Aller au contenu

Maheva

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    43

  • Inscription

  • Dernière visite

Tout ce qui a été posté par Maheva

  1. Maheva
    Bonjour, Fin décembre 2010, j'ai acheté un ordinateur portable. Jusqu'à présent je n'avais jamais tenté d'utiliser le graveur, j'ai essayé pour la première fois il y a quelques jours et il ne marche pas. J'ai utilisé comme logiciel de gravure: celui de windows, nero, cyberlink power2go et cdburnerxp. Aucun ne marche. J'ai changé plusieurs fois de dvd vierge et rien n'y fait. J'ai finalement gravé sur l'ordinateur d'un ami avec les mêmes dvd et avec nero. J'en conclu que c'est mon graveur qui ne marche pas. Ordinateur: Asus N73JQ OS: Windows 7 Graveur: Slimtype BD E DS4ES1 Fichier à graver: .avi DVD vierge: DVD+RW de Philips Quelqu'un aurait-il une solution ? Merci J'ai oublié de préciser que mon ordinateur lit très bien les DVD et même les DVD+RW. Ce n'est que la gravure qui ne marche pas.
  2. Maheva

    Erreur de gravure

    Maheva a répondu à un(e) sujet de Maheva dans Hardware

    Ah ok ! Merci. Mais pourtant j'ai déjà graver avec ces dvd. C'est une pile que j'ai acheté il y a quelques mois. Bon si je trouve d'autres dvd + RW je vais essayer avec.
  3. Maheva

    Erreur de gravure

    Maheva a répondu à un(e) sujet de Maheva dans Hardware

    Alors il me met un message d'erreur: " Une erreur de gravure est survenue Une erreur de gravure est survenue pendant la gravure du disque. Le disque risque d'être inutilisable. Ces erreurs surviennent généralement lorsque les médias insérés ne sont pas compatibles avec le graveur ou sont de mauvaise qualité. (devCannotFormatMedium_IncompatibleMedium) Could not write to Disc (LBA: 0 Length: 32). Cannot Format Medium ? Incompatible Medium. - 0x053006 " Je vois pas comment les médias pourrait être de mauvaise qualité. C'est une vidéo que j'ai faite. Que ce soit en format .avi ou .mpeg ça marche pas.
  4. Maheva

    Erreur de gravure

    Maheva a répondu à un(e) sujet de Maheva dans Hardware

    Mon ordinateur a à peine 1 et demi, j'espère que le graveur n'est pas déjà mort. Dans le gestionnaire de périphérique, tout est ok. Je vais essayer de télécharger CDBunerXP pour voir ce que ça donne.
  5. Maheva

    Erreur de gravure

    Maheva a posté un sujet dans Hardware

    Bonjour, Alors voilà je n'arrive plus à graver de dvd de données sur mon ordinateur. Je précise que j'utilise la même boîte de dvd + RW, que j'ai déjà graver des dvd de données avec. Quand j'utilise nero, il me dit "échec de la gravure" alors qu'il commence le formatage. Quand j'utilise le graveur windows, il me dit qu'il n'a pas réussi à faire le formatage. Mes dvd sont bien vierge et j'ai essayé avec différents DVD. J'ai même mis mes pilotes à jour mais rien ni fait. Si vous pouvez m'aider. Merci
  6. Maheva

    Internet rame

    Maheva a répondu à un(e) sujet de Maheva dans Internet & Réseaux

    Bonsoir Tonton57, Maintenant que tu le dit, c'est vrai que le démarrage est assez lent lui aussi.
  7. Maheva

