-PC CELSO MESSAGE Starting protection 2012/02/29 22:38:22 +0100 CELSO-PC CELSO MESSAGE Protection started successfully 2012/02/29 22:38:25 +0100 CELSO-PC CELSO MESSAGE Starting IP protection 2012/02/29 22:38:26 +0100 CELSO-PC CELSO MESSAGE IP Protection started successfully 2012/02/29 22:43:56 +0100 CELSO-PC CELSO DETECTION F:\Logiciel Maintenance & dvd Shrink,\cdkey-rzr-cod4.exe Trojan.Agent.CK QUARANTINE 2012/02/29 22:47:26 +0100 CELSO-PC CELSO MESSAGE Executing scheduled update: Daily 2012/02/29 22:47:28 +0100 CELSO-PC CELSO MESSAGE Database already up-to-date 2012/02/29 23:57:47 +0100 CELSO-PC CELSO DETECTION
  14. rital94
    Rapport de ZHPDiag v1.28.32 par Nicolas Coolman, Update du 05/02/2012 Run by CELSO at 01/03/2012 13:14:32 Web site : ZHPDiag Outil de diagnostic Web site : Blog de NicolasCoolman - ZebHelpProcess - Skyrock.com Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601) State : Version à jour. Boot mode: Normal (Normal boot) Logged in as Administrator ---\\ Web Browser MSIE: Internet Explorer v9.0.8112.16421 MFIE: Mozilla Firefox 10.0.2 v10.0.2 (Defaut) ---\\ Processus lancés [MD5.FB9DFE1D04DFA81ABBD8493A52A23773] - (.Symantec Corporation - Symantec CMC SmcGui.) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe [1459528] [PID.2360] [MD5.C687C23E093782DA238F6B972FCB717C] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1820480] [PID.2612] [MD5.F7BA07E85A37CA30FFED726001754951] - (.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe [10871680] [PID.3304] [MD5.BF1FF06F5434AFAEAB6C3279E3BD2250] - (.Symantec Corporation - Symantec User Session.) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115560] [PID.3964] [MD5.F40E80C04475731C6ED5D19C48E45E3C] - (.Elaborate Bytes AG - Virtual CloneDrive Daemon.) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [85160] [PID.3984] [MD5.16E288B32BC5ED1A73D8D266B354AD5F] - (.cyberlink - brs.) -- C:\Program Files\CyberLink\Shared files\brs.exe [75048] [PID.4004] [MD5.60D0647A2DC2D397B84D0AFB0808F85D] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [460872] [PID.1916] [MD5.D9C51528488EA0D98D3C4D02ABD16759] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.5748] [MD5.5AC757AE411CBC603C33C85F81F8657D] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [924632] [PID.4400] [MD5.196F6E8FBC7043A867C8F428E40530E8] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [16856] [PID.5884] [MD5.B8F49232247D0825B2B82E08A9E10753] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [981680] [PID.5524] [MD5.4309B75F125067EF805F3125B01FCC30] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [2210816] [PID.5984] ~ Scan Processes Running in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\CELSO\AppData\Roaming\Mozilla\Firefox\Profiles\y5f7xqok.default\prefs.js M3 - MFPP: Plugins - [CELSO] -- C:\Users\CELSO\AppData\Roaming\Mozilla\Firefox\Profiles\y5f7xqok.default\searchplugins\askcom.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml M0 - MFSP: prefs.js [CELSO - y5f7xqok.default] Google M2 - MFEP: prefs.js [CELSO - y5f7xqok.default\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}] [] Garmin Communicator v4.0.1.0 (.Garmin International.) P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.2.) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.5.9.620.) -- C:\Windows\System32\Adobe\Director\np32dsw.dll P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) -- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_26 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.1.10111.0.) -- C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll P2 - FPN: [HKLM] [@nvidia.com/3DVision] - (.NVIDIA Corporation - NVIDIA 3D Vision plugin for Mozilla browsers.) -- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll P2 - FPN: [HKLM] [@nvidia.com/3DVisionStreaming] - (.NVIDIA Corporation - NVIDIA 3D Vision Streaming plugin for Mozilla browsers.) -- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.2.) -- C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll P2 - FPN: [HKCU] [@Skype Limited.com/Facebook Video Calling Plugin] - (.Skype Limited - Facebook Video Calling Plugin.) -- C:\Users\CELSO\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll ~ Scan Firefox Browser in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Search Microsoft.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\System32\ieframe.dll R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1 ~ Scan IE Browser in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Scan Proxy management in 00mn 00s ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2) F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe ~ Scan Keys in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Scan Hosts File in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} . (.TechSmith Corporation - SnagIt Browser Helper Object for Internet E.) -- C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll ~ Scan BHO in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} . (.TechSmith Corporation - SnagIt Add-in for Internet Explorer.) -- C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll ~ Scan Toolbar in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe O4 - HKLM\..\Run: [ccApp] . (.Symantec Corporation - Symantec User Session.) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [VirtualCloneDrive] . (.Elaborate Bytes AG - Virtual CloneDrive Daemon.) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe O4 - HKLM\..\Run: [bDRegion] . (.cyberlink - brs.) -- C:\Program Files\CyberLink\Shared files\brs.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\System32\nvmctray.dll O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe ~ Scan Application in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - Global Startup: C:\Users\CELSO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Users\CELSO\Desktop\everest.exe - Raccourci.lnk . (...) -- F:\Logiciels 2011 Kevin\Everest.Corporate.Edtion.v2.80\everest.exe O4 - Global Startup: C:\Users\CELSO\Desktop\HijackThis.exe - Raccourci.lnk . (.Trend Micro Inc..) -- F:\Logiciel Maintenance & dvd Shrink,\HiJackThis\HijackThis.exe O4 - Global Startup: C:\Users\CELSO\Desktop\Jouer à ManiaPlanet.lnk . (...) -- C:\Program Files\ManiaPlanet\ManiaPlanetLauncher.exe O4 - Global Startup: C:\Users\CELSO\Desktop\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - Global Startup: C:\Users\CELSO\Desktop\PhotoFiltre.lnk . (.Antonio Da Cruz.) -- C:\Program Files\PhotoFiltre\photofiltre.exe O4 - Global Startup: C:\Users\CELSO\Desktop\Windows Live Messenger.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O4 - Global Startup: C:\Users\CELSO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Users\CELSO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk . (.Microsoft Corporation.) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE O4 - Global Startup: C:\Users\CELSO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe ~ Scan Global Startup in 00mn 00s ---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5) O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no ~ Scan IE Control Panel in 00mn 00s ---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8) O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\Program Files\MICROS~2\Office12\EXCEL.exe ~ Scan IE Menu Contextuel in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO ~ Scan IE Extra Buttons in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\System32\nlaapi.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d’affectation de noms de messagerie.) -- C:\Windows\System32\NapiNSP.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\System32\pnrpnsp.dll O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\System32\pnrpnsp.dll O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\System32\mswsock.dll O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\System32\winrnr.dll O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.dll O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.dll ~ Scan Winsock in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ~ Scan Objets ActiveX in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{2B015339-CF8E-4E76-9AF8-3D0CC9B1E0FA}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CS1\Services\Tcpip\..\{2B015339-CF8E-4E76-9AF8-3D0CC9B1E0FA}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CS2\Services\Tcpip\..\{2B015339-CF8E-4E76-9AF8-3D0CC9B1E0FA}: NameServer = 8.8.8.8,8.8.4.4 ~ Scan Domain in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\MSVidCtl.dll O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.dll O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files\Common Files\microsoft shared\Help\hxds.dll O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.dll O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\MSVidCtl.dll O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll ~ Scan Protocole Additionnel in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\system32\igfxdev.dll ~ Scan Winlogon in 00mn 00s ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. ~ Scan SSODL in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) . (.Symantec Corporation - Symantec Service Framework.) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) . (.Symantec Corporation - Symantec Service Framework.) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 295.7.) - C:\Windows\System32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) . (.NVIDIA Corporation - NVIDIA Settings Update Manager.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: PnkBstrA (PnkBstrA) . (...) - C:\Windows\System32\PnkBstrA.exe O23 - Service: Client de gestion Symantec (SmcService) . (.Symantec Corporation - Symantec CMC Smc.) - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) . (.Symantec Corporation - Symantec AntiVirus.) - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe O23 - Service: TeamViewer 6 (TeamViewer6) . (.TeamViewer GmbH - TeamViewer Remote Control Application.) - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: TeamViewer 7 (TeamViewer7) . (.TeamViewer GmbH - TeamViewer Remote Control Application.) - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: Power Control [2011/02/26 16:42:22] ({B154377D-700F-42cc-9474-23858FBDF4BD}) . (.CyberLink Corp. - Pas de description.) - C:\Program Files\CyberLink\PowerDVD9\NavFilter\000.fcl ~ Scan Services in 00mn 00s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Default MHTML Editor: Last - .(...) - (.not file.) ~ Scan Desktop Component in 00mn 00s End of the scan (256 lines in 00mn 01s)(0)
