Aller au contenu

brisbane

Membres
  • Compteur de contenus

    17
  • Inscription

  • Dernière visite

Tout ce qui a été posté par brisbane

  1. D'accord. J'ai Avira comme système de protection. merci encore pour toutes ces informations et ces conseils...pour moi c'est juste magique de vous avoir
  2. Je viens de télécharger le fichier souhaité sans problème MERCI !! Par contre je ne peux toujours pas activer le service centre de sécurité Windows... cela est-il problématique ?
  3. voici le résultat : Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-09-2013 Ran by claben at 2013-09-11 18:49:19 Run:1 Running from C:\Users\claben\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** start HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path) URLSearchHook: (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File Toolbar: HKCU - No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File SearchScopes: HKCU - {20F326C9-145F-48EA-8DF7-29B0E63979C0} URL = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091 FF Extension: IMinent Toolbar - C:\Users\claben\AppData\Roaming\Mozilla\Firefox\Profiles\tcm2k5vx.default\Extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} FF Extension: Vuze Remote Community Toolbar - C:\Users\claben\AppData\Roaming\Mozilla\Firefox\Profiles\tcm2k5vx.default\Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} CHR Plugin: (Java™ Platform SE 6 U35) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6}\ \...\???\{a6485946-bdb9-5483-f823-9e57c89b51e6}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) 2013-09-09 12:51 - 2013-09-09 12:51 - 00000000 ____D C:\Users\claben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro 2013-09-09 18:29 - 2012-04-15 15:19 - 00000000 ____D C:\Users\claben\AppData\Roaming\Iminent C:\Users\claben\AppData\Local\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6} C:\Program Files (x86)\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6} C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender DeleteJunctionsInDirectory: C:\Windows\Program Files\Windows Defender DeleteJunctionsInDirectory: C:\Windows\Program Files\Microsoft Security Client cmd: netsh winsock reset end ***************** HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{ba14329e-9550-4989-b3f2-9732e92d17cc} => Value deleted successfully. HKCR\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} => Value deleted successfully. HKCR\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{20F326C9-145F-48EA-8DF7-29B0E63979C0} => Key deleted successfully. HKCR\CLSID\{20F326C9-145F-48EA-8DF7-29B0E63979C0} => Key not found. C:\Users\claben\AppData\Roaming\Mozilla\Firefox\Profiles\tcm2k5vx.default\Extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} => Moved successfully. C:\Users\claben\AppData\Roaming\Mozilla\Firefox\Profiles\tcm2k5vx.default\Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} => Moved successfully. C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => Moved successfully. C:\Windows\SysWOW64\npdeployJava1.dll => Moved successfully. C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll not found. *etadpug => Service deleted successfully. C:\Users\claben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro => Moved successfully. C:\Users\claben\AppData\Roaming\Iminent => Moved successfully. C:\Users\claben\AppData\Local\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6} => Moved successfully. C:\Program Files (x86)\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6} => Moved successfully. "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started. "C:\Program Files\Windows Defender\fr-FR" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed. "C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender" => File/Directory not found. "C:\Windows\Program Files\Windows Defender" => Not Found "C:\Windows\Program Files\Microsoft Security Client" => Not Found ========= netsh winsock reset ========= Le catalogue Winsock a �t� r�initialis� correctement. Vous devez red�marrer l'ordinateur afin de finaliser la r�initialisation. ========= End of CMD: ========= ==== End of Fixlog ====
  4. Voici le bilan du scan : le frst.txt : Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013 Ran by claben (administrator) on CLABEN-TOSH on 11-09-2013 12:59:19 Running from E:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: French Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TEco.exe (GARMIN Corp.) C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation) HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050000 2009-08-06] (Toshiba Europe GmbH) HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [596328 2009-08-06] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35160 2009-08-06] (TOSHIBA Corporation) HKLM\...\Run: [smoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation) HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-05] (TOSHIBA Corporation) HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor) HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated) HKLM\...\Run: [smartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation) HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1481568 2009-08-26] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation) HKLM\...\Policies\Explorer: [NoActiveDesktop] 1 HKCU\...\Run: [ANT Agent] - C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe [14731776 2013-02-15] (GARMIN Corp.) HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path) HKCU\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.) MountPoints2: {134e4667-28ea-11e1-ab9f-002622389922} - "E:\WD SmartWare.exe" autoplay=true HKLM-x32\...\Run: [sVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2009-08-12] (TOSHIBA) HKLM-x32\...\Run: [HWSetup] - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2009-06-02] (TOSHIBA Electronics, Inc.) HKLM-x32\...\Run: [KeNotify] - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-29] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-08-11] (TOSHIBA CORPORATION.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-10] (Avira Operations GmbH & Co. KG) HKU\Default\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA) HKU\Default User\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA) Startup: C:\Users\claben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH URLSearchHook: (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {20F326C9-145F-48EA-8DF7-29B0E63979C0} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091 SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {E8353643-B38D-4BD9-A5C4-3FC9F7330513} URL = http://rover.ebay.com/rover/1/709-44555-9400-8/4?satitle={searchTerms} BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKCU - No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File DPF: HKLM-x32 {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110310125158 DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.0.254 FireFox: ======== FF ProfilePath: C:\Users\claben\AppData\Roaming\Mozilla\Firefox\Profiles\tcm2k5vx.default FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", ""); FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", ""); FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll () FF Plugin: @eleco.com/o2cplayer - C:\Users\claben\Desktop\o2c Player\npO2CPlayer64.DLL No File FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @eleco.com/o2cplayer - C:\Users\claben\Desktop\o2c Player\npO2CPlayer.DLL No File FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_39 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-france.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\cnrtl-tlfi-fr.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-france.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-france.xml FF Extension: Vuze Remote Community Toolbar - C:\Users\claben\AppData\Roaming\Mozilla\Firefox\Profiles\tcm2k5vx.default\Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} FF Extension: IMinent Toolbar - C:\Users\claben\AppData\Roaming\Mozilla\Firefox\Profiles\tcm2k5vx.default\Extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} Chrome: ======= CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Java Platform SE 6 U35) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (O2C-Player Plug-In) - C:\Users\claben\Desktop\o2c Player\npO2CPlayer.DLL No File CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Extension: (Google Drive) - C:\Users\claben\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0 CHR Extension: (YouTube) - C:\Users\claben\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0 CHR Extension: (Google Search) - C:\Users\claben\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0 CHR Extension: (Gmail) - C:\Users\claben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ==================== Services (Whitelisted) ================= R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [655928 2013-09-10] (Avira Operations GmbH & Co. KG) R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [622648 2013-09-10] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-10] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-10] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-10] (Avira Operations GmbH & Co. KG) S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116104 2009-08-06] (Toshiba Europe GmbH) U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6}\ \...\???