    Internet rame

    Maheva a posté un sujet dans Internet & Réseaux

    Bonsoir, Je ne sais pas si c'est le bon endroit pour poster ce sujet mais je me lance. Cela fait quelque semaine que mon internet rame. Pour acceder à une page, je met des blombes et si j'en lance 2 c'est catastrophique, internet ne répond plus ! J'ai fait des analyse antivirus mais apparament je n'ai rien. Quelqu'un pourrait m'aider ? Merci
  8. Maheva
    Merci pour tout Falkra. Tu m'as vraiment aidé. Je vais essayer de faire attention maintenant. Promis.
  9. Maheva
    Voici le rapport de Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:53:58, on 13/12/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18865) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\ASUS\SmartLogon\sensorsrv.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\rundll32.exe C:\Program Files\ATK Hotkey\HControlUser.exe C:\Program Files\ATKOSD2\ATKOSD2.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ASUS\ATK Media\DMedia.exe C:\Windows\ASScrPro.exe C:\Program Files\Orange\Systray\SystrayApp.exe C:\Program Files\Orange\Antivirus Firewall\Common\FSM32.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Orange\Launcher\Launcher.exe C:\Windows\System32\mobsync.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Orange\connectivity\connectivitymanager.exe C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Carole\Desktop\hijackthis-2.0.2.75917.exe C:\Users\Carole\AppData\Local\Temp\hijackthis-2.0.2.75917.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Orange\Antivirus Firewall\NRS\iescript\baselitmus.dll O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file) O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Orange\Antivirus Firewall\NRS\iescript\baselitmus.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HControlUser] "C:\Program Files\ATK Hotkey\HcontrolUser.exe" O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\Antivirus Firewall\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\Antivirus Firewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O15 - Trusted Zone: http://www.orange.fr O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\Antivirus Firewall\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Orange\Antivirus Firewall\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- End of file - 8262 bytes
  10. Maheva
    Ben de puis quelques jours non. Mon antivirus ne me signale plus rien.
  11. Maheva
    Voici le rapport mbr Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK
  12. Maheva
    Celui de halmacpi.dll Fichier halmacpi.dll reçu le 2009.12.13 10:12:53 (UTC)Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.43 2009.12.13 - AhnLab-V3 5.0.0.2 2009.12.12 - AntiVir 7.9.1.108 2009.12.11 - Antiy-AVL 2.0.3.7 2009.12.11 - Authentium 5.2.0.5 2009.12.02 - Avast 4.8.1351.0 2009.12.12 - AVG 8.5.0.427 2009.12.13 - BitDefender 7.2 2009.12.13 - CAT-QuickHeal 10.00 2009.12.12 - ClamAV 0.94.1 2009.12.13 - Comodo 3226 2009.12.13 - DrWeb 5.0.0.12182 2009.12.13 - eSafe 7.0.17.0 2009.12.10 - eTrust-Vet 35.1.7171 2009.12.11 - F-Prot 4.5.1.85 2009.12.12 - F-Secure 9.0.15370.0 2009.12.13 - Fortinet 4.0.14.0 2009.12.13 - GData 19 2009.12.13 - Ikarus T3.1.1.74.0 2009.12.13 - Jiangmin 13.0.900 2009.12.13 - K7AntiVirus 7.10.918 2009.12.11 - Kaspersky 7.0.0.125 2009.12.13 - McAfee 5830 2009.12.12 - McAfee+Artemis 5830 2009.12.12 - McAfee-GW-Edition 6.8.5 2009.12.13 - Microsoft 1.5302 2009.12.13 - NOD32 4682 2009.12.12 - Norman 6.04.03 2009.12.12 - nProtect 2009.1.8.0 2009.12.13 - Panda 10.0.2.2 2009.12.12 - PCTools 7.0.3.5 2009.12.12 - Prevx 3.0 2009.12.13 - Rising 22.25.06.05 2009.12.13 - Sophos 4.48.0 2009.12.13 - Sunbelt 3.2.1858.2 2009.12.13 - Symantec 1.4.4.12 2009.12.13 - TheHacker 6.5.0.2.092 2009.12.12 - TrendMicro 9.100.0.1001 2009.12.13 - VBA32 3.12.12.0 2009.12.12 - ViRobot 2009.12.12.2085 2009.12.12 - VirusBuster 5.0.21.0 2009.12.12 - Information additionnelle File size: 177128 bytes MD5...: b8d52005181a15d7d1470cbf2af214dd SHA1..: 5be37b8e2cdf4cea334d0070ecf0421b08936732 SHA256: b6d9de353b13e61eaccdc41eb73043919b7f3cb232756233f0d732071023afe8 ssdeep: 3072:0cO3wEqEyxFOY1lHgpm7p7QmNNxQuUaWf+tE6zPPZJnifFxV1DIs:0ctd6Y<BR>1lz7vbWfQP2fTIs<BR> PEiD..: - PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x0<BR>timedatestamp.....: 0x49e018d9 (Sat Apr 11 04:13:13 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 12 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x15494 0x15600 6.73 0bfa8446e3ab601ba8e0e91eb3d85139<BR>_PAGELK 0x17000 0x150b 0x1600 5.90 20e6fcbff686f899aba43894f3ec8f4c<BR>.data 0x19000 0x3ca3 0xc00 3.01 f687241e14db8ff585f12b28b8e34cf3<BR>INITDAT 0x1d000 0x1e0 0x200 2.79 72f4d24ad8699caa32b7a3fe1c89f685<BR>PAGELK 0x1e000 0x4416 0x4600 6.65 ad808b3f165155d0865ef7f98317518a<BR>PAGELK16 0x23000 0x82 0x200 1.61 5fe7505eff85308dbc158fb8dc2cc406<BR>PAGE 0x24000 0x2b44 0x2c00 6.55 ce9839e32fc0280ffbb4f99f46db62cb<BR>PAGEKD 0x27000 0x2518 0x2600 6.43 ce9ceb21bdbbd6bc16fc40688eae88ea<BR>.edata 0x2a000 0xecb 0x1000 5.43 d3d253b515907048894c940570cc1783<BR>INIT 0x2b000 0x42a6 0x4400 6.37 9aaca8bf779ccf95b2085b02c3f5a5eb<BR>.rsrc 0x30000 0x410 0x600 2.49 0b783164b370415d24915802dd619b79<BR>.reloc 0x31000 0x1fde 0x2000 6.46 595347ec37d66061f4cd46492d50ea51<BR><BR>( 3 imports ) <BR>> ntoskrnl.exe: KiIpiServiceRoutine, KeProfileInterrupt, KeUpdateRunTime, KeWaitForSingleObject, RtlMoveMemory, IoAllocateAdapterChannel, ObCreateObject, MmAllocateMappingAddress, MmUnmapReservedMapping, MmMapLockedPagesWithReservedMapping, memcpy, MmMapLockedPagesSpecifyCache, MmGetPhysicalAddress, MmAllocateContiguousMemorySpecifyCache, MmFreeContiguousMemory, RtlFindClearBitsAndSet, KeRemoveDeviceQueue, RtlClearBits, ObfDereferenceObject, Mm64BitPhysicalAddress, IoFreeMdl, IoAllocateMdl, MmUnlockPagableImageSection, MmLockPagableDataSection, MmMapIoSpace, ExAllocatePoolWithTag, RtlSetAllBits, RtlInitializeBitMap, KeInitializeDeviceQueue, ZwClose, ObInsertObject, ObReferenceObjectByPointer, IoAdapterObjectType, memset, KeSetEvent, ExFreePoolWithTag, MmUnmapLockedPages, RtlSetBits, IoRegisterPlugPlayNotification, IofCallDriver, IoBuildSynchronousFsdRequest, KeInitializeEvent, IoGetDeviceObjectPointer, RtlInitUnicodeString, IoGetDeviceInterfaces, _allshr, ExQueueWorkItem, KeInsertDeviceQueue, RtlCompareMemory, ExiAcquireFastMutex, ExiReleaseFastMutex, KeQuerySystemTime, WheaReportHwError, WheaGetErrorSource, KeRevertToUserAffinityThread, KeSetSystemAffinityThread, KefReleaseSpinLockFromDpcLevel, KefAcquireSpinLockAtDpcLevel, KeQueryActiveProcessors, KeSetTimerEx, KeInitializeMutex, KeInitializeTimerEx, KeInitializeDpc, _allmul, ZwQueryValueKey, ZwOpenKey, KiDispatchInterrupt, KiDeliverApc, KiCheckForSListAddress, MmUnmapIoSpace, EmpProviderRegister, DbgPrint, KeFindConfigurationNextEntry, KeFindConfigurationEntry, strncmp, RtlEqualString, RtlInitString, ZwEnumerateValueKey, PsChargeProcessCpuCycles, ZwSetValueKey, ZwCreateKey, InbvDisplayString, IoAssignDriveLetters, IoReadPartitionTable, IoSetPartitionInformation, IoWritePartitionTable, _stricmp, InbvCheckDisplayOwnership, KiBugCheckData, WRITE_REGISTER_UCHAR, InbvAcquireDisplayOwnership, EtwWrite, EtwEventEnabled, WRITE_REGISTER_ULONG, READ_REGISTER_ULONG, _aulldiv, KeSetTimeIncrement, HalPrivateDispatchTable, _vsnwprintf, RtlFindLeastSignificantBit, _wcsicmp, KeRevertToUserAffinityThreadEx, KeSetSystemAffinityThreadEx, MmLockPagableSectionByHandle, KeEnterKernelDebugger, KdDebuggerEnabled, KdDebuggerNotPresent, InbvSetScrollRegion, InbvEnableDisplayString, InbvInstallDisplayStringFilter, InbvSetTextColor, InbvSolidColorFill, InbvResetDisplay, InbvIsBootDriverInstalled, RtlIntegerToUnicodeString, RtlClearAllBits, RtlAreBitsClear, RtlFindNextForwardRunClear, RtlFindFirstRunClear, RtlTestBit, IoGetStackLimits, PoSetFixedWakeSource, RtlTimeFieldsToTime, RtlTimeToTimeFields, DbgPrintEx, IoDeleteDevice, IoAttachDeviceToDeviceStack, IoCreateDevice, EtwRegister, MmIsVerifierEnabled, IofCompleteRequest, PoStartNextPowerIrp, ObfReferenceObject, IoReportDetectedDevice, IoCreateDriver, MmAllocateContiguousMemory, PoSetHiberRange, KeInsertQueueDpc, KeSetTargetProcessorDpc, KeSetImportanceDpc, ExReleaseSpinLockShared, ExAcquireSpinLockShared, ExReleaseSpinLockExclusive, ExAcquireSpinLockExclusive, IoReportHalResourceUsage, ZwPowerInformation, ExRegisterCallback, ExCreateCallback, HalDispatchTable, KeQueryTimeIncrement, KeTickCount, _alldiv, atoi, strstr, WheaRegisterErrSrcInitializer, ZwQueryLicenseValue, KeRegisterBugCheckCallback, KeSetProfileIrql, PsGetCurrentProcessId, _allshl, EmClientQueryRuleState, Kei386EoiHelper, KeUpdateSystemTime, KeSaveStateForHibernate, KeBugCheckEx, ZwQueryKey, DbgBreakPoint, ZwDeleteValueKey, _aulldvrm, _alldvrm, RtlUnwind<BR>> KDCOM.dll: KdRestore<BR>> PSHED.dll: PshedRetrieveErrorInfo, PshedIsSystemWheaEnabled, PshedGetErrorSourceInfo<BR><BR>( 113 exports ) <BR>ExAcquireFastMutex, ExReleaseFastMutex, ExTryToAcquireFastMutex, HalAcquireDisplayOwnership, HalAdjustResourceList, HalAllProcessorsStarted, HalAllocateAdapterChannel, HalAllocateCommonBuffer, HalAllocateCrashDumpRegisters, HalAssignSlotResources, HalBeginSystemInterrupt, HalBugCheckSystem, HalCalibratePerformanceCounter, HalClearSoftwareInterrupt, HalConvertDeviceIdtToIrql, HalDisableInterrupt, HalDisplayString, HalEnableInterrupt, HalEndSystemInterrupt, HalEnumerateEnvironmentVariablesEx, HalFlushCommonBuffer, HalFreeCommonBuffer, HalGetAdapter, HalGetBusData, HalGetBusDataByOffset, HalGetEnvironmentVariable, HalGetEnvironmentVariableEx, HalGetInterruptTargetInformation, HalGetInterruptVector, HalGetMessageRoutingInfo, HalGetProcessorIdByNtNumber, HalGetVectorInput, HalHandleNMI, HalInitSystem, HalInitializeBios, HalInitializeOnResume, HalInitializeProcessor, HalMakeBeep, HalProcessorIdle, HalQueryDisplayParameters, HalQueryEnvironmentVariableInfoEx, HalQueryMaximumProcessorCount, HalQueryRealTimeClock, HalReadDmaCounter, HalRegisterDynamicProcessor, HalRegisterErrataCallbacks, HalReportResourceUsage, HalRequestIpi, HalRequestSoftwareInterrupt, HalReturnToFirmware, HalSetBusData, HalSetBusDataByOffset, HalSetDisplayParameters, HalSetEnvironmentVariable, HalSetEnvironmentVariableEx, HalSetProfileInterval, HalSetRealTimeClock, HalSetTimeIncrement, HalStartDynamicProcessor, HalStartNextProcessor, HalStartProfileInterrupt, HalStopProfileInterrupt, HalSystemVectorDispatchEntry, HalTranslateBusAddress, IoAssignDriveLetters, IoFlushAdapterBuffers, IoFreeAdapterChannel, IoFreeMapRegisters, IoMapTransfer, IoReadPartitionTable, IoSetPartitionInformation, IoWritePartitionTable, KdComPortInUse, KeAcquireInStackQueuedSpinLock, KeAcquireInStackQueuedSpinLockRaiseToSynch, KeAcquireQueuedSpinLock, KeAcquireQueuedSpinLockRaiseToSynch, KeAcquireSpinLock, KeAcquireSpinLockRaiseToSynch, KeFlushWriteBuffer, KeGetCurrentIrql, KeLowerIrql, KeQueryPerformanceCounter, KeRaiseIrql, KeRaiseIrqlToDpcLevel, KeRaiseIrqlToSynchLevel, KeReleaseInStackQueuedSpinLock, KeReleaseQueuedSpinLock, KeReleaseSpinLock, KeStallExecutionProcessor, KeTryToAcquireQueuedSpinLock, KeTryToAcquireQueuedSpinLockRaiseToSynch, KfAcquireSpinLock, KfLowerIrql, KfRaiseIrql, KfReleaseSpinLock, READ_PORT_BUFFER_UCHAR, READ_PORT_BUFFER_ULONG, READ_PORT_BUFFER_USHORT, READ_PORT_UCHAR, READ_PORT_ULONG, READ_PORT_USHORT, WRITE_PORT_BUFFER_UCHAR, WRITE_PORT_BUFFER_ULONG, WRITE_PORT_BUFFER_USHORT, WRITE_PORT_UCHAR, WRITE_PORT_ULONG, WRITE_PORT_USHORT, x86BiosAllocateBuffer, x86BiosCall, x86BiosFreeBuffer, x86BiosReadMemory, x86BiosWriteMemory<BR> RDS...: NSRL Reference Data Set<BR>- pdfid.: - trid..: Windows Screen Saver (51.1%)<BR>Win32 Executable Generic (33.2%)<BR>Generic Win/DOS Executable (7.8%)<BR>DOS Executable Generic (7.8%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) sigcheck:<BR>publisher....: Microsoft Corporation<BR>copyright....: © Microsoft Corporation. All rights reserved.<BR>product......: Microsoft_ Windows_ Operating System<BR>description..: Hardware Abstraction Layer DLL<BR>original name: halmacpi.dll<BR>internal name: halmacpi.dll<BR>file version.: 6.0.6002.18005 (lh_sp2rtm.090410-1830)<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR> Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.43 2009.12.13 - AhnLab-V3 5.0.0.2 2009.12.12 - AntiVir 7.9.1.108 2009.12.11 - Antiy-AVL 2.0.3.7 2009.12.11 - Authentium 5.2.0.5 2009.12.02 - Avast 4.8.1351.0 2009.12.12 - AVG 8.5.0.427 2009.12.13 - BitDefender 7.2 2009.12.13 - CAT-QuickHeal 10.00 2009.12.12 - ClamAV 0.94.1 2009.12.13 - Comodo 3226 2009.12.13 - DrWeb 5.0.0.12182 2009.12.13 - eSafe 7.0.17.0 2009.12.10 - eTrust-Vet 35.1.7171 2009.12.11 - F-Prot 4.5.1.85 2009.12.12 - F-Secure 9.0.15370.0 2009.12.13 - Fortinet 4.0.14.0 2009.12.13 - GData 19 2009.12.13 - Ikarus T3.1.1.74.0 2009.12.13 - Jiangmin 13.0.900 2009.12.13 - K7AntiVirus 7.10.918 2009.12.11 - Kaspersky 7.0.0.125 2009.12.13 - McAfee 5830 2009.12.12 - McAfee+Artemis 5830 2009.12.12 - McAfee-GW-Edition 6.8.5 2009.12.13 - Microsoft 1.5302 2009.12.13 - NOD32 4682 2009.12.12 - Norman 6.04.03 2009.12.12 - nProtect 2009.1.8.0 2009.12.13 - Panda 10.0.2.2 2009.12.12 - PCTools 7.0.3.5 2009.12.12 - Prevx 3.0 2009.12.13 - Rising 22.25.06.05 2009.12.13 - Sophos 4.48.0 2009.12.13 - Sunbelt 3.2.1858.2 2009.12.13 - Symantec 1.4.4.12 2009.12.13 - TheHacker 6.5.0.2.092 2009.12.12 - TrendMicro 9.100.0.1001 2009.12.13 - VBA32 3.12.12.0 2009.12.12 - ViRobot 2009.12.12.2085 2009.12.12 - VirusBuster 5.0.21.0 2009.12.12 - Information additionnelle File size: 177128 bytes MD5...: b8d52005181a15d7d1470cbf2af214dd SHA1..: 5be37b8e2cdf4cea334d0070ecf0421b08936732 SHA256: b6d9de353b13e61eaccdc41eb73043919b7f3cb232756233f0d732071023afe8 ssdeep: 3072:0cO3wEqEyxFOY1lHgpm7p7QmNNxQuUaWf+tE6zPPZJnifFxV1DIs:0ctd6Y<BR>1lz7vbWfQP2fTIs<BR> PEiD..: - PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x0<BR>timedatestamp.....: 0x49e018d9 (Sat Apr 11 04:13:13 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 12 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x15494 0x15600 6.73 0bfa8446e3ab601ba8e0e91eb3d85139<BR>_PAGELK 0x17000 0x150b 0x1600 5.90 20e6fcbff686f899aba43894f3ec8f4c<BR>.data 0x19000 0x3ca3 0xc00 3.01 f687241e14db8ff585f12b28b8e34cf3<BR>INITDAT 0x1d000 0x1e0 0x200 2.79 72f4d24ad8699caa32b7a3fe1c89f685<BR>PAGELK 0x1e000 0x4416 0x4600 6.65 ad808b3f165155d0865ef7f98317518a<BR>PAGELK16 0x23000 0x82 0x200 1.61 5fe7505eff85308dbc158fb8dc2cc406<BR>PAGE 0x24000 0x2b44 0x2c00 6.55 ce9839e32fc0280ffbb4f99f46db62cb<BR>PAGEKD 0x27000 0x2518 0x2600 6.43 ce9ceb21bdbbd6bc16fc40688eae88ea<BR>.edata 0x2a000 0xecb 0x1000 5.43 d3d253b515907048894c940570cc1783<BR>INIT 0x2b000 0x42a6 0x4400 6.37 9aaca8bf779ccf95b2085b02c3f5a5eb<BR>.rsrc 0x30000 0x410 0x600 2.49 0b783164b370415d24915802dd619b79<BR>.reloc 0x31000 0x1fde 0x2000 6.46 595347ec37d66061f4cd46492d50ea51<BR><BR>( 3 imports ) <BR>> ntoskrnl.exe: KiIpiServiceRoutine, KeProfileInterrupt, KeUpdateRunTime, KeWaitForSingleObject, RtlMoveMemory, IoAllocateAdapterChannel, ObCreateObject, MmAllocateMappingAddress, MmUnmapReservedMapping, MmMapLockedPagesWithReservedMapping, memcpy, MmMapLockedPagesSpecifyCache, MmGetPhysicalAddress, MmAllocateContiguousMemorySpecifyCache, MmFreeContiguousMemory, RtlFindClearBitsAndSet, KeRemoveDeviceQueue, RtlClearBits, ObfDereferenceObject, Mm64BitPhysicalAddress, IoFreeMdl, IoAllocateMdl, MmUnlockPagableImageSection, MmLockPagableDataSection, MmMapIoSpace, ExAllocatePoolWithTag, RtlSetAllBits, RtlInitializeBitMap, KeInitializeDeviceQueue, ZwClose, ObInsertObject, ObReferenceObjectByPointer, IoAdapterObjectType, memset, KeSetEvent, ExFreePoolWithTag, MmUnmapLockedPages, RtlSetBits, IoRegisterPlugPlayNotification, IofCallDriver, IoBuildSynchronousFsdRequest, KeInitializeEvent, IoGetDeviceObjectPointer, RtlInitUnicodeString, IoGetDeviceInterfaces, _allshr, ExQueueWorkItem, KeInsertDeviceQueue, RtlCompareMemory, ExiAcquireFastMutex, ExiReleaseFastMutex, KeQuerySystemTime, WheaReportHwError, WheaGetErrorSource, KeRevertToUserAffinityThread, KeSetSystemAffinityThread, KefReleaseSpinLockFromDpcLevel, KefAcquireSpinLockAtDpcLevel, KeQueryActiveProcessors, KeSetTimerEx, KeInitializeMutex, KeInitializeTimerEx, KeInitializeDpc, _allmul, ZwQueryValueKey, ZwOpenKey, KiDispatchInterrupt, KiDeliverApc, KiCheckForSListAddress, MmUnmapIoSpace, EmpProviderRegister, DbgPrint, KeFindConfigurationNextEntry, KeFindConfigurationEntry, strncmp, RtlEqualString, RtlInitString, ZwEnumerateValueKey, PsChargeProcessCpuCycles, ZwSetValueKey, ZwCreateKey, InbvDisplayString, IoAssignDriveLetters, IoReadPartitionTable, IoSetPartitionInformation, IoWritePartitionTable, _stricmp, InbvCheckDisplayOwnership, KiBugCheckData, WRITE_REGISTER_UCHAR, InbvAcquireDisplayOwnership, EtwWrite, EtwEventEnabled, WRITE_REGISTER_ULONG, READ_REGISTER_ULONG, _aulldiv, KeSetTimeIncrement, HalPrivateDispatchTable, _vsnwprintf, RtlFindLeastSignificantBit, _wcsicmp, KeRevertToUserAffinityThreadEx, KeSetSystemAffinityThreadEx, MmLockPagableSectionByHandle, KeEnterKernelDebugger, KdDebuggerEnabled, KdDebuggerNotPresent, InbvSetScrollRegion, InbvEnableDisplayString, InbvInstallDisplayStringFilter, InbvSetTextColor, InbvSolidColorFill, InbvResetDisplay, InbvIsBootDriverInstalled, RtlIntegerToUnicodeString, RtlClearAllBits, RtlAreBitsClear, RtlFindNextForwardRunClear, RtlFindFirstRunClear, RtlTestBit, IoGetStackLimits, PoSetFixedWakeSource, RtlTimeFieldsToTime, RtlTimeToTimeFields, DbgPrintEx, IoDeleteDevice, IoAttachDeviceToDeviceStack, IoCreateDevice, EtwRegister, MmIsVerifierEnabled, IofCompleteRequest, PoStartNextPowerIrp, ObfReferenceObject, IoReportDetectedDevice, IoCreateDriver, MmAllocateContiguousMemory, PoSetHiberRange, KeInsertQueueDpc, KeSetTargetProcessorDpc, KeSetImportanceDpc, ExReleaseSpinLockShared, ExAcquireSpinLockShared, ExReleaseSpinLockExclusive, ExAcquireSpinLockExclusive, IoReportHalResourceUsage, ZwPowerInformation, ExRegisterCallback, ExCreateCallback, HalDispatchTable, KeQueryTimeIncrement, KeTickCount, _alldiv, atoi, strstr, WheaRegisterErrSrcInitializer, ZwQueryLicenseValue, KeRegisterBugCheckCallback, KeSetProfileIrql, PsGetCurrentProcessId, _allshl, EmClientQueryRuleState, Kei386EoiHelper, KeUpdateSystemTime, KeSaveStateForHibernate, KeBugCheckEx, ZwQueryKey, DbgBreakPoint, ZwDeleteValueKey, _aulldvrm, _alldvrm, RtlUnwind<BR>> KDCOM.dll: KdRestore<BR>> PSHED.dll: PshedRetrieveErrorInfo, PshedIsSystemWheaEnabled, PshedGetErrorSourceInfo<BR><BR>( 113 exports ) <BR>ExAcquireFastMutex, ExReleaseFastMutex, ExTryToAcquireFastMutex, HalAcquireDisplayOwnership, HalAdjustResourceList, HalAllProcessorsStarted, HalAllocateAdapterChannel, HalAllocateCommonBuffer, HalAllocateCrashDumpRegisters, HalAssignSlotResources, HalBeginSystemInterrupt, HalBugCheckSystem, HalCalibratePerformanceCounter, HalClearSoftwareInterrupt, HalConvertDeviceIdtToIrql, HalDisableInterrupt, HalDisplayString, HalEnableInterrupt, HalEndSystemInterrupt, HalEnumerateEnvironmentVariablesEx, HalFlushCommonBuffer, HalFreeCommonBuffer, HalGetAdapter, HalGetBusData, HalGetBusDataByOffset, HalGetEnvironmentVariable, HalGetEnvironmentVariableEx, HalGetInterruptTargetInformation, HalGetInterruptVector, HalGetMessageRoutingInfo, HalGetProcessorIdByNtNumber, HalGetVectorInput, HalHandleNMI, HalInitSystem, HalInitializeBios, HalInitializeOnResume, HalInitializeProcessor, HalMakeBeep, HalProcessorIdle, HalQueryDisplayParameters, HalQueryEnvironmentVariableInfoEx, HalQueryMaximumProcessorCount, HalQueryRealTimeClock, HalReadDmaCounter, HalRegisterDynamicProcessor, HalRegisterErrataCallbacks, HalReportResourceUsage, HalRequestIpi, HalRequestSoftwareInterrupt, HalReturnToFirmware, HalSetBusData, HalSetBusDataByOffset, HalSetDisplayParameters, HalSetEnvironmentVariable, HalSetEnvironmentVariableEx, HalSetProfileInterval, HalSetRealTimeClock, HalSetTimeIncrement, HalStartDynamicProcessor, HalStartNextProcessor, HalStartProfileInterrupt, HalStopProfileInterrupt, HalSystemVectorDispatchEntry, HalTranslateBusAddress, IoAssignDriveLetters, IoFlushAdapterBuffers, IoFreeAdapterChannel, IoFreeMapRegisters, IoMapTransfer, IoReadPartitionTable, IoSetPartitionInformation, IoWritePartitionTable, KdComPortInUse, KeAcquireInStackQueuedSpinLock, KeAcquireInStackQueuedSpinLockRaiseToSynch, KeAcquireQueuedSpinLock, KeAcquireQueuedSpinLockRaiseToSynch, KeAcquireSpinLock, KeAcquireSpinLockRaiseToSynch, KeFlushWriteBuffer, KeGetCurrentIrql, KeLowerIrql, KeQueryPerformanceCounter, KeRaiseIrql, KeRaiseIrqlToDpcLevel, KeRaiseIrqlToSynchLevel, KeReleaseInStackQueuedSpinLock, KeReleaseQueuedSpinLock, KeReleaseSpinLock, KeStallExecutionProcessor, KeTryToAcquireQueuedSpinLock, KeTryToAcquireQueuedSpinLockRaiseToSynch, KfAcquireSpinLock, KfLowerIrql, KfRaiseIrql, KfReleaseSpinLock, READ_PORT_BUFFER_UCHAR, READ_PORT_BUFFER_ULONG, READ_PORT_BUFFER_USHORT, READ_PORT_UCHAR, READ_PORT_ULONG, READ_PORT_USHORT, WRITE_PORT_BUFFER_UCHAR, WRITE_PORT_BUFFER_ULONG, WRITE_PORT_BUFFER_USHORT, WRITE_PORT_UCHAR, WRITE_PORT_ULONG, WRITE_PORT_USHORT, x86BiosAllocateBuffer, x86BiosCall, x86BiosFreeBuffer, x86BiosReadMemory, x86BiosWriteMemory<BR> RDS...: NSRL Reference Data Set<BR>- pdfid.: - trid..: Windows Screen Saver (51.1%)<BR>Win32 Executable Generic (33.2%)<BR>Generic Win/DOS Executable (7.8%)<BR>DOS Executable Generic (7.8%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) sigcheck:<BR>publisher....: Microsoft Corporation<BR>copyright....: © Microsoft Corporation. All rights reserved.<BR>product......: Microsoft_ Windows_ Operating System<BR>description..: Hardware Abstraction Layer DLL<BR>original name: halmacpi.dll<BR>internal name: halmacpi.dll<BR>file version.: 6.0.6002.18005 (lh_sp2rtm.090410-1830)<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
  13. Maheva
    Celui de acpi.sys Fichier acpi.sys reçu le 2009.12.13 10:04:11 (UTC)Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.43 2009.12.13 - AhnLab-V3 5.0.0.2 2009.12.12 - AntiVir 7.9.1.108 2009.12.11 - Antiy-AVL 2.0.3.7 2009.12.11 - Authentium 5.2.0.5 2009.12.02 - Avast 4.8.1351.0 2009.12.12 - AVG 8.5.0.427 2009.12.12 - BitDefender 7.2 2009.12.13 - CAT-QuickHeal 10.00 2009.12.12 - ClamAV 0.94.1 2009.12.13 - Comodo 3226 2009.12.13 - DrWeb 5.0.0.12182 2009.12.13 - eSafe 7.0.17.0 2009.12.10 - eTrust-Vet 35.1.7171 2009.12.11 - F-Prot 4.5.1.85 2009.12.12 - F-Secure 9.0.15370.0 2009.12.13 - Fortinet 4.0.14.0 2009.12.13 - GData 19 2009.12.13 - Ikarus T3.1.1.74.0 2009.12.13 - Jiangmin 13.0.900 2009.12.13 - K7AntiVirus 7.10.918 2009.12.11 - Kaspersky 7.0.0.125 2009.12.13 - McAfee 5830 2009.12.12 - McAfee+Artemis 5830 2009.12.12 - McAfee-GW-Edition 6.8.5 2009.12.13 - Microsoft 1.5302 2009.12.13 - NOD32 4682 2009.12.12 - Norman 6.04.03 2009.12.12 - nProtect 2009.1.8.0 2009.12.13 - Panda 10.0.2.2 2009.12.12 - PCTools 7.0.3.5 2009.12.12 - Prevx 3.0 2009.12.13 - Rising 22.25.06.05 2009.12.13 - Sophos 4.48.0 2009.12.13 - Sunbelt 3.2.1858.2 2009.12.13 - Symantec 1.4.4.12 2009.12.13 - TheHacker 6.5.0.2.092 2009.12.12 - TrendMicro 9.100.0.1001 2009.12.13 - VBA32 3.12.12.0 2009.12.12 - ViRobot 2009.12.12.2085 2009.12.12 - VirusBuster 5.0.21.0 2009.12.12 - Information additionnelle File size: 265688 bytes MD5...: 82b296ae1892fe3dbee00c9cf92f8ac7 SHA1..: 5f12aadb1494122d18de6655bb81792228d914a2 SHA256: 54b22ba63e1da616b546992141b0c3117ba057283b8f60cb9bece203661febf3 ssdeep: 3072:SZd3mZrVdKVW+V1tPK53DuqV21+qEcPxMHZjslIKomFfdsPE0TqZezq6O8p<BR>kYLGk:S3W5X7xu6GEYe5jBKomFis0T6KOAGhYl<BR> PEiD..: - PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x3d490<BR>timedatestamp.....: 0x49e01a37 (Sat Apr 11 04:19:03 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 9 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x23af7 0x23c00 6.55 650de87dfdb2933e54e20f5a802db3a5<BR>.rdata 0x25000 0x1aad 0x1c00 5.55 7f6ccc9b1d7ad8b122fb636df9bdbee8<BR>.data 0x27000 0x3534 0x2000 3.75 725ee92f4c76e3a02773d53255d97dc4<BR>PAGE 0x2b000 0xfa5e 0xfc00 6.60 bea557dc0ffaac3a1e9755c5bd2d2964<BR>.edata 0x3b000 0x77 0x200 1.51 2a8c66c6d954c56804ce2bd4d6e4254b<BR>PAGE 0x3c000 0x4cc 0x600 3.51 79129a22e6468918be484deae17e1b2e<BR>INIT 0x3d000 0x17be 0x1800 5.97 2d22256336395421100d52b1fc4cd23e<BR>.rsrc 0x3f000 0x2160 0x2200 4.17 9c7b3e1fcef6716a3e86a910801dbfa0<BR>.reloc 0x42000 0x309a 0x3200 6.56 9984b4a477e2b300f0d7d4e53ff9680a<BR><BR>( 3 imports ) <BR>> ntoskrnl.exe: InterlockedCompareExchange, IoDeleteDevice, IoAttachDeviceToDeviceStack, IoCreateDevice, IoInvalidateDeviceRelations, IoRequestDeviceEject, KefReleaseSpinLockFromDpcLevel, KefAcquireSpinLockAtDpcLevel, strstr, IoGetAttachedDeviceReference, InterlockedPopEntrySList, InterlockedPushEntrySList, KeWaitForSingleObject, KeInitializeEvent, ExfInterlockedInsertTailList, EmClientRuleEvaluate, IofCompleteRequest, IoInvalidateDeviceState, RtlCompareMemory, ObReferenceObjectByPointer, ObfDereferenceObject, ObReferenceObjectByHandle, PoRequestPowerIrp, ExQueueWorkItem, ZwClose, PsCreateSystemThread, IoReleaseCancelSpinLock, InterlockedExchange, KeQuerySystemTime, _strtoui64, ZwSetValueKey, RtlInitUnicodeString, IoOpenDeviceRegistryKey, IofCallDriver, IoBuildSynchronousFsdRequest, IoSetDependency, IoDuplicateDependency, PoStartNextPowerIrp, PoSetPowerState, IoAcquireCancelSpinLock, KdEnableDebugger, KdDisableDebugger, PoCallDriver, PoSetSystemWake, ExDeleteNPagedLookasideList, IoDetachDevice, MmUnlockPagableImageSection, MmLockPagableDataSection, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, KeCancelTimer, KeSetTimer, ExfInterlockedRemoveHeadList, RtlIntegerToUnicodeString, EmProviderRegister, RtlFreeUnicodeString, RtlAnsiStringToUnicodeString, RtlInitAnsiString, wcsstr, RtlxAnsiStringToUnicodeSize, NlsMbCodePageTag, EmClientQueryRuleState, KeInsertQueueDpc, ZwSetSystemInformation, IoSetDeviceInterfaceState, RtlAddRange, ExfInterlockedCompareExchange64, IoSetDevicePropertyData, IoGetDevicePropertyData, ExRegisterCallback, ExCreateCallback, _strupr, MmMapIoSpace, RtlEqualUnicodeString, MmGetPhysicalAddress, HeadlessDispatch, PoShutdownBugCheck, PsTerminateSystemThread, KeWaitForMultipleObjects, KeRevertToUserAffinityThread, KeTickCount, KeQueryTimeIncrement, KeSetSystemAffinityThread, READ_REGISTER_UCHAR, READ_REGISTER_USHORT, WRITE_REGISTER_UCHAR, WRITE_REGISTER_USHORT, RtlDeleteRange, RtlFindRange, KeStartDynamicProcessor, RtlIoEncodeMemIoResource, ZwCreateKey, ZwQueryValueKey, ZwOpenKey, RtlUnicodeStringToInteger, ZwEnumerateKey, RtlFreeAnsiString, RtlUnicodeStringToAnsiString, MmUnmapIoSpace, RtlFindLeastSignificantBit, IoWMIRegistrationControl, IoWMIWriteEvent, KeClearEvent, EtwRegister, EtwWrite, EtwEventEnabled, ObfReferenceObject, IoFreeWorkItem, IoQueueWorkItem, IoAllocateWorkItem, RtlInvertRangeList, RtlIsRangeAvailable, InterlockedDecrement, InterlockedIncrement, RtlCmDecodeMemIoResource, _aulldiv, RtlIoDecodeMemIoResource, memcpy, memmove, KeSetEvent, memset, RtlCopyUnicodeString, KeInitializeTimer, ExInitializeNPagedLookasideList, HalDispatchTable, ExAllocatePoolWithTag, RtlFreeRangeList, KeQueryActiveProcessors, RtlInitializeRangeList, ExUnregisterCallback, ExNotifyCallback, DbgBreakPoint, READ_REGISTER_ULONG, WRITE_REGISTER_ULONG, KeQueryInterruptTime, HalPrivateDispatchTable, InitSafeBootMode, RtlGetNextRange, RtlGetFirstRange, RtlInvertRangeListEx, RtlCopyRangeList, KeRegisterProcessorChangeCallback, RtlQueryRegistryValues, RtlDeleteOwnersRanges, KeLeaveCriticalRegion, KeEnterCriticalRegion, IoGetDeviceProperty, RtlAnsiCharToUnicodeChar, RtlUnicodeToMultiByteN, DbgPrint, ExFreePoolWithTag, ZwPowerInformation, KeBugCheckEx, KeInitializeDpc, IoRegisterDeviceInterface, IoConnectInterruptEx<BR>> HAL.dll: HalGetInterruptTargetInformation, HalConvertDeviceIdtToIrql, WRITE_PORT_ULONG, READ_PORT_ULONG, KeFlushWriteBuffer, HalGetProcessorIdByNtNumber, WRITE_PORT_USHORT, READ_PORT_USHORT, KeGetCurrentIrql, KfRaiseIrql, KfLowerIrql, HalSetBusDataByOffset, HalGetBusDataByOffset, KdComPortInUse, WRITE_PORT_UCHAR, KeStallExecutionProcessor, READ_PORT_UCHAR, KeQueryPerformanceCounter, KfAcquireSpinLock, KfReleaseSpinLock, HalGetMessageRoutingInfo<BR>> WMILIB.SYS: WmiCompleteRequest, WmiSystemControl<BR><BR>( 2 exports ) <BR>DeRegisterOpRegionHandler, RegisterOpRegionHandler<BR> RDS...: NSRL Reference Data Set<BR>- pdfid.: - trid..: Win64 Executable Generic (87.2%)<BR>Win32 Executable Generic (8.6%)<BR>Generic Win/DOS Executable (2.0%)<BR>DOS Executable Generic (2.0%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) sigcheck:<BR>publisher....: Microsoft Corporation<BR>copyright....: © Microsoft Corporation. All rights reserved.