Wilocks

Bonjour lance_yien, Merci de ton aide. Voici les trois rapport. J'ai effectué toutes les analyse en mode sans échec. Le PC rame beaucoup moins. ComboFix 11-10-21.06 - pierre 23/10/2011 11:23:59.2.2 - x86 NETWORK Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.3005.2326 [GMT 2:00] Lancé depuis: c:\users\pierre\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\pierre\Desktop\CFScript.txt SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Un nouveau point de restauration a été créé . FILE :: "c:\windows\Tasks\\Ad-Aware Update (Weekly).job" . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Lavasoft c:\programdata\Lavasoft\License\adaware.da2 c:\programdata\Lavasoft\License\guid.dat c:\windows\Tasks\Ad-Aware Update (Weekly).job . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-09-23 au 2011-10-23 )))))))))))))))))))))))))))))))))))) . . 2011-10-23 09:29 . 2011-10-23 09:30 -------- d-----w- c:\users\pierre\AppData\Local\temp 2011-10-23 09:29 . 2011-10-23 09:29 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-10-23 09:29 . 2011-10-23 09:29 -------- d-----w- c:\users\Boris\AppData\Local\temp 2011-10-22 19:19 . 2011-10-23 08:59 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7097977B-50B8-4D55-88EB-37DA96833F40}\offreg.dll 2011-10-22 16:44 . 2011-10-22 16:44 -------- d-----w- C:\_OTL 2011-10-22 16:07 . 2011-10-22 16:07 -------- d-----w- c:\users\pierre\AppData\Local\ArcSoft 2011-10-22 16:07 . 2011-10-22 16:10 -------- d-----w- c:\programdata\ArcSoft 2011-10-22 16:06 . 2006-11-10 13:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys 2011-10-22 16:05 . 2011-10-22 16:05 -------- d-----w- c:\program files\Kodak 2011-10-22 16:05 . 2011-10-22 16:07 -------- d-----w- c:\program files\Common Files\ArcSoft 2011-10-22 16:05 . 2011-10-22 16:07 -------- d-----w- c:\users\pierre\AppData\Roaming\ArcSoft 2011-10-22 16:05 . 2001-09-05 02:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll 2011-10-22 16:05 . 2001-09-05 02:18 225280 ------w- c:\program files\Common Files\InstallShield\IScript\iscript.dll 2011-10-22 16:05 . 2001-09-05 02:14 176128 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll 2011-10-22 16:05 . 2001-09-05 02:13 32768 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll 2011-10-22 14:47 . 2011-10-22 14:47 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-10-22 09:26 . 2011-10-22 09:26 -------- d-----w- c:\users\pierre\AppData\Roaming\Malwarebytes 2011-10-22 09:26 . 2011-10-22 09:26 -------- d-----w- c:\programdata\Malwarebytes 2011-10-22 09:26 . 2011-10-22 09:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-10-22 09:26 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-11 20:22 . 2011-10-11 20:22 -------- d-----w- c:\windows\fr 2011-10-11 17:01 . 2011-10-11 17:01 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-10-11 16:57 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\system32\UIRibbon.dll 2011-10-11 16:57 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2011-10-02 13:29 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7097977B-50B8-4D55-88EB-37DA96833F40}\mpengine.dll . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-03 16:20 . 2011-05-22 07:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((( SnapShot@2011-10-22_17.17.28 ))))))))))))))))))))))))))))))))))))))))) . + 2009-12-05 04:03 . 2011-10-22 19:24 44556 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 04:55 . 2011-10-23 08:45 51318 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-03-11 00:06 . 2011-10-23 08:45 11756 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1871111397-3539990770-1974983793-1001_UserData.bin - 2010-03-11 15:22 . 2011-10-22 16:45 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-03-11 15:22 . 2011-10-23 08:34 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-03-11 15:22 . 2011-10-22 16:45 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-03-11 15:22 . 2011-10-23 08:34 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:41 . 2011-10-23 08:34 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:41 . 2011-10-22 16:45 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-03-11 00:26 . 2011-10-23 08:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-03-11 00:26 . 2011-10-22 16:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:34 . 2011-10-23 08:29 78512 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat - 2010-03-11 00:26 . 