\{a6485946-bdb9-5483-f823-9e57c89b51e6}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) ==================== Drivers (Whitelisted) ==================== R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-02-13] (Avira GmbH) R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-02-13] (Avira GmbH) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-10] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-10] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-27] (Avira Operations GmbH & Co. KG) S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.) S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (http://libusb-win32.sourceforge.net) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R2 npf; C:\Windows\System32\drivers\npf.sys [47632 2010-01-27] (CACE Technologies, Inc.) S3 PMUSB2G; C:\Windows\System32\Drivers\PMUSB.sys [26624 2006-10-30] (PassMark Software) S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation) S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-09 15:26 - 2013-09-11 12:23 - 00000616 _____ C:\Windows\setupact.log 2013-09-09 15:26 - 2013-09-09 15:26 - 00000000 _____ C:\Windows\setuperr.log 2013-09-09 15:24 - 2013-09-10 22:20 - 00006114 _____ C:\Windows\PFRO.log 2013-09-09 15:18 - 2013-09-09 15:20 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\claben\Desktop\mbam-setup-1.75.0.1300.exe 2013-09-09 15:18 - 2013-09-09 15:18 - 00001076 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-09-09 15:18 - 2013-09-09 15:18 - 00000000 ____D C:\Users\claben\AppData\Roaming\Malwarebytes 2013-09-09 15:18 - 2013-09-09 15:18 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-09 15:18 - 2013-09-09 15:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-09 15:18 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-09-09 14:28 - 2013-09-09 14:51 - 00004040 _____ C:\Users\claben\Desktop\Rkill.txt 2013-09-09 14:28 - 2013-09-09 14:28 - 00000000 ____D C:\Users\claben\Desktop\rkill 2013-09-09 13:52 - 2013-09-09 14:54 - 00000000 ____D C:\Users\claben\Desktop\RK_Quarantine 2013-09-09 13:52 - 2013-09-09 14:08 - 00918016 _____ C:\Users\claben\Desktop\RogueKiller.exe 2013-09-09 13:52 - 2013-09-09 13:52 - 00918016 _____ C:\Users\claben\Desktop\RogueKiller.com 2013-09-09 12:51 - 2013-09-09 12:51 - 00000000 ____D C:\Users\claben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro 2013-09-09 12:45 - 2013-09-09 13:08 - 00000000 ____D C:\ProgramData\7gX7prng 2013-09-07 07:09 - 2013-09-07 07:09 - 00000000 ____D C:\Users\claben\AppData\Roaming\S.A.D 2013-09-06 21:06 - 2013-09-06 21:07 - 08465319 _____ C:\Users\claben\Downloads\Ithaque.zip 2013-09-05 21:47 - 2013-09-05 21:51 - 41404760 _____ (Apple Inc.) C:\Users\claben\Downloads\QuickTimeInstaller.exe 2013-09-05 21:44 - 2013-09-05 21:44 - 00001114 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-09-05 21:44 - 2013-09-05 21:44 - 00000000 ____D C:\ProgramData\Mozilla 2013-09-05 21:44 - 2013-09-05 21:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-09-05 21:42 - 2013-09-05 21:42 - 00282024 _____ (Mozilla) C:\Users\claben\Downloads\Firefox Setup Stub 23.0.1.exe 2013-08-23 22:21 - 2013-08-23 22:29 - 00000000 ____D C:\Users\claben\Desktop\photo ipod ben 2013-08-17 22:50 - 2013-08-17 22:51 - 27723672 _____ (Sony Mobile Communications ) C:\Users\claben\Downloads\Sony PC Companion_2.10.165_Web.exe 2013-08-15 16:04 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-08-15 16:01 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-08-15 16:01 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-08-15 16:01 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-08-15 16:01 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-08-15 16:01 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-08-15 16:01 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-08-15 16:01 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-08-15 16:01 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-08-15 16:01 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-08-15 16:01 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-08-15 16:01 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-08-15 16:01 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-14 21:50 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-08-14 21:50 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-14 21:50 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-08-14 21:50 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-08-14 21:50 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-08-14 21:50 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-14 21:50 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-14 21:50 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-14 21:50 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-14 21:50 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-14 21:50 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-14 21:50 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-08-14 21:50 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-14 21:49 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-14 21:49 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-14 21:49 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-14 21:49 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-14 21:49 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-14 21:49 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-14 21:49 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-14 21:49 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-14 21:49 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-14 21:49 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-14 21:49 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-14 21:49 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-14 21:49 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-14 21:49 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-14 21:49 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-14 21:49 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-14 21:49 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-14 21:49 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-14 21:24 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-14 21:24 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-14 21:24 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-14 21:24 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-14 21:24 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-14 21:24 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-14 21:24 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-14 21:24 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-14 21:23 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-08-14 21:23 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-14 21:23 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-14 21:23 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-14 21:23 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-14 21:23 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll ==================== One Month Modified Files and Folders ======= 2013-09-11 12:59 - 2013-09-11 12:59 - 00000000 ____D C:\FRST 2013-09-11 12:32 - 2009-07-14 06:45 - 00016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-11 12:32 - 2009-07-14 06:45 - 00016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-11 12:29 - 2009-07-14 17:24 - 00748328 _____ C:\Windows\system32\perfh00C.dat 2013-09-11 12:29 - 2009-07-14 17:24 - 00149936 _____ C:\Windows\system32\perfc00C.dat 2013-09-11 12:29 - 2009-07-14 07:13 - 01670322 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-11 12:28 - 2012-10-23 21:39 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-11 12:23 - 2013-09-09 15:26 - 00000616 _____ C:\Windows\setupact.log 2013-09-11 12:23 - 2011-01-02 11:59 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-11 12:23 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-11 12:03 - 2011-01-02 11:59 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-11 10:28 - 2012-10-23 21:39 - 00003940 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-09-11 10:28 - 2012-06-20 23:16 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-09-11 10:28 - 2011-05-16 20:32 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-09-10 23:00 - 2010-07-23 22:23 - 00003952 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{27CEAE4A-EAE8-4C42-B4B0-348C2E99586F} 2013-09-10 22:20 - 2013-09-09 15:24 - 00006114 _____ C:\Windows\PFRO.log 2013-09-10 21:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2013-09-10 11:39 - 2013-05-13 20:24 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-09-10 11:39 - 2013-03-27 17:12 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-09-10 11:39 - 2013-03-27 17:12 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-09-09 18:55 - 2013-06-17 21:22 - 01691486 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-09-09 18:29 - 2012-04-15 15:19 - 00000000 ____D C:\Users\claben\AppData\Roaming\Iminent 2013-09-09 15:26 - 2013-09-09 15:26 - 00000000 _____ C:\Windows\setuperr.log 2013-09-09 15:20 - 2013-09-09 15:18 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\claben\Desktop\mbam-setup-1.75.0.1300.exe 2013-09-09 15:18 - 2013-09-09 15:18 - 00001076 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-09-09 15:18 - 2013-09-09 15:18 - 00000000 ____D C:\Users\claben\AppData\Roaming\Malwarebytes 2013-09-09 15:18 - 2013-09-09 15:18 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-09 15:18 - 2013-09-09 15:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-09 14:54 - 2013-09-09 13:52 - 00000000 ____D C:\Users\claben\Desktop\RK_Quarantine 2013-09-09 