<BR>product......: Microsoft_ Windows_ Operating System<BR>description..: ACPI Driver for NT<BR>original name: ACPI.sys<BR>internal name: ACPI.sys<BR>file version.: 6.0.6002.18005 (lh_sp2rtm.090410-1830)<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR> Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.43 2009.12.13 - AhnLab-V3 5.0.0.2 2009.12.12 - AntiVir 7.9.1.108 2009.12.11 - Antiy-AVL 2.0.3.7 2009.12.11 - Authentium 5.2.0.5 2009.12.02 - Avast 4.8.1351.0 2009.12.12 - AVG 8.5.0.427 2009.12.12 - BitDefender 7.2 2009.12.13 - CAT-QuickHeal 10.00 2009.12.12 - ClamAV 0.94.1 2009.12.13 - Comodo 3226 2009.12.13 - DrWeb 5.0.0.12182 2009.12.13 - eSafe 7.0.17.0 2009.12.10 - eTrust-Vet 35.1.7171 2009.12.11 - F-Prot 4.5.1.85 2009.12.12 - F-Secure 9.0.15370.0 2009.12.13 - Fortinet 4.0.14.0 2009.12.13 - GData 19 2009.12.13 - Ikarus T3.1.1.74.0 2009.12.13 - Jiangmin 13.0.900 2009.12.13 - K7AntiVirus 7.10.918 2009.12.11 - Kaspersky 7.0.0.125 2009.12.13 - McAfee 5830 2009.12.12 - McAfee+Artemis 5830 2009.12.12 - McAfee-GW-Edition 6.8.5 2009.12.13 - Microsoft 1.5302 2009.12.13 - NOD32 4682 2009.12.12 - Norman 6.04.03 2009.12.12 - nProtect 2009.1.8.0 2009.12.13 - Panda 10.0.2.2 2009.12.12 - PCTools 7.0.3.5 2009.12.12 - Prevx 3.0 2009.12.13 - Rising 22.25.06.05 2009.12.13 - Sophos 4.48.0 2009.12.13 - Sunbelt 3.2.1858.2 2009.12.13 - Symantec 1.4.4.12 2009.12.13 - TheHacker 6.5.0.2.092 2009.12.12 - TrendMicro 9.100.0.1001 2009.12.13 - VBA32 3.12.12.0 2009.12.12 - ViRobot 2009.12.12.2085 2009.12.12 - VirusBuster 5.0.21.0 2009.12.12 - Information additionnelle File size: 265688 bytes MD5...: 82b296ae1892fe3dbee00c9cf92f8ac7 SHA1..: 5f12aadb1494122d18de6655bb81792228d914a2 SHA256: 54b22ba63e1da616b546992141b0c3117ba057283b8f60cb9bece203661febf3 ssdeep: 3072:SZd3mZrVdKVW+V1tPK53DuqV21+qEcPxMHZjslIKomFfdsPE0TqZezq6O8p<BR>kYLGk:S3W5X7xu6GEYe5jBKomFis0T6KOAGhYl<BR> PEiD..: - PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x3d490<BR>timedatestamp.....: 0x49e01a37 (Sat Apr 11 04:19:03 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 9 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x23af7 0x23c00 6.55 650de87dfdb2933e54e20f5a802db3a5<BR>.rdata 0x25000 0x1aad 0x1c00 5.55 7f6ccc9b1d7ad8b122fb636df9bdbee8<BR>.data 0x27000 0x3534 0x2000 3.75 725ee92f4c76e3a02773d53255d97dc4<BR>PAGE 0x2b000 0xfa5e 0xfc00 6.60 bea557dc0ffaac3a1e9755c5bd2d2964<BR>.edata 0x3b000 0x77 0x200 1.51 2a8c66c6d954c56804ce2bd4d6e4254b<BR>PAGE 0x3c000 0x4cc 0x600 3.51 79129a22e6468918be484deae17e1b2e<BR>INIT 0x3d000 0x17be 0x1800 5.97 2d22256336395421100d52b1fc4cd23e<BR>.rsrc 0x3f000 0x2160 0x2200 4.17 9c7b3e1fcef6716a3e86a910801dbfa0<BR>.reloc 0x42000 0x309a 0x3200 6.56 9984b4a477e2b300f0d7d4e53ff9680a<BR><BR>( 3 imports ) <BR>> ntoskrnl.exe: InterlockedCompareExchange, IoDeleteDevice, IoAttachDeviceToDeviceStack, IoCreateDevice, IoInvalidateDeviceRelations, IoRequestDeviceEject, KefReleaseSpinLockFromDpcLevel, KefAcquireSpinLockAtDpcLevel, strstr, IoGetAttachedDeviceReference, InterlockedPopEntrySList, InterlockedPushEntrySList, KeWaitForSingleObject, KeInitializeEvent, ExfInterlockedInsertTailList, EmClientRuleEvaluate, IofCompleteRequest, IoInvalidateDeviceState, RtlCompareMemory, ObReferenceObjectByPointer, ObfDereferenceObject, ObReferenceObjectByHandle, PoRequestPowerIrp, ExQueueWorkItem, ZwClose, PsCreateSystemThread, IoReleaseCancelSpinLock, InterlockedExchange, KeQuerySystemTime, _strtoui64, ZwSetValueKey, RtlInitUnicodeString, IoOpenDeviceRegistryKey, IofCallDriver, IoBuildSynchronousFsdRequest, IoSetDependency, IoDuplicateDependency, PoStartNextPowerIrp, PoSetPowerState, IoAcquireCancelSpinLock, KdEnableDebugger, KdDisableDebugger, PoCallDriver, PoSetSystemWake, ExDeleteNPagedLookasideList, IoDetachDevice, MmUnlockPagableImageSection, MmLockPagableDataSection, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, KeCancelTimer, KeSetTimer, ExfInterlockedRemoveHeadList, RtlIntegerToUnicodeString, EmProviderRegister, RtlFreeUnicodeString, RtlAnsiStringToUnicodeString, RtlInitAnsiString, wcsstr, RtlxAnsiStringToUnicodeSize, NlsMbCodePageTag, EmClientQueryRuleState, KeInsertQueueDpc, ZwSetSystemInformation, IoSetDeviceInterfaceState, RtlAddRange, ExfInterlockedCompareExchange64, IoSetDevicePropertyData, IoGetDevicePropertyData, ExRegisterCallback, ExCreateCallback, _strupr, MmMapIoSpace, RtlEqualUnicodeString, MmGetPhysicalAddress, HeadlessDispatch, PoShutdownBugCheck, PsTerminateSystemThread, KeWaitForMultipleObjects, KeRevertToUserAffinityThread, KeTickCount, KeQueryTimeIncrement, KeSetSystemAffinityThread, READ_REGISTER_UCHAR, READ_REGISTER_USHORT, WRITE_REGISTER_UCHAR, WRITE_REGISTER_USHORT, RtlDeleteRange, RtlFindRange, KeStartDynamicProcessor, RtlIoEncodeMemIoResource, ZwCreateKey, ZwQueryValueKey, ZwOpenKey, RtlUnicodeStringToInteger, ZwEnumerateKey, RtlFreeAnsiString, RtlUnicodeStringToAnsiString, MmUnmapIoSpace, RtlFindLeastSignificantBit, IoWMIRegistrationControl, IoWMIWriteEvent, KeClearEvent, EtwRegister, EtwWrite, EtwEventEnabled, ObfReferenceObject, IoFreeWorkItem, IoQueueWorkItem, IoAllocateWorkItem, RtlInvertRangeList, RtlIsRangeAvailable, InterlockedDecrement, InterlockedIncrement, RtlCmDecodeMemIoResource, _aulldiv, RtlIoDecodeMemIoResource, memcpy, memmove, KeSetEvent, memset, RtlCopyUnicodeString, KeInitializeTimer, ExInitializeNPagedLookasideList, HalDispatchTable, ExAllocatePoolWithTag, RtlFreeRangeList, KeQueryActiveProcessors, RtlInitializeRangeList, ExUnregisterCallback, ExNotifyCallback, DbgBreakPoint, READ_REGISTER_ULONG, WRITE_REGISTER_ULONG, KeQueryInterruptTime, HalPrivateDispatchTable, InitSafeBootMode, RtlGetNextRange, RtlGetFirstRange, RtlInvertRangeListEx, RtlCopyRangeList, KeRegisterProcessorChangeCallback, RtlQueryRegistryValues, RtlDeleteOwnersRanges, KeLeaveCriticalRegion, KeEnterCriticalRegion, IoGetDeviceProperty, RtlAnsiCharToUnicodeChar, RtlUnicodeToMultiByteN, DbgPrint, ExFreePoolWithTag, ZwPowerInformation, KeBugCheckEx, KeInitializeDpc, IoRegisterDeviceInterface, IoConnectInterruptEx<BR>> HAL.dll: HalGetInterruptTargetInformation, HalConvertDeviceIdtToIrql, WRITE_PORT_ULONG, READ_PORT_ULONG, KeFlushWriteBuffer, HalGetProcessorIdByNtNumber, WRITE_PORT_USHORT, READ_PORT_USHORT, KeGetCurrentIrql, KfRaiseIrql, KfLowerIrql, HalSetBusDataByOffset, HalGetBusDataByOffset, KdComPortInUse, WRITE_PORT_UCHAR, KeStallExecutionProcessor, READ_PORT_UCHAR, KeQueryPerformanceCounter, KfAcquireSpinLock, KfReleaseSpinLock, HalGetMessageRoutingInfo<BR>> WMILIB.SYS: WmiCompleteRequest, WmiSystemControl<BR><BR>( 2 exports ) <BR>DeRegisterOpRegionHandler, RegisterOpRegionHandler<BR> RDS...: NSRL Reference Data Set<BR>- pdfid.: - trid..: Win64 Executable Generic (87.2%)<BR>Win32 Executable Generic (8.6%)<BR>Generic Win/DOS Executable (2.0%)<BR>DOS Executable Generic (2.0%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) sigcheck:<BR>publisher....: Microsoft Corporation<BR>copyright....: © Microsoft Corporation. All rights reserved.<BR>product......: Microsoft_ Windows_ Operating System<BR>description..: ACPI Driver for NT<BR>original name: ACPI.sys<BR>internal name: ACPI.sys<BR>file version.: 6.0.6002.18005 (lh_sp2rtm.090410-1830)<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
  14. Maheva
    Voici le rapport pour disk.sys Fichier disk.sys reçu le 2009.12.13 09:59:43 (UTC)Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.43 2009.12.13 - AhnLab-V3 5.0.0.2 2009.12.12 - AntiVir 7.9.1.108 2009.12.11 - Antiy-AVL 2.0.3.7 2009.12.11 - Authentium 5.2.0.5 2009.12.02 - Avast 4.8.1351.0 2009.12.12 - AVG 8.5.0.427 2009.12.12 - BitDefender 7.2 2009.12.13 - CAT-QuickHeal 10.00 2009.12.12 - ClamAV 0.94.1 2009.12.13 - Comodo 3226 2009.12.13 - DrWeb 5.0.0.12182 2009.12.13 - eSafe 7.0.17.0 2009.12.10 - eTrust-Vet 35.1.7171 2009.12.11 - F-Prot 4.5.1.85 2009.12.12 - F-Secure 9.0.15370.0 2009.12.13 - Fortinet 4.0.14.0 2009.12.13 - GData 19 2009.12.13 - Ikarus T3.1.1.74.0 2009.12.13 - Jiangmin 13.0.900 2009.12.13 - K7AntiVirus 7.10.918 2009.12.11 - Kaspersky 7.0.0.125 2009.12.13 - McAfee 5830 2009.12.12 - McAfee+Artemis 5830 2009.12.12 - McAfee-GW-Edition 6.8.5 2009.12.13 - Microsoft 1.5302 2009.12.13 - NOD32 4682 2009.12.12 - Norman 6.04.03 2009.12.12 - nProtect 2009.1.8.0 2009.12.13 - Panda 10.0.2.2 2009.12.12 - PCTools 7.0.3.5 2009.12.12 - Prevx 3.0 2009.12.13 - Rising 22.25.06.05 2009.12.13 - Sophos 4.48.0 2009.12.13 - Sunbelt 3.2.1858.2 2009.12.13 - Symantec 1.4.4.12 2009.12.13 - TheHacker 6.5.0.2.092 2009.12.12 - TrendMicro 9.100.0.1001 2009.12.13 - VBA32 3.12.12.0 2009.12.12 - ViRobot 2009.12.12.2085 2009.12.12 - VirusBuster 5.0.21.0 2009.12.12 - Information additionnelle File size: 53736 bytes MD5...: 5d4aefc3386920236a548271f8f1af6a SHA1..: 8d8d86438c4c6a76b4238ba09dd4d207c618643a SHA256: 11b74d6800ec6f7aaefb0b6a9f2e8376c7c3b8db677f03ac3743cb004ca96b08 ssdeep: 1536:JS/Lz3In749RZHnh3aQIGadqaL+Ebx1RUE2O:oL0749RmQtajbx1RsO<BR> PEiD..: - PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0xdbbc<BR>timedatestamp.....: 0x49e01ef2 (Sat Apr 11 04:39:14 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 8 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x23da 0x2400 6.33 b88c4b94ccd59941c45c53d912164a7f<BR>.rdata 0x4000 0x5b5 0x600 4.22 36a926a33b7223ab632c6e9a468761ba<BR>.data 0x5000 0x148 0x200 2.41 439ca755095ec54f46e1a9a88452b3dd<BR>PAGE 0x6000 0x5798 0x5800 6.40 9e4fd9606bcd8f409c9f91e058c85e51<BR>PAGE 0xc000 0x150 0x200 1.89 a1db41b8f4f07e71cdf35efd57f32c72<BR>INIT 0xd000 0x173a 0x1800 6.11 09cc427c79be0b723c19e4a8a404cbaa<BR>.rsrc 0xf000 0x3e0 0x400 3.29 2a5fc9cfec830d81ca0d3386393a7f00<BR>.reloc 0x10000 0x97a 0xa00 6.23 c0fefbdcd2e3c3fd1c684ebbf205563a<BR><BR>( 3 imports ) <BR>> ntoskrnl.exe: IoDeleteDevice, IoAttachDeviceToDeviceStack, ZwClose, ZwMakeTemporaryObject, ZwCreateDirectoryObject, IoRegisterBootDriverReinitialization, IoFreeIrp, IoFreeMdl, ExfInterlockedPopEntryList, ExfInterlockedPushEntryList, MmBuildMdlForNonPagedPool, IoAllocateMdl, ZwQueryValueKey, RtlUnicodeStringToInteger, IoReadDiskSignature, IoBuildDeviceIoControlRequest, _vsnprintf, IoGetConfigurationInformation, RtlQueryRegistryValues, IoOpenDeviceRegistryKey, IoCreateSymbolicLink, IoDeleteSymbolicLink, RtlFreeUnicodeString, IoSetDeviceInterfaceState, KeInitializeMutex, InitSafeBootMode, IoRegisterDeviceInterface, HalExamineMBR, KeTickCount, KeBugCheckEx, IoAllocateWorkItem, IoReportTargetDeviceChangeAsynchronous, IoQueueWorkItem, KeInitializeEvent, IoGetAttachedDeviceReference, IoBuildSynchronousFsdRequest, ObfDereferenceObject, memmove, IoInvalidateDeviceRelations, IoAllocateErrorLogEntry, IoWriteErrorLogEntry, IoAllocateIrp, _allshr, IoFreeWorkItem, KeWaitForSingleObject, KeReleaseMutex, KeSetEvent, strncmp, IoSetHardErrorOrVerifyDevice, IoRegisterDriverReinitialization, IofCallDriver, IoWMIRegistrationControl, RtlCompareMemory, RtlInitUnicodeString, MmGetSystemRoutineAddress, memset, memcpy, ExAllocatePoolWithTag, IoWMIWriteEvent, ExFreePoolWithTag, ZwOpenKey, _vsnwprintf<BR>> HAL.dll: KeGetCurrentIrql<BR>> CLASSPNP.SYS: ClassScanForSpecial, ClassQueryTimeOutRegistryValue, ClassUpdateInformationInRegistry, ClassInitializeMediaChangeDetection, ClassDeleteSrbLookasideList, ClassGetDeviceParameter, ClassReadDriveCapacity, ClassSignalCompletion, ClassNotifyFailurePredicted, ClassSetFailurePredictionPoll, ClassWmiCompleteRequest, ClassReleaseQueue, ClassInterpretSenseInfo, ClassSpinDownPowerHandler, ClassInitialize, ClassInitializeEx, ClassDeviceControl, ClassClaimDevice, ClassCreateDeviceObject, ClassSendDeviceIoControlSynchronous, ClassSetDeviceParameter, ClassModeSense, ClassFindModePage, ClassAcquireRemoveLockEx, ClassAsynchronousCompletion, ClassSendSrbSynchronous, ClassIoComplete, ClassReleaseRemoveLock, ClassCompleteRequest, ClassInitializeSrbLookasideList<BR><BR>( 0 exports ) <BR> RDS...: NSRL Reference Data Set<BR>- pdfid.: - trid..: Generic Win/DOS Executable (49.9%)<BR>DOS Executable Generic (49.8%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) sigcheck:<BR>publisher....: Microsoft Corporation<BR>copyright....: © Microsoft Corporation. All rights reserved.<BR>product......: Microsoft_ Windows_ Operating System<BR>description..: PnP Disk Driver<BR>original name: disk.sys<BR>internal name: disk.sys<BR>file version.: 6.0.6002.18005 (lh_sp2rtm.090410-1830)<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR> Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.43 2009.12.13 - AhnLab-V3 5.0.0.2 2009.12.12 - AntiVir 7.9.1.108 2009.12.11 - Antiy-AVL 2.0.3.7 2009.12.11 - Authentium 5.2.0.5 2009.12.02 - Avast 4.8.1351.0 2009.12.12 - AVG 8.5.0.427 2009.12.12 - BitDefender 7.2 2009.12.13 - CAT-QuickHeal 10.00 2009.12.12 - ClamAV 0.94.1 2009.12.13 - Comodo 3226 2009.12.13 - DrWeb 5.0.0.12182 2009.12.13 - eSafe 7.0.17.0 2009.12.10 - eTrust-Vet 35.1.7171 2009.12.11 - F-Prot 4.5.1.85 2009.12.12 - F-Secure 9.0.15370.0 2009.12.13 - Fortinet 4.0.14.0 2009.12.13 - GData 19 2009.12.13 - Ikarus T3.1.1.74.0 2009.12.13 - Jiangmin 13.0.900 2009.12.13 - K7AntiVirus 7.10.918 2009.12.11 - Kaspersky 7.0.0.125 2009.12.13 - McAfee 5830 2009.12.12 - McAfee+Artemis 5830 2009.12.12 - McAfee-GW-Edition 6.8.5 2009.12.13 - Microsoft 1.5302 2009.12.13 - NOD32 4682 2009.12.12 - Norman 6.04.03 2009.12.12 - nProtect 2009.1.8.0 2009.12.13 - Panda 10.0.2.2 2009.12.12 - PCTools 7.0.3.5 2009.12.12 - Prevx 3.0 2009.12.13 - Rising 22.25.06.05 2009.12.13 - Sophos 4.48.0 2009.12.13 - Sunbelt 3.2.1858.2 2009.12.13 - Symantec 1.4.4.12 2009.12.13 - TheHacker 6.5.0.2.092 2009.12.12 - TrendMicro 9.100.0.1001 2009.12.13 - VBA32 3.12.12.0 2009.12.12 - ViRobot 2009.12.12.2085 2009.12.12 - VirusBuster 5.0.21.0 2009.12.12 - Information additionnelle File size: 53736 bytes MD5...: 5d4aefc3386920236a548271f8f1af6a SHA1..: 8d8d86438c4c6a76b4238ba09dd4d207c618643a SHA256: 11b74d6800ec6f7aaefb0b6a9f2e8376c7c3b8db677f03ac3743cb004ca96b08 ssdeep: 1536:JS/Lz3In749RZHnh3aQIGadqaL+Ebx1RUE2O:oL0749RmQtajbx1RsO<BR> PEiD..: - PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0xdbbc<BR>timedatestamp.....: 0x49e01ef2 (Sat Apr 11 04:39:14 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 8 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x23da 0x2400 6.33 b88c4b94ccd59941c45c53d912164a7f<BR>.rdata 0x4000 0x5b5 0x600 4.22 36a926a33b7223ab632c6e9a468761ba<BR>.data 0x5000 0x148 0x200 2.41 439ca755095ec54f46e1a9a88452b3dd<BR>PAGE 0x6000 0x5798 0x5800 6.40 9e4fd9606bcd8f409c9f91e058c85e51<BR>PAGE 0xc000 0x150 0x200 1.89 a1db41b8f4f07e71cdf35efd57f32c72<BR>INIT 0xd000 0x173a 0x1800 6.11 09cc427c79be0b723c19e4a8a404cbaa<BR>.rsrc 0xf000 0x3e0 0x400 3.29 2a5fc9cfec830d81ca0d3386393a7f00<BR>.reloc 0x10000 0x97a 0xa00 6.23 c0fefbdcd2e3c3fd1c684ebbf205563a<BR><BR>( 3 imports ) <BR>> ntoskrnl.exe: IoDeleteDevice, IoAttachDeviceToDeviceStack, ZwClose, ZwMakeTemporaryObject, ZwCreateDirectoryObject, IoRegisterBootDriverReinitialization, IoFreeIrp, IoFreeMdl, ExfInterlockedPopEntryList, ExfInterlockedPushEntryList, MmBuildMdlForNonPagedPool, IoAllocateMdl, ZwQueryValueKey, RtlUnicodeStringToInteger, IoReadDiskSignature, IoBuildDeviceIoControlRequest, _vsnprintf, IoGetConfigurationInformation, RtlQueryRegistryValues, IoOpenDeviceRegistryKey, IoCreateSymbolicLink, IoDeleteSymbolicLink, RtlFreeUnicodeString, IoSetDeviceInterfaceState, KeInitializeMutex, InitSafeBootMode, IoRegisterDeviceInterface, HalExamineMBR, KeTickCount, KeBugCheckEx, IoAllocateWorkItem, IoReportTargetDeviceChangeAsynchronous, IoQueueWorkItem, KeInitializeEvent, IoGetAttachedDeviceReference, IoBuildSynchronousFsdRequest, ObfDereferenceObject, memmove, IoInvalidateDeviceRelations, IoAllocateErrorLogEntry, IoWriteErrorLogEntry, IoAllocateIrp, _allshr, IoFreeWorkItem, KeWaitForSingleObject, KeReleaseMutex, KeSetEvent, strncmp, IoSetHardErrorOrVerifyDevice, IoRegisterDriverReinitialization, IofCallDriver, IoWMIRegistrationControl, RtlCompareMemory, RtlInitUnicodeString, MmGetSystemRoutineAddress, memset, memcpy, ExAllocatePoolWithTag, IoWMIWriteEvent, ExFreePoolWithTag, ZwOpenKey, _vsnwprintf<BR>> HAL.dll: KeGetCurrentIrql<BR>> CLASSPNP.SYS: ClassScanForSpecial, ClassQueryTimeOutRegistryValue, ClassUpdateInformationInRegistry, ClassInitializeMediaChangeDetection, ClassDeleteSrbLookasideList, ClassGetDeviceParameter, ClassReadDriveCapacity, ClassSignalCompletion, ClassNotifyFailurePredicted, ClassSetFailurePredictionPoll, ClassWmiCompleteRequest, ClassReleaseQueue, ClassInterpretSenseInfo, ClassSpinDownPowerHandler, ClassInitialize, ClassInitializeEx, ClassDeviceControl, ClassClaimDevice, ClassCreateDeviceObject, ClassSendDeviceIoControlSynchronous, ClassSetDeviceParameter, ClassModeSense, ClassFindModePage, ClassAcquireRemoveLockEx, ClassAsynchronousCompletion, ClassSendSrbSynchronous, ClassIoComplete, ClassReleaseRemoveLock, ClassCompleteRequest, ClassInitializeSrbLookasideList<BR><BR>( 0 exports ) <BR> RDS...: NSRL Reference Data Set<BR>- pdfid.: - trid..: Generic Win/DOS Executable (49.9%)<BR>DOS Executable Generic (49.8%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) sigcheck:<BR>publisher....: Microsoft Corporation<BR>copyright....: © Microsoft Corporation. All rights reserved.<BR>product......: Microsoft_ Windows_ Operating System<BR>description..: PnP Disk Driver<BR>original name: disk.sys<BR>internal name: disk.sys<BR>file version.: 6.0.6002.18005 (lh_sp2rtm.090410-1830)<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
  15. Maheva
    C'est ça a marché. Fichier Classpnp.sys reçu le 2009.12.12 20:08:35 (UTC)Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.43 2009.12.12 - AhnLab-V3 5.0.0.2 2009.12.12 - AntiVir 7.9.1.108 2009.12.11 - Antiy-AVL 2.0.3.7 2009.12.11 - Authentium 5.2.0.5 2009.12.02 - Avast 4.8.1351.0 2009.12.12 - AVG 8.5.0.427 2009.12.12 - BitDefender 7.2 2009.12.12 - CAT-QuickHeal 10.00 2009.12.12 - ClamAV 0.94.1 2009.12.12 - Comodo 3218 2009.12.12 - DrWeb 5.0.0.12182 2009.12.12 - eSafe 7.0.17.0 2009.12.10 - eTrust-Vet 35.1.7171 2009.12.11 - F-Prot 4.5.1.85 2009.12.12 - F-Secure 9.0.15370.0 2009.12.12 - Fortinet 4.0.14.0 2009.12.12 - GData 19 2009.12.12 - Ikarus T3.1.1.74.0 2009.12.12 - Jiangmin 13.0.900 2009.12.12 - K7AntiVirus 7.10.918 2009.12.11 - Kaspersky 7.0.0.125 2009.12.12 - McAfee 5830 2009.12.12 - McAfee+Artemis 5830 2009.12.12 - McAfee-GW-Edition 6.8.5 2009.12.12 - Microsoft 1.5302 2009.12.12 - NOD32 4682 2009.12.12 - Norman 6.04.03 2009.12.12 - nProtect 2009.1.8.0 2009.12.12 - Panda 10.0.2.2 2009.12.12 - PCTools 7.0.3.5 2009.12.12 - Prevx 3.0 2009.12.12 - Rising 22.25.05.04 2009.12.12 - Sophos 4.48.0 2009.12.12 - Sunbelt 3.2.1858.2 2009.12.12 - Symantec 1.4.4.12 2009.12.12 - TheHacker 6.5.0.2.092 2009.12.12 - TrendMicro 9.100.0.1001 2009.12.12 - VBA32 3.12.12.0 2009.12.12 - ViRobot 2009.12.12.2085 2009.12.12 - VirusBuster 5.0.21.0 2009.12.12 - Information additionnelle File size: 125928 bytes MD5...: 0767b09c74d935a590b4879d14463b64 SHA1..: 92fcf40776856b758d63427bba118e67d71433a6 SHA256: b6547ce44f1c00f50c801efce52ee58c944cd50fe5a70cf005e9a745688036a2 ssdeep: 3072:SPMrFipScl1FzRM4QZO7QIs2g6PXCwlNObw6:MMrFipScl1LM4Q7B6vCEYs<BR>6<BR> PEiD..: - PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1d00f<BR>timedatestamp.....: 0x49e01ee9 (Sat Apr 11 04:39:05 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 9 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0xfcb5 0xfe00 6.54 a543b98d69bcb97347b8a78f49b2e601<BR>.rdata 0x11000 0x111c 0x1200 5.14 9bb2cf7c0ea464cf5d3754ab95545eb0<BR>.data 0x13000 0xc68 0xe00 7.15 a69c3c6ed14277842f863fc1c6bd447c<BR>PAGE 0x14000 0x683f 0x6a00 6.37 a2e1e1cd0501ab0c7043c49af07e26a5<BR>.edata 0x1b000 0x80c 0xa00 4.73 21b0e497e76a15159ab0eab333f3eca3<BR>PAGE 0x1c000 0x910 0xa00 2.69 c06a2602de1950facce2773e85d165aa<BR>INIT 0x1d000 0xc30 0xe00 5.24 89ec5d5c7feaeefd3d4e9aa6cc8fdc82<BR>.rsrc 0x1e000 0x400 0x400 3.37 c055dfcb62486fbf90e33cbd4a396740<BR>.reloc 0x1f000 0x1610 0x1800 6.53 7d79ee0a4cd8641bca8559bccc2091a9<BR><BR>( 2 imports ) <BR>> ntoskrnl.exe: KeWaitForSingleObject, IoFreeWorkItem, ZwClose, RtlQueryRegistryValues, ZwCreateKey, RtlInitUnicodeString, IoOpenDeviceRegistryKey, ZwOpenKey, IoFreeIrp, IoFreeMdl, RtlCompareMemory, IoStopTimer, EtwWrite, IoGetDriverObjectExtension, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, KeQueryTimeIncrement, KeQuerySystemTime, _allmul, IoQueueWorkItem, IoAllocateWorkItem, IoReuseIrp, IofCallDriver, KeInitializeEvent, MmBuildMdlForNonPagedPool, IoAllocateMdl, RtlFreeUnicodeString, RtlAnsiStringToUnicodeString, ObfDereferenceObject, IoBuildDeviceIoControlRequest, IoGetAttachedDeviceReference, KeInitializeMutex, IoAllocateIrp, IoStartTimer, IoInitializeTimer, KeLeaveCriticalRegion, KeSetEvent, KeEnterCriticalRegion, KeGetCurrentThread, _vsnprintf, IoGetIoPriorityHint, IoWMIWriteEvent, MmGetSystemRoutineAddress, IoWMIRegistrationControl, IofCompleteRequest, DbgPrintEx, EtwUnregister, _allshl, _alldiv, IoGetPagingIoPriority, IoStartNextPacket, MmUnlockPages, IoSetDeviceInterfaceState, IoRegisterDeviceInterface, KeReleaseMutex, KeSetTimerEx, KeTickCount, IoGetDeviceProperty, EtwRegister, RtlCopyUnicodeString, IoAllocateDriverObjectExtension, IoStartPacket, IoSetHardErrorOrVerifyDevice, memmove, IoDeleteDevice, IoCreateDevice, RtlInitString, ObReferenceObjectByPointer, IoInvalidateDeviceRelations, MmProbeAndLockPages, KefReleaseSpinLockFromDpcLevel, KeBugCheckEx, KefAcquireSpinLockAtDpcLevel, _alldvrm, IoDetachDevice, ZwSetValueKey, KeInitializeDpc, KeInitializeTimer, ObfReferenceObject, KeBugCheck, KeDelayExecutionThread, RtlDeleteRegistryValue, _vsnwprintf, RtlTimeToTimeFields, InterlockedPopEntrySList, PoStartNextPowerIrp, PoCallDriver, PoSetPowerState, InterlockedPushEntrySList, MmUnmapLockedPages, ExVerifySuite, IoBuildPartialMdl, KeCancelTimer, _aulldiv, KeSetTimer, strncmp, RtlWriteRegistryValue, IoReadPartitionTableEx, ExDeleteNPagedLookasideList, ExInitializeNPagedLookasideList, IoGetDeviceObjectPointer, IoBuildSynchronousFsdRequest, RtlCompareUnicodeString, RtlAppendUnicodeStringToString, RtlInitAnsiString, IoGetConfigurationInformation, IoAttachDeviceToDeviceStack, RtlUnwind, memset, memcpy, ExAllocatePoolWithTag, IoReportTargetDeviceChangeAsynchronous, IoInitializeIrp, ExFreePoolWithTag<BR>> HAL.dll: KfRaiseIrql, KfLowerIrql, KfAcquireSpinLock, KfReleaseSpinLock, KeGetCurrentIrql<BR><BR>( 60 exports ) <BR>ClassAcquireChildLock, ClassAcquireRemoveLockEx, ClassAsynchronousCompletion, ClassBuildRequest, ClassCheckMediaState, ClassClaimDevice, ClassCleanupMediaChangeDetection, ClassCompleteRequest, ClassCreateDeviceObject, ClassDebugPrint, ClassDeleteSrbLookasideList, ClassDeviceControl, ClassDisableMediaChangeDetection, ClassEnableMediaChangeDetection, ClassFindModePage, ClassForwardIrpSynchronous, ClassGetDescriptor, ClassGetDeviceParameter, ClassGetDriverExtension, ClassGetFsContext, ClassGetVpb, ClassInitialize, ClassInitializeEx, ClassInitializeMediaChangeDetection, ClassInitializeSrbLookasideList, ClassInitializeTestUnitPolling, ClassInternalIoControl, ClassInterpretSenseInfo, ClassInvalidateBusRelations, ClassIoComplete, ClassIoCompleteAssociated, ClassMarkChildMissing, ClassMarkChildrenMissing, ClassModeSense, ClassNotifyFailurePredicted, ClassQueryTimeOutRegistryValue, ClassReadDriveCapacity, ClassReleaseChildLock, ClassReleaseQueue, ClassReleaseRemoveLock, ClassRemoveDevice, ClassResetMediaChangeTimer, ClassScanForSpecial, ClassSendDeviceIoControlSynchronous, ClassSendIrpSynchronous, ClassSendNotification, ClassSendSrbAsynchronous, ClassSendSrbSynchronous, ClassSendStartUnit, ClassSetDeviceParameter, ClassSetFailurePredictionPoll, ClassSetMediaChangeState, ClassSignalCompletion, ClassSpinDownPowerHandler, ClassSplitRequest, ClassStopUnitPowerHandler, ClassUpdateInformationInRegistry, ClassWmiCompleteRequest, ClassWmiFireEvent, DllUnload<BR> RDS...: NSRL Reference Data Set<BR>- pdfid.: - trid..: Generic Win/DOS Executable (49.9%)<BR>DOS Executable Generic (49.8%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) sigcheck:<BR>publisher....: Microsoft Corporation<BR>copyright....: © Microsoft Corporation. All rights reserved.<BR>product......: Microsoft_ Windows_ Operating System<BR>description..: SCSI Class System Dll<BR>original name: Classpnp.sys<BR>internal name: Classpnp.sys<BR>file version.: 6.0.6002.18005 (lh_sp2rtm.090410-1830)<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR> Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.43 2009.12.12 - AhnLab-V3 5.0.0.2 2009.12.12 - AntiVir 7.9.1.108 2009.12.11 - Antiy-AVL 2.0.3.7 2009.12.11 - Authentium 5.2.0.5 2009.12.02 - Avast 4.8.1351.0 2009.12.12 - AVG 8.5.0.427 2009.12.12 - BitDefender 7.2 2009.12.12 - CAT-QuickHeal 10.00 2009.12.12 - ClamAV 0.94.1 2009.12.12 - Comodo 3218 2009.12.12 - DrWeb 5.0.0.12182 2009.12.12 - eSafe 7.0.17.0 2009.12.10 - eTrust-Vet 35.1.7171 2009.12.11 - F-Prot 4.5.1.85 2009.12.12 - F-Secure 9.0.15370.0 2009.12.12 - Fortinet 4.0.14.0 2009.12.12 - GData 19 2009.12.12 - Ikarus T3.1.1.74.0 2009.12.12 - Jiangmin 13.0.900 2009.12.12 - K7AntiVirus 7.10.918 2009.12.11 - Kaspersky 7.0.0.125 2009.12.12 - McAfee 5830 2009.12.12 - McAfee+Artemis 5830 2009.12.12 - McAfee-GW-Edition 6.8.5 2009.12.12 - Microsoft 1.5302 2009.12.12 - NOD32 4682 2009.12.12 - Norman 6.04.03 2009.12.12 - nProtect 2009.1.8.0 2009.12.12 - Panda 10.0.2.2 2009.12.12 - PCTools 7.0.3.5 2009.12.12 - Prevx 3.0 2009.12.12 - Rising 22.25.05.04 2009.12.12 - Sophos 4.48.0 2009.12.12 - Sunbelt 3.2.1858.2 2009.12.12 - Symantec 1.4.4.12 2009.12.12 - TheHacker 6.5.0.2.092 2009.12.12 - TrendMicro 9.100.0.1001 2009.12.12 - VBA32 3.12.12.0 2009.12.12 - ViRobot 2009.12.12.2085 2009.12.12 - VirusBuster 5.0.21.0 2009.12.12 - Information additionnelle File size: 125928 bytes MD5...: 0767b09c74d935a590b4879d14463b64 SHA1..: 92fcf40776856b758d63427bba118e67d71433a6 SHA256: b6547ce44f1c00f50c801efce52ee58c944cd50fe5a70cf005e9a745688036a2 ssdeep: 3072:SPMrFipScl1FzRM4QZO7QIs2g6PXCwlNObw6:MMrFipScl1LM4Q7B6vCEYs<BR>6<BR> PEiD..: - PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1d00f<BR>timedatestamp.....: 0x49e01ee9 (Sat Apr 11 04:39:05 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 9 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0xfcb5 0xfe00 6.54 a543b98d69bcb97347b8a78f49b2e601<BR>.rdata 0x11000 0x111c 0x1200 5.14 9bb2cf7c0ea464cf5d3754ab95545eb0<BR>.data 0x13000 0xc68 0xe00 7.15 a69c3c6ed14277842f863fc1c6bd447c<BR>PAGE 0x14000 0x683f 0x6a00 6.37 a2e1e1cd0501ab0c7043c49af07e26a5<BR>.edata 0x1b000 0x80c 0xa00 4.73 21b0e497e76a15159ab0eab333f3eca3<BR>PAGE 0x1c000 0x910 0xa00 2.69 c06a2602de1950facce2773e85d165aa<BR>INIT 0x1d000 0xc30 0xe00 5.24 89ec5d5c7feaeefd3d4e9aa6cc8fdc82<BR>.rsrc 0x1e000 0x400 0x400 3.37 c055dfcb62486fbf90e33cbd4a396740<BR>.reloc 0x1f000 0x1610 0x1800 6.53 7d79ee0a4cd8641bca8559bccc2091a9<BR><BR>( 2 imports ) <BR>> ntoskrnl.exe: KeWaitForSingleObject, IoFreeWorkItem, ZwClose, RtlQueryRegistryValues, ZwCreateKey, RtlInitUnicodeString, IoOpenDeviceRegistryKey, ZwOpenKey, IoFreeIrp, IoFreeMdl, RtlCompareMemory, IoStopTimer, EtwWrite, IoGetDriverObjectExtension, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, KeQueryTimeIncrement, KeQuerySystemTime, _allmul, IoQueueWorkItem, IoAllocateWorkItem, IoReuseIrp, IofCallDriver, KeInitializeEvent, MmBuildMdlForNonPagedPool, IoAllocateMdl, RtlFreeUnicodeString, RtlAnsiStringToUnicodeString, ObfDereferenceObject, IoBuildDeviceIoControlRequest, IoGetAttachedDeviceReference, KeInitializeMutex, IoAllocateIrp, IoStartTimer, IoInitializeTimer, KeLeaveCriticalRegion, KeSetEvent, KeEnterCriticalRegion, KeGetCurrentThread, _vsnprintf, IoGetIoPriorityHint, IoWMIWriteEvent, MmGetSystemRoutineAddress, IoWMIRegistrationControl, IofCompleteRequest, DbgPrintEx, EtwUnregister, _allshl, _alldiv, IoGetPagingIoPriority, IoStartNextPacket, MmUnlockPages, IoSetDeviceInterfaceState, IoRegisterDeviceInterface, KeReleaseMutex, KeSetTimerEx, KeTickCount, IoGetDeviceProperty, EtwRegister, RtlCopyUnicodeString, IoAllocateDriverObjectExtension, IoStartPacket, IoSetHardErrorOrVerifyDevice, memmove, IoDeleteDevice, IoCreateDevice, RtlInitString, ObReferenceObjectByPointer, IoInvalidateDeviceRelations, MmProbeAndLockPages, KefReleaseSpinLockFromDpcLevel, KeBugCheckEx, KefAcquireSpinLockAtDpcLevel, _alldvrm, IoDetachDevice, ZwSetValueKey, KeInitializeDpc, KeInitializeTimer, ObfReferenceObject, KeBugCheck, KeDelayExecutionThread, RtlDeleteRegistryValue, _vsnwprintf, RtlTimeToTimeFields, InterlockedPopEntrySList, PoStartNextPowerIrp, PoCallDriver, PoSetPowerState, InterlockedPushEntrySList, MmUnmapLockedPages, ExVerifySuite, IoBuildPartialMdl, KeCancelTimer, _aulldiv, KeSetTimer, strncmp, RtlWriteRegistryValue, IoReadPartitionTableEx, ExDeleteNPagedLookasideList, ExInitializeNPagedLookasideList, IoGetDeviceObjectPointer, IoBuildSynchronousFsdRequest, RtlCompareUnicodeString, RtlAppendUnicodeStringToString, RtlInitAnsiString, IoGetConfigurationInformation, IoAttachDeviceToDeviceStack, RtlUnwind, memset, memcpy, ExAllocatePoolWithTag, IoReportTargetDeviceChangeAsynchronous, IoInitializeIrp, ExFreePoolWithTag<BR>> HAL.dll: KfRaiseIrql, KfLowerIrql, KfAcquireSpinLock, KfReleaseSpinLock, KeGetCurrentIrql<BR><BR>( 60 exports ) <BR>ClassAcquireChildLock, ClassAcquireRemoveLockEx, ClassAsynchronousCompletion, ClassBuildRequest, ClassCheckMediaState, ClassClaimDevice, ClassCleanupMediaChangeDetection, ClassCompleteRequest, ClassCreateDeviceObject, ClassDebugPrint, ClassDeleteSrbLookasideList, ClassDeviceControl, ClassDisableMediaChangeDetection, ClassEnableMediaChangeDetection, ClassFindModePage, ClassForwardIrpSynchronous, ClassGetDescriptor, ClassGetDeviceParameter, ClassGetDriverExtension, ClassGetFsContext, ClassGetVpb, ClassInitialize, ClassInitializeEx, ClassInitializeMediaChangeDetection, ClassInitializeSrbLookasideList, ClassInitializeTestUnitPolling, ClassInternalIoControl, ClassInterpretSenseInfo, ClassInvalidateBusRelations, ClassIoComplete, ClassIoCompleteAssociated, ClassMarkChildMissing, ClassMarkChildrenMissing, ClassModeSense, ClassNotifyFailurePredicted, ClassQueryTimeOutRegistryValue, ClassReadDriveCapacity, ClassReleaseChildLock, ClassReleaseQueue, ClassReleaseRemoveLock, ClassRemoveDevice, ClassResetMediaChangeTimer, ClassScanForSpecial, ClassSendDeviceIoControlSynchronous, ClassSendIrpSynchronous, ClassSendNotification, ClassSendSrbAsynchronous, ClassSendSrbSynchronous, ClassSendStartUnit, ClassSetDeviceParameter, ClassSetFailurePredictionPoll, ClassSetMediaChangeState, ClassSignalCompletion, ClassSpinDownPowerHandler, ClassSplitRequest, ClassStopUnitPowerHandler, ClassUpdateInformationInRegistry, ClassWmiCompleteRequest, ClassWmiFireEvent, DllUnload<BR> RDS...: NSRL Reference Data Set<BR>- pdfid.: - trid..: Generic Win/DOS Executable (49.9%)<BR>DOS Executable Generic (49.8%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) sigcheck:<BR>publisher....: Microsoft Corporation<BR>copyright....: © Microsoft Corporation. All rights reserved.<BR>product......: Microsoft_ Windows_ Operating System<BR>description..: SCSI Class System Dll<BR>original name: Classpnp.sys<BR>internal name: Classpnp.sys<BR>file version.: 6.0.6002.18005 (lh_sp2rtm.090410-1830)<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