2011-10-22 16:52 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-03-11 00:26 . 2011-10-23 08:28 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-03-11 00:26 . 2011-10-22 16:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-03-11 00:26 . 2011-10-23 08:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-03-11 00:26 . 2011-10-22 16:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-03-11 00:26 . 2011-10-23 08:31 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-03-11 00:26 . 2011-10-23 08:31 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-03-11 00:26 . 2011-10-22 16:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-10-22 16:45 . 2011-10-22 17:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-10-22 19:17 . 2011-10-23 08:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-10-22 16:45 . 2011-10-22 17:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-10-22 19:17 . 2011-10-23 08:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-12-05 20:16 . 2011-10-22 19:09 744568 c:\windows\System32\perfh00C.dat - 2009-12-05 20:16 . 2011-10-22 17:04 744568 c:\windows\System32\perfh00C.dat - 2009-07-14 02:05 . 2011-10-22 17:04 651450 c:\windows\System32\perfh009.dat + 2009-07-14 02:05 . 2011-10-22 19:09 651450 c:\windows\System32\perfh009.dat + 2009-12-05 20:16 . 2011-10-22 19:09 148086 c:\windows\System32\perfc00C.dat - 2009-12-05 20:16 . 2011-10-22 17:04 148086 c:\windows\System32\perfc00C.dat + 2009-07-14 02:05 . 2011-10-22 19:09 120382 c:\windows\System32\perfc009.dat - 2009-07-14 02:05 . 2011-10-22 17:04 120382 c:\windows\System32\perfc009.dat - 2009-07-26 20:04 . 2011-10-22 16:45 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-07-26 20:04 . 2011-10-22 19:18 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-07-14 02:03 . 2011-10-23 08:34 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat - 2009-07-14 02:03 . 2011-10-22 17:10 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat - 2009-07-14 04:34 . 2011-10-22 15:17 3800162 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2009-07-14 04:34 . 2011-10-23 08:28 3800162 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\kloehk.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKLM\~\startupfolder\C:^Users^pierre^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk] path=c:\users\pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2010-03-18 09:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft MediaImpression Monitor] 2010-04-21 12:00 73728 ----a-w- c:\program files\Kodak\MediaImpression SE\ArcMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2009-11-14 02:01 174104 ----a-w- c:\windows\System32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2009-11-14 02:01 141848 ----a-w- c:\windows\System32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCInstallQueue] 2009-07-14 01:16 280576 ----a-w- c:\windows\System32\netman.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2009-11-14 02:01 151064 ----a-w- c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-26 1343400] S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392] . . . ------- Examen supplémentaire ------- . TCP: DhcpNameServer = 212.27.40.240 212.27.40.241 FF - ProfilePath - c:\users\pierre\AppData\Roaming\Mozilla\Firefox\Profiles\vbgdy7sm.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Anti-bannière: KavAntiBanner@kaspersky.ru_bak - c:\program files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak FF - Ext: Analyse des liens (URL Advisor): linkfilter@kaspersky.ru_bak - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: Kaspersky Virtual Keyboard: virtualKeyboard@kaspersky.ru - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru . . Heure de fin: 2011-10-23 11:33:11 ComboFix-quarantined-files.txt 2011-10-23 09:33 ComboFix2.txt 2011-10-22 17:19 . Avant-CF: 113 716 387 840 octets libres Après-CF: 113 451 073 536 octets libres . - - End Of File - - D66BAEE85D41F9132BAC5B804178F435 -------------------------------------------------------------------------- 11:36:46.0703 1928 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48 11:36:47.0061 1928 ============================================================ 11:36:47.0061 1928 Current date / time: 2011/10/23 11:36:47.0061 11:36:47.0061 1928 SystemInfo: 11:36:47.0061 1928 11:36:47.0061 1928 OS