14:51 - 2013-09-09 14:28 - 00004040 _____ C:\Users\claben\Desktop\Rkill.txt 2013-09-09 14:51 - 2013-05-02 12:04 - 00000000 ____D C:\Users\claben\Desktop\Fort Worth Avril 2013 2013-09-09 14:50 - 2010-01-05 09:05 - 00004033 _____ C:\Windows\WindowsUpdate.log 2013-09-09 14:28 - 2013-09-09 14:28 - 00000000 ____D C:\Users\claben\Desktop\rkill 2013-09-09 14:08 - 2013-09-09 13:52 - 00918016 _____ C:\Users\claben\Desktop\RogueKiller.exe 2013-09-09 13:52 - 2013-09-09 13:52 - 00918016 _____ C:\Users\claben\Desktop\RogueKiller.com 2013-09-09 13:08 - 2013-09-09 12:45 - 00000000 ____D C:\ProgramData\7gX7prng 2013-09-09 12:51 - 2013-09-09 12:51 - 00000000 ____D C:\Users\claben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro 2013-09-09 12:45 - 2011-01-02 11:59 - 00000000 ____D C:\Program Files (x86)\Google 2013-09-09 12:45 - 2010-07-22 21:38 - 00000000 ____D C:\Users\claben\AppData\Local\Google 2013-09-09 12:07 - 2010-09-01 21:56 - 00000000 ____D C:\Users\claben\Documents\agregation 2013-09-09 09:33 - 2012-04-15 15:15 - 00000000 ____D C:\Users\claben\AppData\Roaming\Azureus 2013-09-07 07:09 - 2013-09-07 07:09 - 00000000 ____D C:\Users\claben\AppData\Roaming\S.A.D 2013-09-06 21:07 - 2013-09-06 21:06 - 08465319 _____ C:\Users\claben\Downloads\Ithaque.zip 2013-09-06 09:01 - 2010-07-27 16:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-09-05 21:51 - 2013-09-05 21:47 - 41404760 _____ (Apple Inc.) C:\Users\claben\Downloads\QuickTimeInstaller.exe 2013-09-05 21:44 - 2013-09-05 21:44 - 00001114 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-09-05 21:44 - 2013-09-05 21:44 - 00000000 ____D C:\ProgramData\Mozilla 2013-09-05 21:44 - 2013-09-05 21:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-09-05 21:42 - 2013-09-05 21:42 - 00282024 _____ (Mozilla) C:\Users\claben\Downloads\Firefox Setup Stub 23.0.1.exe 2013-08-23 22:29 - 2013-08-23 22:21 - 00000000 ____D C:\Users\claben\Desktop\photo ipod ben 2013-08-17 22:55 - 2012-07-23 22:41 - 00000000 ____D C:\ProgramData\Sony 2013-08-17 22:55 - 2012-07-23 22:35 - 00000000 ____D C:\Program Files (x86)\Sony 2013-08-17 22:51 - 2013-08-17 22:50 - 27723672 _____ (Sony Mobile Communications ) C:\Users\claben\Downloads\Sony PC Companion_2.10.165_Web.exe 2013-08-17 22:51 - 2009-09-04 15:25 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-08-16 07:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-08-15 00:36 - 2012-09-23 14:19 - 00000000 ____D C:\Users\claben\Documents\Vegas Movie Studio HD Platinum 11.0 Projets 2013-08-14 21:49 - 2009-09-04 15:49 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-08-12 11:19 - 2009-07-14 07:08 - 00032496 _____ C:\Windows\Tasks\SCHEDLGU.TXT Files to move or delete: ==================== ZeroAccess: C:\Users\claben\AppData\Local\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6} ZeroAccess: C:\Program Files (x86)\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6} ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender LastRegBack: 2013-09-11 11:04 ==================== End Of Log ============================ et l'addition.txt : Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-09-2013 Ran by claben at 2013-09-11 13:00:11 Running from E:\ Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Update for Microsoft Office 2007 (KB2508958) (x32) "La respiration" version 1.2a (x32) Adobe AIR (x32 Version: 3.1.0.4880) Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.168) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168) Adobe Reader 9.4.5 - Français (x32 Version: 9.4.5) Anagène 2 (x32 Version: 2.00.00) Apple Application Support (x32 Version: 2.1.9) Apple Mobile Device Support (Version: 5.2.0.6) Apple Software Update (x32 Version: 2.1.3.127) Assistant de connexion Windows Live (x32 Version: 5.000.818.5) ATI Catalyst Install Manager (Version: 3.0.732.0) Avira Internet Security (x32 Version: 13.0.0.4042) AviSynth 2.5 (x32) BayaM 3-7 (x32 Version: 3.3.8389) BayaM 7-13 (x32 Version: 1.2.30) Bonjour (Version: 3.0.0.10) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Core Implementation (x32 Version: 2009.0729.2238.38827) Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0729.2238.38827) Catalyst Control Center Graphics Full New (x32 Version: 2009.0729.2238.38827) Catalyst Control Center Graphics Light (x32 Version: 2009.0729.2238.38827) Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0729.2238.38827) Catalyst Control Center InstallProxy (x32 Version: 2009.0729.2238.38827) Catalyst Control Center Localization All (x32 Version: 2009.0729.2238.38827) CCC Help Chinese Standard (x32 Version: 2009.0729.2237.38827) CCC Help Chinese Traditional (x32 Version: 2009.0729.2237.38827) CCC Help Czech (x32 Version: 2009.0729.2237.38827) CCC Help Danish (x32 Version: 2009.0729.2237.38827) CCC Help Dutch (x32 Version: 2009.0729.2237.38827) CCC Help English (x32 Version: 2009.0729.2237.38827) CCC Help Finnish (x32 Version: 2009.0729.2237.38827) CCC Help French (x32 Version: 2009.0729.2237.38827) CCC Help German (x32 Version: 2009.0729.2237.38827) CCC Help Greek (x32 Version: 2009.0729.2237.38827) CCC Help Hungarian (x32 Version: 2009.0729.2237.38827) CCC Help Italian (x32 Version: 2009.0729.2237.38827) CCC Help Japanese (x32 Version: 2009.0729.2237.38827) CCC Help Korean (x32 Version: 2009.0729.2237.38827) CCC Help Norwegian (x32 Version: 2009.0729.2237.38827) CCC Help Polish (x32 Version: 2009.0729.2237.38827) CCC Help Portuguese (x32 Version: 2009.0729.2237.38827) CCC Help Russian (x32 Version: 2009.0729.2237.38827) CCC Help Spanish (x32 Version: 2009.0729.2237.38827) CCC Help Swedish (x32 Version: 2009.0729.2237.38827) CCC Help Thai (x32 Version: 2009.0729.2237.38827) CCC Help Turkish (x32 Version: 2009.0729.2237.38827) ccc-core-static (x32 Version: 2009.0729.2238.38827) ccc-utility64 (Version: 2009.0729.2238.38827) Celestia 1.6.1 (x32) CyberGhost VPN DVD Architect Studio 5.0 (x32 Version: 5.0.156) EduAnatomist 1.0 (x32) Efficient WMA MP3 Converter version 0.99.9.3 (x32 Version: 0.99.9.3) Evolution allélique (x32) FormatFactory 2.70 (x32 Version: 2.70) Free iPod Video Converter V 3.0 (x32 Version: 3.0.0.0) Free Mp3 Wma Converter V 1.91 (x32 Version: 1.91.0.0) Freemake Video Converter version 4.0.2 (x32 Version: 4.0.2) Galerie de photos Windows Live (x32 Version: 14.0.8081.709) Garmin ANT Agent (Version: 2.3.4) Garmin USB Drivers (x32 Version: 2.3.1.0) GIMP 2.6.11 (x32 Version: 2.6.11) Google Update Helper (x32 Version: 1.3.21.153) Google Earth (x32 Version: 7.1.1.1888) Hominines 2.1 (x32) HotPotatoes v 6.3.0.4 (x32) Installation Windows Live (x32 Version: 14.0.8089.0726) Installation Windows Live (x32 Version: 14.0.8089.726) Intel® Matrix Storage Manager iTunes (Version: 10.6.3.25) Java 6 Update 39 (x32 Version: 6.0.390) La cellule 3D version 1.03 (x32) Le virus du SIDA version 1.05a (x32) Light Image Resizer 4.0.6.2 (x32 Version: 4.0.6.2) lignee_humaine version 1.2 (x32) L'oeil et la vision version 1.06a. (x32) Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile FRA Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Choice Guard (x32 Version: 2.0.48.0) Microsoft Office 2007 Service Pack 3 (SP3) (x32) Microsoft Office Access MUI (French) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Excel MUI (French) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000) Microsoft Office OneNote MUI (French) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Outlook MUI (French) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (French) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office PowerPoint Viewer 2007 (French) (x32 Version: 12.0.6612.1000) Microsoft Office Professional 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (Arabic) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (Dutch) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proofing (French) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32) Microsoft Office Publisher MUI (French) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Shared 64-bit MUI (French) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared MUI (French) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Word MUI (French) 2007 (x32 Version: 12.0.6612.