  15. rital94
    mon rapport de malxarebites que j'ai poster je dois le refaire ?? dois-je cocher toutes les case pour l'analyse ou simplement le disque c et F
  16. rital94
    Bonjour, depuis 2 semaines mon écran se coupe quand je joue a trackmania ou CoD4 .J'ai amené mon pc chez celui qui me l'a monté (il est sous garanti)il m'a dit que windows était virussé et que je devais le réinstaller. Avant de me lancer dans une réinstallation je voulais voir avec vous s'il n'était pas possible de se défaire des virus avant. Connaissaissant votre fonctionnement je vous poste dores et déjà le rapport malwarebytes et HijackThis.En esperant que vous pourrez faire quelque chose pour moi car réinstaller windows ne m'enchante pas .Merci Rapport malwarebytes: (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 20 C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\cdkey-rzr-cod4.exe (Trojan.Agent.CK) -> Aucune action effectuée. C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\changer de voix\KeyGen.exe (RiskWare.Tool.CK) -> Aucune action effectuée. C:\Users\CELSO\Desktop\Sauvegarde\Logiciels 2011 Kevin\Cod4fr\COD4\rzr-cod4.exe (Trojan.Agent.CK) -> Aucune action effectuée. C:\Users\CELSO\Desktop\Sauvegarde\Logiciels 2011 Kevin\Cod4fr\COD4\cod4\rzr-cod4.exe (Trojan.Agent.CK) -> Aucune action effectuée. C:\Users\CELSO\Desktop\Sauvegarde\Logiciels 2011 Kevin\Cod4fr\COD4\cod4\cod4\rzr-cod4.exe (Trojan.Agent.CK) -> Aucune action effectuée. C:\Users\CELSO\Desktop\Sauvegarde\Logiciels 2011 Kevin\PowerDVD v9\CORE10k.EXE (Dont.Steal.Our.Software) -> Aucune action effectuée. C:\Users\CELSO\Desktop\Sauvegarde\Logiciels 2011 Kevin\PowerDVD v9\keygen.exe (Trojan.Dropper.PGen) -> Aucune action effectuée. F:\Logiciel Maintenance & dvd Shrink,\changer de voix\KeyGen.exe (RiskWare.Tool.CK) -> Aucune action effectuée. F:\Logiciels 2011 Kevin\Cod4fr\COD4\rzr-cod4.exe (Trojan.Agent.CK) -> Aucune action effectuée. F:\Logiciels 2011 Kevin\Cod4fr\COD4\cod4\rzr-cod4.exe (Trojan.Agent.CK) -> Aucune action effectuée. F:\Logiciels 2011 Kevin\Cod4fr\COD4\cod4\cod4\rzr-cod4.exe (Trojan.Agent.CK) -> Aucune action effectuée. F:\Logiciels 2011 Kevin\PowerDVD v9\CORE10k.EXE (Dont.Steal.Our.Software) -> Aucune action effectuée. F:\Logiciels 2011 Kevin\PowerDVD v9\keygen.exe (Trojan.Dropper.PGen) -> Aucune action effectuée. F:\Sauvegarde\Logiciel Maintenance & dvd Shrink,\cdkey-rzr-cod4.exe (Trojan.Agent.CK) -> Aucune action effectuée. F:\Sauvegarde\Logiciel Maintenance & dvd Shrink,\changer de voix\KeyGen.exe (RiskWare.Tool.CK) -> Aucune action effectuée. F:\Sauvegarde\Logiciels 2011 Kevin\Cod4fr\COD4\rzr-cod4.exe (Trojan.Agent.CK) -> Aucune action effectuée. F:\Sauvegarde\Logiciels 2011 Kevin\Cod4fr\COD4\cod4\rzr-cod4.exe (Trojan.Agent.CK) -> Aucune action effectuée. F:\Sauvegarde\Logiciels 2011 Kevin\Cod4fr\COD4\cod4\cod4\rzr-cod4.exe (Trojan.Agent.CK) -> Aucune action effectuée. F:\Sauvegarde\Logiciels 2011 Kevin\PowerDVD v9\CORE10k.EXE (Dont.Steal.Our.Software) -> Aucune action effectuée. F:\Sauvegarde\Logiciels 2011 Kevin\PowerDVD v9\keygen.exe (Trojan.Dropper.PGen) -> Aucune action effectuée. (fin) Rapport HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:26:23, on 01/03/2012 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\TeamViewer\Version7\TeamViewer.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\CyberLink\Shared files\brs.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\DllHost.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe F:\Logiciel Maintenance & dvd Shrink,\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2B015339-CF8E-4E76-9AF8-3D0CC9B1E0FA}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CS1\Services\Tcpip\..\{2B015339-CF8E-4E76-9AF8-3D0CC9B1E0FA}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CS2\Services\Tcpip\..\{2B015339-CF8E-4E76-9AF8-3D0CC9B1E0FA}: NameServer = 8.8.8.8,8.8.4.4 O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Client de gestion Symantec (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- End of file - 5888 bytes
  17. rital94

    Bonjour Pear

    un grand Merci pour votre travail sérieux et votre dévouement

    plus de 5 jours de recherche un vrai travail de fora pour mon ordinateur

    merci pour votre aide gracieusement offert

    a bientôt

    rital94

  18. rital94
    Alors si j'ai bien compris votre message vous avez résolu tout a vous seul alors un grand merci de votre travail sérieux et d'avoir sacrifier de votre temps et de votre gentillesse donc maintenant je peux réinstallé ma webcan"logitech"et mon imprimante"Hp" PSC 1610 tout en un "sans problème merci mille fois a vous et au forum ZEBULON
  19. rital94
    Avira AntiVir Personal Date de création du fichier de rapport : mercredi 25 mars 2009 11:27 La recherche porte sur 1316767 souches de virus. Détenteur de la licence :Avira AntiVir PersonalEdition Classic Numéro de série : 0000149996-ADJIE-0001 Plateforme : Windows XP Version de Windows :(Service Pack 3) [5.1.2600] Mode Boot : Mode sans échec Identifiant : christophe Nom de l'ordinateur :B7F020E3BF5F476 Informations de version : BUILD.DAT : 8.2.0.52 16931 Bytes 02/12/2008 14:55:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:00 AVSCAN.DLL : 8.1.4.1 49921 Bytes 21/07/2008 13:44:27 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:16 LUKERES.DLL : 8.1.4.0 13057 Bytes 04/07/2008 07:30:27 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36 ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 10:15:55 ANTIVIR2.VDF : 7.1.2.199 1008640 Bytes 22/03/2009 10:15:59 ANTIVIR3.VDF : 7.1.2.213 80384 Bytes 25/03/2009 10:16:00 Version du moteur: 8.2.0.126 AEVDF.DLL : 8.1.1.0 106868 Bytes 25/03/2009 10:16:12 AESCRIPT.DLL : 8.1.1.67 364923 Bytes 25/03/2009 10:16:11 AESCN.DLL : 8.1.1.8 127346 Bytes 25/03/2009 10:16:09 AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38 AEPACK.DLL : 8.1.3.11 397687 Bytes 25/03/2009 10:16:09 AEOFFICE.DLL : 8.1.0.36 196987 Bytes 25/03/2009 10:16:07 AEHEUR.DLL : 8.1.0.111 1679736 Bytes 25/03/2009 10:16:06 AEHELP.DLL : 8.1.2.2 119158 Bytes 25/03/2009 10:16:03 AEGEN.DLL : 8.1.1.30 336245 Bytes 25/03/2009 10:16:02 AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56 AECORE.DLL : 8.1.6.6 176501 Bytes 25/03/2009 10:16:01 AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:02 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:27:58 AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:37 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:19 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:46 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:36 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:07 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 04/07/2008 07:23:16 RCTEXT.DLL : 8.0.52.1 86273 Bytes 17/07/2008 10:08:43 Configuration pour la recherche actuelle : Nom de la tâche..................: Contrôle intégral du système Fichier de configuration.........: c:\program files\avira\antivir personaledition classic\sysscan.avp Documentation....................: bas Action principale................: interactif Action secondaire................: ignorer Recherche sur les secteurs d'amorçage maître: marche Recherche sur les secteurs d'amorçage: marche Secteurs d'amorçage..............: C:, E:, F:, Recherche dans les programmes actifs: marche Recherche en cours sur l'enregistrement: marche Recherche de Rootkits............: arrêt Fichier mode de recherche........: Tous les fichiers Recherche sur les archives.......: marche Limiter la profondeur de récursivité: 20 Archive Smart Extensions.........: marche Heuristique de macrovirus........: marche Heuristique fichier..............: moyen Début de la recherche : mercredi 25 mars 2009 11:27 La recherche sur les processus démarrés commence : Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés Processus de recherche 'services.exe' - '1' module(s) sont contrôlés Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés '11' processus ont été contrôlés avec '11' modules La recherche sur les secteurs d'amorçage maître commence : Secteur d'amorçage maître HD0 [iNFO] Aucun virus trouvé ! Secteur d'amorçage maître HD1 [iNFO] Aucun virus trouvé ! La recherche sur les secteurs d'amorçage commence : Secteur d'amorçage 'C:\' [iNFO] Aucun virus trouvé ! Secteur d'amorçage 'E:\' [iNFO] Aucun virus trouvé ! Secteur d'amorçage 'F:\' [iNFO] Aucun virus trouvé ! La recherche sur les renvois aux fichiers exécutables (registre) commence. Le registre a été contrôlé ( '50' fichiers). La recherche sur les fichiers sélectionnés commence : Recherche débutant dans 'C:\' C:\pagefile.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! Recherche débutant dans 'E:\' Recherche débutant dans 'F:\' <Téléchargement G> Fin de la recherche : mercredi 25 mars 2009 13:43 Temps nécessaire: 2:16:17 Heure(s) La recherche a été effectuée intégralement 8754 Les répertoires ont été contrôlés 227237 Des fichiers ont été contrôlés 0 Des virus ou programmes indésirables ont été trouvés 0 Des fichiers ont été classés comme suspects 0 Des fichiers ont été supprimés 0 Des virus ou programmes indésirables ont été réparés 0 Les fichiers ont été déplacés dans la quarantaine 0 Les fichiers ont été renommés 1 Impossible de contrôler des fichiers 227236 Fichiers non infectés 7653 Les archives ont été contrôlées 1 Avertissements 0 Consignes
  20. rital94
    bonsoir Mr Pear a plusieurs reprise j'ai essayé mais pendant la mise à jour je me suis retrouvé sur une page bleu avec le fichier Klif.sys qui serai la cause du problème sur le déroulement pour faire le scan merci de votre aide a très bientôt j'ai hâte de vous lire pour la suite
  21. rital94
    oups cela m'avais echappé ,milles excuses mais mon ignorance me bloque un peu :en ligne cela signifie quoi au juste je ne connais que le scan tout simple
  22. rital94
    bonjour Pear, la modification est faite .Tout cela veut-il dire que mon pc est enfin sain?