  16. Maheva
    Voici le rapport de systemlook SystemLook v1.0 by jpshortstuff (29.08.09) Log created at 13:20 on 11/12/2009 by Carole (Administrator - Elevation successful) ========== filefind ========== Searching for "*classpnp*" C:\Windows\System32\drivers\Classpnp.sys --a--- 125928 bytes [02:01 07/08/2009] [06:32 11/04/2009] 0767B09C74D935A590B4879D14463B64 C:\Windows\winsxs\Manifests\x86_microsoft-windows-classpnp_31bf3856ad364e35_6.0.6000.16386_none_134c6c9faf26c46e.manifest --a--- 4355 bytes [10:21 02/11/2006] [10:09 02/11/2006] 280432B38D68F3CFEFCB0419A262B942 C:\Windows\winsxs\Manifests\x86_microsoft-windows-classpnp_31bf3856ad364e35_6.0.6001.18000_none_15832e9bac11d542.manifest --a--- 4355 bytes [02:20 21/01/2008] [02:20 21/01/2008] 341685FB9BE3BDAE559B63CAEF262660 C:\Windows\winsxs\Manifests\x86_microsoft-windows-classpnp_31bf3856ad364e35_6.0.6002.18005_none_176ea7a7a933a08e.manifest ------ 4355 bytes [01:31 07/08/2009] [22:14 10/04/2009] 1A0B73BF4C0BE6D9756C49723B702424 C:\Windows\winsxs\x86_microsoft-windows-classpnp_31bf3856ad364e35_6.0.6001.18000_none_15832e9bac11d542\Classpnp.sys --a--- 127544 bytes [02:24 21/01/2008] [02:24 21/01/2008] 4388CEBB2C6A7F484AC409A90A3C9FAE C:\Windows\winsxs\x86_microsoft-windows-classpnp_31bf3856ad364e35_6.0.6002.18005_none_176ea7a7a933a08e\Classpnp.sys --a--- 125928 bytes [02:01 07/08/2009] [06:32 11/04/2009] 0767B09C74D935A590B4879D14463B64 Searching for "*acpi*" C:\Program Files\ASUS\NB Probe\SPM\spnbacpi.dll --a--- 81920 bytes [04:29 21/11/2008] [23:24 29/08/2005] B8EEE72879838DE037DD2683E1F3869E C:\Windows\inf\acpi.inf --a--- 8928 bytes [10:25 02/11/2006] [12:05 08/10/2009] 724471693C54330A634FF3AF9FA89B55 C:\Windows\inf\acpi.PNF --a--- 16588 bytes [10:25 02/11/2006] [12:05 08/10/2009] FF05E961679E6324B71FF6DD4C05E1D4 C:\Windows\System32\DriverStore\FileRepository\acpi.inf_62085e44\acpi.inf ------ 8928 bytes [01:59 07/08/2009] [01:56 11/04/2009] 724471693C54330A634FF3AF9FA89B55 C:\Windows\System32\DriverStore\FileRepository\acpi.inf_62085e44\acpi.PNF ------ 16588 bytes [12:05 08/10/2009] [12:05 08/10/2009] 8EE8EA0C597E38F8721A30FA966A777B C:\Windows\System32\DriverStore\FileRepository\acpi.inf_62085e44\acpi.sys ------ 265688 bytes [02:01 07/08/2009] [06:32 11/04/2009] 82B296AE1892FE3DBEE00C9CF92F8AC7 C:\Windows\System32\DriverStore\FileRepository\acpi.inf_62085e44\wmiacpi.sys ------ 11264 bytes [02:23 21/01/2008] [02:23 21/01/2008] 2E7255D172DF0B8283CDFB7B433B864E C:\Windows\System32\DriverStore\FileRepository\acpi.inf_97916753\acpi.inf ------ 7562 bytes [10:25 02/11/2006] [06:25 02/11/2006] D11CFDD7DAF570AFE519440570A9EE0A C:\Windows\System32\DriverStore\FileRepository\acpi.inf_97916753\acpi.PNF ------ 14188 bytes [12:51 02/11/2006] [12:51 02/11/2006] 34DA6CFFBF0D588C5C19A577ED5C1F8C C:\Windows\System32\DriverStore\FileRepository\acpi.inf_97916753\acpi.sys ------ 255592 bytes [10:25 02/11/2006] [09:51 02/11/2006] 192BDBD1540645C4A2AA69F24CCE197F C:\Windows\System32\DriverStore\FileRepository\acpi.inf_97916753\wmiacpi.sys ------ 11264 bytes [10:25 02/11/2006] [08:35 02/11/2006] 701A9F884A294327E9141D73746EE279 C:\Windows\System32\DriverStore\FileRepository\acpi.inf_cae6072a\acpi.inf ------ 8928 bytes [02:23 21/01/2008] [02:23 21/01/2008] 1F8E8A211F9E0B85C9105EF864D9EF31 C:\Windows\System32\DriverStore\FileRepository\acpi.inf_cae6072a\acpi.PNF ------ 16588 bytes [02:31 21/01/2008] [17:11 08/08/2009] 87C1322715233AB27B9BF7C4BECE47A6 C:\Windows\System32\DriverStore\FileRepository\acpi.inf_cae6072a\acpi.sys ------ 266808 bytes [02:23 21/01/2008] [02:23 21/01/2008] FCB8C7210F0135E24C6580F7F649C73C C:\Windows\System32\DriverStore\FileRepository\acpi.inf_cae6072a\wmiacpi.sys ------ 11264 bytes [02:23 21/01/2008] [02:23 21/01/2008] 2E7255D172DF0B8283CDFB7B433B864E C:\Windows\System32\DriverStore\FileRepository\atk0100.inf_3bcd2d8e\ATKACPI.sys ------ 7680 bytes [07:11 15/12/2006] [07:11 15/12/2006] 97AFFA9D95FFE20EEE6229BC6BE166CF C:\Windows\System32\DriverStore\FileRepository\hal.inf_0c52392f\halacpi.dll ------ 141880 bytes [02:23 21/01/2008] [02:23 21/01/2008] 37397E3A201ED97976764ADC7C026D31 C:\Windows\System32\DriverStore\FileRepository\hal.inf_0c52392f\halmacpi.dll ------ 177208 bytes [02:23 21/01/2008] [02:23 21/01/2008] A00B0EDD048786E30EBB2DA65D9A8F74 C:\Windows\System32\DriverStore\FileRepository\hal.inf_3bbd89f5\halacpi.dll ------ 141880 bytes [03:49 21/11/2008] [03:33 04/04/2008] A1D0B64B46EEB0FD2F379B1A801C62EB C:\Windows\System32\DriverStore\FileRepository\hal.inf_3bbd89f5\halmacpi.dll ------ 177208 bytes [03:49 21/11/2008] [03:34 04/04/2008] CF05E85F0B41470B9469C981DE66D0AF C:\Windows\System32\DriverStore\FileRepository\hal.inf_59c500ab\halacpi.dll ------ 134760 bytes [10:25 02/11/2006] [09:50 02/11/2006] E58EE39C80E8DB9183F576F242358AD8 C:\Windows\System32\DriverStore\FileRepository\hal.inf_59c500ab\halmacpi.dll ------ 160872 bytes [10:25 02/11/2006] [09:51 02/11/2006] E3A21FC3407DA84C5FF41B5088A67C3B C:\Windows\System32\DriverStore\FileRepository\hal.inf_72fc1cce\halacpi.dll ------ 137272 bytes [03:49 21/11/2008] [03:36 04/04/2008] 3982B61970AD98491BD6205D6C16D014 C:\Windows\System32\DriverStore\FileRepository\hal.inf_72fc1cce\halmacpi.dll ------ 163384 bytes [03:49 21/11/2008] [03:36 04/04/2008] D26D22BDAC42DD292228DF227B0DA234 C:\Windows\System32\DriverStore\FileRepository\hal.inf_92fbcfb7\halacpi.dll ------ 140776 bytes [02:02 07/08/2009] [06:32 11/04/2009] 8D04724F13B0FE63829113F28E845E8A C:\Windows\System32\DriverStore\FileRepository\hal.inf_92fbcfb7\halmacpi.dll ------ 177128 bytes [02:02 07/08/2009] [06:32 11/04/2009] B8D52005181A15D7D1470CBF2AF214DD C:\Windows\System32\DriverStore\fr-FR\acpi.inf_loc --a--- 2204 bytes [11:15 16/04/2008] [11:15 16/04/2008] C1CC6E7F7D5615EC1599E86451FF0395 C:\Windows\System32\drivers\acpi.sys ------ 265688 bytes [02:01 07/08/2009] [06:32 11/04/2009] 82B296AE1892FE3DBEE00C9CF92F8AC7 C:\Windows\System32\drivers\ATKACPI.sys ------ 7680 bytes [07:11 15/12/2006] [07:11 15/12/2006] 97AFFA9D95FFE20EEE6229BC6BE166CF C:\Windows\System32\drivers\fr-FR\acpi.sys.mui --a--- 11264 bytes [11:15 16/04/2008] [11:15 16/04/2008] 0D8C51C2CA30D25FCA656FB490DB2AA3 C:\Windows\System32\drivers\wmiacpi.sys ------ 11264 bytes [08:35 02/11/2006] [02:23 21/01/2008] 2E7255D172DF0B8283CDFB7B433B864E C:\Windows\System32\halacpi.dll ------ 140776 bytes [08:30 02/11/2006] [06:32 11/04/2009] 8D04724F13B0FE63829113F28E845E8A C:\Windows\System32\halmacpi.dll ------ 177128 bytes [08:30 02/11/2006] [06:32 11/04/2009] B8D52005181A15D7D1470CBF2AF214DD C:\Windows\winsxs\Manifests\x86_acpi.inf.resources_31bf3856ad364e35_6.0.6000.16386_fr-fr_53feefb0bef2fc01.manifest --a--- 3749 bytes [11:13 16/04/2008] [11:13 16/04/2008] 48AAF4E8C58ADF4CEAD574C1F6BA743B C:\Windows\winsxs\Manifests\x86_acpi.inf.resources_31bf3856ad364e35_6.0.6001.18000_fr-fr_5635b1acbbde0cd5.manifest --a--- 3656 bytes [11:14 16/04/2008] [11:14 16/04/2008] 511D7F7691AFF423BE5A7E48B67852EE C:\Windows\winsxs\Manifests\x86_acpi.inf_31bf3856ad364e35_6.0.6001.18000_none_2288c403ce07cf48.manifest --a--- 4177 bytes [02:17 21/01/2008] [02:17 21/01/2008] C3945B343A1CD54F03198C3845529127 C:\Windows\winsxs\Manifests\x86_acpi.inf_31bf3856ad364e35_6.0.6002.18005_none_24743d0fcb299a94.manifest ------ 4177 bytes [01:32 07/08/2009] [01:32 07/08/2009] F4A962D290175FFC4D813C8A32A97961 C:\Windows\winsxs\x86_acpi.inf.resources_31bf3856ad364e35_6.0.6000.16386_fr-fr_53feefb0bef2fc01\acpi.inf_loc --a--- 1904 bytes [11:14 16/04/2008] [11:14 16/04/2008] E75605FCE48B94212621956FA3B428BF C:\Windows\winsxs\x86_acpi.inf.resources_31bf3856ad364e35_6.0.6000.16386_fr-fr_53feefb0bef2fc01\acpi.sys.mui --a--- 11264 bytes [11:14 16/04/2008] [11:14 16/04/2008] 0D8C51C2CA30D25FCA656FB490DB2AA3 C:\Windows\winsxs\x86_acpi.inf.resources_31bf3856ad364e35_6.0.6001.18000_fr-fr_5635b1acbbde0cd5\acpi.inf_loc --a--- 2204 bytes [11:15 16/04/2008] [11:15 16/04/2008] C1CC6E7F7D5615EC1599E86451FF0395 C:\Windows\winsxs\x86_acpi.inf.resources_31bf3856ad364e35_6.0.6001.18000_fr-fr_5635b1acbbde0cd5\acpi.sys.mui --a--- 11264 bytes [11:15 16/04/2008] [11:15 16/04/2008] 0D8C51C2CA30D25FCA656FB490DB2AA3 C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6001.18000_none_2288c403ce07cf48\acpi.inf --a--- 8928 bytes [02:23 21/01/2008] [02:23 21/01/2008] 1F8E8A211F9E0B85C9105EF864D9EF31 C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6001.18000_none_2288c403ce07cf48\acpi.sys --a--- 266808 bytes [02:23 21/01/2008] [02:23 21/01/2008] FCB8C7210F0135E24C6580F7F649C73C C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6001.18000_none_2288c403ce07cf48\wmiacpi.sys --a--- 11264 bytes [02:23 21/01/2008] [02:23 21/01/2008] 2E7255D172DF0B8283CDFB7B433B864E C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6002.18005_none_24743d0fcb299a94\acpi.inf --a--- 8928 bytes [01:59 07/08/2009] [01:56 11/04/2009] 724471693C54330A634FF3AF9FA89B55 C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6002.18005_none_24743d0fcb299a94\acpi.sys --a--- 265688 bytes [02:01 07/08/2009] [06:32 11/04/2009] 82B296AE1892FE3DBEE00C9CF92F8AC7 C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6002.18005_none_24743d0fcb299a94\wmiacpi.sys --a--- 11264 bytes [02:23 21/01/2008] [02:23 21/01/2008] 2E7255D172DF0B8283CDFB7B433B864E C:\Windows\winsxs\x86_hal.inf_31bf3856ad364e35_6.0.6000.20806_none_01c571f223e1079a\halacpi.dll --a--- 137272 bytes [03:49 21/11/2008] [03:36 04/04/2008] 3982B61970AD98491BD6205D6C16D014 C:\Windows\winsxs\x86_hal.inf_31bf3856ad364e35_6.0.6000.20806_none_01c571f223e1079a\halmacpi.dll --a--- 163384 bytes [03:49 21/11/2008] [03:36 04/04/2008] D26D22BDAC42DD292228DF227B0DA234 C:\Windows\winsxs\x86_hal.inf_31bf3856ad364e35_6.0.6001.18000_none_031c102b07ef6390\halacpi.dll --a--- 141880 bytes [02:23 21/01/2008] [02:23 21/01/2008] 37397E3A201ED97976764ADC7C026D31 C:\Windows\winsxs\x86_hal.inf_31bf3856ad364e35_6.0.6001.18000_none_031c102b07ef6390\halmacpi.dll --a--- 177208 bytes [02:23 21/01/2008] [02:23 21/01/2008] A00B0EDD048786E30EBB2DA65D9A8F74 C:\Windows\winsxs\x86_hal.inf_31bf3856ad364e35_6.0.6001.22150_none_036f9d5a21358f0f\halacpi.dll --a--- 141880 bytes [03:49 21/11/2008] [03:33 04/04/2008] A1D0B64B46EEB0FD2F379B1A801C62EB C:\Windows\winsxs\x86_hal.inf_31bf3856ad364e35_6.0.6001.22150_none_036f9d5a21358f0f\halmacpi.dll --a--- 177208 bytes [03:49 21/11/2008] [03:34 04/04/2008] CF05E85F0B41470B9469C981DE66D0AF C:\Windows\winsxs\x86_hal.inf_31bf3856ad364e35_6.0.6002.18005_none_0507893705112edc\halacpi.dll --a--- 140776 bytes [02:02 07/08/2009] [06:32 11/04/2009] 8D04724F13B0FE63829113F28E845E8A C:\Windows\winsxs\x86_hal.inf_31bf3856ad364e35_6.0.6002.18005_none_0507893705112edc\halmacpi.dll --a--- 177128 bytes [02:02 07/08/2009] [06:32 11/04/2009] B8D52005181A15D7D1470CBF2AF214DD Searching for "*disk.sys*" C:\Windows\System32\DriverStore\FileRepository\clusdisk.inf_1f8551c9\ClusDisk.sys ------ 26112 bytes [01:59 07/08/2009] [04:20 11/04/2009] 78533A10D91C7EA6D5BA6A0CEA07CD62 C:\Windows\System32\DriverStore\FileRepository\clusdisk.inf_42af4fdc\ClusDisk.sys ------ 20480 bytes [10:25 02/11/2006] [08:36 02/11/2006] 940020D9AF70B38D6E721FAF4424E37E C:\Windows\System32\DriverStore\FileRepository\clusdisk.inf_e7d66a0e\ClusDisk.sys ------ 26112 bytes [02:23 21/01/2008] [02:23 21/01/2008] D4A76DD468211291C62BB80D82EB85A0 C:\Windows\System32\DriverStore\FileRepository\crcdisk.inf_296260cb\crcdisk.sys ------ 24632 bytes [02:23 21/01/2008] [02:23 21/01/2008] 741E9DFF4F42D2D8477D0FC1DC0DF871 C:\Windows\System32\DriverStore\FileRepository\crcdisk.inf_399dba89\crcdisk.sys ------ 22632 bytes [10:25 02/11/2006] [09:49 02/11/2006] 2A213AE086BBEC5E937553C7D9A2B22C C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys ------ 53736 bytes [02:01 07/08/2009] [06:32 11/04/2009] 5D4AEFC3386920236A548271F8F1AF6A C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys ------ 55352 bytes [02:23 21/01/2008] [02:23 21/01/2008] 64109E623ABD6955C8FB110B592E68B7 C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys ------ 52840 bytes [10:25 02/11/2006] [09:49 02/11/2006] 841AF4C4D41D3E3B2F244E976B0F7963 C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_36da1340\flpydisk.sys ------ 20480 bytes [02:23 21/01/2008] [02:23 21/01/2008] 85B7CF99D532820495D68D747FDA9EBD C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_7a4ca8e4\flpydisk.sys ------ 20480 bytes [10:25 02/11/2006] [08:51 02/11/2006] 6603957EFF5EC62D25075EA8AC27DE68 C:\Windows\System32\DriverStore\FileRepository\ramdisk.inf_4bdb31c0\ramdisk.sys ------ 22528 bytes [02:23 21/01/2008] [02:23 21/01/2008] 94644648375F9F5F10A0B783E90D3A2A C:\Windows\System32\DriverStore\FileRepository\ramdisk.inf_581fa0f3\ramdisk.sys ------ 22528 bytes [10:25 02/11/2006] [08:52 02/11/2006] 50E80F018D1617211D64BE8BCA7399BE C:\Windows\System32\DriverStore\FileRepository\sffdisk.inf_3a103ca8\sffdisk.sys ------ 13312 bytes [02:23 21/01/2008] [02:23 21/01/2008] 3EFA810BDCA87F6ECC24F9832243FE86 C:\Windows\System32\DriverStore\FileRepository\sffdisk.inf_4daf32a8\sffdisk.sys ------ 13312 bytes [10:25 02/11/2006] [08:51 02/11/2006] 103B79418DA647736EE95645F305F68A C:\Windows\System32\DriverStore\FileRepository\sffdisk.inf_f081f8b7\sffdisk.sys ------ 13312 bytes [02:23 21/01/2008] [02:23 21/01/2008] 3EFA810BDCA87F6ECC24F9832243FE86 C:\Windows\System32\drivers\crcdisk.sys ------ 24632 bytes [08:52 02/11/2006] [02:23 21/01/2008] 741E9DFF4F42D2D8477D0FC1DC0DF871 C:\Windows\System32\drivers\disk.sys ------ 53736 bytes [02:01 07/08/2009] [06:32 11/04/2009] 5D4AEFC3386920236A548271F8F1AF6A C:\Windows\System32\drivers\flpydisk.sys ------ 20480 bytes [02:23 21/01/2008] [02:23 21/01/2008] 85B7CF99D532820495D68D747FDA9EBD C:\Windows\System32\drivers\sffdisk.sys ------ 13312 bytes [08:51 02/11/2006] [02:23 21/01/2008] 3EFA810BDCA87F6ECC24F9832243FE86 C:\Windows\winsxs\x86_clusdisk.inf_31bf3856ad364e35_6.0.6001.18000_none_ed9445d1044eb92b\ClusDisk.sys --a--- 26112 bytes [02:23 21/01/2008] [02:23 21/01/2008] D4A76DD468211291C62BB80D82EB85A0 C:\Windows\winsxs\x86_clusdisk.inf_31bf3856ad364e35_6.0.6002.18005_none_ef7fbedd01708477\ClusDisk.sys --a--- 26112 bytes [01:59 07/08/2009] [04:20 11/04/2009] 78533A10D91C7EA6D5BA6A0CEA07CD62 C:\Windows\winsxs\x86_crcdisk.inf_31bf3856ad364e35_6.0.6001.18000_none_978b1f9648a639ba\crcdisk.sys --a--- 24632 bytes [02:23 21/01/2008] [02:23 21/01/2008] 741E9DFF4F42D2D8477D0FC1DC0DF871 C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys --a--- 55352 bytes [02:23 21/01/2008] [02:23 21/01/2008] 64109E623ABD6955C8FB110B592E68B7 C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys --a--- 53736 bytes [02:01 07/08/2009] [06:32 11/04/2009] 5D4AEFC3386920236A548271F8F1AF6A C:\Windows\winsxs\x86_flpydisk.inf_31bf3856ad364e35_6.0.6001.18000_none_e70a102d7a7bbf43\flpydisk.sys --a--- 20480 bytes [02:23 21/01/2008] [02:23 21/01/2008] 85B7CF99D532820495D68D747FDA9EBD C:\Windows\winsxs\x86_ramdisk.inf_31bf3856ad364e35_6.0.6001.18000_none_b8ecbe6bda091ffc\ramdisk.sys --a--- 22528 bytes [02:23 21/01/2008] [02:23 21/01/2008] 94644648375F9F5F10A0B783E90D3A2A C:\Windows\winsxs\x86_sffdisk.inf_31bf3856ad364e35_6.0.6001.18000_none_a43b8902e9e9f3c9\sffdisk.sys --a--- 13312 bytes [02:23 21/01/2008] [02:23 21/01/2008] 3EFA810BDCA87F6ECC24F9832243FE86 C:\Windows\winsxs\x86_sffdisk.inf_31bf3856ad364e35_6.0.6002.18005_none_a627020ee70bbf15\sffdisk.sys --a--- 13312 bytes [02:23 21/01/2008] [02:23 21/01/2008] 3EFA810BDCA87F6ECC24F9832243FE86 Searching for "*halmacpi.*" C:\Windows\System32\DriverStore\FileRepository\hal.inf_0c52392f\halmacpi.dll ------ 177208 bytes [02:23 21/01/2008] [02:23 21/01/2008] A00B0EDD048786E30EBB2DA65D9A8F74 C:\Windows\System32\DriverStore\FileRepository\hal.inf_3bbd89f5\halmacpi.dll ------ 177208 bytes [03:49 21/11/2008] [03:34 04/04/2008] CF05E85F0B41470B9469C981DE66D0AF C:\Windows\System32\DriverStore\FileRepository\hal.inf_59c500ab\halmacpi.dll ------ 160872 bytes [10:25 02/11/2006] [09:51 02/11/2006] E3A21FC3407DA84C5FF41B5088A67C3B C:\Windows\System32\DriverStore\FileRepository\hal.inf_72fc1cce\halmacpi.dll ------ 163384 bytes [03:49 21/11/2008] [03:36 04/04/2008] D26D22BDAC42DD292228DF227B0DA234 C:\Windows\System32\DriverStore\FileRepository\hal.inf_92fbcfb7\halmacpi.dll ------ 177128 bytes [02:02 07/08/2009] [06:32 11/04/2009] B8D52005181A15D7D1470CBF2AF214DD C:\Windows\System32\halmacpi.dll ------ 177128 bytes [08:30 02/11/2006] [06:32 11/04/2009] B8D52005181A15D7D1470CBF2AF214DD C:\Windows\winsxs\x86_hal.inf_31bf3856ad364e35_6.0.6000.20806_none_01c571f223e1079a\halmacpi.dll --a--- 163384 bytes [03:49 21/11/2008] [03:36 04/04/2008] D26D22BDAC42DD292228DF227B0DA234 C:\Windows\winsxs\x86_hal.inf_31bf3856ad364e35_6.0.6001.18000_none_031c102b07ef6390\halmacpi.dll --a--- 177208 bytes [02:23 21/01/2008] [02:23 21/01/2008] A00B0EDD048786E30EBB2DA65D9A8F74 C:\Windows\winsxs\x86_hal.inf_31bf3856ad364e35_6.0.6001.22150_none_036f9d5a21358f0f\halmacpi.dll --a--- 177208 bytes [03:49 21/11/2008] [03:34 04/04/2008] CF05E85F0B41470B9469C981DE66D0AF C:\Windows\winsxs\x86_hal.inf_31bf3856ad364e35_6.0.6002.18005_none_0507893705112edc\halmacpi.dll --a--- 177128 bytes [02:02 07/08/2009] [06:32 11/04/2009] B8D52005181A15D7D1470CBF2AF214DD -=End Of File=-
  17. Maheva
    Quand je fait parcourir et que je veut ouvrir le fichier il me dit que le fichier CLASSPNP.SYS est introuvable.
  18. Maheva
    En fait je n'en sait rien. Mon ordinateur est un Asus, il y a plein de truc qui était déjà installé quand je l'ai acheté et dont je ne suis pas sûr de me servir.
  19. Maheva
    Voici le rapport: ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/12/09 18:46 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP2 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\Windows\System32\Drivers\dump_atapi.sys Address: 0x8AFDD000 Size: 32768 File Visible: No Signed: - Status: - Name: dump_dumpata.sys Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys Address: 0x8AFD2000 Size: 45056 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\Windows\system32\drivers\rootrepeal.sys Address: 0xAA064000 Size: 49152 File Visible: No Signed: - Status: - Name: sphl.sys Image Path: C:\Windows\System32\Drivers\sphl.sys Address: 0x80690000 Size: 1052672 File Visible: No Signed: - Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\ADSM_PData_0150 Status: Invisible to the Windows API! Path: \\?\C:\ADSM_PData_0150\* Status: Could not enumerate files with the Windows API (0x00000006)! Path: C:\ADSM_PData_0150\DB Status: Invisible to the Windows API! Path: C:\ADSM_PData_0150\DragWait.exe Status: Invisible to the Windows API! Path: C:\ADSM_PData_0150\_avt Status: Invisible to the Windows API! Path: C:\System Volume Information\{5c76d95c-df7d-11de-bc3b-0023548f92e7}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{6e54726b-e0f3-11de-9245-0023548f92e7}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{742dc1bf-de9e-11de-9837-0023548f92e7}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{aaead82a-dfea-11de-bed6-0023548f92e7}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{acc6843b-df75-11de-b564-0023548f92e7}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{adc8a660-e414-11de-b767-0023548f92e7}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{bbabfd2d-dd0f-11de-942e-0023548f92e7}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{df121872-e321-11de-bc57-0023548f92e7}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{1350fd6e-e351-11de-865b-0023548f92e7}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{218038e9-dba4-11de-b73e-0023548f92e7}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{218038f1-dba4-11de-b73e-0023548f92e7}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{31a76957-df1a-11de-8954-0023548f92e7}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{31a76969-df1a-11de-8954-0023548f92e7}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{37c46dbf-dd99-11de-9b5b-0023548f92e7}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: \\?\C:\ADSM_PData_0150\DB\* Status: Could not enumerate files with the Windows API (0x00000006)! Path: C:\ADSM_PData_0150\DB\SI.db Status: Invisible to the Windows API! Path: C:\ADSM_PData_0150\DB\UL.db Status: Invisible to the Windows API! Path: C:\ADSM_PData_0150\DB\VL.db Status: Invisible to the Windows API! Path: C:\ADSM_PData_0150\DB\_avt Status: Invisible to the Windows API! Path: C:\Users\Carole\Documents sécurisés Status: Invisible to the Windows API! Path: C:\Users\Carole\Vidéos sécurisées Status: Invisible to the Windows API! Path: C:\Users\Carole\Musique sécurisée Status: Invisible to the Windows API! Path: \\?\C:\Users\Carole\Documents sécurisés\* Status: Could not enumerate files with the Windows API (0x00000006)! Path: C:\Users\Carole\Documents sécurisés\_avt Status: Invisible to the Windows API! Path: C:\Users\Carole\Documents sécurisés\_lit Status: Invisible to the Windows API! Path: \\?\C:\Users\Carole\Vidéos sécurisées\* Status: Could not enumerate files with the Windows API (0x00000006)! Path: C:\Users\Carole\Vidéos sécurisées\_avt Status: Invisible to the Windows API! Path: C:\Users\Carole\Vidéos sécurisées\_lit Status: Invisible to the Windows API! Path: \\?\C:\Users\Carole\Musique sécurisée\* Status: Could not enumerate files with the Windows API (0x00000006)! Path: C:\Users\Carole\Musique sécurisée\_avt Status: Invisible to the Windows API! Path: C:\Users\Carole\Musique sécurisée\_lit Status: Invisible to the Windows API! Path: C:\Windows\inf\.NET CLR Data\_DATAP~1.H Status: Locked to the Windows API! Path: C:\Windows\inf\.NET Data Provider for SqlServer\_DATAP~2.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1. cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c 2866332652.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e 2e610f48bda6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.c at Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df5 6e60dc5df.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985 d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea 1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddf c6cd11929a02.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\26340819d2ef86080d9001c6f2737d70fd6602ddf4b86b6c26b326ef81cc3342.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\2d3cb7907b1336ea5889a2b731d5e97ad40903a4efd2287c1c117bc30f208f46.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\a2492fa83366394b7c17fa6c9650ce5688b887d0ad0ad79743a3422debf4d997.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\34f4e1067328cece3ad510dbcdd746657fd91ee96f89f25201a7c658918512d1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\7aefb85f3099da7d88809ade16e90c2e3d61c5eeb236093cddc0a546934b02ad.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\113260042a311e5a7871a6659a0a0cc23a5864196832c01f81f093942513b749.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\92a6d9ca6a73206405dc393c28776ea6cded8b6ef43bffcf248c1b852ccd4c2c.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\b3beb16c28db357e654a6b132f59cd48cb95cee949d7b97587f8f02f233f3ce1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\a951d53950c367acc37622f0dd619a954df5de2c4ec40296e6636605aa33714a.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\f7bf65ca621d8ad32ead1500a08827be239d0f49d83dc20dabf57d2eb17adbd7.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\bd83dce340498e7c363093c2fc74dfb58e1ec17770453905172c7471fadd9333.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\dd72f7ab2def5f75f58d01b24643b308750c38685daaed50bcddf61c18460dee.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\91ca50cec42075fff02b366323bf3b45d2053b24544bd12b622b65621bd0edd5.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\d14225a52543aa5a9605b00dd7574812bf89c605ebc73a9730e1e386bfc965f8.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\935df4549e21123a2efb986a707f54475380a037519679510e4b4dfc4bdb5767.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\88b03fe13d2710ad787d5d96cd0e5cbeda3a61c2a0a2bdc0c0984a48365242e2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.16720_none_b462fc0cbe880bcb\MICROS~1.XSD Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.20883_none_9d9b12b0d82a50be\MICROS~1.XSD Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.18111_none_b43de0c2beda186c\MICROS~1.XSD Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.22230_none_9d72515ed87f917f\MICROS~1.XSD Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.22230_none_d358ae2ffad43bcf\_DATAP~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.22230_none_d358ae2ffad43bcf\_DATAP~2.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.22230_none_70a96dd2b2b56d3b\CSCEXE~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6001.22230_none_9d66b182 ef8367ab\GACUTI~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_ea243d93e12ec2bc\_DATAP~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_ea243d93e12ec2bc\_DATAP~2.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ddac10e22fd3c967\DV_ASP~1.CHM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_f49cbb9015dc43b3\DV_ASP~1.CHM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ddd4d2342f7e88a6\DV_ASP~1.CHM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_f477a046162e5054\DV_ASP~1.CHM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_DATAP~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_DATAP~2.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d3816f81fa7efb0e\_DATAP~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d3816f81fa7efb0e\_DATAP~2.