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Works (x32 Version: 9.7.0621) Mise à jour Microsoft Office Excel 2007 Help (KB963678) (x32) Mise à jour Microsoft Office Outlook 2007 Help (KB963677) (x32) Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669) (x32) Mise à jour Microsoft Office Word 2007 Help (KB963665) (x32) Module de compatibilité pour Microsoft Office System 2007 (x32 Version: 12.0.6612.1000) Module linguistique Microsoft .NET Framework 4 Client Profile FRA (Version: 4.0.30319) Mozilla Firefox 23.0.1 (x86 fr) (x32 Version: 23.0.1) Mozilla Maintenance Service (x32 Version: 23.0.1) MSVCRT (x32 Version: 14.0.1468.721) MSVCRT Redists (x32 Version: 1.0) OpenOffice.org 3.2 (x32 Version: 3.2.9502) Outil de téléchargement Windows Live (x32 Version: 14.0.8014.1029) Package de pilotes Windows - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2) (Version: 07/07/2009 1.12.2) Package de pilotes Windows - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (Version: 02/06/2007 3.1) PhotoFiltre (HKCU) Phyloboîte version 1.2.0.0 R2 (x32) Phylogene V2.5.1 (x32) Planètes 3D version 1.02 (x32) PlayReady PC Runtime amd64 (Version: 1.3.0) Polymorphisme végétal version 1.1.0.a (x32) QuickTime (x32 Version: 7.72.80.56) Realtek 8136 8168 8169 Ethernet Driver (x32 Version: 1.00.0005) Realtek High Definition Audio Driver (x32 Version: 6.0.1.5904) Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30101) Realtek WLAN Driver (x32 Version: 2.00.0006) SeisGram2K 5.3.4 (x32) SimulAiry (x32 Version: 2) Skype Launcher (x32) Skype™ 5.10 (x32 Version: 5.10.116) Sound Forge Audio Studio 10.0 (x32 Version: 10.0.176) Synaptics Pointing Device Driver (Version: 13.2.6.1) Télédétection version 1.1.0.a (x32) Terre 2.0.0.a (x32) Toshiba Assist (x32 Version: 3.00.09) TOSHIBA Bulletin Board (Version: 1.0.04.64) TOSHIBA Bulletin Board (x32 Version: 1.0.04.64) TOSHIBA ConfigFree (x32 Version: 8.0.21) TOSHIBA Disc Creator (Version: 2.1.0.1 for x64) TOSHIBA DVD PLAYER (x32 Version: 3.01.0.07-A) TOSHIBA eco Utility (Version: 1.1.10.64) TOSHIBA eco Utility (x32 Version: 1.1.10.64) TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00) TOSHIBA Extended Tiles for Windows Mobility Center (x32 Version: ) TOSHIBA Face Recognition (Version: 3.1.1.64) TOSHIBA Face Recognition (x32 Version: 3.1.1.64) TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.4C) TOSHIBA Hardware Setup (x32 Version: 1.63.0.11C) TOSHIBA HDD/SSD Alert (Version: 3.1.64.0) TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.0) Toshiba Manuals (x32 Version: 10.00) TOSHIBA Mot de passe responsable (x32 Version: 1.63.0.7C) Toshiba Online Product Information (x32 Version: 2.08.0001) TOSHIBA PC Health Monitor (Version: 1.4.1.64) Toshiba Photo Service - powered by myphotobook (x32 Version: 1.0.0) Toshiba Photo Service - powered by myphotobook (x32 Version: 1.0.0-663) TOSHIBA Recovery Media Creator (Version: 2.1.0.2 for x64) TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019) TOSHIBA ReelTime (Version: 1.0.04.64) TOSHIBA ReelTime (x32 Version: 1.0.04.64) TOSHIBA SD Memory Utilities (Version: 1.9.1.12) TOSHIBA Supervisor Password (x32 Version: 1.63.0.7C) Toshiba TEMPRO (x32 Version: 3.05) TOSHIBA Value Added Package (Version: 1.2.25.64) TOSHIBA Value Added Package (x32 Version: 1.2.25.64) TOSHIBA Web Camera Application (x32 Version: 1.1.1.4) TRORMCLauncher (Version: 1.0.0.7) TRORMCLauncher (x32 Version: ) Update for 2007 Microsoft Office System (KB967642) (x32) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32) Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition (x32) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition (x32) Utility Common Driver (x32 Version: 1.0.50.27C) VDownloader 3.6.924 (x32) Vegas Movie Studio HD Platinum 11.0 (x32 Version: 11.0.256) Viewpoint Media Player (Remove Only) (x32) VLC media player 1.1.11 (x32 Version: 1.1.11) Vuze (x32 Version: 4. Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0) Windows Live Communications Platform (x32 Version: 14.0.8064.206) Windows Live FolderShare (x32 Version: 14.0.8089.726) Windows Movie Maker 2.6 (x32 Version: 2.6.4037.0) WinPcap 4.1.1 (x32 Version: 4.1.0.1753) WinRAR 4.01 (32 bits) (x32 Version: 4.01.0) ==================== Restore Points ========================= 01-09-2013 17:00:43 Sauvegarde Windows 03-09-2013 18:07:04 Windows Update 08-09-2013 19:20:41 Sauvegarde Windows ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started Task: {16FB9177-5D40-495D-9DFB-50D44B1FDA54} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-11] (Adobe Systems Incorporated) Task: {292AB97D-D597-4EC1-B896-421C14C13BB3} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION) Task: {59470939-4177-4E0A-9BBA-868E919AB419} - System32\Tasks\User_Feed_Synchronization-{27CEAE4A-EAE8-4C42-B4B0-348C2E99586F} => C:\Windows\system32\msfeedssync.exe [2013-05-08] (Microsoft Corporation) Task: {78A75610-8D4E-435E-BBCD-25E31E3A97A4} - System32\Tasks\Programme de mise à jour en ligne de Adobe => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated) Task: {79357020-5F16-4129-AE09-3DFFCB105F9D} - System32\Tasks\{D771D85C-FC30-45DF-91F8-BAD9314BB851} => C:\Users\claben\Desktop\SharePod.exe Task: {796FC56F-71DE-4CFD-8BB0-02D68A560FBE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {90990B57-2F68-4BB9-8ED1-3EAB616F8B27} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2010-11-20] (Microsoft Corporation) Task: {ACABBC69-B5DB-4750-9A0E-47465D5890D6} - System32\Tasks\{D51A3CA0-BF75-4F04-926C-86CA8A244B6D} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.) Task: {BE11BF44-3B5E-454F-A46D-FA7D98BFCACB} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation) Task: {D10385C7-4740-49DE-8AD6-89BE93BFA407} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-02] (Google Inc.) Task: {D6CB57F8-A8DA-4B32-B25C-505E5444CF09} - System32\Tasks\WPD\SqmUpload_S-1-5-21-1469510785-606564725-1504882164-500 => C:\Windows\System32\portabledeviceapi.dll [2010-11-20] (Microsoft Corporation) Task: {F226CA85-9C9C-4F98-8858-10FF03F7B812} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-02] (Google Inc.) Task: {F62A5BFA-5874-47B4-B746-BED64CF9BA77} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: {FF4052B1-824B-45EC-BB72-8CF8D02EB910} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-11-05 10:01 - 2011-05-28 23:05 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll 2009-08-06 16:02 - 2009-08-06 16:02 - 00046464 _____ (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproCommon.dll 2009-08-06 16:02 - 2009-08-06 16:02 - 06620544 _____ (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproUI.dll 2009-08-06 16:03 - 2009-08-06 16:03 - 00050560 _____ (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\fr\TemproUI.resources.dll 2009-08-06 14:14 - 2009-08-06 14:14 - 03002728 _____ () C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll 2009-08-06 17:34 - 2009-08-06 17:34 - 00066904 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\ReelTimeRemoteStorage.dll 2009-08-06 17:33 - 2009-08-06 17:33 - 00320856 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\DataProcess.dll 2009-08-05 15:21 - 2009-08-05 15:21 - 00113152 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrReg.dll 2009-08-05 15:21 - 2009-08-05 15:21 - 00123392 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrFunc.dll 2009-08-05 15:22 - 2009-08-05 15:22 - 00260096 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TCooling.dll 2009-08-05 15:21 - 2009-08-05 15:21 - 00275456 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TtosFunc.dll 2009-08-05 15:22 - 2009-08-05 15:22 - 00298496 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TOddPwr.dll 2009-08-05 15:22 - 2009-08-05 15:22 - 00055808 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrSrv.dll 2009-08-05 15:22 - 2009-08-05 15:22 - 00263168 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\T1394Pwr.dll 2009-08-05 15:21 - 2009-08-05 15:21 - 00265216 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TKBLEDPwr.dll 2009-08-05 15:21 - 2009-08-05 15:21 - 00263168 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TSDPwr.dll 2009-08-05 15:21 - 2009-08-05 15:21 - 00260608 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPCIePwr.dll 2009-03-22 22:40 - 2009-03-22 22:40 - 00155648 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.dll 2009-03-22 22:40 - 2009-03-22 22:40 - 00053760 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdEvnt.dll 2009-07-16 16:27 - 2009-07-16 16:27 - 07244600 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll 2009-08-05 15:22 - 2009-08-05 15:22 - 00263680 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TFunctab.DLL 2008-07-14 11:33 - 2008-07-14 11:33 - 00134456 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\FnSticky.dll 2009-05-18 10:46 - 2009-05-18 10:46 - 00048640 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnEsc.dll 2008-07-14 11:35 - 2008-07-14 11:35 - 00107832 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll 2009-07-16 16:27 - 2009-07-16 16:27 - 00051512 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll 2008-07-14 11:34 - 2008-07-14 11:34 - 00053560 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF1.dll 2009-08-05 15:22 - 2009-08-05 15:22 - 00266240 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TFunc2.DLL 2008-07-14 11:34 - 2008-07-14 11:34 - 00054072 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF3.dll 2008-07-14 11:34 - 2008-07-14 11:34 - 00054072 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF4.dll 2009-07-13 15:41 - 2009-07-13 15:41 - 00096600 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF5.dll 2009-07-16 16:27 - 2009-07-16 16:27 - 00077624 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF67.dll 2009-07-15 12:53 - 2009-07-15 12:53 - 00362496 _____ (TOSHIBA Corporation.) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF8Dll.dll 2008-07-14 11:34 - 2008-07-14 11:34 - 00057656 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF9.dll 2009-07-13 16:36 - 2009-07-13 16:36 - 00068440 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnSpace.dll 2009-09-04 15:30 - 2009-06-22 15:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll 2009-03-12 20:08 - 2009-03-12 20:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll 2009-07-14 20:02 - 2009-07-14 20:02 - 00018352 _____ (TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\ConfigFree\x64\CFNotify64.dll 2007-12-11 10:42 - 2007-12-11 10:42 - 00017784 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\NotifyTZU.dll 2009-07-25 17:38 - 2009-07-25 17:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll 2008-07-14 11:35 - 2008-07-14 11:35 - 00233272 _____ (TOSHIBA Corp.) C:\Program Files\TOSHIBA\Utilities\NotifyX.dll 2007-05-07 20:58 - 2007-05-07 20:58 - 00018040 _____ (TOSHIBA Corporation) C:\Program Files\Toshiba\TBS\NotifyTBS.dll 2009-07-20 18:44 - 2009-07-20 18:44 - 00395048 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll 2009-07-20 18:44 - 2009-07-20 18:44 - 00204072 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll 2009-08-26 18:58 - 2009-08-26 18:58 - 00553984 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoPower.dll 2009-08-26 18:59 - 2009-08-26 18:59 - 00082944 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoHci.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00106496 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3497.38894__90ba9c70f846762e\MOM.Implementation.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00032768 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3428.28296__90ba9c70f846762e\LOG.Foundation.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00036864 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\LOG.Foundation.Private.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00065536 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3497.38892__90ba9c70f846762e\LOG.Foundation.Implementation.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3428.28310__90ba9c70f846762e\MOM.Foundation.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3428.28310__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00019456 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3497.38893__90ba9c70f846762e\CCC.Implementation.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00028672 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3428.28297__90ba9c70f846762e\NEWAEM.Foundation.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00094208 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3428.28298__90ba9c70f846762e\CLI.Foundation.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00057344 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3497.38813__90ba9c70f846762e\CLI.Component.SkinFactory.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00028672 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3428.28354__90ba9c70f846762e\CLI.Foundation.XManifest.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00057344 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3497.38812__90ba9c70f846762e\CLI.Component.Runtime.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00045056 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00040960 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3428.28301__90ba9c70f846762e\CLI.Foundation.Private.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3428.28303__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00032768 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00045056 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3497.38810__90ba9c70f846762e\AEM.Server.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Server.Shared.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00045056 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3497.38904__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00045056 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00016384 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3428.28324__90ba9c70f846762e\DEM.Graphics.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00339968 _____ (Advanced Mirco Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3497.38814__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00098304 _____ (Advanced Mirco Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3428.28305__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3428.28302__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00020480 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00065536 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3497.38863__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3428.28316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00040960 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00028672 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3428.28311__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00016384 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00032768 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3428.28309__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00077824 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3497.38880__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00065536 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3428.28316__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3497.38823__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00040960 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3497.38837__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00028672 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00036864 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3497.38860__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00024576 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00040960 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3497.38856__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00053248 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00032768 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3497.38862__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00036864 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3497.38855__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00028672 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00061440 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3497.38855__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00061440 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3497.38867__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00053248 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00081920 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3497.38856__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00053248 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00045056 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3497.38898__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00028672 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3428.28323__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00061440 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3497.38811__90ba9c70f846762e\APM.Server.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3428.28310__90ba9c70f846762e\APM.Foundation.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00007168 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3497.38810__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00405504 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3497.38827__90ba9c70f846762e\CLI.Component.Wizard.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00040960 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3428.28302__90ba9c70f846762e\CLI.Component.Client.Shared.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3428.28329__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00024576 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00040960 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3497.38828__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00491520 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3497.38899__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00040960 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3428.28324__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00094208 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3497.38868__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00007168 _____ ( ) C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00409600 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3497.38875__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00307200 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3497.38837__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 01736704 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3497.38831__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00204800 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3497.38833__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 01212416 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3497.38819__90ba9c70f846762e\CLI.Component.Dashboard.