  23. rital94
    j'ai eux du mal a glisser le blocs note dans ComboFix.exe donc voila le rapport obtenue si j'ai pas rater la procédure merci ComboFix 09-03-22.01 - christophe 2009-03-23 19:11:40.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1023.644 [GMT 1:00] Lancé depuis: c:\documents and settings\christophe.B7F020E3BF5F476\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\christophe.B7F020E3BF5F476\Bureau\CFScript.txt AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) FW: Kaspersky Internet Security *disabled* * Un nouveau point de restauration a été créé . ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-23 au 2009-03-23 )))))))))))))))))))))))))))))))))))) . 2009-03-23 19:09 . 2009-03-23 19:09 <REP> d-------- C:\32788R22FWJFW.1.tmp 2009-03-23 19:02 . 2009-03-23 19:09 <REP> d-------- C:\32788R22FWJFW.0.tmp 2009-03-23 17:11 . 2009-03-23 17:11 <REP> d-------- c:\windows\system32\oobe 2009-03-23 17:11 . 2009-03-23 17:11 <REP> d-------- c:\windows\system32\npp 2009-03-23 17:11 . 2009-03-23 17:11 <REP> d-------- c:\windows\msagent 2009-03-23 16:19 . 2009-03-23 16:19 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\HP 2009-03-23 16:17 . 2009-03-23 16:17 <REP> d-------- c:\program files\Fichiers communs\HP 2009-03-23 16:14 . 2009-03-23 16:14 <REP> d-------- c:\program files\Hewlett-Packard 2009-03-23 16:13 . 2009-03-23 16:13 <REP> d-------- c:\program files\Fichiers communs\Hewlett-Packard 2009-03-23 16:09 . 2008-04-13 09:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2009-03-23 16:08 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe 2009-03-23 16:08 . 2004-09-29 12:12 278,584 --a------ c:\windows\system32\HPZidr12.dll 2009-03-23 16:08 . 2004-09-29 12:15 204,800 --a------ c:\windows\system32\HPZipr12.dll 2009-03-23 16:08 . 2004-09-29 12:09 94,208 --a------ c:\windows\system32\HPZipt12.dll 2009-03-23 16:08 . 2004-09-29 12:14 69,632 --a------ c:\windows\system32\HPZipm12.exe 2009-03-23 16:08 . 2004-09-29 12:08 61,440 --a------ c:\windows\system32\HPZinw12.exe 2009-03-23 16:08 . 2004-09-29 12:09 57,344 --a------ c:\windows\system32\HPZisn12.dll 2009-03-23 16:05 . 2009-03-23 16:15 <REP> d-------- c:\program files\HP 2009-03-23 16:03 . 2004-12-14 17:06 51,120 -ra------ c:\windows\system32\drivers\HPZid412.sys 2009-03-23 16:03 . 2004-12-14 17:06 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys 2009-03-23 16:02 . 2009-03-23 16:20 70,569 --a------ c:\windows\hpoins05.dat 2009-03-23 16:02 . 2004-12-14 17:06 19,696 --------- c:\windows\hpomdl05.dat 2009-03-23 16:00 . 2008-04-13 09:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2009-03-23 14:10 . 2009-03-23 14:10 <REP> d-------- C:\_OTMoveIt 2009-03-23 10:46 . 2009-03-23 10:56 <REP> d-------- C:\rsit 2009-03-23 10:46 . 2009-03-23 14:16 <REP> d-------- c:\program files\trend micro 2009-03-23 08:31 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2009-03-23 08:31 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll 2009-03-23 08:31 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2009-03-22 23:33 . 2009-03-23 01:04 328 --a------ c:\windows\system\cmicnfg.ini 2009-03-22 22:43 . 2009-03-22 22:43 <REP> d-------- c:\program files\CCleaner 2009-03-22 20:00 . 2009-03-22 20:00 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-22 20:00 . 2009-03-22 20:00 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476\Application Data\Malwarebytes 2009-03-22 20:00 . 2009-03-22 20:00 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2009-03-22 20:00 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-22 20:00 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-22 17:48 . 2008-04-13 09:39 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys 2009-03-22 17:47 . 2008-04-13 09:46 19,200 --a------ c:\windows\system32\drivers\WSTCODEC.SYS 2009-03-22 17:47 . 2008-04-13 17:34 16,384 --a------ c:\windows\system32\ipsink.ax 2009-03-22 17:47 . 2008-04-13 09:46 15,232 --a------ c:\windows\system32\drivers\StreamIP.sys 2009-03-22 17:47 . 2008-04-13 09:46 11,136 --a------ c:\windows\system32\drivers\SLIP.sys 2009-03-22 17:47 . 2008-04-13 09:46 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys 2009-03-22 17:46 . 2009-03-22 17:46 <REP> d-------- c:\program files\Fichiers communs\logishrd 2009-03-22 17:46 . 2008-04-13 17:34 92,160 --a------ c:\windows\system32\kswdmcap.ax 2009-03-22 17:46 . 2008-04-13 09:46 85,248 --a------ c:\windows\system32\drivers\NABTSFEC.sys 2009-03-22 17:46 . 2008-04-13 17:34 61,952 --a------ c:\windows\system32\kstvtune.ax 2009-03-22 17:46 . 2008-04-13 17:33 54,784 --a------ c:\windows\system32\vfwwdm32.dll 2009-03-22 17:46 . 2008-04-13 17:34 43,008 --a------ c:\windows\system32\ksxbar.ax 2009-03-22 17:46 . 2008-04-13 17:34 28,672 --a------ c:\windows\system32\vidcap.ax 2009-03-22 17:46 . 2008-04-13 09:46 17,024 --a------ c:\windows\system32\drivers\CCDECODE.sys 2009-03-22 16:58 . 2009-03-22 21:04 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476\Tracing 2009-03-22 16:50 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll 2009-03-22 16:00 . 2002-04-29 16:04 917,504 -ra------ c:\windows\system\cmids3d.dll 2009-03-22 16:00 . 2001-11-23 13:08 712,704 -ra------ c:\windows\system32\Audio3D.dll 2009-03-22 16:00 . 2004-04-14 12:28 315,392 -ra------ c:\windows\system\cmifltr.dll 2009-03-22 16:00 . 2004-08-16 16:04 237,568 -ra------ c:\windows\system32\cmirmdrv.exe 2009-03-22 16:00 . 2004-10-21 16:46 69,632 -ra------ c:\windows\system32\cmudax.dll 2009-03-22 13:50 . 2009-03-22 13:50 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476\Application Data\Media Player Classic 2009-03-22 13:49 . 2009-03-22 13:49 <REP> d-------- c:\program files\ffdshow 2009-03-22 01:42 . 2009-03-22 01:42 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476\Application Data\Thunderbird 2009-03-22 01:11 . 2009-03-23 19:15 6,111 --a------ c:\windows\system32\OODBS.lor 2009-03-22 01:06 . 2009-03-22 01:06 <REP> d-------- c:\program files\GSpot221 2009-03-22 00:59 . 2009-03-22 00:59 34,064 --a------ c:\windows\system32\lhacm.acm 2009-03-22 00:55 . 2009-03-22 00:55 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476\Application Data\TuneUp Software 2009-03-22 00:52 . 2009-03-22 00:52 <REP> d-------- c:\documents and settings\NetworkService.AUTORITE NT.000\Application Data\Xfire 2009-03-22 00:46 . 2009-03-22 00:46 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\IM 2009-03-22 00:45 . 2009-03-22 00:46 <REP> d-------- c:\program files\IncrediMail 2009-03-22 00:45 . 2009-03-22 00:45 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\IncrediMail 2009-03-22 00:38 . 2009-03-23 19:09 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476\Application Data\Xfire 2009-03-22 00:38 . 2009-03-22 18:06 1,100 --a------ c:\windows\system32\d3d8caps.dat 2009-03-22 00:38 . 2009-03-22 17:25 664 --a------ c:\windows\system32\d3d9caps.dat 2009-03-21 23:53 . 2009-03-22 13:02 1,188 --a------ c:\windows\ImpTableL.bin 2009-03-21 23:42 . 2009-03-21 23:42 <REP> d-------- c:\program files\Marvell 2009-03-21 23:25 . 2009-03-21 23:25 <REP> d-------- c:\program files\Intel 2009-03-21 23:19 . 2000-01-24 05:01 2,023,424 --a------ c:\windows\system32\vcl50.bpl 2009-03-21 23:19 . 2002-02-01 22:00 1,326,080 --a------ c:\windows\system32\vcl60.bpl 2009-03-21 23:19 . 2002-07-11 06:02 676,352 --a------ c:\windows\system32\RTL60.BPL 2009-03-21 23:19 . 2002-03-30 10:06 65,536 --a------ c:\windows\system32\ntport.dll 2009-03-21 23:19 . 2001-01-22 14:23 6,080 --a------ c:\windows\system32\zntport.sys 2009-03-21 23:11 . 2004-10-21 18:54 4,001,792 -ra------ c:\windows\system\cmicnfg.cpl 2009-03-21 23:11 . 2004-10-21 19:56 1,275,584 -ra------ c:\windows\system32\drivers\cmudax.sys 2009-03-21 23:11 . 2003-02-18 19:26 28,672 -ra------ c:\windows\system32\cmirmdrv.dll 2009-03-21 23:11 . 2004-02-18 15:19 16,384 -ra------ c:\windows\system32\udaprop.dll 2009-03-21 23:00 . 2001-11-23 13:08 712,704 -ra------ c:\windows\system32\a3d.dll 2009-03-21 23:00 . 2004-07-27 18:18 1,176 -ra------ c:\windows\ImpTable.bin 2009-03-21 22:29 . 2004-04-27 08:26 5,824 --a------ c:\windows\system32\drivers\ASUSHWIO.SYS 2009-03-21 22:29 . 2009-03-22 15:56 5,760 --a------ c:\windows\Ascd_tmp.ini 2009-03-21 22:22 . 2009-03-21 22:22 0 --a------ c:\windows\nsreg.dat 2009-03-21 21:50 . 2009-03-21 22:02 101,287 --a------ c:\windows\system32\drivers\klin.dat 2009-03-21 21:50 . 2009-03-21 22:02 89,601 --a------ c:\windows\system32\drivers\klick.dat 2009-03-21 21:47 . 2009-03-21 21:47 <REP> d-------- c:\program files\Kaspersky Lab 2009-03-21 21:47 . 2009-03-23 19:16 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab 2009-03-21 21:47 . 2009-03-23 19:14 351,264 --ahs---- c:\windows\system32\drivers\fidbox.dat 2009-03-21 21:47 . 2009-03-23 19:14 24,608 --ahs---- c:\windows\system32\drivers\fidbox2.dat 2009-03-21 21:47 . 2009-03-23 19:14 4,872 --ahs---- c:\windows\system32\drivers\fidbox.idx 2009-03-21 21:47 . 2009-03-23 19:14 1,164 --ahs---- c:\windows\system32\drivers\fidbox2.idx 2009-03-21 21:42 . 2009-03-22 23:01 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476\Application Data\teamspeak2 2009-03-21 21:41 . 2009-03-21 21:41 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476\Application Data\Xentient 2009-03-21 21:40 . 2009-03-21 21:40 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476\Application Data\HLSW 2009-03-21 21:30 . 2009-03-21 20:12 <REP> d--h----- c:\documents and settings\christophe.B7F020E3BF5F476\Voisinage réseau 2009-03-21 21:30 . 2009-03-21 20:12 <REP> d--h----- c:\documents and settings\christophe.B7F020E3BF5F476\Voisinage d'impression 2009-03-21 21:30 . 2009-03-21 19:36 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476\nro.log 2009-03-21 21:30 . 2009-03-21 20:12 <REP> d--h----- c:\documents and settings\christophe.B7F020E3BF5F476\Modèles 2009-03-21 21:30 . 2009-03-22 23:41 <REP> dr------- c:\documents and settings\christophe.B7F020E3BF5F476\Mes documents 2009-03-21 21:30 . 2009-03-21 20:12 <REP> dr------- c:\documents and settings\christophe.B7F020E3BF5F476\Menu Démarrer 2009-03-21 21:30 . 2009-03-21 19:33 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476\IXP000.TMP 2009-03-21 21:30 . 2009-03-21 21:31 <REP> dr------- c:\documents and settings\christophe.B7F020E3BF5F476\Favoris 2009-03-21 21:30 . 