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6000.16720_none_9b01a5fd d9371aff\GACUTI~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6000.20883_none_9b4d641e f282ae74\GACUTI~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6000.16708_none_cab9e41b8efd69ed\_SERVI~1.VRG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6000.20864_none_cafea036a84f4c01\_SERVI~1.VRG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6001.18096_none_cc3cd0fb8c6ec682\_SERVI~1.VRG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6001.22208_none_cd29bf8ca5419aa8\_SERVI~1.VRG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6000.16708_none_f87832f6f02b1a0c\_SERVI~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6000.20864_none_f8bcef12097cfc20\_SERVI~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6001.18096_none_f9fb1fd6ed9c76a1\_SERVI~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6001.22208_none_fae80e68066f4ac7\_SERVI~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6000.16708_none_2e6f68d711833115\_SMSVC~1.REG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6000.20864_none_2eb424f22ad51329\_SMSVC~1.REG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6001.18096_none_2ff255b70ef48daa\_SMSVC~1.REG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6001.22208_none_30df444827c761d0\_SMSVC~1.REG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_vrg_31bf3856ad364e35_6.0.6000.16708_none_3432eb0d0dced274\_SMSVC~1.VRG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_vrg_31bf3856ad364e35_6.0.6000.20864_none_3477a7282720b488\_SMSVC~1.VRG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.16708_none_78c5c5708f85fc49\_SERVI~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.20864_none_790a818ba8d7de5d\_SERVI~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.18096_none_7a48b2508cf758de\_SERVI~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.22208_none_7b35a0e1a5ca2d04\_SERVI~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6000.16708_none_c4f661e592b1c88e\_SERVI~1.REG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6000.20864_none_c53b1e00ac03aaa2\_SERVI~1.REG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6001.18096_none_c6794ec590232523\_SERVI~1.REG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6001.22208_none_c7663d56a8f5f949\_SERVI~1.REG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.0.6000.16708_none_325856a50f01ab0d\_SMSVC~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.0.6000.20864_none_329d12c028538d21\_SMSVC~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_33db43850c7307a2\_SMSVC~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_34c832162545dbc8\_SMSVC~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_vrg_31bf3856ad364e35_6.0.6001.22208_none_36a2c67e2413032f\_SMSVC~1.VRG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6002.18005_none_8a59b9a693f7ed88\$$DeleteMe.msxml3.dll.01ca6ecabdd95e56.0001 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-p..ting-spooler-client_31bf3856ad364e35_6.0.6002.18005_none_95196f2b15cf9bd2\$$DeleteMe.winspool.drv.01ca6700ee56cf39.0005 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-busenumservice_31bf3856ad364e35_6.0.6001.18000_none_77fe3055cc02641a\$$DeleteMe.wpdbusenum.dll.01ca6700ec75f979.0002 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_e2c358ab062e054b\WEB_MI~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_cbfb6f4f1fd04a3e\WEB_MI~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_e29e3d61068011ec\WEB_MI~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_cbd2adfd20258aff\WEB_MI~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6001.18111_none_9cf3b4d9 d654a956\GACUTI~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.18111_none_8774fd36990ff428\CSCEXE~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_879a188098bde787\CSCEXE~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_70d22f24b2602c7a\CSCEXE~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.1638 6_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6002.18005_none_ae1c8b4b8d1614c8\PRESEN~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_vrg_31bf3856ad364e35_6.0.6001.18096_none_35b5d7ed0b402f09\_SMSVC~1.VRG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6000.16720_none_c2e2272db9e7b99c\INSTAL~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6000.20883_none_c32de54ed3334d11\INSTAL~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6001.18111_none_c4d43609b70547f3\INSTAL~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6001.22230_none_c54732b2d0340648\INSTAL~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6000.16708_none_23cb592eb6e076f6\_SERVI~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6000.20864_none_24101549d032590a\_SERVI~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6001.18096_none_254e460eb451d38b\_SERVI~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6001.22208_none_263b349fcd24a7b1\_SERVI~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\$$DeleteMe.PortableDeviceApi.dll.01ca6700ecd9f339.0004 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\$$DeleteMe.PortableDeviceTypes.dll.01ca6700ecb17bd9.0003 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-oleaccrc_31bf3856ad364e35_6.0.6000.16386_none_76f32d528a780cf2\$$DeleteMe.oleaccrc.dll.01ca6700e6b48659.0001 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-oleacc_31bf3856ad364e35_6.0.6001.18000_none_6a84bdce2263bb83\$$DeleteMe.oleacc.dll.01ca6700e697f5d9.0000 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6002.18005_none_8a59754e93f83a6b\$$DeleteMe.msxml6.dll.01ca6ecabdc19096.0000 Status: Locked to the Windows API! Path: C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86 Status: Invisible to the Windows API! Path: c:\program files\orange\antivirus firewall\anti-virus\power.dat Status: Allocation size mismatch (API: 24, Raw: 0) Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\DV_ASP~1.CHM Status: Locked to the Windows API! Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\SYSTEM~1.DLL Status: Locked to the Windows API! Path: \\?\C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\* Status: Could not enumerate files with the Windows API (0x00000006)! Path: C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys Status: Invisible to the Windows API! Path: C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt Status: Invisible to the Windows API! Path: C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config Status: Locked to the Windows API! Path: C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PRESEN~1.CON Status: Locked to the Windows API! Path: C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\SYSTEM~1.DLL Status: Locked to the Windows API! Path: C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\_SERVI~1.REG Status: Locked to the Windows API! Path: C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\_SMSVC~1.REG Status: Locked to the Windows API! Path: c:\programdata\microsoft\search\data\applications\windows\gatherlogs\systemindex\systemindex.306.gthr Status: Allocation size mismatch (API: 45056, Raw: 40960) Processes ------------------- Path: System PID: 4 Status: Locked to the Windows API! Path: C:\Windows\System32\audiodg.exe PID: 1180 Status: Locked to the Windows API! SSDT ------------------- #: 078 Function Name: NtCreateThread Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0x90201e8c #: 165 Function Name: NtLoadDriver Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0x902021bc #: 177 Function Name: NtMapViewOfSection Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0x90201bcc #: 197 Function Name: NtOpenSection Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0x902025ee #: 267 Function Name: NtRenameKey Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0x9020388c #: 317 Function Name: NtSetSystemInformation Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0x9020243e #: 330 Function Name: NtSuspendProcess Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0x90201a4c #: 331 Function Name: NtSuspendThread Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0x90201ec0 #: 332 Function Name: NtSystemDebugControl Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0x90202042 #: 334 Function Name: NtTerminateProcess Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0x902019a6 #: 335 Function Name: NtTerminateThread Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0x90201b06 #: 358 Function Name: NtWriteVirtualMemory Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0x90201f86 #: 382 Function Name: NtCreateThreadEx Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0x90201ea6 Stealth Objects ------------------- Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE] Process: System Address: 0x85d241f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE] Process: System Address: 0x85d241f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x85d241f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE] Process: System Address: 0x85d241f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x85d241f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION] Process: System Address: 0x85d241f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x85d241f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x85d241f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x85d241f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x85d241f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x85d241f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x85d241f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x85d241f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x85d241f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x85d241f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x85d241f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP] Process: System Address: 0x85d241f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x85d241f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x85d241f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x85d241f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x85d241f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x85d241f8 Size: 121 Shadow SSDT ------------------- #: 573 Function Name: NtUserSetWindowsHookEx Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0x90204646 ==EOF==
  20. Maheva
    Bonsoir, J'arrive pas à faire le scan. Quand j'appuie sur le bouton scan, windows me dit que le programme a cessé de fonctionner, on me demande de fermer le programme, ce que je fait. Ensuite j'ai un écran bleu avec plein de truc écrit en anglais pendant quelques secondes puis l'ordinateur redémarre.
  21. Maheva
    Bonjour, Voici le rapport OTL.txt Par contre je n'ai pas de rapport extras.txt OTL logfile created on: 09/12/2009 14:12:51 - Run 3 OTL by OldTimer - Version 3.1.11.4 Folder = C:\Users\Carole\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18828) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 88,74% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,04 Gb Total Space | 78,03 Gb Free Space | 52,36% Space Free | Partition Type: NTFS Drive D: | 139,28 Gb Total Space | 133,76 Gb Free Space | 96,04% Space Free | Partition Type: NTFS Drive E: | 3,74 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF F: Drive not present or media not loaded Drive G: | 596,02 Gb Total Space | 243,93 Gb Free Space | 40,93% Space Free | Partition Type: FAT32 H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ORDI-DE-CAROLE Current User Name: Carole Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2009/12/04 18:30:24 | 00,347,776 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fsav32.exe PRC - [2009/12/04 18:30:24 | 00,055,936 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe PRC - [2009/12/04 18:29:23 | 00,599,168 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fssm32.exe PRC - [2009/12/04 18:29:23 | 00,476,800 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\FSGK32.EXE PRC - [2009/12/03 10:01:34 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\Carole\Desktop\OTL.exe PRC - [2009/08/05 16:58:52 | 00,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\Common\FSMA32.EXE PRC - [2009/08/05 16:58:50 | 00,199,264 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\Common\FSM32.EXE PRC - [2009/08/05 16:58:50 | 00,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\Common\FSHDLL32.EXE PRC - [2009/08/05 16:57:20 | 00,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\FWES\Program\fsdfwd.exe PRC - [2009/08/05 16:56:10 | 00,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fsgk32st.exe PRC - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2009/04/11 07:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe PRC - [2009/04/11 07:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2008/11/21 05:38:40 | 00,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe PRC - [2008/08/13 00:21:11 | 06,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008/07/09 18:14:06 | 00,191,032 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe PRC - [2008/06/26 06:58:59 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe PRC - [2008/06/25 04:01:08 | 00,159,744 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Media\DMedia.exe PRC - [2008/06/19 21:18:12 | 00,154,168 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe PRC - [2008/06/18 07:10:24 | 00,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe PRC - [2008/06/09 19:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe PRC - [2008/06/09 19:16:32 | 02,363,392 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe PRC - [2008/06/04 02:29:08 | 00,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe PRC - [2008/02/02 00:17:26 | 00,233,472 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe PRC - [2008/01/24 00:34:42 | 07,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe PRC - [2008/01/23 19:51:28 | 00,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe PRC - [2008/01/21 03:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe PRC - [2008/01/21 03:23:32 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008/01/12 07:40:10 | 00,098,304 | ---- | M] () -- C:\Program Files\ATK Hotkey\HControlUser.exe PRC - [2007/12/06 11:12:57 | 00,095,528 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe PRC - [2007/12/06 11:12:43 | 01,029,416 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2007/12/04 19:57:06 | 02,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe PRC - [2007/11/30 20:20:44 | 00,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe PRC - [2007/11/05 04:48:06 | 00,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe PRC - [2007/10/03 06:53:00 | 00,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe PRC - [2007/09/25 19:08:58 | 00,094,208 | ---- | M] (France Telecom SA) -- C:\Program Files\Orange\Systray\SystrayApp.exe PRC - [2007/09/25 18:58:46 | 00,598,016 | ---- | M] (France Telecom SA) -- C:\Program Files\Orange\Launcher\Launcher.exe PRC - [2007/09/25 18:33:26 | 00,716,800 | ---- | M] (France Telecom SA) -- C:\Program Files\Orange\connectivity\connectivitymanager.exe PRC - [2007/09/25 18:32:00 | 00,028,672 | ---- | M] (France Telecom SA) -- C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe PRC - [2007/09/25 18:31:52 | 00,360,448 | ---- | M] (France Telecom SA) -- C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe PRC - [2007/09/25 18:28:12 | 00,065,536 | ---- | M] (France Telecom SA) -- C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe PRC - [2007/09/25 18:27:50 | 00,065,536 | ---- | M] (France Telecom SA) -- C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe PRC - [2007/09/25 18:24:56 | 00,090,112 | ---- | M] (France Telecom SA) -- C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe PRC - [2007/08/15 20:20:16 | 00,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe PRC - [2007/08/08 09:08:40 | 00,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe PRC - [2007/08/03 21:24:54 | 00,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe PRC - [2007/07/06 01:53:44 | 01,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe PRC - [2007/05/18 11:31:16 | 00,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2005/07/07 00:43:42 | 00,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe ========== Modules (SafeList) ========== MOD - [2009/12/03 10:01:34 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\Carole\Desktop\OTL.exe MOD - [2009/08/05 16:58:30 | 00,330,336 | ---- | M] () -- \\?\c:\program files\orange\antivirus firewall\hips\fshook32.dll MOD - [2009/04/11 07:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2009/12/04 18:30:24 | 00,055,936 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe -- (FSORSPClient) SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service) SRV - [2009/09/25 02:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/09/23 15:36:06 | 00,051,168 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus® SRV - [2009/08/05 16:58:52 | 00,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\Common\FSMA32.EXE -- (FSMA) SRV - [2009/08/05 16:57:20 | 00,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\FWES\Program\fsdfwd.exe -- (FSDFWD) SRV - [2009/08/05 16:56:10 | 00,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter) SRV - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008/06/26 06:58:59 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc) SRV - [2008/06/09 19:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2008/01/21 03:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007/10/03 06:53:00 | 00,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2007/09/25 18:27:50 | 00,065,536 | ---- | M] (France Telecom SA) -- C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC) SRV - [2007/08/08 09:08:40 | 00,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2007/08/03 21:24:54 | 00,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr) SRV - [2007/05/18 11:31:16 | 00,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) SRV - [2007/02/20 14:53:06 | 00,075,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV) SRV - [2007/02/20 14:53:02 | 00,112,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service) SRV - [2007/01/26 11:39:06 | 00,075,952 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe -- (ICScsiSV) SRV - [2007/01/26 11:38:48 | 00,067,760 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe -- (IcVzMonLauncher) SRV - [2007/01/26 11:38:48 | 00,043,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment) SRV - [2006/12/14 02:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2006/12/14 02:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - [2006/12/14 01:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2006/11/02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart) SRV - [2006/10/26 22:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll () IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\Orange\Antivirus Firewall\NRS\litmus-ff@f-secure.com [2009/12/04 18:30:32 | 00,000,000 | ---D | M] O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Orange\Antivirus Firewall\NRS\iescript\baselitmus.dll (F-Secure Corporation) O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Orange\Antivirus Firewall\NRS\iescript\baselitmus.dll (F-Secure Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe () O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe () O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe () O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Orange\Antivirus Firewall\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Orange\Antivirus Firewall\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [HControlUser] C:\Program Files\ATK Hotkey\HcontrolUser.exe () O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe (France Telecom SA) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [systrayORAHSS] C:\Program Files\Orange\Systray\SystrayApp.exe (France Telecom SA) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation) O15 - HKCU\..Trusted Domains: orange.fr ([www] http in Sites de confiance) O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009/11/25 18:27:01 | 00,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009/11/25 18:27:01 | 00,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009/11/25 18:27:04 | 00,000,000 | R--D | M] - G:\autorun.inf -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 03:34:27 | 00,000,000 | ---D | M] NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found OTL cannot create restorepoints on Vista OSs! ========== Files/Folders - Created Within 14 Days ========== [2009/12/07 23:27:59 | 00,000,000 | ---D | C] -- C:\Windows\temp [2009/12/07 23:27:59 | 00,000,000 | ---D | C] -- C:\Users\Carole\AppData\Local\temp [2009/12/07 23:17:55 | 00,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2009/12/07 23:17:55 | 00,000,000 | ---D | C] -- \$RECYCLE.BIN [2009/12/04 18:17:15 | 00,071,040 | ---- | C] (F-Secure Corporation) -- C:\Windows\System32\drivers\fsdfw.sys [2009/12/04 17:41:23 | 00,000,000 | ---D | C] -- C:\Qoobox [2009/12/04 17:41:23 | 00,000,000 | ---D | C] -- \Qoobox [2009/12/04 17:32:43 | 00,000,000 | ---D | C] -- C:\Avenger [2009/12/04 17:32:43 | 00,000,000 | ---D | C] -- \Avenger [2009/12/03 10:01:22 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Users\Carole\Desktop\OTL.exe [2009/12/02 22:15:14 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Carole\Desktop\Carole.exe [2009/12/02 21:41:48 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Carole\Desktop\HiJackThis.exe [2009/11/25 18:27:01 | 00,000,000 | R--D | C] -- C:\autorun.inf [2009/11/25 18:27:01 | 00,000,000 | R--D | C] -- \autorun.inf [2009/11/25 18:14:47 | 00,000,000 | ---D | C] -- C:\UsbFix [2009/11/25 18:14:47 | 00,000,000 | ---D | C] -- \UsbFix [2009/11/25 18:05:17 | 00,000,000 | ---D | C] -- C:\rsit [2009/11/25 18:05:17 | 00,000,000 | ---D | C] -- \rsit [2008/06/03 22:41:51 | 00,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys [2007/07/05 01:28:51 | 00,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [1 C:\Users\Carole\Documents\*.tmp files -> C:\Users\Carole\Documents\*.tmp -> ] ========== Files - Modified Within 14 Days ========== [2009/12/09 14:12:52 | 03,145,728 | -HS- | M] () -- C:\Users\Carole\NTUSER.DAT [2009/12/09 13:30:08 | 00,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009/12/09 13:30:08 | 00,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009/12/09 13:30:01 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2009/12/09 13:30:00 | 00,027,934 | ---- | M] () -- C:\ProgramData\nvModes.001 [2009/12/09 13:29:54 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2009/12/08 23:09:12 | 00,524,288 | -HS- | M] () -- C:\Users\Carole\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2009/12/08 23:09:12 | 00,065,536 | -HS- | M] () -- C:\Users\Carole\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2009/12/08 23:08:49 | 01,688,937 | -H-- | M] () -- C:\Users\Carole\AppData\Local\IconCache.db [2009/12/08 21:26:59 | 02,405,320 | R--- | M] () -- C:\Users\Carole\Documents\Money Sauvegarde.mbf [2009/12/08 21:26:55 | 00,011,476 | ---- | M] () -- C:\Users\Carole\Documents\Budget 2010.xlsx [2009/12/08 18:00:27 | 00,045,767 | ---- | M] () -- C:\Users\Carole\Documents\EdT Carole.xlsx [2009/12/08 17:18:43 | 00,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{91283F18-3F0E-457A-A007-2FA9F9DC6165}.job [2009/12/07 23:18:39 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini [2009/12/07 23:17:45 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2009/12/07 23:17:32 | 00,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2009/12/04 18:41:10 | 00,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Anti-virus firewall.lnk [2009/12/04 18:30:46 | 00,033,920 | ---- | M] () -- C:\Windows\System32\drivers\fsbts.sys [2009/12/04 18:17:20 | 01,727,728 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2009/12/04 18:17:20 | 00,750,410 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2009/12/04 18:17:20 | 00,662,450 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2009/12/04 18:17:20 | 00,160,668 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2009/12/04 18:17:20 | 00,134,270 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2009/12/04 17:23:59 | 03,579,965 | R--- | M] () -- C:\Users\Carole\Desktop\ComboFix.exe [2009/12/03 10:02:00 | 00,000,290 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2009/12/03 10:01:34 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\Carole\Desktop\OTL.exe [2009/12/03 00:19:39 | 00,000,204 | ---- | M] () -- C:\infect.fstmp [2009/12/03 00:14:00 | 00,000,000 | ---- | M] () -- C:\error.fstmp [2009/12/02 22:14:27 | 00,781,909 | ---- | M] () -- C:\Users\Carole\Desktop\RSIT.exe [2009/12/02 22:09:39 | 00,027,934 | ---- | M] () -- C:\ProgramData\nvModes.dat [2009/12/02 21:41:52 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Carole\Desktop\HiJackThis.exe [2009/12/02 21:41:52 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Carole\Desktop\Carole.exe [2009/12/02 19:35:55 | 00,810,414 | ---- | M] () -- C:\Users\Carole\Desktop\UNINSTALLATION_TOOL.exe [2009/12/01 20:57:50 | 00,047,616 | ---- | M] () -- C:\Users\Carole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/11/30 16:55:10 | 00,010,787 | ---- | M] () -- C:\Users\Carole\Documents\Objets En Vente.xlsx [2009/11/29 18:36:37 | 00,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009/11/28 14:19:16 | 00,436,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2009/11/27 20:35:23 | 00,000,000 | ---- | M] () -- C:\Users\Carole\defogger_renable [2009/11/27 18:48:28 | 00,013,916 | ---- | M] () -- C:\Users\Carole\Documents\Budget.xlsx [2009/11/26 14:41:36 | 03,145,728 | -HS- | M] () -- C:\Users\Carole\ntuser.dat_previous [1 C:\Users\Carole\Documents\*.tmp files -> C:\Users\Carole\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2009/12/08 21:26:55 | 00,011,476 | ---- | C] () -- C:\Users\Carole\Documents\Budget 2010.xlsx [2009/12/07 23:27:56 | 00,019,363 | ---- | C] () -- \ComboFix.txt [2009/12/04 18:27:43 | 00,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Anti-virus firewall.lnk [2009/12/04 17:30:55 | 00,001,938 | ---- | C] () -- \avenger.txt [2009/12/04 17:25:10 | 00,731,136 | ---- | C] () -- C:\Users\Carole\Desktop\avenger.exe [2009/12/04 17:23:56 | 03,579,965 | R--- | C] () -- C:\Users\Carole\Desktop\ComboFix.exe [2009/12/02 22:21:34 | 00,292,352 | ---- | C] () -- C:\Users\Carole\Desktop\gmer.exe [2009/12/02 22:14:26 | 00,781,909 | ---- | C] () -- C:\Users\Carole\Desktop\RSIT.exe [2009/12/02 19:35:50 | 00,810,414 | ---- | C] () -- C:\Users\Carole\Desktop\UNINSTALLATION_TOOL.exe [2009/11/27 20:35:23 | 00,000,000 | ---- | C] () -- C:\Users\Carole\defogger_renable [2009/11/25 18:44:56 | 00,000,159 | ---- | C] () -- \VundoFix.txt [2009/11/25 18:19:00 | 00,008,313 | ---- | C] () -- \UsbFix.txt [2009/10/22 14:18:39 | 00,000,000 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini [2009/10/22 14:18:38 | 00,237,568 | ---- | C] () -- C:\Windows\System32\qtmlClient.dll [2009/10/08 19:45:12 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009/08/18 00:54:08 | 00,000,204 | ---- | C] () -- \infect.fstmp [2009/08/18 00:54:08 | 00,000,000 | ---- | C] () -- \error.fstmp [2009/08/07 03:03:00 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/07/24 00:21:22 | 00,029,239 | ---- | C] () -- C:\Users\Carole\AppData\Roaming\UserTile.png [2009/06/17 18:18:26 | 00,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe [2009/05/30 20:28:19 | 00,033,920 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys [2009/05/25 18:07:08 | 00,000,680 | ---- | C] () -- C:\Users\Carole\AppData\Local\d3d9caps.dat [2009/05/09 13:37:48 | 00,000,094 | ---- | C] () -- C:\Users\Carole\AppData\Local\fusioncache.dat [2009/03/31 11:30:40 | 00,000,000 | RHS- | C] () -- \MSDOS.SYS [2009/03/31 11:30:40 | 00,000,000 | RHS- | C] () -- \IO.SYS [2009/03/05 11:19:09 | 00,000,021 | ---- | C] () -- \NIS2008.TXT [2009/02/23 15:23:20 | 00,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll [2009/01/21 18:17:46 | 00,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009/01/21 18:17:22 | 00,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009/01/21 18:17:22 | 00,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009/01/21 18:17:20 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2009/01/21 18:17:13 | 00,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009/01/21 18:17:13 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2009/01/21 13:43:28 | 00,047,616 | ---- | C] () -- C:\Users\Carole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/01/21 12:41:06 | 35,341,14816 | -HS- | C] () -- [2009/01/21 12:20:18 | 00,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2008/11/22 20:25:18 | 00,000,105 | ---- | C] () -- \Pass.txt [2008/11/21 06:00:23 | 00,019,069 | ---- | C] () -- \devlist.txt [2008/11/21 05:57:03 | 00,000,009 | ---- | C] () -- \Finish.log [2008/11/21 05:44:49 | 00,000,024 | ---- | C] () -- C:\Windows\System32\ChkMail.ini [2008/11/21 05:14:04 | 00,000,159 | ---- | C] () -- \Setup.log [2008/11/21 05:11:35 | 00,000,646 | ---- | C] () -- \RHDSetup.log [2008/11/21 04:34:44 | 00,000,481 | ---- | C] () -- \igoogle_log.txt [2008/11/21 04:06:02 | 00,000,021 | ---- | C] () -- \V552.txt [2008/11/21 03:56:15 | 00,000,166 | ---- | C] () -- \SumHidd.txt [2008/11/21 03:55:30 | 00,000,098 | ---- | C] () -- \SumOS.txt [2008/10/01 06:09:42 | 00,000,021 | ---- | C] () -- \msapp2.LOG [2008/09/24 18:54:29 | 01,048,576 | RH-- | C] () -- \X71SLAS.BIN [2008/09/08 21:19:49 | 00,000,027 | ---- | C] () -- \Driver.20 [2008/07/02 04:28:38 | 00,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll [2008/06/02 17:51:13 | 00,000,022 | ---- | C] () -- \RECOVERY.DAT [2008/05/23 04:01:42 | 00,000,030 | ---- | C] () -- \NERO.LOG [2008/05/22 18:35:54 | 00,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg [2008/05/13 22:35:23 | 01,772,544 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2008/04/29 14:49:01 | 00,000,020 | ---- | C] () -- \READER_A.TXT [2008/04/16 12:27:14 | 00,333,257 | RHS- | C] () -- \bootmgr [2008/04/16 11:43:39 | 00,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2008/04/16 11:43:26 | 00,000,019 | ---- | C] () -- \CA21.txt [2008/03/21 03:56:21 | 00,002,666 | ---- | C] () -- \Patch.LOG [2007/06/12 19:34:50 | 00,035,822 | ---- | C] () -- C:\Program Files\Common Files\ASPG_icon.ico [2007/05/09 23:16:39 | 00,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2007/03/16 00:17:34 | 00,000,025 | ---- | C] () -- \OFFICE2007_A.TXT [2006/11/02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 11:23:09 | 00,000,024 | ---- | C] () -- \autoexec.bat [2006/11/02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 07:25:08 | 00,000,010 | ---- | C] () -- \config.sys [2006/05/19 19:39:57 | 00,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2006/03/09 02:57:59 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2004/02/29 16:44:34 | 00,052,576 | ---- | C] () -- \orange.bmp ========== LOP Check ========== [2009/11/18 11:35:11 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\Auslogics [2009/10/08 21:23:53 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\DAEMON Tools Lite [2009/05/13 10:10:56 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\eMule [2009/03/24 11:42:58 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\EPSON [2009/10/08 14:42:40 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\GARMIN [2009/05/30 21:02:22 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\gtk-2.0 [2009/08/20 04:24:22 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\ITTNord [2009/03/05 11:19:15 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\Oberon Games [2009/07/24 00:21:22 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\PeerNetworking [2009/08/18 01:44:40 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\PlayFirst [2009/10/23 18:17:23 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\proDAD [2009/10/08 21:30:15 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\Sony [2009/12/08 23:09:03 | 00,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009/12/08 17:18:43 | 00,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{91283F18-3F0E-457A-A007-2FA9F9DC6165}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008/01/21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys [2008/01/21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008/01/21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008/01/21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008/01/21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008/01/21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006/11/02 10:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009/04/11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys [2009/04/11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009/04/11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008/01/21 03:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008/01/21 03:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006/11/02 10:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006/11/02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll [2006/11/02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006/11/02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008/01/21 03:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008/01/21 03:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008/01/21 03:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006/11/02 10:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/04/11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll [2009/04/11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009/04/11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008/01/21 03:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006/11/02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008/01/21 03:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008/01/21 03:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008/01/21 03:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008/01/21 03:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009/04/11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll [2009/04/11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009/04/11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:D2A5A561 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:37994DBE @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:6B86037F @Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:6677D85A @Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:10D98D98 < End of report >