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00024576 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3428.28304__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3428.28309__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll 2009-05-04 11:45 - 2009-05-04 11:45 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00073728 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3497.38822__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00045056 _____ (Advanced Mirco Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3497.38899__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00196608 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3497.38833__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00950272 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3497.38923__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00094208 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3497.38861__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00393216 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3497.38855__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00315392 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3497.38862__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00360448 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3497.38851__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00331776 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3497.38868__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00573440 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3497.38833__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00782336 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3497.38856__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll 2010-01-05 09:02 - 2010-01-05 09:02 - 00118784 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3497.38898__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll 2009-08-03 18:18 - 2009-08-03 18:18 - 00081752 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll 2009-08-03 18:19 - 2009-08-03 18:19 - 00265584 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TReport.dll 2009-08-04 12:13 - 2009-08-04 12:13 - 00103936 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHCTL.dll 2009-08-04 12:12 - 2009-08-04 12:12 - 00259584 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TReport.dll 2009-08-04 12:12 - 2009-08-04 12:12 - 00108544 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHMui.dll 2013-02-15 18:19 - 2013-02-15 18:19 - 00202752 _____ (GARMIN Corp.) C:\Program Files (x86)\Garmin\ANT Agent\ANT AgentFRA.dll 2013-01-25 16:00 - 2013-01-25 16:00 - 00090112 _____ (Silicon Laboratories, Inc.) C:\Program Files (x86)\Garmin\ANT Agent\DSI_SiUSBXp_3_1.DLL 2011-05-17 16:44 - 2011-05-17 16:44 - 00075200 _____ (http://libusb-win32.sourceforge.net) C:\Windows\system32\libusb0.dll 2010-05-04 15:36 - 2010-05-04 15:36 - 00970752 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll 2009-07-21 23:37 - 2009-07-21 23:37 - 00144776 _____ (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSParts.dll 2009-08-18 21:18 - 2009-08-18 21:18 - 00304536 _____ (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSAPI.dll 2009-07-28 18:26 - 2009-07-28 18:26 - 00066936 _____ (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFWLAPI.dll 2009-07-27 19:57 - 2009-07-27 19:57 - 01561984 _____ (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSMUI.dll ==================== Alternate Data Streams (whitelisted) ========== AlternateDataStreams: C:\ProgramData\TEMP:8C35AEA7 AlternateDataStreams: C:\Users\claben\Downloads:Shareaza.GUID AlternateDataStreams: C:\Users\claben\Downloads\activites google earthe 4e:Shareaza.GUID AlternateDataStreams: C:\Users\claben\Downloads\Anagene:Shareaza.GUID AlternateDataStreams: C:\Users\claben\Downloads\Celestia:Shareaza.GUID AlternateDataStreams: C:\Users\claben\Downloads\EduAnatomist:Shareaza.GUID AlternateDataStreams: C:\Users\claben\Downloads\FormatFactory:Shareaza.GUID AlternateDataStreams: C:\Users\claben\Downloads\GenieGen_exe:Shareaza.GUID AlternateDataStreams: C:\Users\claben\Downloads\Image Resizer 4:Shareaza.GUID AlternateDataStreams: C:\Users\claben\Downloads\java:Shareaza.GUID AlternateDataStreams: C:\Users\claben\Downloads\licenses:Shareaza.GUID AlternateDataStreams: C:\Users\claben\Downloads\logiciels etamine:Shareaza.GUID AlternateDataStreams: C:\Users\claben\Downloads\planetes3D:Shareaza.GUID AlternateDataStreams: C:\Users\claben\Downloads\readmes:Shareaza.GUID AlternateDataStreams: C:\Users\claben\Downloads\redist:Shareaza.GUID AlternateDataStreams: C:\Users\claben\Downloads\SharePod:Shareaza.GUID AlternateDataStreams: C:\Users\claben\Downloads\SharePod 2:Shareaza.GUID AlternateDataStreams: C:\Users\claben\Downloads\tectoglobbis:Shareaza.GUID AlternateDataStreams: C:\Users\claben\Downloads\VDownloader:Shareaza.GUID ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/09/2013 10:51:36 PM) (Source: Application Error) (User: ) Description: Nom de l’application défaillante IEXPLORE.EXE, version : 10.0.9200.16660, horodatage : 0x51f1c5f3 Nom du module défaillant : AGM.dll_unloaded, version : 0.0.0.0, horodatage : 0x4d46458e Code d’exception : 0xc000041d Décalage d’erreur : 0x682aa314 ID du processus défaillant : 0xe84 Heure de début de l’application défaillante : 0xIEXPLORE.EXE0 Chemin d’accès de l’application défaillante : IEXPLORE.EXE1 Chemin d’accès du module défaillant: IEXPLORE.EXE2 ID de rapport : IEXPLORE.EXE3 Error: (09/09/2013 10:51:30 PM) (Source: Application Error) (User: ) Description: Nom de l’application défaillante IEXPLORE.EXE, version : 10.0.9200.16660, horodatage : 0x51f1c5f3 Nom du module défaillant : AGM.dll_unloaded, version : 0.0.0.0, horodatage : 0x4d46458e Code d’exception : 0xc0000005 Décalage d’erreur : 0x682aa314 ID du processus défaillant : 0xe84 Heure de début de l’application défaillante : 0xIEXPLORE.EXE0 Chemin d’accès de l’application défaillante : IEXPLORE.EXE1 Chemin d’accès du module défaillant: IEXPLORE.EXE2 ID de rapport : IEXPLORE.EXE3 Error: (09/09/2013 03:07:05 PM) (Source: MBAMService) (User: ) Description: MBAMService15:07:05 claben ERROR StartServiceCtrlDispatcher failed with error code 1063 Error: (09/09/2013 03:07:02 PM) (Source: MBAMService) (User: ) Description: MBAMService15:07:02 claben ERROR StartServiceCtrlDispatcher failed with error code 1063 Error: (09/09/2013 03:07:01 PM) (Source: MBAMService) (User: ) Description: MBAMService15:07:01 claben ERROR StartServiceCtrlDispatcher failed with error code 1063 Error: (09/09/2013 03:04:32 PM) (Source: MBAMService) (User: ) Description: MBAMService15:04:32 claben ERROR StartServiceCtrlDispatcher failed with error code 1063 Error: (09/09/2013 03:04:17 PM) (Source: MBAMService) (User: ) Description: MBAMService15:04:17 claben ERROR StartServiceCtrlDispatcher failed with error code 1063 Error: (09/09/2013 02:53:34 PM) (Source: Application Error) (User: ) Description: Nom de l’application défaillante IEXPLORE.EXE, version : 10.0.9200.16660, horodatage : 0x51f1c5f3 Nom du module défaillant : urlmon.dll, version : 10.0.9200.16660, horodatage : 0x51f1c5f7 Code d’exception : 0xc0000005 Décalage d’erreur : 0x0000a72b ID du processus défaillant : 0x14d0 Heure de début de l’application défaillante : 0xIEXPLORE.EXE0 Chemin d’accès de l’application défaillante : IEXPLORE.EXE1 Chemin d’accès du module défaillant: IEXPLORE.EXE2 ID de rapport : IEXPLORE.EXE3 Error: (09/09/2013 02:53:33 PM) (Source: Application Error) (User: ) Description: Nom de l’application défaillante IEXPLORE.EXE, version : 10.0.9200.16660, horodatage : 0x51f1c5f3 Nom du module défaillant : urlmon.dll, version : 10.0.9200.16660, horodatage : 0x51f1c5f7 Code d’exception : 0xc0000005 Décalage d’erreur : 0x0000a72b ID du processus défaillant : 0xb30 Heure de début de l’application défaillante : 0xIEXPLORE.EXE0 Chemin d’accès de l’application défaillante : IEXPLORE.EXE1 Chemin d’accès du module défaillant: IEXPLORE.EXE2 ID de rapport : IEXPLORE.EXE3 Error: (09/09/2013 02:53:32 PM) (Source: Application Error) (User: ) Description: Nom de l’application défaillante IEXPLORE.EXE, version : 10.0.9200.16660, horodatage : 0x51f1c5f3 Nom du module défaillant : urlmon.dll, version : 10.0.9200.16660, horodatage : 0x51f1c5f7 Code d’exception : 0xc0000005 Décalage d’erreur : 0x0000a72b ID du processus défaillant : 0xb10 Heure de début de l’application défaillante : 0xIEXPLORE.EXE0 Chemin d’accès de l’application défaillante : IEXPLORE.EXE1 Chemin d’accès du module défaillant: IEXPLORE.EXE2 ID de rapport : IEXPLORE.EXE3 System errors: ============= Error: (09/11/2013 00:26:10 PM) (Source: Service Control Manager) (User: ) Description: Le service Fournisseur HomeGroup dépend du service Publication des ressources de découverte de fonctions qui n’a pas pu démarrer en raison de l’erreur : %%-2147024891 Error: (09/11/2013 00:26:10 PM) (Source: Service Control Manager) (User: ) Description: Le service Publication des ressources de découverte de fonctions s’est arrêté avec l’erreur : %%-2147024891 Error: (09/11/2013 00:25:05 PM) (Source: Service Control Manager) (User: ) Description: Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se charger : cdrom Error: (09/11/2013 00:23:44 PM) (Source: Service Control Manager) (User: ) Description: Le service Publication des ressources de découverte de fonctions s’est arrêté avec l’erreur : %%-2147024891 Error: (09/11/2013 00:23:44 PM) (Source: Service Control Manager) (User: ) Description: Le service Modules de génération de clés IKE et AuthIP dépend du service suivant : BFE. Ce dernier n’est peut-être pas installé. Error: (09/11/2013 00:23:42 PM) (Source: Service Control Manager) (User: ) Description: Le service Explorateur d’ordinateurs s’est arrêté avec l’erreur : %%1060 Error: (09/11/2013 00:23:31 PM) (Source: atikmdag) (User: ) Description: Display is not active Error: (09/11/2013 00:23:31 PM) (Source: atikmdag) (User: ) Description: CPLIB :: General - Invalid Parameter Error: (09/11/2013 11:09:18 AM) (Source: Service Control Manager) (User: ) Description: Le service Publication des ressources de découverte de fonctions s’est arrêté avec l’erreur : %%-2147024891 Error: (09/11/2013 11:09:18 AM) (Source: Service Control Manager) (User: ) Description: Le service Fournisseur HomeGroup dépend du service Publication des ressources de découverte de fonctions qui n’a pas pu démarrer en raison de l’erreur : %%-2147024891 Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 33% Total physical RAM: 4060.88 MB Available physical RAM: 2683.37 MB Total Pagefile: 8119.93 MB Available Pagefile: 6283.1 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (WINDOWS) (Fixed) (Total:232.88 GB) (Free:63.81 GB) NTFS Drive d: (Data) (Fixed) (Total:232.49 GB) (Free:49.06 GB) NTFS Drive e: () (Removable) (Total:3.74 GB) (Free:3.52 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or (Size: 466 GB) (Disk ID: 6AB5E9DA) Partition 1: (Active) - (Size=400 MB) - (Type=27) Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=232 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=4 GB) - (Type=0B) ==================== End Of Log ============================ Merci de votre aide !