2009-03-23 19:11 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476\Bureau 2009-03-21 21:30 . 2009-03-23 16:25 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476 2009-03-21 20:20 . 2008-04-13 10:45 172,416 --a------ c:\windows\system32\drivers\kmixer.sys 2009-03-21 20:20 . 2008-04-13 08:39 142,592 --a------ c:\windows\system32\drivers\aec.sys 2009-03-21 20:20 . 2008-04-13 11:17 83,072 --a------ c:\windows\system32\drivers\wdmaud.sys 2009-03-21 20:20 . 2008-04-13 11:15 60,800 --a------ c:\windows\system32\drivers\sysaudio.sys 2009-03-21 20:20 . 2008-04-13 10:45 56,576 --a------ c:\windows\system32\drivers\swmidi.sys 2009-03-21 20:20 . 2008-04-13 10:45 52,864 --a------ c:\windows\system32\drivers\DMusic.sys 2009-03-21 20:20 . 2008-04-13 10:39 7,552 --a------ c:\windows\system32\drivers\MSKSSRV.sys 2009-03-21 20:20 . 2008-04-13 10:45 6,272 --a------ c:\windows\system32\drivers\splitter.sys 2009-03-21 20:20 . 2008-04-13 10:39 5,376 --a------ c:\windows\system32\drivers\MSPCLOCK.sys 2009-03-21 20:20 . 2008-04-13 10:39 4,992 --a------ c:\windows\system32\drivers\MSPQM.sys 2009-03-21 20:20 . 2008-04-13 10:45 2,944 --a------ c:\windows\system32\drivers\drmkaud.sys 2009-03-21 20:19 . 2008-04-13 10:19 146,048 --a------ c:\windows\system32\drivers\portcls.sys 2009-03-21 20:19 . 2008-04-13 17:34 129,536 --a------ c:\windows\system32\ksproxy.ax 2009-03-21 20:19 . 2008-04-13 09:45 60,160 --a------ c:\windows\system32\drivers\drmk.sys 2009-03-21 20:19 . 2008-04-13 10:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys 2009-03-21 20:19 . 2008-04-13 17:33 4,096 --a------ c:\windows\system32\ksuser.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-22 22:26 33,808 ----a-w c:\windows\system32\drivers\klbg.sys 2009-03-22 21:44 --------- d-----w c:\program files\Teamspeak2_RC2 2009-03-22 15:51 --------- d-----w c:\program files\Microsoft Silverlight 2009-03-22 00:11 --------- d-----w c:\program files\Xfire 2009-03-21 23:57 --------- d-----w c:\program files\TuneUp Utilities 2008 2009-03-21 18:37 --------- d-----w c:\program files\Nero 2009-03-21 18:23 --------- d-----w c:\program files\Windows Media Connect 2 2009-03-17 20:54 --------- d-----w c:\documents and settings\Christophe\Application Data\Lavasoft 2009-03-17 17:11 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-15 20:35 --------- d-----w c:\documents and settings\Christophe\Application Data\teamspeak2 2009-02-06 18:39 308,600 ----a-w c:\windows\WLXPGSS.SCR 2009-01-29 23:19 --------- d-----w c:\documents and settings\Christophe\Application Data\Xfire 2009-01-29 15:55 --------- d-----w c:\program files\Windows Live Safety Center 2008-06-06 17:02 47,360 ----a-w c:\documents and settings\Christophe\Application Data\pcouffin.sys . ------- Sigcheck ------- 2008-05-02 23:57 2011136 22f702a6dcbdb4f7282c4b73b95ee4e4 c:\windows\explorer.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-05-02 15360] "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-02-25 251264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-03-21 201992] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2008-12-21 c:\windows\system32\advpack.dll] c:\documents and settings\christophe.B7F020E3BF5F476\Menu D‚marrer\Programmes\D‚marrage\ Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-02-26 3017040] c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\ D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048] RAID Manager.lnk - c:\program files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe [2008-06-07 724992] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2008-06-07 25423] R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808] R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [2008-05-02 76208] R0 Si3132r5;Si3132r5;c:\windows\system32\drivers\Si3132r5.sys [2008-05-02 208688] R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [2008-05-02 210224] R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2009-03-21 1275584] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-03-25 24592] . - - - - ORPHELINS SUPPRIMES - - - - Toolbar-ITBar7Layout - (no file) Toolbar-ITBar7Position - (no file) . ------- Examen supplémentaire ------- . uStart Page = hxxp://y.lo.st IE: Ajouter à Kaspersky Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm FF - ProfilePath - c:\documents and settings\christophe.B7F020E3BF5F476\Application Data\Mozilla\Firefox\Profiles\x1nzwt50.default\ FF - prefs.js: browser.startup.homepage - hxxp://y.lo.st FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-23 19:16:11 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG08.00.00.01WORKSTATION"="0EF3071BE27F119EE8AE4711B9939B58A7EEF126B416EA6CE25ACA6DED29AEF7486303C86BC 3F01A4A4635690DD897E5D25F73A8164B03991447E927B6BCAD3062C20AC736A1E3399809466B9E2C 8F899D4E67128782073661A5E6AFDF4A77DF85325B70D6FDDB4FF9AA7DAF4B9803E444A3B1D54E0A2 6504033257837858DA280E400D0C4924926B473A47ED17DF68BA85DF91B920897E94AC4CDA5ED7777 0847A1C0AB5BED237835BEC457570C7008CE8BAD3F637191F83DBFCF0F9C7DBC126FC42BF45B70657 60B7E2D6CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E12 7BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5CA6171C11E C38DE3D2D90D57838CAF38E9E271D24C980AC1DEAE7C559CE75683CD5AB54DE667B209BE695BD449F A4663B88AA18C1E4809FAEBAC2E1E1762E54AD5734DCFEF23C0E8163E86E1177D845AF72AC1BC7C05 2E105975C07F97169C866E85C17DD516F76FA91E089192EB93897F504B81EC6DC5C8A6334D9554143 8CADD4E7D69A3909A54C4425B40BD72F28D48D600921809CB8DD611D001E0BEBAB0047ECF54D098C2 46FAFB4198A2B35C3FD18C2269E20A267533A3EA67116A9780A525A50004415C610EFDDE52E035A7D 5B59012E5D77139B6F7A127C60D0560432EBECC6B00F52A18E04C6CA01DCC00BEBF8C5C41400254BE D12E6366F4C5EA98FEBB9BED0B3050D004CE7FE81DDA1E5DF810D8F6F55A6B1BC555F0B97BCC2836B 91A820C6A00527AC110EBA244C47CE1D63A9B98E3776CEFD7DF236C57B19F1C77C7457ECE7BA51907 CD9BC4F131245BDF1C1F106080A6688266CF6DB848B1958B32F5590BEA4AE5D1BC0465EBFF3100EE3 CEEA5ED1E7FDE7506A12AE7A566282203A0F73FED62BF6618A1D9F8674B911D41F5B1240AEE159DFD E4F07A0CB78630FCE7C4CA676F1F425548AD5BDAE8F7B45527D93220D20D09E92F821DF504CC931F7 1BC5583D75A5A00F5CB8605325B7176190446CC70DF1B61E602FC55C11B99C166A7CD8F9E98772006 5738EA3D061139356FD3737BF1ABA7157D604FE40EACADB7004138FC8D19C3EF9A40978AACBE28796 0CBCC792D79C4F37AF6DD895C719D2356114734F6A8538F35F393C927B97AE9A2E5EF9A46B374E5BC 67D9E117048D4458E8F2F7E6F78AEB02B27EEA9AA23CFB2992060DA4D4658221D4F1B7539FE13B179 D8E29BB0A2B5138284A257C65E83AFF42826592768ADF0A7A3294D29458F0E05EBC0B0B218B6FE54A 28044F00438E95DC3050F58A461AD5160BCE37B09A47486E48D88AECCECDF0478425FFEB330BB6263 4EA772E1D7C4F50ED8C81F1D7C80C78723B6909C6BA2E720B7DB7A708003089A65973CEC4E2765D91 8D039B4175387B7728FF84795B8CC" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1532) c:\windows\system32\SETUPAPI.dll c:\windows\system32\Ati2evxx.dll c:\windows\system32\klogon.dll c:\windows\system32\COMRes.dll - - - - - - - > 'lsass.exe'(1780) c:\windows\system32\setupapi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\oodag.exe c:\windows\system32\wscntfy.exe c:\program files\HP\Digital Imaging\bin\hpqgalry.exe c:\windows\system32\msiexec.exe . ************************************************************************** . Heure de fin: 2009-03-23 19:20:32 - La machine a redémarré [christophe] ComboFix-quarantined-files.txt 2009-03-23 18:20:29 ComboFix2.txt 2009-03-23 16:18:48 Avant-CF: 156 983 488 512 octets libres Après-CF: 156,980,596,736 octets libres 263 --- E O F --- 2009-03-21 19:17:54
  24. rital94
    merci de votre dévouement a mon égard ComboFix 09-03-22.01 - christophe 2009-03-23 17:08:02.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1023.507 [GMT 1:00] Lancé depuis: c:\documents and settings\christophe.B7F020E3BF5F476\Bureau\ComboFix.exe AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) FW: Kaspersky Internet Security *disabled* * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Christophe\Application Data\inst.exe I:\autorun.inf i:\recycler\S-1-6-21-2434476501-1644491937-600003330-1213 i:\recycler\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe i:\recycler\S-1-6-21-2434476501-1644491937-600003330-1213\Desktop.ini . ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-23 au 2009-03-23 )))))))))))))))))))))))))))))))))))) . 2009-03-23 17:11 . 2009-03-23 17:11 <REP> d-------- c:\windows\system32\oobe 2009-03-23 17:11 . 2009-03-23 17:11 <REP> d-------- c:\windows\system32\npp 2009-03-23 17:11 . 2009-03-23 17:11 <REP> d-------- c:\windows\msagent 2009-03-23 16:19 . 2009-03-23 16:19 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\HP 2009-03-23 16:17 . 2009-03-23 16:17 <REP> d-------- c:\program files\Fichiers communs\HP 2009-03-23 16:14 . 2009-03-23 16:14 <REP> d-------- c:\program files\Hewlett-Packard 2009-03-23 16:13 . 2009-03-23 16:13 <REP> d-------- c:\program files\Fichiers communs\Hewlett-Packard 2009-03-23 16:09 . 2008-04-13 09:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2009-03-23 16:08 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe 2009-03-23 16:08 . 2004-09-29 12:12 278,584 --a------ c:\windows\system32\HPZidr12.dll 2009-03-23 16:08 . 2004-09-29 12:15 204,800 --a------ c:\windows\system32\HPZipr12.dll 2009-03-23 16:08 . 2004-09-29 12:09 94,208 --a------ c:\windows\system32\HPZipt12.dll 2009-03-23 16:08 . 2004-09-29 12:14 69,632 --a------ c:\windows\system32\HPZipm12.exe 2009-03-23 16:08 . 2004-09-29 12:08 61,440 --a------ c:\windows\system32\HPZinw12.exe 2009-03-23 16:08 . 2004-09-29 12:09 57,344 --a------ c:\windows\system32\HPZisn12.dll 2009-03-23 16:05 . 2009-03-23 16:15 <REP> d-------- c:\program files\HP 2009-03-23 16:03 . 2004-12-14 17:06 51,120 -ra------ c:\windows\system32\drivers\HPZid412.sys 2009-03-23 16:03 . 2004-12-14 17:06 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys 2009-03-23 16:02 . 2009-03-23 16:20 70,569 --a------ c:\windows\hpoins05.dat 2009-03-23 16:02 . 2004-12-14 17:06 19,696 --------- c:\windows\hpomdl05.dat 2009-03-23 16:00 . 2008-04-13 09:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2009-03-23 14:10 . 2009-03-23 14:10 <REP> d-------- C:\_OTMoveIt 2009-03-23 10:46 . 2009-03-23 10:56 <REP> d-------- C:\rsit 2009-03-23 10:46 . 2009-03-23 14:16 <REP> d-------- c:\program files\trend micro 2009-03-23 08:31 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2009-03-23 08:31 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll 2009-03-23 08:31 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2009-03-22 23:33 . 