  22. Maheva
    Voici le rapport: ComboFix 09-12-03.06 - Carole 07/12/2009 23:02.8.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3070.2135 [GMT 1:00] Lancé depuis: c:\users\Carole\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\Carole\Desktop\CFscript.txt SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} FILE :: "c:\windows\System32\tdlclk.dll" "c:\windows\System32\tdlcmd.dll" . ((((((((((((((((((((((((((((( Fichiers créés du 2009-11-07 au 2009-12-07 )))))))))))))))))))))))))))))))))))) . 2009-12-07 22:15 . 2009-12-07 22:19 -------- d-----w- c:\users\Carole\AppData\Local\temp 2009-12-07 22:15 . 2009-12-07 22:15 -------- d-----w- c:\users\Public\AppData\Local\temp 2009-12-07 22:15 . 2009-12-07 22:15 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-12-04 17:17 . 2009-08-05 15:57 71040 ----a-w- c:\windows\system32\drivers\fsdfw.sys 2009-11-26 18:34 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll 2009-11-25 17:14 . 2009-11-25 17:32 4096 d-----w- C:\UsbFix 2009-11-25 17:05 . 2009-11-26 12:23 -------- d-----w- C:\rsit 2009-11-24 19:34 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll 2009-11-24 19:34 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6(126).dll 2009-11-24 19:34 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll 2009-11-24 19:34 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3(124).dll 2009-11-18 17:48 . 2009-11-18 17:48 -------- d-----w- c:\program files\CCleaner 2009-11-18 10:35 . 2009-11-18 10:35 -------- d-----w- c:\users\Carole\AppData\Roaming\Auslogics 2009-11-18 10:34 . 2009-11-18 10:34 -------- d-----w- c:\program files\Auslogics 2009-11-16 21:08 . 2009-11-16 21:08 -------- d-----w- c:\program files\Windows Portable Devices 2009-11-16 21:00 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2009-11-16 21:00 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2009-11-16 21:00 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2009-11-16 20:58 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2009-11-16 20:58 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2009-11-16 20:58 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2009-11-16 20:58 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2009-11-16 20:58 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2009-11-16 20:58 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2009-11-16 20:58 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll 2009-11-16 20:58 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2009-11-16 20:58 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2009-11-16 20:56 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2009-11-16 20:56 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll 2009-11-16 20:56 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2009-11-16 19:20 . 2009-11-16 19:20 -------- d-----w- c:\users\Carole\AppData\Roaming\Malwarebytes 2009-11-16 19:20 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-16 19:20 . 2009-11-29 17:36 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-16 19:20 . 2009-11-16 19:20 -------- d-----w- c:\progra~2\Malwarebytes 2009-11-16 19:20 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-13 20:00 . 2009-08-05 15:57 35680 ----a-w- c:\windows\system32\drivers\fses.sys 2009-11-11 10:07 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys 2009-11-11 10:07 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-07 22:17 . 2008-11-21 04:44 45056 ----a-w- c:\windows\system32\acovcnt.exe 2009-12-04 17:30 . 2009-05-30 19:28 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys 2009-12-04 17:17 . 2008-04-16 11:16 750410 ----a-w- c:\windows\system32\perfh00C.dat 2009-12-04 17:17 . 2008-04-16 11:16 160668 ----a-w- c:\windows\system32\perfc00C.dat 2009-12-04 17:15 . 2009-04-12 13:59 4096 d-----w- c:\program files\Orange 2009-12-02 21:09 . 2009-01-20 21:38 27934 ----a-w- c:\progra~2\nvModes.dat 2009-11-26 13:41 . 2008-11-21 04:37 -------- d-----w- c:\progra~2\P4G 2009-11-26 13:41 . 2009-04-22 08:50 4096 d-----w- c:\program files\Bonjour 2009-11-26 13:41 . 2008-11-21 04:32 4096 d-----w- c:\program files\ATKGFNEX 2009-11-26 13:41 . 2008-11-21 04:25 4096 d-----w- c:\program files\ASUS 2009-11-26 13:41 . 2008-11-21 04:05 -------- d-----w- c:\program files\ATKOSD2 2009-11-26 13:41 . 2008-11-21 04:05 8192 d-----w- c:\program files\ATK Hotkey 2009-11-26 13:41 . 2008-11-21 02:36 12288 d-----w- c:\program files\Common Files\LightScribe 2009-11-18 17:38 . 2009-01-21 13:04 4096 d-----w- c:\program files\Windows Live 2009-11-16 21:08 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-11-16 21:06 . 2009-11-16 21:06 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2009-11-13 18:34 . 2009-01-20 21:50 -------- d-----w- c:\program files\Securitoo 2009-11-12 10:10 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail 2009-11-12 09:52 . 2008-11-21 02:22 65536 d-----w- c:\progra~2\Microsoft Help 2009-11-05 15:24 . 2009-01-20 19:52 131160 ----a-w- c:\users\Carole\AppData\Local\GDIPFONTCACHEV1.DAT 2009-11-05 14:00 . 2009-10-09 16:36 -------- d-----w- c:\progra~2\Pinnacle 2009-11-02 19:42 . 2009-10-02 18:31 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-11-02 07:44 . 2009-11-02 07:43 4096 d-----w- c:\program files\iTunes 2009-11-02 07:43 . 2009-11-02 07:43 -------- d-----w- c:\program files\iPod 2009-11-02 07:43 . 2009-04-22 08:44 -------- d-----w- c:\program files\Common Files\Apple 2009-10-23 17:17 . 2009-10-22 13:19 -------- d-----w- c:\users\Carole\AppData\Roaming\proDAD 2009-10-22 13:16 . 2008-11-21 02:36 12288 d--h--w- c:\program files\InstallShield Installation Information 2009-10-22 13:10 . 2009-10-22 13:10 -------- d-----w- c:\progra~2\Pinnacle Studio Ultimate 2009-10-11 03:17 . 2009-05-27 18:13 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-09 16:33 . 2009-10-09 16:32 -------- d-----w- c:\program files\Common Files\SureThing Shared 2009-10-09 16:31 . 2009-10-09 16:31 -------- d-----w- c:\progra~2\NOS 2009-10-09 16:31 . 2009-10-09 16:31 -------- d-----w- c:\program files\NOS 2009-10-08 18:51 . 2009-05-25 17:07 680 ----a-w- c:\users\Carole\AppData\Local\d3d9caps.dat 2009-10-08 18:45 . 2009-10-08 18:45 721904 ------w- c:\windows\system32\drivers\sptd.sys 2009-10-01 01:02 . 2009-11-16 20:59 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2009-10-01 01:02 . 2009-11-16 20:59 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2009-10-01 01:01 . 2009-11-16 20:59 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2009-09-25 02:10 . 2009-11-16 20:59 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2009-09-25 02:07 . 2009-11-16 20:59 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2009-09-25 02:04 . 2009-11-16 20:59 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2009-09-25 01:49 . 2009-11-16 20:59 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2009-09-25 01:48 . 2009-11-16 20:59 351232 ----a-w- c:\windows\system32\XpsPrint.dll 2009-09-25 01:38 . 2009-11-16 20:59 847360 ----a-w- c:\windows\system32\OpcServices.dll 2009-09-25 01:36 . 2009-11-16 20:59 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2009-09-25 01:35 . 2009-11-16 20:59 135680 ----a-w- c:\windows\system32\XpsRasterService.dll 2009-09-25 01:33 . 2009-11-16 20:59 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2009-09-25 01:33 . 2009-11-16 20:59 829440 ----a-w- c:\windows\system32\d3d10warp.dll 2009-09-25 01:33 . 2009-11-16 20:59 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2009-09-25 01:32 . 2009-11-16 20:59 252928 ----a-w- c:\windows\system32\dxdiag.exe 2009-09-25 01:31 . 2009-11-16 20:59 519680 ----a-w- c:\windows\system32\d3d11.dll 2009-09-25 01:31 . 2009-11-16 20:59 486912 ----a-w- c:\windows\system32\d3d10level9.dll 2009-09-25 01:31 . 2009-11-16 20:59 161280 ----a-w- c:\windows\system32\d3d10_1.dll 2009-09-25 01:31 . 2009-11-16 20:59 218112 ----a-w- c:\windows\system32\d3d10_1core.dll 2009-09-25 01:31 . 2009-11-16 20:59 1030144 ----a-w- c:\windows\system32\d3d10.dll 2009-09-25 01:31 . 2009-11-16 20:59 828928 ----a-w- c:\windows\system32\d2d1.dll 2009-09-25 01:30 . 2009-11-16 20:59 190464 ----a-w- c:\windows\system32\d3d10core.dll 2009-09-25 01:30 . 2009-11-16 20:59 481792 ----a-w- c:\windows\system32\dxgi.dll 2009-09-25 01:27 . 2009-11-16 20:59 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2009-09-25 01:27 . 2009-11-16 20:59 37888 ----a-w- c:\windows\system32\cdd.dll 2009-09-25 01:27 . 2009-11-16 20:59 793088 ----a-w- c:\windows\system32\FntCache.dll 2009-09-25 01:27 . 2009-11-16 20:59 1064448 ----a-w- c:\windows\system32\DWrite.dll 2009-09-24 22:54 . 2009-11-16 20:59 258048 ----a-w- c:\windows\system32\winspool.drv 2009-09-24 22:54 . 2009-11-16 20:59 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2009-09-24 22:54 . 2009-11-16 20:59 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2009-09-14 09:29 . 2009-10-14 18:28 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2009-09-10 16:48 . 2009-10-14 18:46 218624 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 14:59 . 2009-10-28 07:52 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-09-10 14:58 . 2009-10-28 07:52 310784 ----a-w- c:\windows\system32\unregmp2.exe 2008-07-02 03:28 . 2008-07-02 03:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll 2008-05-22 17:35 . 2008-05-22 17:35 51962 ----a-w- c:\program files\Common Files\banner.jpg 2007-06-12 18:34 . 2007-06-12 18:34 35822 ----a-w- c:\program files\Common Files\ASPG_icon.ico 2004-08-09 21:30 . 2009-06-17 17:18 40960 ----a-w- c:\program files\Uninstall_CDS.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 01:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-26 92704] "HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304] "ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744] "ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2008-11-21 47672] "ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-11-21 33136] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208] "ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "F-Secure Manager"="c:\program files\Orange\Antivirus Firewall\Common\FSM32.EXE" [2009-08-05 199264] "F-Secure TNB"="c:\program files\Orange\Antivirus Firewall\FSGUI\TNBUtil.exe" [2009-08-05 2349664] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-08-12 6265376] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):01,2c,9a,f6,48,18,ca,01 R0 fsbts;fsbts;c:\windows\System32\drivers\fsbts.sys [30/05/2009 20:28 33920] R0 lullaby;lullaby;c:\windows\System32\drivers\lullaby.sys [21/11/2008 05:30 15416] R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys [04/12/2009 18:16 68064] R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [13/11/2009 21:00 35680] R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [04/12/2009 18:17 71040] R1 fsvista;F-Secure Vista Support Driver;c:\program files\Orange\Antivirus Firewall\Anti-Virus\minifilter\fsvista.sys [04/12/2009 18:15 12384] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Orange\Antivirus Firewall\Anti-Virus\minifilter\fsgk.sys [04/12/2009 18:15 101496] R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe [04/12/2009 18:16 55936] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [16/11/2007 05:09 48128] S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 03:23 21504] S3 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [23/02/2009 15:25 75952] S3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [23/02/2009 15:25 67760] S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [12/04/2009 15:03 28224] S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Orange\Antivirus Firewall\Anti-Virus\win2k\fsfilter.sys [04/12/2009 18:15 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Orange\Antivirus Firewall\Anti-Virus\win2k\fsrec.sys [04/12/2009 18:15 25184] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contenu du dossier 'Tâches planifiées' 2009-12-07 c:\windows\Tasks\User_Feed_Synchronization-{91283F18-3F0E-457A-A007-2FA9F9DC6165}.job - c:\windows\system32\msfeedssync.exe [2009-10-14 03:41] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: c:\program files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL Trusted Zone: orange.fr\www . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-07 23:18 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... c:\windows\TEMP\TMP0000000855022F1356E67159 524288 bytes executable C:\ADSM_PData_0150 Scan terminé avec succès Fichiers cachés: 2 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys halmacpi.dll >>UNKNOWN [0x85D231F8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0x8afabd24 \Driver\ACPI -> acpi.sys @ 0x82e12d68 \Driver\atapi -> 0x85d231f8 IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1096) c:\program files\orange\antivirus firewall\hips\fshook32.dll - - - - - - - > 'lsass.exe'(656) c:\program files\orange\antivirus firewall\hips\fshook32.dll - - - - - - - > 'Explorer.exe'(1256) c:\program files\orange\antivirus firewall\hips\fshook32.dll c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\rundll32.exe c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe c:\windows\system32\WLANExt.exe c:\program files\ATK Hotkey\ASLDRSrv.exe c:\program files\ATKGFNEX\GFNEXSrv.exe c:\program files\ASUS\SmartLogon\sensorsrv.exe c:\program files\ATK Hotkey\Hcontrol.exe c:\program files\ATK Hotkey\MsgTranAgt.exe c:\program files\Wireless Console 2\wcourier.exe c:\program files\ASUS\ASUS CopyProtect\aspg.exe c:\program files\P4G\BatteryLife.exe c:\program files\ASUS\Splendid\ACMON.exe c:\windows\System32\ACEngSvr.exe c:\program files\ATK Hotkey\ATKOSD.exe c:\program files\ATK Hotkey\KBFiltr.exe c:\program files\ATK Hotkey\WDC.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Orange\Antivirus Firewall\Anti-Virus\fsgk32st.exe c:\program files\Orange\Antivirus Firewall\Common\FSMA32.EXE c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe c:\program files\Orange\Antivirus Firewall\Anti-Virus\FSGK32.EXE c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Orange\Antivirus Firewall\Common\FSHDLL32.EXE c:\program files\ASUS\NB Probe\SPM\spmgr.exe c:\program files\Orange\Antivirus Firewall\Anti-Virus\fssm32.exe c:\program files\Orange\Antivirus Firewall\FWES\Program\fsdfwd.exe c:\program files\Orange\Antivirus Firewall\Anti-Virus\fsav32.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Heure de fin: 2009-12-07 23:27 - La machine a redémarré ComboFix-quarantined-files.txt 2009-12-07 22:27 ComboFix2.txt 2009-12-04 17:05 Avant-CF: 80 045 527 040 octets libres Après-CF: 80 127 156 224 octets libres - - End Of File - - 789BEA36977F0436505266CB77E00CA2
  23. Maheva
    Salut, Je n'étais pas là ce week-end. Je n'ai pas pu voir ton message. Du coup je peux plus téléchargé ton fichier, quand je clique on me dit File has expired. Peux tu me le renvoyer, stp ? Merci
  24. Maheva
    Bonjour voilà le rapport de Avenger ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows NT 6.0 (build 6002, Service Pack 2) Fri Dec 04 17:30:55 2009 17:30:51: Error: Invalid script. A valid script must begin with a command directive. Aborting execution! ////////////////////////////////////////// Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File move operation "C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys|C:\Windows\System32\drivers\atapi.sys" completed successfully. Completed script processing. ******************* Finished! Terminate. et celui de combofix qui cette fois-ci a marché: ComboFix 09-12-03.06 - Carole 04/12/2009 17:44.7.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3070.2064 [GMT 1:00] Lancé depuis: c:\users\Carole\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-882581897-1287058187-1818664465-1000(0) c:\windows\system32\tdlclk.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2009-11-04 au 2009-12-04 )))))))))))))))))))))))))))))))))))) . 2009-12-04 16:59 . 2009-12-04 17:00 -------- d-----w- c:\users\Carole\AppData\Local\temp 2009-12-04 16:59 . 2009-12-04 16:59 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-11-26 18:34 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll 2009-11-25 17:14 . 2009-11-25 17:32 4096 d-----w- C:\UsbFix 2009-11-25 17:05 . 2009-11-26 12:23 -------- d-----w- C:\rsit 2009-11-24 19:34 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll 2009-11-24 19:34 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6(126).dll 2009-11-24 19:34 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll 2009-11-24 19:34 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3(124).dll 2009-11-18 17:48 . 2009-11-18 17:48 -------- d-----w- c:\program files\CCleaner 2009-11-18 10:35 . 2009-11-18 10:35 -------- d-----w- c:\users\Carole\AppData\Roaming\Auslogics 2009-11-18 10:34 . 2009-11-18 10:34 -------- d-----w- c:\program files\Auslogics 2009-11-16 21:08 . 2009-11-16 21:08 -------- d-----w- c:\program files\Windows Portable Devices 2009-11-16 21:00 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2009-11-16 21:00 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2009-11-16 21:00 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2009-11-16 20:58 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2009-11-16 20:58 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2009-11-16 20:58 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2009-11-16 20:58 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2009-11-16 20:58 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2009-11-16 20:58 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2009-11-16 20:58 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll 2009-11-16 20:58 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2009-11-16 20:58 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2009-11-16 20:56 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2009-11-16 20:56 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll 2009-11-16 20:56 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2009-11-16 19:20 . 2009-11-16 19:20 -------- d-----w- c:\users\Carole\AppData\Roaming\Malwarebytes 2009-11-16 19:20 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-16 19:20 . 2009-11-29 17:36 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-16 19:20 . 2009-11-16 19:20 -------- d-----w- c:\progra~2\Malwarebytes 2009-11-16 19:20 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-13 20:00 . 2009-08-05 15:57 35680 ----a-w- c:\windows\system32\drivers\fses.sys 2009-11-11 10:07 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys 2009-11-11 10:07 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-04 16:38 . 2009-04-12 13:59 4096 d-----w- c:\program files\Orange 2009-12-04 16:34 . 2008-11-21 04:44 45056 ----a-w- c:\windows\system32\acovcnt.exe 2009-12-02 21:09 . 2009-01-20 21:38 27934 ----a-w- c:\progra~2\nvModes.dat 2009-12-02 20:19 . 2009-05-30 19:28 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys 2009-12-02 20:11 . 2008-04-16 11:16 743178 ----a-w- c:\windows\system32\perfh00C.dat 2009-12-02 20:11 . 2008-04-16 11:16 157320 ----a-w- c:\windows\system32\perfc00C.dat 2009-11-26 13:41 . 2008-11-21 04:37 -------- d-----w- c:\progra~2\P4G 2009-11-26 13:41 . 2009-04-22 08:50 4096 d-----w- c:\program files\Bonjour 2009-11-26 13:41 . 2008-11-21 04:32 4096 d-----w- c:\program files\ATKGFNEX 2009-11-26 13:41 . 2008-11-21 04:25 4096 d-----w- c:\program files\ASUS 2009-11-26 13:41 . 2008-11-21 04:05 -------- d-----w- c:\program files\ATKOSD2 2009-11-26 13:41 . 2008-11-21 04:05 8192 d-----w- c:\program files\ATK Hotkey 2009-11-26 13:41 . 2008-11-21 02:36 12288 d-----w- c:\program files\Common Files\LightScribe 2009-11-18 17:38 . 2009-01-21 13:04 4096 d-----w- c:\program files\Windows Live 2009-11-16 21:08 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-11-16 21:06 . 2009-11-16 21:06 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2009-11-13 18:34 . 2009-01-20 21:50 -------- d-----w- c:\program files\Securitoo 2009-11-12 10:10 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail 2009-11-12 09:52 . 2008-11-21 02:22 65536 d-----w- c:\progra~2\Microsoft Help 2009-11-05 15:24 . 2009-01-20 19:52 131160 ----a-w- c:\users\Carole\AppData\Local\GDIPFONTCACHEV1.DAT 2009-11-05 14:00 . 2009-10-09 16:36 -------- d-----w- c:\progra~2\Pinnacle 2009-11-02 19:42 . 2009-10-02 18:31 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-11-02 07:44 . 2009-11-02 07:43 4096 d-----w- c:\program files\iTunes 2009-11-02 07:43 . 2009-11-02 07:43 -------- d-----w- c:\program files\iPod 2009-11-02 07:43 . 2009-04-22 08:44 -------- d-----w- c:\program files\Common Files\Apple 2009-10-23 17:17 . 2009-10-22 13:19 -------- d-----w- c:\users\Carole\AppData\Roaming\proDAD 2009-10-22 13:16 . 2008-11-21 02:36 12288 d--h--w- c:\program files\InstallShield Installation Information 2009-10-22 13:10 . 2009-10-22 13:10 -------- d-----w- c:\progra~2\Pinnacle Studio Ultimate 2009-10-11 03:17 . 2009-05-27 18:13 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-09 16:33 . 2009-10-09 16:32 -------- d-----w- c:\program files\Common Files\SureThing Shared 2009-10-09 16:31 . 2009-10-09 16:31 -------- d-----w- c:\progra~2\NOS 2009-10-09 16:31 . 2009-10-09 16:31 -------- d-----w- c:\program files\NOS 2009-10-08 20:30 . 2009-01-22 19:33 -------- d-----w- c:\users\Carole\AppData\Roaming\Sony 2009-10-08 20:23 . 2009-10-08 18:44 -------- d-----w- c:\users\Carole\AppData\Roaming\DAEMON Tools Lite 2009-10-08 18:52 . 2009-10-08 18:52 -------- d-----w- c:\progra~2\DAEMON Tools Lite 2009-10-08 18:51 . 2009-05-25 17:07 680 ----a-w- c:\users\Carole\AppData\Local\d3d9caps.dat 2009-10-08 18:45 . 2009-10-08 18:45 721904 ------w- c:\windows\system32\drivers\sptd.sys 2009-10-08 13:42 . 2009-10-08 13:42 -------- d-----w- c:\users\Carole\AppData\Roaming\GARMIN 2009-10-08 13:41 . 2009-10-08 13:41 -------- d-----w- c:\program files\Garmin GPS Plugin 2009-10-08 13:41 . 2009-10-08 13:41 -------- d-----w- c:\program files\DIFX 2009-10-08 13:40 . 2009-10-08 13:40 -------- d-----w- c:\program files\Garmin 2009-10-08 12:09 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Calendar 2009-10-08 12:09 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Sidebar 2009-10-08 12:09 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Journal 2009-10-08 12:09 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Collaboration 2009-10-08 12:09 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Photo Gallery 2009-10-08 12:08 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Defender 2009-10-07 16:12 . 2009-10-07 16:12 -------- d-----w- c:\progra~2\Office Genuine Advantage 2009-10-01 01:02 . 2009-11-16 20:59 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2009-10-01 01:02 . 2009-11-16 20:59 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2009-10-01 01:01 . 2009-11-16 20:59 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2009-09-25 02:10 . 2009-11-16 20:59 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2009-09-25 02:07 . 2009-11-16 20:59 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2009-09-25 02:04 . 2009-11-16 20:59 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2009-09-25 01:49 . 2009-11-16 20:59 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2009-09-25 01:48 . 2009-11-16 20:59 351232 ----a-w- c:\windows\system32\XpsPrint.dll 2009-09-25 01:38 . 2009-11-16 20:59 847360 ----a-w- c:\windows\system32\OpcServices.dll 2009-09-25 01:36 . 2009-11-16 20:59 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2009-09-25 01:35 . 2009-11-16 20:59 135680 ----a-w- c:\windows\system32\XpsRasterService.dll 2009-09-25 01:33 . 2009-11-16 20:59 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2009-09-25 01:33 . 2009-11-16 20:59 829440 ----a-w- c:\windows\system32\d3d10warp.dll 2009-09-25 01:33 . 2009-11-16 20:59 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2009-09-25 01:32 . 2009-11-16 20:59 252928 ----a-w- c:\windows\system32\dxdiag.exe 2009-09-25 01:31 . 2009-11-16 20:59 519680 ----a-w- c:\windows\system32\d3d11.dll 2009-09-25 01:31 . 2009-11-16 20:59 486912 ----a-w- c:\windows\system32\d3d10level9.dll 2009-09-25 01:31 . 2009-11-16 20:59 161280 ----a-w- c:\windows\system32\d3d10_1.dll 2009-09-25 01:31 . 2009-11-16 20:59 218112 ----a-w- c:\windows\system32\d3d10_1core.dll 2009-09-25 01:31 . 2009-11-16 20:59 1030144 ----a-w- c:\windows\system32\d3d10.dll 2009-09-25 01:31 . 2009-11-16 20:59 828928 ----a-w- c:\windows\system32\d2d1.dll 2009-09-25 01:30 . 2009-11-16 20:59 190464 ----a-w- c:\windows\system32\d3d10core.dll 2009-09-25 01:30 . 2009-11-16 20:59 481792 ----a-w- c:\windows\system32\dxgi.dll 2009-09-25 01:27 . 2009-11-16 20:59 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2009-09-25 01:27 . 2009-11-16 20:59 37888 ----a-w- c:\windows\system32\cdd.dll 2009-09-25 01:27 . 2009-11-16 20:59 793088 ----a-w- c:\windows\system32\FntCache.dll 2009-09-25 01:27 . 2009-11-16 20:59 1064448 ----a-w- c:\windows\system32\DWrite.dll 2009-09-24 22:54 . 2009-11-16 20:59 258048 ----a-w- c:\windows\system32\winspool.drv 2009-09-24 22:54 . 2009-11-16 20:59 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2009-09-24 22:54 . 2009-11-16 20:59 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2009-09-14 09:29 . 2009-10-14 18:28 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2009-09-10 16:48 . 2009-10-14 18:46 218624 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 14:59 . 2009-10-28 07:52 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-09-10 14:58 . 2009-10-28 07:52 310784 ----a-w- c:\windows\system32\unregmp2.exe 2008-07-02 03:28 . 2008-07-02 03:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll 2008-05-22 17:35 . 2008-05-22 17:35 51962 ----a-w- c:\program files\Common Files\banner.jpg 2007-06-12 18:34 . 2007-06-12 18:34 35822 ----a-w- c:\program files\Common Files\ASPG_icon.ico 2004-08-09 21:30 . 2009-06-17 17:18 40960 ----a-w- c:\program files\Uninstall_CDS.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 01:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-26 92704] "HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304] "ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744] "ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2008-11-21 47672] "ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-11-21 33136] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208] "ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-08-12 6265376] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):01,2c,9a,f6,48,18,ca,01 R0 fsbts;fsbts;c:\windows\System32\drivers\fsbts.sys [30/05/2009 20:28 33920] R0 lullaby;lullaby;c:\windows\System32\drivers\lullaby.sys [21/11/2008 05:30 15416] R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [13/11/2009 21:00 35680] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [16/11/2007 05:09 48128] S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [08/10/2009 19:45 721904] S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 03:23 21504] S3 FSORSPClient;F-Secure ORSP Client;"c:\program files\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe" --> c:\program files\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe [?] S3 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [23/02/2009 15:25 75952] S3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [23/02/2009 15:25 67760] S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [12/04/2009 15:03 28224] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contenu du dossier 'Tâches planifiées' 2009-12-03 c:\windows\Tasks\User_Feed_Synchronization-{91283F18-3F0E-457A-A007-2FA9F9DC6165}.job - c:\windows\system32\msfeedssync.exe [2009-10-14 03:41] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: orange.fr\www . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-SymLnch - c:\program files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Support\SymLnch\SymLnch.exe AddRemove-Activation Assistant for the 2007 Microsoft Office suites - c:\programdata\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe REMOVE=TRUE MODIFY=FALSE AddRemove-NVIDIA Drivers - c:\windows\system32\NVUNINST.EXE UninstallGUI AddRemove-{ORAHSS}.Browser - c:\program files\Orange\Uninstall\Browser\Shell.exe MainUninstall.shl ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-04 18:00 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... C:\ADSM_PData_0150 Scan terminé avec succès Fichiers cachés: 1 ************************************************************************** . Heure de fin: 2009-12-04 18:05 ComboFix-quarantined-files.txt 2009-12-04 17:04 Avant-CF: 81 128 071 168 octets libres Après-CF: 81 186 512 896 octets libres - - End Of File - - B599AAC5302112F3E18347FD94CE44FA