  5. Aïe, je n'ai pas de quoi graver... il va falloir que je trouve quelqu'un
  6. Bonjour, lundi, suite à une infection par un logiciel malveillant prenant l'apparence d'un antivirus, mon ordi portable était complètement bloqué. J'ai, par l'intermédiaire d'un autre ordinateur réussi à installer rkill et à limiter l'action du virus. voici le rapport : Rkill 2.6.1 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2013 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 09/09/2013 02:51:05 PM in x64 mode. Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * C:\ProgramData\7gX7prng\7gX7prng.exe (PID: 6852) [AU-HEUR] 1 proccess terminated! Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * ALERT: ZEROACCESS rootkit symptoms found! * C:\Program Files (x86)\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6}\ [ZA Dir] * C:\Program Files (x86)\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6}\ \ [ZA Dir] * C:\Program Files (x86)\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6}\ \...\ [ZA Dir] * C:\Program Files (x86)\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6}\ \...\ﯹ๛\ [ZA Dir] * C:\Program Files (x86)\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6}\ \...\ﯹ๛\{a6485946-bdb9-5483-f823-9e57c89b51e6}\ [ZA Dir] * C:\Users\claben\AppData\Local\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6}\ [ZA Dir] * C:\Users\claben\AppData\Local\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6}\❤≸⋙\ [ZA Dir] * C:\Users\claben\AppData\Local\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6}\❤≸⋙\Ⱒ☠⍨\ [ZA Dir] * C:\Users\claben\AppData\Local\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\ [ZA Dir] * C:\Users\claben\AppData\Local\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{a6485946-bdb9-5483-f823-9e57c89b51e6}\ [ZA Dir] J'en ai profité pour installer malwarbytes anti-malware et j'ai fait deux recherches (la première ayant été interrompue) dont voici les rapports : Internet Explorer 10.0.9200.16660 claben :: CLABEN-TOSH [administrateur] Protection: Désactivé 09/09/2013 15:19:58 mbam-log-2013-09-09 (15-19-58).txt Type d'examen: Examen rapide Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 29701 Temps écoulé: 2 minute(s), 47 seconde(s) [abandonné] Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 4 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GOOGLEUPDATE.EXE (Rootkit.0Access.ED) -> Mis en quarantaine et supprimé avec succès. HKLM\SYSTEM\CurrentControlSet\Services\etadpug (Rootkit.0Access.ED) -> Suppression au redémarrage. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Mis en quarantaine et supprimé avec succès. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Mis en quarantaine et supprimé avec succès. Valeur(s) du Registre détectée(s): 3 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AS2014 (Trojan.Agent.rfz) -> Données: C:\ProgramData\7gX7prng\7gX7prng.exe -> Mis en quarantaine et supprimé avec succès. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AS2014 (Trojan.Agent.rfz) -> Données: C:\ProgramData\7gX7prng\7gX7prng.exe -> Mis en quarantaine et supprimé avec succès. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Google Update (Rootkit.0Access.ED) -> Données: -> Mis en quarantaine et supprimé avec succès. Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 4 C:\ProgramData\7gX7prng\7gX7prng.exe (Trojan.Agent.rfz) -> Mis en quarantaine et supprimé avec succès. C:\Users\claben\AppData\Local\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{a6485946-bdb9-5483-f823-9e57c89b51e6}\GoogleUpdate.exe (Rootkit.0Access.ED) -> Mis en quarantaine et supprimé avec succès. c:\program files (x86)\google\desktop\install\{a6485946-bdb9-5483-f823-9e57c89b51e6}\ \...\ﯹ๛\{a6485946-bdb9-5483-f823-9e57c89b51e6}\googleupdate.exe (Rootkit.0Access.ED) -> Mis en quarantaine et supprimé avec succès. C:\Users\claben\Downloads\FreemakeVideoConverterSetup.exe (PUP.Optional.OpenCandy) -> Mis en quarantaine et supprimé avec succès. (fin) Malwarebytes Anti-Malware (Essai) 1.75.0.1300 www.malwarebytes.org Version de la base de données: v2013.09.09.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 claben :: CLABEN-TOSH [administrateur] Protection: Activé 09/09/2013 15:28:20 mbam-log-2013-09-09 (15-28-20).txt Type d'examen: Examen complet (C:\|D:\|) Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 472257 Temps écoulé: 2 heure(s), 31 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 1 HKLM\SYSTEM\CurrentControlSet\Services\etadpug (Trojan.Zaccess) -> Suppression au redémarrage. Valeur(s) du Registre détectée(s): 1 HKCU\Control Panel\don't load|wscui.cpl (Hijack.SecurityCenter) -> Données: No -> Mis en quarantaine et supprimé avec succès. Elément(s) de données du Registre détecté(s): 3 HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Mauvais: (1) Bon: (0) -> Mis en quarantaine et réparé avec succès HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Mauvais: (1) Bon: (0) -> Mis en quarantaine et réparé avec succès HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Mauvais: (1) Bon: (0) -> Mis en quarantaine et réparé avec succès Dossier(s) détecté(s): 5 C:\Users\claben\AppData\Roaming\Iminent\Mediator (PUP.Optional.Iminent.A) -> Mis en quarantaine et supprimé avec succès. C:\Users\claben\AppData\Roaming\Iminent\Mediator\Datas (PUP.Optional.Iminent.A) -> Mis en quarantaine et supprimé avec succès. C:\Users\claben\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Mis en quarantaine et supprimé avec succès. C:\Users\claben\AppData\Roaming\OpenCandy\01B83871E55A41F9B3E9803DD03AF7D2 (PUP.Optional.OpenCandy) -> Mis en quarantaine et supprimé avec succès. C:\Users\claben\AppData\Roaming\OpenCandy\OpenCandy_523B83E780674912A7ACB7D3F417212C (PUP.Optional.OpenCandy) -> Mis en quarantaine et supprimé avec succès. Fichier(s) détecté(s): 10 C:\Users\claben\Desktop\sony vegas platinium\Sony.Vegas.Movie.Studio.HD.Platinum.v11.0.Build.256.mundomanuales.com\vegas.movie.studio.hd.platinum.11.0-mpt.rar (PUP.Hacktool.Patcher) -> Mis en quarantaine et supprimé avec succès. C:\Users\claben\Desktop\sony vegas platinium\Sony.Vegas.Movie.Studio.HD.Platinum.v11.0.Build.256.mundomanuales.com\vegas.movie.studio.hd.platinum.11.0-mpt\vegas.movie.studio.hd.platinum.11.0-mpt.exe (PUP.Hacktool.Patcher) -> Mis en quarantaine et supprimé avec succès. D:\CLABEN-TOSH\Backup Set 2013-08-04 194024\Backup Files 2013-08-25 190003\Backup files 398.zip (PUP.Hacktool.Patcher) -> Mis en quarantaine et supprimé avec succès. C:\Users\claben\Desktop\Antivirus Security Pro support.url (Rogue.AntiVirusSecurity) -> Mis en quarantaine et supprimé avec succès. depuis, je peux utiliser à nouveau mon portable mais je ne peux rien télécharger !! Le téléchargement d'un fichier débute normalement mais se termine toujours par un message ".... contenait un virus et a été supprimé" (je crois que c'est un message de Windows) par ailleurs, le centre de sécurité de Windows de mon portable est complètement bloqué, je n'ai plus de pare-feu non plus. Pourriez-vous m'aider s'il vous plait ? Merci beaucoup !
  7. MERCI !!!!!!!! Ce forum est une vraie pépite ! Merci Apollo, j'ai pu tout récupérer !!!!
  8. Désolée ! Est ce qu'un administrateur pourrait déplacer ce message dans le bon forum ? merci Appolo, je vais tenter ce logiciel !
  9. Bonjour, Voici quelques semaines, la carte mère de mon ordinateur portable (Toshiba) a grillé. J'ai donc connecté son disque dur à un autre ordi afin de récupérer notamment un dossier très important pour moi et contenant quasi exclusivement des fichiers open office et word. Malheureusement, impossible d'ouvrir le dd qui apparait pourtant bien dans poste de travail : j'ai tenté plusieurs logiciels de récupération de données mais bien sûr il faut payer pour récupérer les fichiers (ex avec recovery my files ...). J'ai téléchargé testdisk et photorec mais je ne sais pas m'en servir. Pourriez-vous m'aider ? Merci beaucoup de vos réponses
  10. merci pour tout !
  11. Bonjour, j'ai fait les actions ci-dessus mais certaines n'ont pas été possibles : dans hijackthis : les lignes O2, O6, O9 extrabutton (non name)....mcafee, et O20 ne se sont pas affichees. (déjà supprimées par les actions anterieures ?) J'ai egalement essaye de supprimer ctfmon sur mon portable (il a vista) et tout s'est bien passé jusqu'aux actions : Regsvr32.exe /u msimtf.dll Cliquez sur OK. Répétez pour le fichier Msctf.dll. que je n'ai pas pu effectuer (sur l'ordinateur de bureau tout a fonctionné) quant à java, la mise à jour par jucheck ne demarre pas (alors que celle avec sun semble possible) merci de vos indications bon dimanche !
  12. Merci merci merci
  13. Non, je ne vois plus aucun soucis ! (mais comme je ne sais pas lire le rapport de combofix, je me tourne vers vous pour l'interpreter ) sinon, auriez-vous un conseil pour proteger au mieux mes ordinateurs vis a vis d'autres infections ? sur mon portable j'ai une version pre installee (et donc temporaire !) de mcafee. me conseillez vous de retirer mcafee avec MCPR.exe et d'installer avira ? dois je installer MBAM sur mon portable et verifier de temps en temps tous mes ordinateurs avec ? dois je garder combofix ou l'effacer maintenant que l analyse a ete faite ? merci de vos conseils si precieux ! je sus vraiment epatee qu'un tel reseau d'aide existe !