2009-03-23 01:04 328 --a------ c:\windows\system\cmicnfg.ini 2009-03-22 22:43 . 2009-03-22 22:43 <REP> d-------- c:\program files\CCleaner 2009-03-22 20:00 . 2009-03-22 20:00 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-22 20:00 . 2009-03-22 20:00 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476\Application Data\Malwarebytes 2009-03-22 20:00 . 2009-03-22 20:00 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2009-03-22 20:00 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-22 20:00 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-22 17:48 . 2008-04-13 09:39 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys 2009-03-22 17:47 . 2008-04-13 09:46 19,200 --a------ c:\windows\system32\drivers\WSTCODEC.SYS 2009-03-22 17:47 . 2008-04-13 17:34 16,384 --a------ c:\windows\system32\ipsink.ax 2009-03-22 17:47 . 2008-04-13 09:46 15,232 --a------ c:\windows\system32\drivers\StreamIP.sys 2009-03-22 17:47 . 2008-04-13 09:46 11,136 --a------ c:\windows\system32\drivers\SLIP.sys 2009-03-22 17:47 . 2008-04-13 09:46 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys 2009-03-22 17:46 . 2009-03-22 17:46 <REP> d-------- c:\program files\Fichiers communs\logishrd 2009-03-22 17:46 . 2008-04-13 17:34 92,160 --a------ c:\windows\system32\kswdmcap.ax 2009-03-22 17:46 . 2008-04-13 09:46 85,248 --a------ c:\windows\system32\drivers\NABTSFEC.sys 2009-03-22 17:46 . 2008-04-13 17:34 61,952 --a------ c:\windows\system32\kstvtune.ax 2009-03-22 17:46 . 2008-04-13 17:33 54,784 --a------ c:\windows\system32\vfwwdm32.dll 2009-03-22 17:46 . 2008-04-13 17:34 43,008 --a------ c:\windows\system32\ksxbar.ax 2009-03-22 17:46 . 2008-04-13 17:34 28,672 --a------ c:\windows\system32\vidcap.ax 2009-03-22 17:46 . 2008-04-13 09:46 17,024 --a------ c:\windows\system32\drivers\CCDECODE.sys 2009-03-22 16:58 . 2009-03-22 21:04 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476\Tracing 2009-03-22 16:50 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll 2009-03-22 16:00 . 2002-04-29 16:04 917,504 -ra------ c:\windows\system\cmids3d.dll 2009-03-22 16:00 . 2001-11-23 13:08 712,704 -ra------ c:\windows\system32\Audio3D.dll 2009-03-22 16:00 . 2004-04-14 12:28 315,392 -ra------ c:\windows\system\cmifltr.dll 2009-03-22 16:00 . 2004-08-16 16:04 237,568 -ra------ c:\windows\system32\cmirmdrv.exe 2009-03-22 16:00 . 2004-10-21 16:46 69,632 -ra------ c:\windows\system32\cmudax.dll 2009-03-22 13:50 . 2009-03-22 13:50 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476\Application Data\Media Player Classic 2009-03-22 13:49 . 2009-03-22 13:49 <REP> d-------- c:\program files\ffdshow 2009-03-22 01:42 . 2009-03-22 01:42 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476\Application Data\Thunderbird 2009-03-22 01:11 . 2009-03-23 17:11 5,529 --a------ c:\windows\system32\OODBS.lor 2009-03-22 01:06 . 2009-03-22 01:06 <REP> d-------- c:\program files\GSpot221 2009-03-22 00:59 . 2009-03-22 00:59 34,064 --a------ c:\windows\system32\lhacm.acm 2009-03-22 00:55 . 2009-03-22 00:55 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476\Application Data\TuneUp Software 2009-03-22 00:52 . 2009-03-22 00:52 <REP> d-------- c:\documents and settings\NetworkService.AUTORITE NT.000\Application Data\Xfire 2009-03-22 00:46 . 2009-03-22 00:46 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\IM 2009-03-22 00:45 . 2009-03-22 00:46 <REP> d-------- c:\program files\IncrediMail 2009-03-22 00:45 . 2009-03-22 00:45 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\IncrediMail 2009-03-22 00:38 . 2009-03-23 17:14 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476\Application Data\Xfire 2009-03-22 00:38 . 2009-03-22 18:06 1,100 --a------ c:\windows\system32\d3d8caps.dat 2009-03-22 00:38 . 2009-03-22 17:25 664 --a------ c:\windows\system32\d3d9caps.dat 2009-03-21 23:53 . 2009-03-22 13:02 1,188 --a------ c:\windows\ImpTableL.bin 2009-03-21 23:42 . 2009-03-21 23:42 <REP> d-------- c:\program files\Marvell 2009-03-21 23:25 . 2009-03-21 23:25 <REP> d-------- c:\program files\Intel 2009-03-21 23:19 . 2000-01-24 05:01 2,023,424 --a------ c:\windows\system32\vcl50.bpl 2009-03-21 23:19 . 2002-02-01 22:00 1,326,080 --a------ c:\windows\system32\vcl60.bpl 2009-03-21 23:19 . 2002-07-11 06:02 676,352 --a------ c:\windows\system32\RTL60.BPL 2009-03-21 23:19 . 2002-03-30 10:06 65,536 --a------ c:\windows\system32\ntport.dll 2009-03-21 23:19 . 2001-01-22 14:23 6,080 --a------ c:\windows\system32\zntport.sys 2009-03-21 23:11 . 2004-10-21 18:54 4,001,792 -ra------ c:\windows\system\cmicnfg.cpl 2009-03-21 23:11 . 2004-10-21 19:56 1,275,584 -ra------ c:\windows\system32\drivers\cmudax.sys 2009-03-21 23:11 . 2003-02-18 19:26 28,672 -ra------ c:\windows\system32\cmirmdrv.dll 2009-03-21 23:11 . 2004-02-18 15:19 16,384 -ra------ c:\windows\system32\udaprop.dll 2009-03-21 23:00 . 2001-11-23 13:08 712,704 -ra------ c:\windows\system32\a3d.dll 2009-03-21 23:00 . 2004-07-27 18:18 1,176 -ra------ c:\windows\ImpTable.bin 2009-03-21 22:29 . 2004-04-27 08:26 5,824 --a------ c:\windows\system32\drivers\ASUSHWIO.SYS 2009-03-21 22:29 . 2009-03-22 15:56 5,760 --a------ c:\windows\Ascd_tmp.ini 2009-03-21 22:22 . 2009-03-21 22:22 0 --a------ c:\windows\nsreg.dat 2009-03-21 21:50 . 2009-03-21 22:02 101,287 --a------ c:\windows\system32\drivers\klin.dat 2009-03-21 21:50 . 2009-03-21 22:02 89,601 --a------ c:\windows\system32\drivers\klick.dat 2009-03-21 21:47 . 2009-03-21 21:47 <REP> d-------- c:\program files\Kaspersky Lab 2009-03-21 21:47 . 2009-03-23 17:13 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab 2009-03-21 21:47 . 2009-03-23 17:10 351,264 --ahs---- c:\windows\system32\drivers\fidbox.dat 2009-03-21 21:47 . 2009-03-23 17:10 24,608 --ahs---- c:\windows\system32\drivers\fidbox2.dat 2009-03-21 21:47 . 2009-03-23 17:10 4,872 --ahs---- c:\windows\system32\drivers\fidbox.idx 2009-03-21 21:47 . 2009-03-23 17:10 1,164 --ahs---- c:\windows\system32\drivers\fidbox2.idx 2009-03-21 21:42 . 2009-03-22 23:01 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476\Application Data\teamspeak2 2009-03-21 21:41 . 2009-03-21 21:41 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476\Application Data\Xentient 2009-03-21 21:40 . 2009-03-21 21:40 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476\Application Data\HLSW 2009-03-21 21:30 . 2009-03-21 20:12 <REP> d--h----- c:\documents and settings\christophe.B7F020E3BF5F476\Voisinage réseau 2009-03-21 21:30 . 2009-03-21 20:12 <REP> d--h----- c:\documents and settings\christophe.B7F020E3BF5F476\Voisinage d'impression 2009-03-21 21:30 . 2009-03-21 19:36 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476\nro.log 2009-03-21 21:30 . 2009-03-21 20:12 <REP> d--h----- c:\documents and settings\christophe.B7F020E3BF5F476\Modèles 2009-03-21 21:30 . 2009-03-22 23:41 <REP> dr------- c:\documents and settings\christophe.B7F020E3BF5F476\Mes documents 2009-03-21 21:30 . 2009-03-21 20:12 <REP> dr------- c:\documents and settings\christophe.B7F020E3BF5F476\Menu Démarrer 2009-03-21 21:30 . 2009-03-21 19:33 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476\IXP000.TMP 2009-03-21 21:30 . 2009-03-21 21:31 <REP> dr------- c:\documents and settings\christophe.B7F020E3BF5F476\Favoris 2009-03-21 21:30 . 2009-03-23 16:56 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476\Bureau 2009-03-21 21:30 . 2009-03-23 16:25 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476 2009-03-21 20:20 . 2008-04-13 10:45 172,416 --a------ c:\windows\system32\drivers\kmixer.sys 2009-03-21 20:20 . 2008-04-13 08:39 142,592 --a------ c:\windows\system32\drivers\aec.sys 2009-03-21 20:20 . 2008-04-13 11:17 83,072 --a------ c:\windows\system32\drivers\wdmaud.sys 2009-03-21 20:20 . 2008-04-13 11:15 60,800 --a------ c:\windows\system32\drivers\sysaudio.sys 2009-03-21 20:20 . 2008-04-13 10:45 56,576 --a------ c:\windows\system32\drivers\swmidi.sys 2009-03-21 20:20 . 2008-04-13 10:45 52,864 --a------ c:\windows\system32\drivers\DMusic.sys 2009-03-21 20:20 . 2008-04-13 10:39 7,552 --a------ c:\windows\system32\drivers\MSKSSRV.sys 2009-03-21 20:20 . 2008-04-13 10:45 6,272 --a------ c:\windows\system32\drivers\splitter.sys 2009-03-21 20:20 . 2008-04-13 10:39 5,376 --a------ c:\windows\system32\drivers\MSPCLOCK.sys 2009-03-21 20:20 . 2008-04-13 10:39 4,992 --a------ c:\windows\system32\drivers\MSPQM.sys 2009-03-21 20:20 . 2008-04-13 10:45 2,944 --a------ c:\windows\system32\drivers\drmkaud.sys 2009-03-21 20:19 . 2008-04-13 10:19 146,048 --a------ c:\windows\system32\drivers\portcls.sys 2009-03-21 20:19 . 2008-04-13 17:34 129,536 --a------ c:\windows\system32\ksproxy.ax 2009-03-21 20:19 . 2008-04-13 09:45 60,160 --a------ c:\windows\system32\drivers\drmk.sys 2009-03-21 20:19 . 2008-04-13 10:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys 2009-03-21 20:19 . 2008-04-13 17:33 4,096 --a------ c:\windows\system32\ksuser.dll 2009-03-21 20:19 . 2001-08-17 20:59 3,072 --a------ c:\windows\system32\drivers\audstub.sys 2009-03-21 20:18 . 2008-04-13 17:57 58,752 --a------ c:\windows\system32\drivers\redbook.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-22 22:26 33,808 ----a-w c:\windows\system32\drivers\klbg.sys 2009-03-22 21:44 --------- d-----w c:\program files\Teamspeak2_RC2 2009-03-22 15:51 --------- d-----w c:\program files\Microsoft Silverlight 2009-03-22 00:11 --------- d-----w c:\program files\Xfire 2009-03-21 23:57 --------- d-----w c:\program files\TuneUp Utilities 2008 2009-03-21 18:37 --------- d-----w c:\program files\Nero 2009-03-21 18:23 --------- d-----w c:\program files\Windows Media Connect 2 2009-03-17 20:54 --------- d-----w c:\documents and settings\Christophe\Application Data\Lavasoft 2009-03-17 17:11 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-15 20:35 --------- d-----w c:\documents and settings\Christophe\Application Data\teamspeak2 2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys 2009-02-06 18:39 308,600 ----a-w c:\windows\WLXPGSS.SCR 2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll 2009-01-29 23:19 --------- d-----w c:\documents and settings\Christophe\Application Data\Xfire 2009-01-29 15:55 --------- d-----w c:\program files\Windows Live Safety Center 2009-01-16 16:20 3,596,288 ------w c:\windows\system32\dllcache\mshtml.dll 2008-06-06 17:02 47,360 ----a-w c:\documents and settings\Christophe\Application Data\pcouffin.sys . ------- Sigcheck ------- 2008-05-02 23:57 2011136 22f702a6dcbdb4f7282c4b73b95ee4e4 c:\windows\explorer.