  25. Maheva
    Voilà le rapport OTL.txt OTL logfile created on: 03/12/2009 10:09:11 - Run 1 OTL by OldTimer - Version 3.1.11.4 Folder = C:\Users\Carole\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18828) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 90,52% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,04 Gb Total Space | 74,43 Gb Free Space | 49,94% Space Free | Partition Type: NTFS Drive D: | 139,28 Gb Total Space | 133,76 Gb Free Space | 96,04% Space Free | Partition Type: NTFS Drive E: | 3,74 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF F: Drive not present or media not loaded Drive G: | 596,02 Gb Total Space | 243,93 Gb Free Space | 40,93% Space Free | Partition Type: FAT32 Drive H: | 977,47 Mb Total Space | 965,47 Mb Free Space | 98,77% Space Free | Partition Type: FAT I: Drive not present or media not loaded Computer Name: ORDI-DE-CAROLE Current User Name: Carole Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2009/12/03 10:01:34 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\Carole\Desktop\OTL.exe PRC - [2009/12/02 21:23:28 | 00,055,936 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe PRC - [2009/12/02 21:18:30 | 00,347,776 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fsav32.exe PRC - [2009/12/02 21:17:39 | 00,599,168 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fssm32.exe PRC - [2009/12/02 21:17:39 | 00,476,800 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\FSGK32.EXE PRC - [2009/08/27 06:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2009/08/05 16:58:52 | 00,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\Common\FSMA32.EXE PRC - [2009/08/05 16:58:50 | 00,199,264 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\Common\FSM32.EXE PRC - [2009/08/05 16:58:50 | 00,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\Common\FSHDLL32.EXE PRC - [2009/08/05 16:57:20 | 00,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\FWES\Program\fsdfwd.exe PRC - [2009/08/05 16:56:10 | 00,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fsgk32st.exe PRC - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2009/04/11 07:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe PRC - [2009/04/11 07:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/04/11 07:27:28 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009/04/11 07:27:20 | 00,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2008/11/21 05:38:40 | 00,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe PRC - [2008/10/15 01:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe PRC - [2008/08/13 00:21:11 | 06,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008/07/09 18:14:06 | 00,191,032 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe PRC - [2008/06/26 06:58:59 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe PRC - [2008/06/25 04:01:08 | 00,159,744 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Media\DMedia.exe PRC - [2008/06/19 21:18:12 | 00,154,168 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe PRC - [2008/06/18 07:10:24 | 00,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe PRC - [2008/06/09 19:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe PRC - [2008/06/09 19:16:32 | 02,363,392 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe PRC - [2008/06/04 02:29:08 | 00,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe PRC - [2008/02/02 00:17:26 | 00,233,472 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe PRC - [2008/01/24 00:34:42 | 07,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe PRC - [2008/01/23 19:51:28 | 00,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe PRC - [2008/01/21 03:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe PRC - [2008/01/21 03:24:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe PRC - [2008/01/21 03:23:32 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008/01/12 07:40:10 | 00,098,304 | ---- | M] () -- C:\Program Files\ATK Hotkey\HControlUser.exe PRC - [2007/12/06 11:12:57 | 00,095,528 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe PRC - [2007/12/06 11:12:43 | 01,029,416 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2007/12/04 19:57:06 | 02,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe PRC - [2007/11/30 20:20:44 | 00,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe PRC - [2007/11/05 04:48:06 | 00,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe PRC - [2007/10/03 06:53:00 | 00,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe PRC - [2007/09/25 19:08:58 | 00,094,208 | ---- | M] (France Telecom SA) -- C:\Program Files\Orange\Systray\SystrayApp.exe PRC - [2007/09/25 18:58:46 | 00,598,016 | ---- | M] (France Telecom SA) -- C:\Program Files\Orange\Launcher\Launcher.exe PRC - [2007/09/25 18:33:26 | 00,716,800 | ---- | M] (France Telecom SA) -- C:\Program Files\Orange\connectivity\connectivitymanager.exe PRC - [2007/09/25 18:32:00 | 00,028,672 | ---- | M] (France Telecom SA) -- C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe PRC - [2007/09/25 18:31:52 | 00,360,448 | ---- | M] (France Telecom SA) -- C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe PRC - [2007/09/25 18:28:12 | 00,065,536 | ---- | M] (France Telecom SA) -- C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe PRC - [2007/09/25 18:27:50 | 00,065,536 | ---- | M] (France Telecom SA) -- C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe PRC - [2007/09/25 18:24:56 | 00,090,112 | ---- | M] (France Telecom SA) -- C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe PRC - [2007/08/15 20:20:16 | 00,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe PRC - [2007/08/08 09:08:40 | 00,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe PRC - [2007/08/03 21:24:54 | 00,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe PRC - [2007/07/06 01:53:44 | 01,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe PRC - [2007/05/18 11:31:16 | 00,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2005/07/07 00:43:42 | 00,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe ========== Modules (SafeList) ========== MOD - [2009/12/03 10:01:34 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\Carole\Desktop\OTL.exe MOD - [2009/08/05 16:58:30 | 00,330,336 | ---- | M] () -- \\?\c:\program files\orange\antivirus firewall\hips\fshook32.dll MOD - [2009/04/11 07:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2009/12/03 00:14:46 | 00,167,936 | ---- | M] (F-Secure Corporation) -- C:\Windows\Temp\F-Secure\Anti-Virus\fsblsrv.exe -- (F-Secure BlackLight Sensor) SRV - [2009/12/02 21:23:28 | 00,055,936 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe -- (FSORSPClient) SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service) SRV - [2009/09/25 02:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/09/23 15:36:06 | 00,051,168 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus® SRV - [2009/08/05 16:58:52 | 00,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\Common\FSMA32.EXE -- (FSMA) SRV - [2009/08/05 16:57:20 | 00,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\FWES\Program\fsdfwd.exe -- (FSDFWD) SRV - [2009/08/05 16:56:10 | 00,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter) SRV - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008/06/26 06:58:59 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc) SRV - [2008/06/09 19:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2008/01/21 03:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007/10/03 06:53:00 | 00,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2007/09/25 18:27:50 | 00,065,536 | ---- | M] (France Telecom SA) -- C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC) SRV - [2007/08/08 09:08:40 | 00,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2007/08/03 21:24:54 | 00,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr) SRV - [2007/05/18 11:31:16 | 00,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) SRV - [2007/02/20 14:53:06 | 00,075,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV) SRV - [2007/02/20 14:53:02 | 00,112,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service) SRV - [2007/01/26 11:39:06 | 00,075,952 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe -- (ICScsiSV) SRV - [2007/01/26 11:38:48 | 00,067,760 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe -- (IcVzMonLauncher) SRV - [2007/01/26 11:38:48 | 00,043,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment) SRV - [2006/12/14 02:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2006/12/14 02:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - [2006/12/14 01:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2006/11/02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart) SRV - [2006/10/26 22:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...S&bmod=ASUS IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...S&bmod=ASUS IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll () IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\Orange\Antivirus Firewall\NRS\litmus-ff@f-secure.com [2009/12/02 21:23:37 | 00,000,000 | ---D | M] O1 HOSTS File: (736 bytes) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Orange\Antivirus Firewall\NRS\iescript\baselitmus.dll (F-Secure Corporation) O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Orange\Antivirus Firewall\NRS\iescript\baselitmus.dll (F-Secure Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe () O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe () O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe () O4 - HKLM..\Run: [EPSON Stylus DX4200 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [EPSON Stylus DX4200 Series (Copie 1)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Orange\Antivirus Firewall\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Orange\Antivirus Firewall\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [HControlUser] C:\Program Files\ATK Hotkey\HcontrolUser.exe () O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe (France Telecom SA) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [symLnch] C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Support\SymLnch\SymLnch.exe File not found O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [systrayORAHSS] C:\Program Files\Orange\Systray\SystrayApp.exe (France Telecom SA) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [EPSON Stylus CX4200 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: orange.fr ([www] http in Sites de confiance) O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009/11/25 18:27:01 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009/11/25 18:27:01 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009/11/25 18:27:04 | 00,000,000 | RHSD | M] - G:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{0d8fb13f-b43b-11de-8ef1-0023548f92e7}\Shell - "" = AutoRun O33 - MountPoints2\{0d8fb13f-b43b-11de-8ef1-0023548f92e7}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found O33 - MountPoints2\{d7aa0463-8deb-11de-8491-0023548f92e7}\Shell - "" = AutoRun O33 - MountPoints2\{d7aa0463-8deb-11de-8491-0023548f92e7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\G\Shell\AutoRun\command - "" = wd_windows_tools\WDSetup.exe O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 03:34:27 | 00,000,000 | ---D | M] NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found OTL cannot create restorepoints on Vista OSs! ========== Files/Folders - Created Within 14 Days ========== [2009/12/03 10:01:22 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Users\Carole\Desktop\OTL.exe [2009/12/03 00:14:01 | 00,000,000 | ---D | C] -- C:\Users\Carole\AppData\Roaming\F-Secure [2009/12/02 22:15:14 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Carole\Desktop\Carole.exe [2009/12/02 21:41:48 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Carole\Desktop\HiJackThis.exe [2009/12/02 21:11:03 | 00,071,040 | ---- | C] (F-Secure Corporation) -- C:\Windows\System32\drivers\fsdfw.sys [2009/12/02 20:39:40 | 00,000,000 | --SD | C] -- C:\ComboFix [2009/12/02 20:39:40 | 00,000,000 | --SD | C] -- \ComboFix [2009/12/02 19:44:57 | 00,000,000 | ---D | C] -- C:\Qoobox [2009/12/02 19:44:57 | 00,000,000 | ---D | C] -- \Qoobox [2009/11/25 18:27:01 | 00,000,000 | RHSD | C] -- C:\autorun.inf [2009/11/25 18:27:01 | 00,000,000 | RHSD | C] -- \autorun.inf [2009/11/25 18:14:47 | 00,000,000 | ---D | C] -- C:\UsbFix [2009/11/25 18:14:47 | 00,000,000 | ---D | C] -- \UsbFix [2009/11/25 18:05:17 | 00,000,000 | ---D | C] -- C:\rsit [2009/11/25 18:05:17 | 00,000,000 | ---D | C] -- \rsit [2008/06/03 22:41:51 | 00,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys [2007/07/05 01:28:51 | 00,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [1 C:\Users\Carole\Documents\*.tmp files -> C:\Users\Carole\Documents\*.tmp -> ] ========== Files - Modified Within 14 Days ========== [2009/12/03 10:09:52 | 03,145,728 | -HS- | M] () -- C:\Users\Carole\NTUSER.DAT [2009/12/03 10:08:59 | 00,023,552 | ---- | M] () -- C:\Windows\System32\tdlcmd.dll [2009/12/03 10:08:53 | 00,012,800 | ---- | M] () -- C:\Windows\System32\tdlclk.dll [2009/12/03 10:04:18 | 00,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2009/12/03 10:04:11 | 00,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009/12/03 10:04:10 | 00,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009/12/03 10:04:04 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2009/12/03 10:04:01 | 00,027,934 | ---- | M] () -- C:\ProgramData\nvModes.001 [2009/12/03 10:03:51 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2009/12/03 10:02:28 | 00,524,288 | -HS- | M] () -- C:\Users\Carole\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2009/12/03 10:02:28 | 00,065,536 | -HS- | M] () -- C:\Users\Carole\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2009/12/03 10:02:13 | 02,691,316 | -H-- | M] () -- C:\Users\Carole\AppData\Local\IconCache.db [2009/12/03 10:02:00 | 00,000,290 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2009/12/03 10:01:34 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\Carole\Desktop\OTL.exe [2009/12/03 09:34:34 | 00,000,558 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job [2009/12/03 00:19:39 | 00,000,204 | ---- | M] () -- C:\infect.fstmp [2009/12/03 00:14:00 | 00,000,000 | ---- | M] () -- C:\error.fstmp [2009/12/02 22:14:27 | 00,781,909 | ---- | M] () -- C:\Users\Carole\Desktop\RSIT.exe [2009/12/02 22:09:39 | 00,027,934 | ---- | M] () -- C:\ProgramData\nvModes.dat [2009/12/02 21:41:52 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Carole\Desktop\HiJackThis.exe [2009/12/02 21:41:52 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Carole\Desktop\Carole.exe [2009/12/02 21:19:05 | 00,033,920 | ---- | M] () -- C:\Windows\System32\drivers\fsbts.sys [2009/12/02 21:11:11 | 01,706,152 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2009/12/02 21:11:11 | 00,743,178 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2009/12/02 21:11:11 | 00,655,218 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2009/12/02 21:11:11 | 00,157,320 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2009/12/02 21:11:11 | 00,130,922 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2009/12/02 20:01:12 | 00,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{91283F18-3F0E-457A-A007-2FA9F9DC6165}.job [2009/12/02 19:35:55 | 00,810,414 | ---- | M] () -- C:\Users\Carole\Desktop\UNINSTALLATION_TOOL.exe [2009/12/02 19:32:54 | 03,575,064 | R--- | M] () -- C:\Users\Carole\Desktop\ComboFix.exe [2009/12/01 20:57:50 | 00,047,616 | ---- | M] () -- C:\Users\Carole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/11/30 16:55:10 | 00,010,787 | ---- | M] () -- C:\Users\Carole\Documents\Objets En Vente.xlsx [2009/11/29 18:36:37 | 00,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009/11/28 14:19:16 | 00,436,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2009/11/27 20:35:23 | 00,000,000 | ---- | M] () -- C:\Users\Carole\defogger_renable [2009/11/27 18:48:28 | 00,013,916 | ---- | M] () -- C:\Users\Carole\Documents\Budget.xlsx [2009/11/26 14:41:36 | 03,145,728 | -HS- | M] () -- C:\Users\Carole\ntuser.dat_previous [2009/11/25 13:30:59 | 02,356,152 | R--- | M] () -- C:\Users\Carole\Documents\Money Sauvegarde.mbf [2009/11/23 11:39:34 | 00,044,161 | ---- | M] () -- C:\Users\Carole\Documents\EdT Carole.xlsx [2009/11/22 20:54:46 | 00,321,024 | ---- | M] () -- C:\Users\Carole\Documents\Antoine Laurent Lavoisier[1].ppt [2009/11/22 20:52:37 | 00,007,549 | ---- | M] () -- C:\Users\Carole\Documents\Lavoisier_texte_1.odt [2009/11/22 20:51:00 | 00,006,996 | ---- | M] () -- C:\Users\Carole\Documents\Damien Cornacchia ex semaine 23 novembre.odt [2009/11/22 19:44:36 | 00,005,073 | ---- | M] () -- C:\Users\Carole\Documents\Plan.odt [2009/11/22 19:40:56 | 00,004,577 | ---- | M] () -- C:\Users\Carole\Documents\Lexique.odt [2009/11/21 12:17:18 | 00,292,352 | ---- | M] () -- C:\Users\Carole\Desktop\gmer.exe [2009/11/20 18:58:22 | 00,011,353 | ---- | M] () -- C:\Users\Carole\Documents\Semaine.xlsx [2009/11/20 18:44:41 | 00,016,574 | ---- | M] () -- C:\Windows\EPISMF00.SWB [1 C:\Users\Carole\Documents\*.tmp files -> C:\Users\Carole\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2009/12/02 22:21:34 | 00,292,352 | ---- | C] () -- C:\Users\Carole\Desktop\gmer.exe [2009/12/02 22:14:26 | 00,781,909 | ---- | C] () -- C:\Users\Carole\Desktop\RSIT.exe [2009/12/02 21:41:47 | 00,012,800 | ---- | C] () -- C:\Windows\System32\tdlclk.dll [2009/12/02 20:39:37 | 00,023,552 | ---- | C] () -- C:\Windows\System32\tdlcmd.dll [2009/12/02 19:35:50 | 00,810,414 | ---- | C] () -- C:\Users\Carole\Desktop\UNINSTALLATION_TOOL.exe [2009/12/02 19:32:51 | 03,575,064 | R--- | C] () -- C:\Users\Carole\Desktop\ComboFix.exe [2009/11/27 20:35:23 | 00,000,000 | ---- | C] () -- C:\Users\Carole\defogger_renable [2009/11/25 18:44:56 | 00,000,159 | ---- | C] () -- \VundoFix.txt [2009/11/25 18:19:00 | 00,008,313 | ---- | C] () -- \UsbFix.txt [2009/11/22 20:50:56 | 00,006,996 | ---- | C] () -- C:\Users\Carole\Documents\Damien Cornacchia ex semaine 23 novembre.odt [2009/11/22 19:44:33 | 00,005,073 | ---- | C] () -- C:\Users\Carole\Documents\Plan.odt [2009/11/22 19:40:53 | 00,004,577 | ---- | C] () -- C:\Users\Carole\Documents\Lexique.odt [2009/11/20 18:44:40 | 00,016,574 | ---- | C] () -- C:\Windows\EPISMF00.SWB [2009/10/22 14:18:39 | 00,000,000 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini [2009/10/22 14:18:38 | 00,237,568 | ---- | C] () -- C:\Windows\System32\qtmlClient.dll [2009/08/18 00:54:08 | 00,000,204 | ---- | C] () -- \infect.fstmp [2009/08/18 00:54:08 | 00,000,000 | ---- | C] () -- \error.fstmp [2009/08/07 03:03:00 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/08/07 03:01:32 | 00,019,944 | ---- | C] () -- C:\Windows\System32\drivers\atapi.sys [2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/07/24 00:21:22 | 00,029,239 | ---- | C] () -- C:\Users\Carole\AppData\Roaming\UserTile.png [2009/06/17 18:18:26 | 00,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe [2009/05/30 20:28:19 | 00,033,920 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys [2009/05/25 18:07:08 | 00,000,680 | ---- | C] () -- C:\Users\Carole\AppData\Local\d3d9caps.dat [2009/05/09 13:37:48 | 00,000,094 | ---- | C] () -- C:\Users\Carole\AppData\Local\fusioncache.dat [2009/03/31 11:30:40 | 00,000,000 | RHS- | C] () -- \MSDOS.SYS [2009/03/31 11:30:40 | 00,000,000 | RHS- | C] () -- \IO.SYS [2009/03/05 11:19:09 | 00,000,021 | ---- | C] () -- \NIS2008.TXT [2009/02/23 15:23:20 | 00,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll [2009/01/21 18:17:46 | 00,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009/01/21 18:17:22 | 00,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009/01/21 18:17:22 | 00,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009/01/21 18:17:20 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2009/01/21 18:17:13 | 00,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009/01/21 18:17:13 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2009/01/21 13:43:28 | 00,047,616 | ---- | C] () -- C:\Users\Carole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/01/21 12:41:06 | 35,341,14816 | -HS- | C] () -- [2009/01/21 12:20:18 | 00,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2008/11/22 20:25:18 | 00,000,105 | ---- | C] () -- \Pass.txt [2008/11/21 06:00:23 | 00,019,069 | ---- | C] () -- \devlist.txt [2008/11/21 05:57:03 | 00,000,009 | ---- | C] () -- \Finish.log [2008/11/21 05:44:49 | 00,000,024 | ---- | C] () -- C:\Windows\System32\ChkMail.ini [2008/11/21 05:14:04 | 00,000,159 | ---- | C] () -- \Setup.log [2008/11/21 05:11:35 | 00,000,646 | ---- | C] () -- \RHDSetup.log [2008/11/21 04:34:44 | 00,000,481 | ---- | C] () -- \igoogle_log.txt [2008/11/21 04:06:02 | 00,000,021 | ---- | C] () -- \V552.txt [2008/11/21 03:56:15 | 00,000,166 | ---- | C] () -- \SumHidd.txt [2008/11/21 03:55:30 | 00,000,098 | ---- | C] () -- \SumOS.txt [2008/10/01 06:09:42 | 00,000,021 | ---- | C] () -- \msapp2.LOG [2008/09/24 18:54:29 | 01,048,576 | RH-- | C] () -- \X71SLAS.BIN [2008/09/08 21:19:49 | 00,000,027 | ---- | C] () -- \Driver.20 [2008/07/02 04:28:38 | 00,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll [2008/06/02 17:51:13 | 00,000,022 | ---- | C] () -- \RECOVERY.DAT [2008/05/23 04:01:42 | 00,000,030 | ---- | C] () -- \NERO.LOG [2008/05/22 18:35:54 | 00,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg [2008/05/13 22:35:23 | 01,772,544 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2008/04/29 14:49:01 | 00,000,020 | ---- | C] () -- \READER_A.TXT [2008/04/16 12:27:14 | 00,333,257 | RHS- | C] () -- \bootmgr [2008/04/16 11:43:39 | 00,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2008/04/16 11:43:26 | 00,000,019 | ---- | C] () -- \CA21.txt [2008/03/21 03:56:21 | 00,002,666 | ---- | C] () -- \Patch.LOG [2007/06/12 19:34:50 | 00,035,822 | ---- | C] () -- C:\Program Files\Common Files\ASPG_icon.ico [2007/05/09 23:16:39 | 00,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2007/03/16 00:17:34 | 00,000,025 | ---- | C] () -- \OFFICE2007_A.TXT [2006/11/02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 11:23:09 | 00,000,024 | ---- | C] () -- \autoexec.bat [2006/11/02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 07:25:08 | 00,000,010 | ---- | C] () -- \config.sys [2006/05/19 19:39:57 | 00,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2006/03/09 02:57:59 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2004/02/29 16:44:34 | 00,052,576 | ---- | C] () -- \orange.bmp ========== LOP Check ========== [2009/11/18 11:35:11 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\Auslogics [2009/10/08 21:23:53 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\DAEMON Tools Lite [2009/05/13 10:10:56 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\eMule [2009/03/24 11:42:58 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\EPSON [2009/12/03 00:14:01 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\F-Secure [2009/10/08 14:42:40 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\GARMIN [2009/05/30 21:02:22 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\gtk-2.0 [2009/08/20 04:24:22 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\ITTNord [2009/03/05 11:19:15 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\Oberon Games [2009/07/24 00:21:22 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\PeerNetworking [2009/08/18 01:44:40 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\PlayFirst [2009/10/23 18:17:23 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\proDAD [2009/10/08 21:30:15 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\Sony [2009/12/03 10:02:18 | 00,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009/12/03 09:34:34 | 00,000,558 | ---- | M] () -- C:\Windows\Tasks\Scheduled scanning task.job [2009/12/02 20:01:12 | 00,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{91283F18-3F0E-457A-A007-2FA9F9DC6165}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008/01/21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008/01/21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008/01/21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008/01/21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008/01/21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006/11/02 10:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009/04/11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009/04/11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008/01/21 03:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008/01/21 03:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006/11/02 10:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2009/04/11 07:32:26 | 00,019,944 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006/11/02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006/11/02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008/01/21 03:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008/01/21 03:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008/01/21 03:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006/11/02 10:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/04/11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009/04/11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008/01/21 03:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006/11/02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008/01/21 03:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008/01/21 03:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008/01/21 03:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008/01/21 03:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009/04/11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009/04/11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:D2A5A561 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:37994DBE @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:6B86037F @Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:6677D85A @Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:10D98D98 < End of report > Et maintenant, extras .txt OTL Extras logfile created on: 03/12/2009 10:09:11 - Run 1 OTL by OldTimer - Version 3.1.11.4 Folder = C:\Users\Carole\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18828) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 90,52% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,04 Gb Total Space | 74,43 Gb Free Space | 49,94% Space Free | Partition Type: NTFS Drive D: | 139,28 Gb Total Space | 133,76 Gb Free Space | 96,04% Space Free | Partition Type: NTFS Drive E: | 3,74 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF F: Drive not present or media not loaded Drive G: | 596,02 Gb Total Space | 243,93 Gb Free Space | 40,93% Space Free | Partition Type: FAT32 Drive H: | 977,47 Mb Total Space | 965,47 Mb Free Space | 98,77% Space Free | Partition Type: FAT I: Drive not present or media not loaded Computer Name: ORDI-DE-CAROLE Current User Name: Carole Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1 .