  14. voici le resultat du scan par combofix : ComboFix 09-02-12.03 - claben 2009-02-14 20:35:41.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.958.616 [GMT 1:00] Lancé depuis: c:\documents and settings\claben\Bureau\ComboFix.exe * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\a3kebook.ini c:\windows\akebook.ini c:\windows\ANS2000.INI c:\windows\system32\admlixqs.ini c:\windows\system32\init32.exe c:\windows\system32\jectdcvc.ini c:\windows\system32\test.ttt c:\windows\system32\uniq.tll c:\windows\system32\vojhcmtj.ini c:\windows\system32\win32hlp.cnf c:\windows\system32\WxaaKkkj.ini c:\windows\system32\WxaaKkkj.ini2 c:\windows\system32\xksxpyfd.ini . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_PACKET ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-14 au 2009-02-14 )))))))))))))))))))))))))))))))))))) . 2009-02-14 20:14 . 2009-02-14 20:14 608,344 --a------ C:\MCPR.exe 2009-02-14 15:57 . 2009-02-14 15:57 <REP> d-------- c:\documents and settings\claben\Application Data\Malwarebytes 2009-02-14 15:57 . 2009-02-14 15:57 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-14 15:57 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-14 15:57 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-14 15:51 . 2009-02-14 15:51 2,876,720 --a------ C:\mbam-setup.exe 2009-02-14 15:16 . 2009-02-14 15:16 <REP> d-------- c:\program files\Microsoft.NET 2009-02-14 15:13 . 2009-02-14 15:17 <REP> d-------- c:\windows\SHELLNEW 2009-02-14 15:12 . 2009-02-14 15:12 <REP> dr-h----- C:\MSOCache 2009-02-14 15:12 . 2009-02-14 15:21 <REP> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-02-14 14:07 . 2009-02-14 14:07 401,720 --a------ C:\karcher.exe 2009-01-31 16:26 . 2009-01-31 16:26 <REP> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles 2009-01-31 16:01 . 2009-01-31 16:01 <REP> d--h----- c:\windows\PIF 2009-01-21 09:47 . 2009-01-21 09:47 <REP> d-------- c:\program files\Avira 2009-01-21 09:47 . 2009-01-21 09:47 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-01-20 07:59 . 2009-02-14 10:31 <REP> d-------- c:\program files\vghd 2009-01-20 07:59 . 2009-02-13 17:33 <REP> d-------- c:\documents and settings\claben\Application Data\vghd 2009-01-20 07:59 . 2009-01-20 14:12 152,904 --a------ c:\windows\system32\vghd.scr . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-14 19:40 --------- d-----w c:\documents and settings\claben\Application Data\OpenOffice.org2 2009-02-14 18:12 --------- d-----w c:\program files\emule 0.48a pro -ultra2 2009-02-14 14:18 --------- d-----w c:\program files\Microsoft Works 2009-01-21 13:08 --------- d-----w c:\program files\Secured eMule 2008-12-31 14:18 --------- d-----w c:\documents and settings\claben\Application Data\Notepad++ 2007-06-29 19:25 2,514 ----a-w c:\documents and settings\claben\Application Data\wklnhst.dat 2007-02-04 19:38 87,608 -c--a-w c:\documents and settings\claben\Application Data\ezpinst.exe 2007-02-04 19:38 47,360 -c--a-w c:\documents and settings\claben\Application Data\pcouffin.sys 2007-01-26 10:07 168 -csh--r c:\windows\system32\F29F230B58.sys 2007-01-26 10:07 5,018 -csha-w c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "c:\program files\Secured_eMule\tbSec1.dll" [2008-04-25 1470488] [HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}] 2008-04-25 14:14 1470488 --a------ c:\program files\Secured_eMule\tbSec1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "c:\program files\Secured_eMule\tbSec1.dll" [2008-04-25 1470488] [HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}"= "c:\program files\Secured_eMule\tbSec1.dll" [2008-04-25 1470488] [HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-06-28 32768] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848] "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "CnxDslTaskBar"="c:\program files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" [2005-05-20 278528] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 c:\windows\stsystra.exe] "nwiz"="nwiz.exe" [2006-08-23 c:\windows\system32\nwiz.exe] c:\documents and settings\claben\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.1.lnk - c:\program files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 393216] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=hfxjgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\emule 0.48a pro -ultra2\\emule.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= S0 stwlfbus;stwlfbus;c:\windows\system32\DRIVERS\stwlfbus.sys --> c:\windows\system32\DRIVERS\stwlfbus.sys [?] S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [2006-12-28 131072] S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [2006-12-28 618112] S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;c:\windows\system32\drivers\CnxTgNW.sys [2006-12-28 52736] S3 Usblink;Usblink Driver;c:\windows\system32\Drivers\ulink.sys --> c:\windows\system32\Drivers\ulink.sys [?] S3 VNic;ULan Network Driver Module;c:\windows\system32\DRIVERS\VNic.sys --> c:\windows\system32\DRIVERS\VNic.sys [?] . Contenu du dossier 'Tâches planifiées' 2009-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 14:21] . - - - - ORPHELINS SUPPRIMES - - - - BHO-{824B9726-A43E-47B1-8E7D-DF6C2869E407} - c:\windows\system32\jkkKaaxW.dll . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=5061220 uInternet Connection Wizard,ShellNext = hxxp://www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=5061220 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-14 20:40:06 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\OpenOffice.org 2.1\program\soffice.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Fichiers communs\EPSON\EBAPI\SAgent2.exe c:\windows\system32\nvsvc32.exe c:\program files\OpenOffice.org 2.1\program\soffice.bin c:\windows\ehome\mcrdsvc.exe c:\windows\ehome\ehmsas.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2009-02-14 20:42:16 - La machine a redémarré ComboFix-quarantined-files.txt 2009-02-14 19:42:10 Avant-CF: 8 000 966 656 octets libres Après-CF: 18,063,220,736 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect 170 --- E O F --- 2009-01-14 15:10:00 alors, quel est votre verdict ? merci beaucoup de votre aide !
  15. Juste pour vous tenir informé : j'ai retrouvé la possibilité d'ouvrir le gestionnaire de tâches !!! merci !
  16. merci beauup de votre réponse ! voici le résultat : Malwarebytes' Anti-Malware 1.34 Version de la base de données: 1761 Windows 5.1.2600 Service Pack 2 14/02/2009 17:52:47 mbam-log-2009-02-14 (17-52-47).txt Type de recherche: Examen complet (C:\|D:\|F:\|G:\|K:\|) Eléments examinés: 219991 Temps écoulé: 1 hour(s), 14 minute(s), 46 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 12 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 7 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 7 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65c91f5d-aa0b-4e6f-8626-fec6db869775} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{65c91f5d-aa0b-4e6f-8626-fec6db869775} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d1dc124d-8bc4-46d6-a3c5-454c53324f4e} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebuoibs (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d1dc124d-8bc4-46d6-a3c5-454c53324f4e} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d1dc124d-8bc4-46d6-a3c5-454c53324f4e} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{d1dc124d-8bc4-46d6-a3c5-454c53324f4e} (Trojan.Vundo) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\hfxjgn.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\geBUOIBs.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\ARK36.tmp (Trojan.Vundo) -> Delete on reboot. C:\Documents and Settings\claben\Local Settings\Temporary Internet Files\Content.IE5\5431BU36\SystemGuard2009[1].exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully. il a signalé en fin d'analyse e certains fichiers n'avaiet pu être effacés et a nommé : C:\ARK36.tmp mais si j'ai bien compris, ils devraient l'être au redemarrage ? y a t-il d'autres interventions a effectuer ? marci encore Brisbane dois-je desactiver mc afee qu n'est plus du tout mis à jour ? j avais cherche à l eliminer mais il etait jusqu ici bloque par les virus
  17. Bonjour, J'ai eu un soucis que j'arrive à contrôler un peu seulement maintenant : voici 15 jours, mon ordinateur s'est mis à ouvrir des dizaines de fentres internet explorer à chaque demande d'ouverture de fichier de ma part, il m a egalement propose de telecharger un certain nombre de faux antivirus et aujourd'hui apres l'eradication de plusieurs virus par avira, j'ai encore l'ouverture par exemple de "antiviralscan" et d'autres pages non desirees et je ne peux pas acceder au gestionnaire de taches. j'ai fait un hijack this dont voici le bilan : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:10:13, on 14/02/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe c:\program files\mcafee.com\agent\mcdetect.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe c:\program files\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN C:\WINDOWS\system32\dllhost.exe C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe C:\Program Files\Messenger\msmsgs.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\karcher.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=5061220 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/hws/sb/dell-row/fr/side.html?channel=fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr/hws/sb/dell-row/fr/side.html?channel=fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig/dell?hl=fr&cli...amp;ibd=5061220 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/hws/sb/dell-row/fr/side.html?channel=fr R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=5061220 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/ig/dell?hl=fr&cli...amp;ibd=5061220 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Secured_eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Secured_eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: {577968bd-6cef-6268-f6e4-b0aad5f19c56} - {65c91f5d-aa0b-4e6f-8626-fec6db869775} - C:\WINDOWS\system32\hfxjgn.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {824B9726-A43E-47B1-8E7D-DF6C2869E407} - C:\WINDOWS\system32\jkkKaaxW.dll (file missing) O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: (no name) - {D1DC124D-8BC4-46D6-A3C5-454C53324F4E} - C:\WINDOWS\system32\geBUOIBs.dll (file missing) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Secured_eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing) O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.photoweb.fr/telechargement/tele...nt-photoweb.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.photoservice.com/telechargement...geUploader4.cab O20 - AppInit_DLLs: hfxjgn.dll O20 - Winlogon Notify: geBUOIBs - geBUOIBs.dll (file missing) O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 9808 bytes pourriez-vous m'aider ? merci beaucoup de vos réponses ! Brisbane
×
×
  • Créer...