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-05-02 15360] "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-02-25 251264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-03-21 201992] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2008-12-21 c:\windows\system32\advpack.dll] c:\documents and settings\christophe.B7F020E3BF5F476\Menu D‚marrer\Programmes\D‚marrage\ Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-02-26 3017040] c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\ D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048] RAID Manager.lnk - c:\program files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe [2008-06-07 724992] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2008-06-07 25423] R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808] R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [2008-05-02 76208] R0 Si3132r5;Si3132r5;c:\windows\system32\drivers\Si3132r5.sys [2008-05-02 208688] R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [2008-05-02 210224] R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2009-03-21 1275584] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-03-25 24592] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - HELPSVC . - - - - ORPHELINS SUPPRIMES - - - - Toolbar-ITBar7Layout - (no file) Toolbar-ITBar7Position - (no file) HKLM-Run-SoftwareHelper - c:\documents and settings\christophe.B7F020E3BF5F476\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe HKLM-Run-Cmaudio - cmicnfg.cpl . ------- Examen supplémentaire ------- . uStart Page = hxxp://y.lo.st IE: Ajouter à Kaspersky Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm FF - ProfilePath - c:\documents and settings\christophe.B7F020E3BF5F476\Application Data\Mozilla\Firefox\Profiles\x1nzwt50.default\ FF - prefs.js: browser.startup.homepage - hxxp://y.lo.st FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-23 17:12:25 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG08.00.00.01WORKSTATION"="0EF3071BE27F119EE8AE4711B9939B58A7EEF126B416EA6CE25ACA6DED29AEF7486303C86BC 3F01A4A4635690DD897E5D25F73A8164B03991447E927B6BCAD3062C20AC736A1E3399809466B9E2C 8F899D4E67128782073661A5E6AFDF4A77DF85325B70D6FDDB4FF9AA7DAF4B9803E444A3B1D54E0A2 6504033257837858DA280E400D0C4924926B473A47ED17DF68BA85DF91B920897E94AC4CDA5ED7777 0847A1C0AB5BED237835BEC457570C7008CE8BAD3F637191F83DBFCF0F9C7DBC126FC42BF45B70657 60B7E2D6CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E12 7BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5CA6171C11E C38DE3D2D90D57838CAF38E9E271D24C980AC1DEAE7C559CE75683CD5AB54DE667B209BE695BD449F A4663B88AA18C1E4809FAEBAC2E1E1762E54AD5734DCFEF23C0E8163E86E1177D845AF72AC1BC7C05 2E105975C07F97169C866E85C17DD516F76FA91E089192EB93897F504B81EC6DC5C8A6334D9554143 8CADD4E7D69A3909A54C4425B40BD72F28D48D600921809CB8DD611D001E0BEBAB0047ECF54D098C2 46FAFB4198A2B35C3FD18C2269E20A267533A3EA67116A9780A525A50004415C610EFDDE52E035A7D 5B59012E5D77139B6F7A127C60D0560432EBECC6B00F52A18E04C6CA01DCC00BEBF8C5C41400254BE D12E6366F4C5EA98FEBB9BED0B3050D004CE7FE81DDA1E5DF810D8F6F55A6B1BC555F0B97BCC2836B 91A820C6A00527AC110EBA244C47CE1D63A9B98E3776CEFD7DF236C57B19F1C77C7457ECE7BA51907 CD9BC4F131245BDF1C1F106080A6688266CF6DB848B1958B32F5590BEA4AE5D1BC0465EBFF3100EE3 CEEA5ED1E7FDE7506A12AE7A566282203A0F73FED62BF6618A1D9F8674B911D41F5B1240AEE159DFD E4F07A0CB78630FCE7C4CA676F1F425548AD5BDAE8F7B45527D93220D20D09E92F821DF504CC931F7 1BC5583D75A5A00F5CB8605325B7176190446CC70DF1B61E602FC55C11B99C166A7CD8F9E98772006 5738EA3D061139356FD3737BF1ABA7157D604FE40EACADB7004138FC8D19C3EF9A40978AACBE28796 0CBCC792D79C4F37AF6DD895C719D2356114734F6A8538F35F393C927B97AE9A2E5EF9A46B374E5BC 67D9E117048D4458E8F2F7E6F78AEB02B27EEA9AA23CFB2992060DA4D4658221D4F1B7539FE13B179 D8E29BB0A2B5138284A257C65E83AFF42826592768ADF0A7A3294D29458F0E05EBC0B0B218B6FE54A 28044F00438E95DC3050F58A461AD5160BCE37B09A47486E48D88AECCECDF0478425FFEB330BB6263 4EA772E1D7C4F50ED8C81F1D7C80C78723B6909C6BA2E720B7DB7A708003089A65973CEC4E2765D91 8D039B4175387B7728FF84795B8CC" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1576) c:\windows\system32\SETUPAPI.dll c:\windows\system32\Ati2evxx.dll c:\windows\system32\klogon.dll c:\windows\system32\COMRes.dll - - - - - - - > 'lsass.exe'(1896) c:\windows\system32\setupapi.dll - - - - - - - > 'explorer.exe'(2704) c:\windows\system32\SHDOCVW.dll c:\windows\system32\COMRes.dll c:\program files\IncrediMail\bin\B4ImApp.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll c:\windows\system32\eappprxy.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\oodag.exe c:\windows\system32\rundll32.exe c:\program files\IncrediMail\bin\ImApp.exe c:\program files\HP\Digital Imaging\bin\hpqgalry.exe c:\windows\system32\msiexec.exe . ************************************************************************** . Heure de fin: 2009-03-23 17:18:47 - La machine a redémarré ComboFix-quarantined-files.txt 2009-03-23 16:18:25 Avant-CF: 152 994 447 360 octets libres Après-CF: 152,865,550,336 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect 295 --- E O F --- 2009-03-21 19:17:54
  25. rital94
    voila comme demandé les rapport : ========== PROCESSES ========== Process explorer.exe killed successfully. ========== FILES ========== C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe moved successfully. File/Folder c:\program files\eorezo not found. C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\EoRezo\SoftwareUpdate\Software\eoengine\9.1.0.0 moved successfully. C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\EoRezo\SoftwareUpdate\Software\eoengine moved successfully. C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\EoRezo\SoftwareUpdate\Software moved successfully. C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\EoRezo\SoftwareUpdate\Download moved successfully. C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\EoRezo\SoftwareUpdate moved successfully. C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\EoRezo\eoDesktop moved successfully. C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\EoRezo\db moved successfully. C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\EoRezo moved successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EoEngine deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SoftwareHelper deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine\\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}}\\ not found. ========== COMMANDS ========== User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. Local Service Temporary Internet Files folder emptied. Windows Temp folder emptied. File delete failed. C:\Documents and Settings\christophe.B7F020E3BF5F476\Local Settings\Application Data\Mozilla\Firefox\Profiles\x1nzwt50.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\christophe.B7F020E3BF5F476\Local Settings\Application Data\Mozilla\Firefox\Profiles\x1nzwt50.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\christophe.B7F020E3BF5F476\Local Settings\Application Data\Mozilla\Firefox\Profiles\x1nzwt50.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\christophe.B7F020E3BF5F476\Local Settings\Application Data\Mozilla\Firefox\Profiles\x1nzwt50.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\christophe.B7F020E3BF5F476\Local Settings\Application Data\Mozilla\Firefox\Profiles\x1nzwt50.default\urlclassifier3.sqlite scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\christophe.B7F020E3BF5F476\Local Settings\Application Data\Mozilla\Firefox\Profiles\x1nzwt50.default\XUL.mfl scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03232009_141025 Files moved on Reboot... C:\Documents and Settings\christophe.B7F020E3BF5F476\Local Settings\Application Data\Mozilla\Firefox\Profiles\x1nzwt50.default\Cache\_CACHE_001_ moved successfully. C:\Documents and Settings\christophe.B7F020E3BF5F476\Local Settings\Application Data\Mozilla\Firefox\Profiles\x1nzwt50.default\Cache\_CACHE_002_ moved successfully. C:\Documents and Settings\christophe.B7F020E3BF5F476\Local Settings\Application Data\Mozilla\Firefox\Profiles\x1nzwt50.default\Cache\_CACHE_003_ moved successfully. C:\Documents and Settings\christophe.B7F020E3BF5F476\Local Settings\Application Data\Mozilla\Firefox\Profiles\x1nzwt50.default\Cache\_CACHE_MAP_ moved successfully. C:\Documents and Settings\christophe.B7F020E3BF5F476\Local Settings\Application Data\Mozilla\Firefox\Profiles\x1nzwt50.default\urlclassifier3.sqlite moved successfully. C:\Documents and Settings\christophe.B7F020E3BF5F476\Local Settings\Application Data\Mozilla\Firefox\Profiles\x1nzwt50.default\XUL.mfl moved successfully. puis hijathis : Logfile of random's system information tool 1.06 (written by random/random) Run by christophe at 2009-03-23 14:15:57 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 146 GB (77%) free of 191 GB Total RAM: 1023 MB (53% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:18:27, on 23/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20978) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\WINDOWS\system32\oodag.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\notepad.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Xfire\xfire.exe C:\Program Files\IncrediMail\bin\ImApp.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\christophe.B7F020E3BF5F476\Bureau\RSIT.exe C:\Program Files\trend micro\christophe.exe C:\WINDOWS\system32\notepad.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://lo.st#first R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O1 - Hosts: ;Tag&rename O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [softwareHelper] C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe O4 - Global Startup: RAID Manager.lnk = C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe -- End of file - 5702 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2009-03-21 62728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04 92504] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-03-21 201992] "Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd [] "SoftwareHelper"=C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WIAWizardMenu"=C:\WINDOWS\system32\sti_ci.dll [2008-05-02 679936] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "TaskSwitchXP"=C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe [2006-08-04 62976] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-05-02 15360] "IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2009-02-25 251264] C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage RAID Manager.lnk - C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe C:\Documents and Settings\christophe.B7F020E3BF5F476\Menu Démarrer\Programmes\Démarrage Xfire.lnk - C:\Program Files\Xfire\xfire.