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* chm.file [open] -- "%SystemRoot%\hh.exe" %1 cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" File not found Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Orange\Connectivity\ConnectivityManager.exe" = C:\Program Files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS -- (France Telecom SA) "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04EF0DAA-3364-4753-A67A-0A380C8B579D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | "{0CC8CD90-C72F-4D3D-9F21-541A0B3D7295}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=c:\windows\system32\dfsr.exe | "{0CFD4547-4B38-4A07-9E9D-5914E5FE6F23}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | "{0E38BF59-D21B-41C6-A767-4E4B64508B4E}" = lport=2869 | protocol=6 | dir=in | app=system | "{0FC2A612-7AF3-4F96-A8BA-A6D8FAC780BF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{10389D0A-65D9-40F9-8A68-8385F680EE10}" = rport=5358 | protocol=6 | dir=out | app=system | "{10EE348B-7DDD-4BF3-BE60-F3DC624C4A5B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{16FA9091-FC13-4A15-A8ED-50A3EF3CBFD3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{1DE8CCAF-911B-4B45-9B27-3D726AE53F77}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe | "{25921FE2-54DF-4986-9659-3CB705096C54}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | "{26481A59-97D6-4DB4-B4DD-916102E9A745}" = rport=137 | protocol=17 | dir=out | app=system | "{2BF705E1-6D18-408A-844B-8643AE6F1122}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{2D064117-F3B1-4536-86F5-4BB9D768E4D9}" = lport=2869 | protocol=6 | dir=in | app=system | "{2D24594C-EE2C-4672-B2CB-96CD31ABD7E2}" = lport=80 | protocol=6 | dir=in | app=system | "{33A7DB04-4545-41B8-A1C3-0209A4E5C03A}" = rport=10244 | protocol=6 | dir=out | app=system | "{34CA4EA4-A578-4488-A32D-ACC936749E10}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{3579FB55-65E8-44D4-9D86-621FB97552FA}" = lport=teredo | protocol=17 | dir=in | svc=iphlpsvc | app=c:\windows\system32\svchost.exe | "{37DDD179-454B-4CFD-8D7D-D68348D64008}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=c:\windows\system32\svchost.exe | "{3AA85D1D-3D5F-4830-AC07-262FB63D0FE9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | "{3EC000F3-0914-424B-BFFC-C6B5C875EFEC}" = rport=1723 | protocol=6 | dir=out | app=system | "{3FC9B20E-4177-473D-AD6E-11788E270279}" = lport=2178 | protocol=6 | dir=in | app=system | "{400266FE-015D-4562-A703-AD68426B01FF}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=c:\windows\system32\vds.exe | "{4042ACE2-BD12-4C3D-84A9-69C2816100DF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{42D3764F-C486-4356-94F8-E96226976914}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=c:\windows\system32\svchost.exe | "{439A9972-38A2-4D03-9F4A-82F93BE18116}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{439C4EE8-E464-4F43-9E27-DBE936FEC3B5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{43C086A1-BE7D-45C7-95D4-BAB9BA3D3C28}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{488756BD-1F66-4E1A-B2BE-74C7AA4FE5AA}" = rport=10244 | protocol=6 | dir=out | app=system | "{4E55B95F-4575-4792-8CE8-85F5351E00E2}" = lport=10244 | protocol=6 | dir=in | app=system | "{4E6EF3FD-FFD2-4AE0-B832-ADE90AABC5B2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{5365BA64-FB48-4485-839B-2745B2CD3AEE}" = lport=1701 | protocol=17 | dir=in | app=system | "{537B869D-2A32-411A-9266-543B42057596}" = lport=rpc | protocol=6 | dir=in | svc=* | app=c:\windows\system32\svchost.exe | "{544FD8E6-DCC9-4DD8-B355-5715272F27C3}" = lport=rpc | protocol=6 | dir=in | svc=schedule | app=c:\windows\system32\svchost.exe | "{5E83E43E-0A75-4536-97B8-72130C67638B}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\services.exe | "{606DB5AE-CC5C-424E-BFE0-11069B0530DF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{614DE214-860D-41ED-9C3D-B80D1D3BAE98}" = lport=445 | protocol=6 | dir=in | app=system | "{61B1E811-F7CB-4EE2-B0A9-AAE49760D774}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=c:\windows\system32\svchost.exe | "{6424D34F-787F-4BFE-A03A-87837D4CCB4A}" = lport=162 | protocol=17 | dir=in | svc=snmptrap | app=c:\windows\system32\snmptrap.exe | "{65774F19-B7E3-4722-ADEE-C6CF2B93EC2E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{674810AA-5E1C-4208-B0C2-7951A48A3D71}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe | "{6AEF0A4F-D1BA-4FE7-BD5B-7608E11F808C}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{6CFBD518-C2B6-412F-BBFC-409C6B846DFD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{6F7729B7-DD75-48C7-84AC-D8E6C9F645ED}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe | "{76EA2D60-05CB-4839-AF50-C9E3DA328698}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe | "{7DB7552E-B7CA-4E55-BA20-592B07B6395E}" = rport=67 | protocol=17 | dir=in | svc=dhcp | app=c:\windows\system32\svchost.exe | "{7F4BF18B-6334-4866-978E-BA21788F7382}" = rport=5357 | protocol=6 | dir=out | app=system | "{81A151D8-24EC-415D-A171-EB1F13553F68}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | "{8259521A-4347-48AE-948F-6C4B77ABE600}" = lport=445 | protocol=6 | dir=in | app=system | "{8A7E6871-A7C0-40AE-B45B-485EF67E98F6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{8BEB0E93-3778-43EE-993C-1CED06F80C51}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe | "{8FE9261C-4488-4512-B0FA-CB1E8FE037A9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | "{907393C0-1C87-4DB9-BC0E-6E90262FDCDF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | "{9271B479-5269-41D7-A0E0-FD4BAEDC6327}" = rport=10243 | protocol=6 | dir=out | app=system | "{92B5333B-6588-46E3-AF4E-E1ABFCD9A648}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{985584CE-124B-4AE1-ADA6-0A268C6F7E33}" = rport=445 | protocol=6 | dir=out | app=system | "{98611EA2-F20C-4AE1-9330-9F4F29FD56A2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{992806BF-7073-4D71-B2C6-06A1F8A61C9B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{99CA74F3-5D4F-4D62-8BAE-18B738F544A9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{9A31DBAF-FCE6-4521-8DB9-63F4F4470A37}" = rport=67 | protocol=17 | dir=out | svc=dhcp | app=c:\windows\system32\svchost.exe | "{9B05E977-A447-457A-A664-92F01EBE3FA0}" = lport=1723 | protocol=6 | dir=in | app=system | "{9E68F8E0-81BC-4F62-A242-5EFA76C8D97B}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\vdsldr.exe | "{A3678B4E-7D86-4D77-8125-9A491F4A42B7}" = lport=rpc | protocol=6 | dir=in | svc=ktmrm | app=c:\windows\system32\svchost.exe | "{A3873589-768A-4BA8-8775-0C0A6B5B6ADC}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe | "{A4E1B6FF-D89F-42CB-AAE9-8D3970CCDE02}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=c:\windows\system32\dfsr.exe | "{A6D0C651-A907-46EF-9EE1-EEB4C012AE9F}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe | "{A8185B98-0FF3-4655-A852-F879A4EDFF04}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{A9863B9C-A920-4CFD-AD29-373CF20D05E0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{A9E35231-05F7-4B5A-B443-216A2769688C}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{B18BA636-C003-47D1-9E1B-850F06150E95}" = lport=445 | protocol=6 | dir=in | app=system | "{B2D62FE5-798E-4A8C-957D-A3E205E4C9CD}" = rport=2178 | protocol=6 | dir=out | app=system | "{BE2AF41B-80FB-48DB-9C48-7E28C8D456B2}" = lport=5357 | protocol=6 | dir=in | app=system | "{C472CC72-996A-4170-9138-6BF558FF0A87}" = lport=443 | protocol=6 | dir=in | app=system | "{C5EB9BAA-CF0B-4086-95DA-930BC7672AED}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C7EE5998-C6D5-4019-8D1B-8346B52AC2FB}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | "{C8206BAC-2C5B-4C90-8ACD-D556A1577917}" = lport=5358 | protocol=6 | dir=in | app=system | "{C94D3EBC-C98C-4710-B43C-77D0BFBF5489}" = lport=445 | protocol=6 | dir=in | app=system | "{C9D2109F-A9BE-4476-BF71-5F32814531F5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{CACBD1CC-8170-48BA-9DAD-2C6E31944638}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{CAED2A27-0C0B-4052-83DD-14B9A2FED23C}" = rport=1701 | protocol=17 | dir=out | app=system | "{CD082EB4-F87D-49BF-AC18-361EE12375C5}" = lport=3390 | protocol=6 | dir=in | app=system | "{CDAB6DD3-4847-433E-9C69-B85D72BC2BC9}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | "{D08791AA-2267-40B3-B435-71A927422AF5}" = lport=10243 | protocol=6 | dir=in | app=system | "{D2AABAD9-E592-4955-985F-878992C05F04}" = rport=138 | protocol=17 | dir=out | app=system | "{D4E9BCBF-437D-482B-8029-FDAAE6DF720B}" = rport=139 | protocol=6 | dir=out | app=system | "{D950F9D4-2901-42F7-90AB-31C00CC4FB44}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | "{DB04B4DF-4613-475B-99E2-4977499E07E6}" = rport=53 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | "{DDA19E9A-B56B-4F16-8FE3-207A4D01C88C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{E5D68986-3C2C-47C7-AEFC-BB2B34DBF478}" = lport=138 | protocol=17 | dir=in | app=system | "{E70242E9-5705-4E66-AC4A-AD473223EE8E}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe | "{E802D80E-2528-4373-8906-40CACD2C189A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | "{E81D012B-2659-4717-8491-0C7EA31DF602}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe | "{E8C051BB-E23B-400C-9F88-18DC23DBBFCD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{EB7E1286-EF63-4E73-B015-2A83F5A17F76}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{ECB4FE06-B1FA-487D-A6E5-78C6C41D6A82}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{ECC149CB-C96F-4027-A4D0-E3A3ED3C6046}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | "{F1E61521-A2BE-4095-9D42-FBCC8F493E18}" = lport=137 | protocol=17 | dir=in | app=system | "{F4F479ED-7934-4F29-9FA8-F6D40728CA4C}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{F53745CF-80BE-4378-B61C-0287675547EF}" = lport=10244 | protocol=6 | dir=in | app=system | "{F7B477C0-8DDF-4F65-A30B-3B8B1831628E}" = lport=3390 | protocol=6 | dir=in | app=system | "{FAFFFA41-0AD9-41C0-8EF2-E3C418B786C9}" = lport=139 | protocol=6 | dir=in | app=system | "{FBA2D11F-68A1-4362-8A07-6929FE02B7F5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FC640F58-EB08-47AD-9BA3-9F48354B95B4}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe | "{FF7D685D-B3B7-4276-87A8-CFF9544A3276}" = lport=445 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{049FDB24-B33A-4425-9452-36334DBDAA9F}" = protocol=58 | dir=out | name=réseau de base - requête d’écouteur de multidiffusion (icmpv6-sortie) | "{0A20B265-EA6F-47DA-8580-065026C2E933}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | "{0AC69B42-01DA-43A3-BB7E-CD2849D6A05B}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe | "{0B15BC76-D37D-4BB2-AD95-7477CC819C1C}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "{0BD0A72C-1159-40FA-A789-D3C7AC047447}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe | "{0D660FAA-C28C-4DA9-B40B-038DA850520E}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe | "{0FD4DC4F-11E5-42F0-8E6C-FC25E6FE73D8}" = protocol=58 | dir=out | name=gestion réseau de base - problème de paramètres (icmpv6-out) | "{1A326DDD-F35C-449A-BA1C-651B964A84F0}" = protocol=58 | dir=in | app=system | "{1A5E6BF8-1E0F-4EC6-8BE2-0CF90806F4F4}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | "{228C8B1A-B625-419C-85F4-916A9F1D2492}" = protocol=6 | dir=in | app=c:\program files\transcode360\transcode360tray.exe | "{2B8455CA-8753-41CE-B702-BD988A299853}" = protocol=17 | dir=out | svc=iphlpsvc | app=c:\windows\system32\svchost.exe | "{2F6B74EE-4155-4180-9650-EFDF6A9064FB}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe | "{33243D8F-7D83-4938-B955-816D5C5E45A8}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe | "{385A9FF2-0689-4353-AB90-B5CC8E3D175E}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | "{3EA4D1D1-A413-4981-ADD5-5732E576E647}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe | "{439BFB47-F60F-4F63-BF92-0CE2984F8850}" = protocol=58 | dir=in | app=system | "{477D2297-2A67-40C8-9F57-69AEE7729667}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | "{48515E2D-C458-40FE-9BF9-45FF0A3B057F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{48685AF5-038D-4DA5-A2CB-3EA938DCE2D7}" = protocol=1 | dir=in | app=system | "{499A798D-B67B-4F35-BDBF-0AC53136215C}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | "{4DBC2C6D-9696-4944-9568-5E133EA91B18}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe | "{4E15C13B-8E3F-42C2-85E7-AC405C93EDE6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{4EBBB369-A715-4443-BB8C-5356BDEC2435}" = protocol=6 | dir=out | app=c:\program files\windows collaboration\wincollab.exe | "{4F34D8DC-C606-44FC-82D6-46412C64F132}" = protocol=6 | dir=in | app=c:\program files\windows collaboration\wincollab.exe | "{4F8D731B-2E34-4DA7-BFFF-A9BB74D2C29D}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{5205ADCF-4C5E-4D68-AB77-151FC55AC953}" = protocol=17 | dir=in | app=c:\program files\transcode360\transcode360tray.exe | "{533E81CC-5263-48FE-80B1-9C8751F1728C}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe | "{54EEC159-B294-46E4-9730-AFBDA6A3ECDE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{55090630-FC2F-4A6D-B06F-87D69B6E5515}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe | "{58D11DFF-97B5-4C07-B358-5C858E0714F1}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe | "{5AB20C04-F03E-4BD8-AD91-69F7904AF2CA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{6089F5F0-291A-4CE6-B524-09C397AA29F5}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe | "{60C75F23-AFBC-460F-B4EA-F1CF81D80984}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "{60C824A5-3445-4FAE-8BE1-F529F98DD872}" = protocol=17 | dir=out | app=c:\program files\windows collaboration\wincollab.exe | "{61708798-82C9-415B-8939-30B288857EDC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{67555AA4-0514-4B8A-B92F-D46FC6370B08}" = protocol=41 | dir=in | app=system | "{6B9B33E4-3443-4C11-BF8F-6959CD8922E6}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{6BB60378-083D-4118-AF3F-B9CCCA59E953}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe | "{6F55A447-75D6-49A2-BFE8-06E4C66B0608}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | "{70F1D2A5-D788-4960-B0F5-7C8D4E8F0351}" = protocol=6 | dir=in | svc=winmgmt | app=c:\windows\system32\svchost.exe | "{7419D61E-769D-44CC-BFA7-95FBEB99DA74}" = protocol=58 | dir=out | name=réseau de base - écouteur de multidiffusion terminé (icmpv6-sortie) | "{753F422A-4642-4E63-A3EC-C5FC7579E062}" = protocol=58 | dir=in | app=system | "{76287C08-5B55-44BE-A9F3-D1FC46EE7180}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{774B46A2-2337-4CE5-A979-10E3DC7996A6}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe | "{77720A24-4A06-4F52-B1FD-8D0104FD1118}" = protocol=6 | dir=in | app=c:\program files\transcode360\transcode360.exe | "{7C5F32B5-CC24-4A1F-B540-5BCE483B9364}" = protocol=58 | dir=out | name=réseau de base - publication de découverte de voisin (icmpv6-sortie) | "{7C6A148C-218A-481C-A600-DEAA9592AE30}" = protocol=58 | dir=out | name=gestion réseau de base - temps dépassé (icmpv6-out) | "{7C7DA6BE-12ED-497A-87E7-5051210E774E}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe | "{7C8792B1-9223-440A-A08D-C01ADBE83D03}" = protocol=6 | dir=in | app=c:\windows\system32\wbem\unsecapp.exe | "{7E53A26A-A8D2-439A-8548-CD93678DF9DD}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | "{84C30DDB-52D5-4243-8E50-0CE145085FBF}" = protocol=2 | dir=out | app=system | "{8848274C-B105-436F-A748-D802B12849E6}" = protocol=58 | dir=in | app=system | "{8C4DFD6B-210C-4F3E-B60A-F8D733983BE7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{8FD6F03B-4E92-4F4D-BC37-33190F424B4B}" = protocol=58 | dir=out | name=réseau de base - sollicitation de découverte de voisin (icmpv6-sortie) | "{9940C6D1-04FA-4A7F-ADC2-E84853126E7F}" = protocol=6 | dir=out | svc=winmgmt | app=c:\windows\system32\svchost.exe | "{99704D7F-A25F-40EA-B988-5A7D53D75C54}" = protocol=6 | dir=out | app=system | "{99AC5E78-BF55-4C91-AA00-E2D1DFCB61AF}" = protocol=6 | dir=out | app=system | "{A1D76154-00F8-49A0-B2A0-3BFA66844B03}" = protocol=58 | dir=in | app=system | "{ABB6F208-684A-4477-B968-4116C8640EA5}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe | "{B06B84B9-CAB4-4E89-8465-4A0FA2CBD05A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{B07EED7E-49EF-4DA8-B43E-F3AB4650F044}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe | "{B39484FC-9A86-497B-BC7B-179325455F77}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe | "{B39EFA30-0A15-4629-976E-9AE9C5A1CE39}" = protocol=41 | dir=out | app=system | "{B7B02BAF-B8D6-4B05-8960-5F297829FDC0}" = protocol=58 | dir=in | app=system | "{BAF0DB69-B8EA-43B4-8C29-94A0812AF481}" = protocol=58 | dir=in | app=system | "{BB362584-2EB1-4A09-A665-1F67F227FBD3}" = protocol=2 | dir=in | app=system | "{BB6A4C05-54C7-4669-9907-FA552312BFD7}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{D0279F1F-A611-4660-9636-EBEDA1700274}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{D0B95589-895D-4EC3-8B64-E77D6BDBF76F}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe | "{DF836860-1DC5-4A33-9D92-D59D41B1F1EC}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe | "{E075479E-5698-44AC-9979-07A5597AD32A}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe | "{E0770B0B-6DFF-4100-A302-24BF65C6CF6D}" = protocol=17 | dir=in | app=c:\program files\transcode360\transcode360.exe | "{E2875728-68C7-4803-8EBC-089A7701E4DC}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | "{E2EA67EA-DC25-48A6-AFCC-747274C109EA}" = protocol=17 | dir=in | app=c:\program files\windows collaboration\wincollab.exe | "{E3702C79-19B3-4293-8C80-364FFF843F86}" = protocol=6 | dir=in | app=c:\windows\system32\msdtc.exe | "{E3A2CDAD-C193-441F-8B1E-ABB7482D37C8}" = protocol=58 | dir=in | app=system | "{E41B525E-0227-4E1F-A530-419DB8EC1AD3}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe | "{E4AA3A52-0D53-435F-BE72-5291BAC3B161}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe | "{E4D6A069-6F87-4D5A-BB58-9EC8E5863122}" = protocol=58 | dir=out | name=réseau de base - rapport d’écouteur de multidiffusion v2 (icmpv6-sortie) | "{E6350DD9-F555-4088-AF53-BE1445AA2FBB}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{E655E1CF-65C0-4EC9-9890-EF4AD95E9539}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | "{E6B08270-5B07-4B83-A405-6A84685113C6}" = protocol=58 | dir=out | name=réseau de base - rapport d’écouteur de multidiffusion (icmpv6-sortie) | "{E6DCF104-D289-496A-80BB-9EDB0B8D81BC}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | "{EC886C9D-39B4-48AC-8399-7D9C2E01A589}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | "{EE8E42D3-8DB6-4A2A-B379-42D0EF68CF75}" = protocol=6 | dir=out | app=c:\windows\system32\msdtc.exe | "{F00A1DF3-2E56-4C7B-8099-82DD10FFAE15}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{F4184533-9761-4252-A477-B7AD29B7679D}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | "{F722861D-F7AB-4247-8E31-AD9915FAAA99}" = protocol=58 | dir=out | name=réseau de base - paquet trop important (icmpv6-sortie) | "{F7A4E09A-3E1C-44E8-B847-792CE48BAA73}" = protocol=58 | dir=out | name=réseau de base - publication de routage (icmpv6-sortie) | "{F9676C41-2874-4F13-A9D4-6C74120B7535}" = protocol=58 | dir=in | app=system | "{FAA2F043-B7B4-40BE-90D4-8F3F72DC926C}" = protocol=58 | dir=in | app=system | "{FD21958F-4176-4690-9425-515B2CE766F5}" = protocol=58 | dir=out | name=réseau de base - sollicitation des routeurs (icmpv6-sortie) | "{FE032988-1EB0-4660-A0C2-070973347486}" = protocol=58 | dir=in | app=system | "{FE74EAEE-91C3-4E34-84C5-395D22F3821C}" = protocol=58 | dir=in | app=system | "TCP Query User{1D1D396A-FEFE-4669-ACAE-3A998F46BF77}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{290547EE-AF63-43B2-BB13-806C0DC20CFC}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{2C15B30C-28A1-4ECA-BC4B-751D27266074}C:\users\carole\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\carole\program files\dna\btdna.exe | "TCP Query User{7B40A48C-ACF5-4BD1-BCA1-028B9EF6F685}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{8A4E5436-BF62-47C7-A8E2-696FE555135E}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{9E05E0FC-2C4B-4340-BAD7-E8A2A53AF139}C:\users\carole\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\carole\program files\dna\btdna.exe | "UDP Query User{29BAB1AA-A549-4B13-97AB-5B56B4C9BD51}C:\users\carole\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\carole\program files\dna\btdna.exe | "UDP Query User{44CE3D72-3E66-414E-927F-841319E03E2B}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{9071D3B5-F47E-476A-8944-8651B6BEAC92}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{AD137BDE-CFA9-4175-A57B-8079F4023D06}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{D46CB03D-5F3A-4327-A13B-51CAB63A1F3C}C:\users\carole\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\carole\program files\dna\btdna.exe | "UDP Query User{F8446E58-4B3A-416C-B0E4-6CAA0D5B4E0F}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1 "{17342E3B-0818-4A6F-BFF8-99476605ADD6}" = livebox "{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{2862A3C1-0CD9-4D8B-A28C-8C337D4DD5EB}" = Express Gate "{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module "{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update "{4FEC2880-0ED9-44F4-AD20-1F4F4619B8F9}" = Mega Manager "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 "{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2 "{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe "{63DC2DA0-2A6C-4C38-9249-B75395458657}" = Windows Live Mail "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7370DF47-B4F9-4279-BFC3-3F09919F720D}" = Installation Windows Live "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{82419DFA-102C-403D-B9D0-C0F0652AB8F8}" = Sony Ericsson Media Manager 1.1 "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module "{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007 "{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007 "{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007 "{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007 "{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007 "{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007 "{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007 "{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007 "{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007 "{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007 "{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007 "{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007 "{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007 "{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007 "{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007 "{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007 "{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007 "{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007 "{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007 "{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007 "{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007 "{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007 "{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007 "{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007 "{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007 "{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007 "{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme "{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3 "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AC76BA86-7AD7-1036-7B44-A81300000003}" = Adobe Reader 8.1.3 - Français "{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support "{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution "{C20B3C31-28CD-4732-AE45-A30F401AF91F}" = WALKMAN Launcher "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes "{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media "{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service "{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3}" = F-Secure PSC Prerequisites "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update "{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express "{EFF87108-C9D0-43F1-BEE1-28DA87778F1A}" = Garmin Communicator Plugin "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1D891A7-2BAF-4033-9A20-DBB78F86BF0C}" = Video Downloader "{FE013D72-CF3D-41A8-BC09-C38070FDE2CB}" = Image Converter 3 "{ORAHSS}.Browser" = Navigateur Orange "{ORAHSS}.UninstallSuite" = Orange - Logiciels Internet "45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0) "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver "CCleaner" = CCleaner "eMule" = eMule "EPSON Printer and Utilities" = EPSON Logiciel imprimante "EPSON Scanner" = EPSON Scan "F-Secure Product 440" = Anti-virus firewall "HijackThis" = HijackThis 2.0.2 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "KLiteCodecPack_is1" = K-Lite Codec Pack 4.5.3 (Full) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSMONEYV80" = Microsoft Money 2000 Suite Financière "NVIDIA Drivers" = NVIDIA Drivers "OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01 "PROHYBRIDR" = 2007 Microsoft Office system "PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation) "Supermarket Management1.1.6" = Supermarket Management "SynTPDeinstKey" = Synaptics Pointing Device Driver "USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam "WinLiveSuite_Wave3" = Installation Windows Live "WinRAR archiver" = Archiveur WinRAR ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 30/11/2009 11:25:15 | Computer Name = Ordi-de-Carole | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 Description = Error - 30/11/2009 11:30:19 | Computer Name = Ordi-de-Carole | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 Description = Error - 30/11/2009 11:35:21 | Computer Name = Ordi-de-Carole | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 Description = Error - 30/11/2009 11:40:22 | Computer Name = Ordi-de-Carole | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 Description = Error - 30/11/2009 11:45:25 | Computer Name = Ordi-de-Carole | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 Description = Error - 30/11/2009 11:50:25 | Computer Name = Ordi-de-Carole | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 Description = Error - 30/11/2009 11:55:29 | Computer Name = Ordi-de-Carole | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 Description = Error - 30/11/2009 12:00:29 | Computer Name = Ordi-de-Carole | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 Description = Error - 30/11/2009 12:05:33 | Computer Name = Ordi-de-Carole | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 Description = Error - 30/11/2009 12:10:34 | Computer Name = Ordi-de-Carole | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 Description = [ Media Center Events ] Error - 07/05/2009 15:28:02 | Computer Name = Ordi-de-Carole | Source = Mcx2Dvcs | ID = 401 Description = Error - 09/05/2009 08:45:19 | Computer Name = Ordi-de-Carole | Source = ehReplay | ID = 701 Description = Error - 09/05/2009 08:45:19 | Computer Name = Ordi-de-Carole | Source = ehReplay | ID = 700 Description = Error - 09/05/2009 08:45:34 | Computer Name = Ordi-de-Carole | Source = ehReplay | ID = 701 Description = Error - 09/05/2009 08:46:27 | Computer Name = Ordi-de-Carole | Source = McrMgr | ID = 109 Description = [ OSession Events ] Error - 02/02/2009 09:50:19 | Computer Name = Ordi-de-Carole | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1789 seconds with 1440 seconds of active time. This session ended with a crash. Error - 28/03/2009 15:57:54 | Computer Name = Ordi-de-Carole | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 23477 seconds with 4140 seconds of active time. This session ended with a crash. [ System Events ] Error - 02/12/2009 15:50:14 | Computer Name = Ordi-de-Carole | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 02/12/2009 15:52:40 | Computer Name = Ordi-de-Carole | Source = Service Control Manager | ID = 7030 Description = Error - 02/12/2009 16:01:43 | Computer Name = Ordi-de-Carole | Source = EventLog | ID = 6008 Description = L'arrêt système précédant à 20:56:59 le 02/12/2009 n'était pas prévu. Error - 02/12/2009 16:02:49 | Computer Name = Ordi-de-Carole | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 02/12/2009 16:17:32 | Computer Name = Ordi-de-Carole | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 02/12/2009 16:38:09 | Computer Name = Ordi-de-Carole | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 02/12/2009 17:11:30 | Computer Name = Ordi-de-Carole | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 02/12/2009 17:24:04 | Computer Name = Ordi-de-Carole | Source = Service Control Manager | ID = 7031 Description = Error - 03/12/2009 04:35:36 | Computer Name = Ordi-de-Carole | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 03/12/2009 05:06:09 | Computer Name = Ordi-de-Carole | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = < End of report >
×
×
  • Créer...