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2006-02-21 61440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\WINDOWS\system32\klogon.dll [2008-04-25 206088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-05-02 200064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-02 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======List of files/folders created in the last 1 months====== 2009-03-23 14:10:25 ----D---- C:\_OTMoveIt 2009-03-23 10:46:16 ----D---- C:\rsit 2009-03-23 10:46:16 ----D---- C:\Program Files\trend micro 2009-03-23 08:31:50 ----A---- C:\WINDOWS\system32\muweb.dll 2009-03-23 08:31:50 ----A---- C:\WINDOWS\system32\mucltui.dll.mui 2009-03-23 08:31:50 ----A---- C:\WINDOWS\system32\mucltui.dll 2009-03-22 22:43:16 ----D---- C:\Program Files\CCleaner 2009-03-22 20:00:28 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Malwarebytes 2009-03-22 20:00:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-03-22 20:00:21 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes 2009-03-22 17:46:24 ----D---- C:\Program Files\Fichiers communs\logishrd 2009-03-22 17:46:24 ----A---- C:\WINDOWS\system32\vfwwdm32.dll 2009-03-22 16:50:34 ----A---- C:\WINDOWS\system32\d3dx9_32.dll 2009-03-22 16:00:19 ----RA---- C:\WINDOWS\system32\Audio3D.dll 2009-03-22 16:00:06 ----RA---- C:\WINDOWS\system32\cmudax.dll 2009-03-22 16:00:06 ----RA---- C:\WINDOWS\system32\cmirmdrv.exe 2009-03-22 13:50:47 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Media Player Classic 2009-03-22 13:49:27 ----D---- C:\Program Files\ffdshow 2009-03-22 01:42:00 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Thunderbird 2009-03-22 01:33:35 ----A---- C:\WINDOWS\system32\BASSMOD.dll 2009-03-22 01:17:34 ----D---- C:\WINDOWS\pss 2009-03-22 01:06:17 ----D---- C:\Program Files\GSpot221 2009-03-22 00:55:34 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\TuneUp Software 2009-03-22 00:46:18 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\IM 2009-03-22 00:45:14 ----D---- C:\Program Files\IncrediMail 2009-03-22 00:45:14 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\IncrediMail 2009-03-22 00:38:12 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Xfire 2009-03-21 23:42:54 ----D---- C:\Program Files\Marvell 2009-03-21 23:25:30 ----D---- C:\Program Files\Intel 2009-03-21 23:19:10 ----A---- C:\WINDOWS\system32\ntport.dll 2009-03-21 23:11:12 ----RA---- C:\WINDOWS\system32\cmirmdrv.dll 2009-03-21 23:11:11 ----RA---- C:\WINDOWS\system32\udaprop.dll 2009-03-21 23:00:00 ----RA---- C:\WINDOWS\system32\a3d.dll 2009-03-21 22:29:41 ----A---- C:\WINDOWS\Ascd_tmp.ini 2009-03-21 22:22:12 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Mozilla 2009-03-21 22:10:52 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Macromedia 2009-03-21 22:10:52 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Adobe 2009-03-21 21:47:31 ----D---- C:\Program Files\Kaspersky Lab 2009-03-21 21:47:31 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab 2009-03-21 21:42:47 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\teamspeak2 2009-03-21 21:41:02 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Xentient 2009-03-21 21:40:43 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\HLSW 2009-03-21 21:31:21 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Identities 2009-03-21 21:30:19 ----ASH---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\desktop.ini 2009-03-21 21:30:17 ----SD---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Microsoft 2009-03-21 20:20:31 ----A---- C:\WINDOWS\system32\h323log.txt 2009-03-21 20:19:23 ----A---- C:\WINDOWS\system32\ksuser.dll 2009-03-21 20:17:15 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$ 2009-03-21 20:17:03 ----A---- C:\WINDOWS\system32\usbui.dll 2009-03-21 20:16:28 ----A---- C:\WINDOWS\system32\spupdsvc.exe 2009-03-21 20:15:14 ----N---- C:\WINDOWS\system32\spmsg.dll 2009-03-21 20:13:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-03-21 20:13:24 ----A---- C:\WINDOWS\ODBCINST.INI 2009-03-21 20:13:14 ----A---- C:\WINDOWS\system32\irclass.dll 2009-03-21 20:13:13 ----A---- C:\WINDOWS\system32\spxcoins.dll 2009-03-21 20:13:13 ----A---- C:\WINDOWS\system32\EqnClass.Dll 2009-03-21 20:13:13 ----A---- C:\WINDOWS\system32\dgsetup.dll 2009-03-21 20:13:13 ----A---- C:\WINDOWS\system32\dgrpsetu.dll 2009-03-21 20:13:10 ----A---- C:\WINDOWS\TASKMAN.EXE 2009-03-21 20:13:09 ----A---- C:\WINDOWS\system32\batt.dll 2009-03-21 20:13:08 ----A---- C:\WINDOWS\NOTEPAD.EXE 2009-03-21 20:13:07 ----A---- C:\WINDOWS\system32\storprop.dll 2009-03-21 20:12:50 ----ASH---- C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini 2009-03-21 20:10:45 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft 2009-03-21 19:46:30 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-03-21 19:36:36 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero 2009-03-21 19:35:32 ----D---- C:\Program Files\TaskSwitchXP 2009-03-21 19:34:05 ----A---- C:\WINDOWS\system32\jit.dll 2009-03-21 19:34:05 ----A---- C:\WINDOWS\setdebug.exe 2009-03-21 19:34:04 ----A---- C:\WINDOWS\system32\javaee.dll 2009-03-21 19:34:04 ----A---- C:\WINDOWS\system32\dx3j.dll 2009-03-21 19:33:58 ----A---- C:\WINDOWS\system32\wjview.exe 2009-03-21 19:33:58 ----A---- C:\WINDOWS\system32\vmhelper.dll 2009-03-21 19:33:57 ----A---- C:\WINDOWS\system32\msjdbc10.dll 2009-03-21 19:33:57 ----A---- C:\WINDOWS\system32\msjava.dll 2009-03-21 19:33:57 ----A---- C:\WINDOWS\system32\msawt.dll 2009-03-21 19:33:56 ----A---- C:\WINDOWS\system32\jview.exe 2009-03-21 19:33:56 ----A---- C:\WINDOWS\system32\jdbgmgr.exe 2009-03-21 19:33:56 ----A---- C:\WINDOWS\system32\javart.dll 2009-03-21 19:33:55 ----A---- C:\WINDOWS\system32\javaprxy.dll 2009-03-21 19:33:55 ----A---- C:\WINDOWS\system32\javacypt.dll 2009-03-21 19:33:54 ----A---- C:\WINDOWS\system32\clspack.exe 2009-03-21 19:29:09 ----A---- C:\WINDOWS\control.ini 2009-03-21 19:28:29 ----D---- C:\WINDOWS\system32\dllcache 2009-03-21 19:28:29 ----A---- C:\WINDOWS\system32\mapi32.dll 2009-03-21 19:27:24 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest 2009-03-21 19:27:20 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest 2009-03-21 19:26:31 ----A---- C:\WINDOWS\system32\acctres.dll 2009-03-21 19:26:12 ----A---- C:\WINDOWS\system32\wuweb.dll 2009-03-21 19:26:12 ----A---- C:\WINDOWS\system32\wucltui.dll 2009-03-21 19:26:12 ----A---- C:\WINDOWS\system32\wuauserv.dll 2009-03-21 19:26:11 ----A---- C:\WINDOWS\system32\wuaueng1.dll 2009-03-21 19:26:11 ----A---- C:\WINDOWS\system32\wuaueng.dll 2009-03-21 19:26:10 ----A---- C:\WINDOWS\system32\wups.dll 2009-03-21 19:26:10 ----A---- C:\WINDOWS\system32\wuauclt1.exe 2009-03-21 19:26:10 ----A---- C:\WINDOWS\system32\wuauclt.exe 2009-03-21 19:26:09 ----A---- C:\WINDOWS\system32\wuapi.dll 2009-03-21 19:26:09 ----A---- C:\WINDOWS\system32\qmgrprxy.dll 2009-03-21 19:26:09 ----A---- C:\WINDOWS\system32\bitsprx4.dll 2009-03-21 19:26:09 ----A---- C:\WINDOWS\system32\bitsprx3.dll 2009-03-21 19:26:09 ----A---- C:\WINDOWS\system32\bitsprx2.dll 2009-03-21 19:26:08 ----A---- C:\WINDOWS\system32\qmgr.dll 2009-03-21 19:26:07 ----A---- C:\WINDOWS\system32\fltMc.exe 2009-03-21 19:26:07 ----A---- C:\WINDOWS\system32\fltlib.dll 2009-03-21 19:26:06 ----A---- C:\WINDOWS\system32\srsvc.dll 2009-03-21 19:26:06 ----A---- C:\WINDOWS\system32\srrstr.dll 2009-03-21 19:26:06 ----A---- C:\WINDOWS\system32\srclient.dll 2009-03-21 19:26:05 ----A---- C:\WINDOWS\system32\msoert2.dll 2009-03-21 19:26:05 ----A---- C:\WINDOWS\system32\msoeacct.dll 2009-03-21 19:26:03 ----A---- C:\WINDOWS\system32\inetres.dll 2009-03-21 19:26:03 ----A---- C:\WINDOWS\system32\inetcomm.dll 2009-03-21 19:26:00 ----A---- C:\WINDOWS\system32\schedsvc.dll 2009-03-21 19:26:00 ----A---- C:\WINDOWS\system32\mstinit.exe 2009-03-21 19:26:00 ----A---- C:\WINDOWS\system32\mstask.dll 2009-03-21 19:24:14 ----A---- C:\WINDOWS\vbaddin.ini 2009-03-21 19:24:14 ----A---- C:\WINDOWS\vb.ini 2009-03-21 19:23:20 ----A---- C:\WINDOWS\system32\sndvol32.exe 2009-03-21 19:23:13 ----A---- C:\WINDOWS\system32\getuname.dll 2009-03-21 19:23:13 ----A---- C:\WINDOWS\system32\charmap.exe 2009-03-21 19:23:12 ----A---- C:\WINDOWS\system32\winmine.exe 2009-03-21 19:23:12 ----A---- C:\WINDOWS\system32\sol.exe 2009-03-21 19:23:12 ----A---- C:\WINDOWS\system32\calc.exe 2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\usrlogon.cmd 2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\tsshutdn.exe 2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\tslabels.ini 2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\tskill.exe 2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\tsdiscon.exe 2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\tscon.exe 2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\reset.exe 2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\mshearts.exe 2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\freecell.exe 2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\shadow.exe 2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\rwinsta.exe 2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\regini.exe 2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\rdpcfgex.dll 2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\qwinsta.exe 2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\qappsrv.exe 2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\msg.exe 2009-03-21 19:23:09 ----A---- C:\WINDOWS\system32\msdtcprf.ini 2009-03-21 19:23:09 ----A---- C:\WINDOWS\system32\logoff.exe 2009-03-21 19:23:09 ----A---- C:\WINDOWS\system32\cdmodem.dll 2009-03-21 19:23:01 ----A---- C:\WINDOWS\system32\wmimgmt.msc 2009-03-21 19:23:01 ----A---- C:\WINDOWS\system32\mplay32.exe 2009-03-21 19:23:00 ----A---- C:\WINDOWS\system32\spider.exe 2009-03-21 19:22:59 ----A---- C:\WINDOWS\system32\tsgqec.dll 2009-03-21 19:22:59 ----A---- C:\WINDOWS\system32\tscfgwmi.dll 2009-03-21 19:22:58 ----A---- C:\WINDOWS\system32\rhttpaa.dll 2009-03-21 19:22:58 ----A---- C:\WINDOWS\system32\aaclient.dll 2009-03-21 19:22:57 ----A---- C:\WINDOWS\system32\mstscax.dll 2009-03-21 19:22:56 ----A---- C:\WINDOWS\system32\sessmgr.exe 2009-03-21 19:22:56 ----A---- C:\WINDOWS\system32\remotepg.dll 2009-03-21 19:22:56 ----A---- C:\WINDOWS\system32\rdshost.exe 2009-03-21 19:22:56 ----A---- C:\WINDOWS\system32\rdsaddin.exe 2009-03-21 19:22:56 ----A---- C:\WINDOWS\system32\mstsc.exe 2009-03-21 19:22:55 ----A---- C:\WINDOWS\system32\termsrv.dll 2009-03-21 19:22:55 ----A---- C:\WINDOWS\system32\rdpwsx.dll 2009-03-21 19:22:55 ----A---- C:\WINDOWS\system32\rdpsnd.dll 2009-03-21 19:22:55 ----A---- C:\WINDOWS\system32\rdpclip.exe 2009-03-21 19:22:55 ----A---- C:\WINDOWS\system32\rdchost.dll 2009-03-21 19:22:55 ----A---- C:\WINDOWS\system32\qprocess.exe 2009-03-21 19:22:54 ----A---- C:\WINDOWS\system32\mtxoci.dll 2009-03-21 19:22:54 ----A---- C:\WINDOWS\system32\msdtcuiu.dll 2009-03-21 19:22:54 ----A---- C:\WINDOWS\system32\icaapi.dll 2009-03-21 19:22:54 ----A---- C:\WINDOWS\system32\cfgbkend.dll 2009-03-21 19:22:53 ----A---- C:\WINDOWS\system32\msdtctm.dll 2009-03-21 19:22:53 ----A---- C:\WINDOWS\system32\msdtcprx.dll 2009-03-21 19:22:52 ----A---- C:\WINDOWS\system32\xolehlp.dll 2009-03-21 19:22:52 ----A---- C:\WINDOWS\system32\msdtclog.dll 2009-03-21 19:22:52 ----A---- C:\WINDOWS\system32\msdtc.exe 2009-03-21 19:22:52 ----A---- C:\WINDOWS\system32\dcomcnfg.exe 2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\stclient.dll 2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\mtxlegih.dll 2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\mtxex.dll 2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\mtxdm.dll 2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\comrepl.dll 2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\comaddin.dll 2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\colbact.dll 2009-03-21 19:22:50 ----A---- C:\WINDOWS\system32\clbcatex.dll 2009-03-21 19:22:50 ----A---- C:\WINDOWS\system32\catsrvut.dll 2009-03-21 19:22:50 ----A---- C:\WINDOWS\system32\catsrvps.dll 2009-03-21 19:22:49 ----A---- C:\WINDOWS\system32\comsvcs.dll 2009-03-21 19:22:49 ----A---- C:\WINDOWS\system32\catsrv.dll 2009-03-21 19:22:48 ----A---- C:\WINDOWS\system32\comuid.dll 2009-03-21 19:22:48 ----A---- C:\WINDOWS\system32\comsnap.dll 2009-03-21 19:22:48 ----A---- C:\WINDOWS\system32\clbcatq.dll 2009-03-21 19:22:39 ----A---- C:\WINDOWS\system32\servdeps.dll 2009-03-21 19:22:38 ----A---- C:\WINDOWS\system32\mmfutil.dll 2009-03-21 19:22:38 ----A---- C:\WINDOWS\system32\licwmi.dll 2009-03-21 19:22:37 ----A---- C:\WINDOWS\system32\cmprops.dll 2009-03-21 18:10:28 ----AD---- C:\WINDOWS\i386 2009-03-21 18:09:08 ----D---- C:\Program Files\Mozilla Thunderbird 2009-03-21 18:08:03 ----D---- C:\Program Files\Recuva 2009-03-21 18:08:02 ----D---- C:\Program Files\Paint.NET 2009-03-21 18:08:00 ----D---- C:\Program Files\Occtpt 2009-03-21 18:07:43 ----D---- C:\Program Files\Cpu-z 2009-03-15 19:47:17 ----D---- C:\Program Files\MSBuild 2009-03-15 19:44:54 ----D---- C:\Program Files\Microsoft Visual Studio 8 2009-03-11 20:01:54 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2009-03-11 20:01:46 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$ 2009-03-11 20:01:20 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$ 2009-03-09 20:01:26 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$ 2009-03-09 20:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2009-02-26 19:46:50 ----A---- C:\WINDOWS\system32\xfcodec.dll ======List of files/folders modified in the last 1 months====== 2009-03-23 14:14:44 ----D---- C:\Program Files\Mozilla Firefox 2009-03-23 14:12:46 ----D---- C:\WINDOWS 2009-03-23 14:12:40 ----D---- C:\WINDOWS\Temp 2009-03-23 10:46:16 ----RD---- C:\Program Files 2009-03-23 08:31:50 ----D---- C:\WINDOWS\system32 2009-03-23 08:31:49 ----HD---- C:\WINDOWS\inf 2009-03-23 08:31:47 ----D---- C:\WINDOWS\system32\CatRoot2 2009-03-22 23:33:09 ----D---- C:\WINDOWS\system 2009-03-22 23:28:45 ----HD---- C:\Config.Msi 2009-03-22 23:26:15 ----D---- C:\WINDOWS\system32\drivers 2009-03-22 23:24:12 ----D---- C:\WINDOWS\system32\CatRoot 2009-03-22 23:24:08 ----SHD---- C:\WINDOWS\Installer 2009-03-22 22:44:20 ----D---- C:\Program Files\Teamspeak2_RC2 2009-03-22 22:12:35 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2009-03-22 21:00:18 ----SH---- C:\boot.ini 2009-03-22 21:00:18 ----A---- C:\WINDOWS\win.ini 2009-03-22 21:00:18 ----A---- C:\WINDOWS\system.ini 2009-03-22 17:57:49 ----RSD---- C:\WINDOWS\assembly 2009-03-22 17:56:45 ----D---- C:\WINDOWS\Microsoft.NET 2009-03-22 17:46:24 ----D---- C:\Program Files\Fichiers communs 2009-03-22 16:51:56 ----D---- C:\Program Files\Microsoft Silverlight 2009-03-22 16:50:34 ----D---- C:\WINDOWS\system32\DirectX 2009-03-22 16:49:53 ----D---- C:\WINDOWS\WinSxS 2009-03-22 16:48:33 ----RSD---- C:\WINDOWS\Fonts 2009-03-22 03:24:01 ----D---- C:\WINDOWS\Prefetch 2009-03-22 01:11:40 ----D---- C:\Program Files\Xfire 2009-03-22 01:07:35 ----D---- C:\WINDOWS\Help 2009-03-22 00:57:54 ----D---- C:\Program Files\TuneUp Utilities 2008 2009-03-21 23:35:26 ----D---- C:\WINDOWS\system32\ReinstallBackups 2009-03-21 21:33:28 ----SHD---- C:\RECYCLER 2009-03-21 21:30:14 ----D---- C:\Documents and Settings 2009-03-21 20:17:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$ 2009-03-21 20:17:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$ 2009-03-21 20:16:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$ 2009-03-21 20:16:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2009-03-21 20:16:07 ----D---- C:\Program Files\Internet Explorer 2009-03-21 20:09:57 ----D---- C:\WINDOWS\WBEM 2009-03-21 20:09:57 ----D---- C:\WINDOWS\system32\fr 2009-03-21 20:09:57 ----D---- C:\WINDOWS\Network Diagnostic 2009-03-21 20:09:57 ----D---- C:\WINDOWS\L2Schemas 2009-03-21 20:07:40 ----D---- C:\WINDOWS\AppPatch 2009-03-21 20:07:22 ----RD---- C:\WINDOWS\Web 2009-03-21 20:07:22 ----D---- C:\WINDOWS\system32\Setup 2009-03-21 20:06:12 ----D---- C:\WINDOWS\Offline Web Pages 2009-03-21 20:06:03 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-03-21 20:05:53 ----D---- C:\WINDOWS\twain_32 2009-03-21 20:05:49 ----D---- C:\WINDOWS\system32\ras 2009-03-21 20:05:45 ----D---- C:\WINDOWS\system32\icsxml 2009-03-21 20:05:25 ----D---- C:\WINDOWS\system32\1036 2009-03-21 19:47:37 ----D---- C:\WINDOWS\SoftwareDistribution 2009-03-21 19:47:32 ----D---- C:\WINDOWS\system32\MsDtc 2009-03-21 19:47:26 ----D---- C:\WINDOWS\security 2009-03-21 19:47:26 ----D---- C:\WINDOWS\repair 2009-03-21 19:47:17 ----D---- C:\WINDOWS\Debug 2009-03-21 19:46:43 ----SHD---- C:\System Volume Information 2009-03-21 19:46:43 ----D---- C:\WINDOWS\system32\Restore 2009-03-21 19:46:32 ----SD---- C:\WINDOWS\Tasks 2009-03-21 19:45:57 ----D---- C:\WINDOWS\system32\config 2009-03-21 19:37:11 ----D---- C:\Program Files\WinRAR 2009-03-21 19:37:01 ----D---- C:\Program Files\Nero 2009-03-21 19:35:21 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-03-21 19:30:55 ----D---- C:\WINDOWS\Registration 2009-03-21 19:30:14 ----D---- C:\WINDOWS\system32\URTTemp 2009-03-21 19:28:06 ----D---- C:\WINDOWS\system32\ias 2009-03-21 19:26:41 ----D---- C:\WINDOWS\srchasst 2009-03-21 19:26:32 ----D---- C:\Program Files\Windows Media Player 2009-03-21 19:26:27 ----D---- C:\Program Files\Outlook Express 2009-03-21 19:24:38 ----D---- C:\WINDOWS\system32\Com 2009-03-21 19:23:31 ----D---- C:\Program Files\Windows Media Connect 2 2009-03-21 19:23:08 ----D---- C:\WINDOWS\system32\wbem 2009-03-21 19:23:00 ----D---- C:\WINDOWS\system32\fr-fr 2009-03-21 18:38:01 ----D---- C:\WINDOWS\system32\usmt 2009-03-21 18:38:01 ----D---- C:\WINDOWS\system32\oodag 2009-03-21 18:37:59 ----HD---- C:\WINDOWS\system32\GroupPolicy 2009-03-21 18:37:53 ----D---- C:\WINDOWS\system32\1033 2009-03-21 18:37:52 ----D---- C:\WINDOWS\SHELLNEW 2009-03-21 18:37:51 ----D---- C:\WINDOWS\PeerNet 2009-03-21 18:37:38 ----D---- C:\WINDOWS\ime 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$ 2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$ 2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB942763$ 2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$ 2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$ 2009-03-17 18:11:17 ----HD---- C:\Program Files\InstallShield Installation Information 2009-03-17 13:42:48 ----D---- C:\temp 2009-03-17 02:09:13 ----HD---- C:\$AVG8.VAULT$ 2009-03-15 19:46:43 ----D---- C:\Program Files\Microsoft Office 2009-03-11 10:59:07 ----HD---- C:\WINDOWS\$hf_mig$ ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576] R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-03-22 213520] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-05-02 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-21 1505792] R3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\WINDOWS\system32\DRIVERS\Camdrl.sys [2007-02-03 1075360] R3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-21 1275584] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-05-02 144384] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-05-02 10368] R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 24592] R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys [2007-02-03 41504] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2008-05-02 5810] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-05-02 61824] R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-05-02 32128] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-05-02 259712] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-05-02 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-02 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-05-02 73600] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-21 405504] R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-03-21 201992] R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-02-15 707344] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-07-16 33632] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-07-16 68952] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-05-02 14336] -----------------EOF-----------------
×
×
  • Créer...