Version: 6.1.7600 ServicePack: 0.0 11:36:47.0061 1928 Product type: Workstation 11:36:47.0061 1928 ComputerName: LAFONTAINE 11:36:47.0061 1928 UserName: pierre 11:36:47.0061 1928 Windows directory: C:\windows 11:36:47.0061 1928 System windows directory: C:\windows 11:36:47.0061 1928 Processor architecture: Intel x86 11:36:47.0061 1928 Number of processors: 2 11:36:47.0061 1928 Page size: 0x1000 11:36:47.0061 1928 Boot type: Safe boot with network 11:36:47.0061 1928 ============================================================ 11:36:47.0451 1928 Initialize success 11:37:16.0421 1168 ============================================================ 11:37:16.0421 1168 Scan started 11:37:16.0421 1168 Mode: Manual; 11:37:16.0421 1168 ============================================================ 11:37:16.0795 1168 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys 11:37:16.0795 1168 1394ohci - ok 11:37:16.0889 1168 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys 11:37:16.0889 1168 ACPI - ok 11:37:16.0920 1168 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys 11:37:16.0920 1168 AcpiPmi - ok 11:37:16.0982 1168 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys 11:37:16.0982 1168 adp94xx - ok 11:37:17.0014 1168 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys 11:37:17.0014 1168 adpahci - ok 11:37:17.0029 1168 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys 11:37:17.0029 1168 adpu320 - ok 11:37:17.0076 1168 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\windows\system32\drivers\Afc.sys 11:37:17.0076 1168 Afc - ok 11:37:17.0107 1168 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\windows\system32\drivers\afd.sys 11:37:17.0107 1168 AFD - ok 11:37:17.0123 1168 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys 11:37:17.0123 1168 agp440 - ok 11:37:17.0170 1168 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys 11:37:17.0170 1168 aic78xx - ok 11:37:17.0185 1168 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys 11:37:17.0185 1168 aliide - ok 11:37:17.0201 1168 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys 11:37:17.0216 1168 amdagp - ok 11:37:17.0232 1168 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys 11:37:17.0232 1168 amdide - ok 11:37:17.0294 1168 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys 11:37:17.0294 1168 AmdK8 - ok 11:37:17.0310 1168 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys 11:37:17.0310 1168 AmdPPM - ok 11:37:17.0326 1168 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\windows\system32\DRIVERS\amdsata.sys 11:37:17.0341 1168 amdsata - ok 11:37:17.0357 1168 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys 11:37:17.0357 1168 amdsbs - ok 11:37:17.0388 1168 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\windows\system32\DRIVERS\amdxata.sys 11:37:17.0388 1168 amdxata - ok 11:37:17.0435 1168 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys 11:37:17.0435 1168 AppID - ok 11:37:17.0482 1168 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys 11:37:17.0497 1168 arc - ok 11:37:17.0513 1168 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys 11:37:17.0513 1168 arcsas - ok 11:37:17.0560 1168 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys 11:37:17.0560 1168 AsyncMac - ok 11:37:17.0591 1168 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys 11:37:17.0591 1168 atapi - ok 11:37:17.0669 1168 athr (f8cfe8471bd445f2b437281f2af01780) C:\windows\system32\DRIVERS\athr.sys 11:37:17.0684 1168 athr - ok 11:37:17.0762 1168 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys 11:37:17.0762 1168 b06bdrv - ok 11:37:17.0794 1168 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys 11:37:17.0794 1168 b57nd60x - ok 11:37:17.0825 1168 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys 11:37:17.0825 1168 Beep - ok 11:37:17.0856 1168 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys 11:37:17.0872 1168 blbdrive - ok 11:37:17.0887 1168 bowser (fcafaef6798d7b51ff029f99a9898961) C:\windows\system32\DRIVERS\bowser.sys 11:37:17.0887 1168 bowser - ok 11:37:17.0887 1168 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys 11:37:17.0887 1168 BrFiltLo - ok 11:37:17.0903 1168 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys 11:37:17.0903 1168 BrFiltUp - ok 11:37:17.0950 1168 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys 11:37:17.0950 1168 Brserid - ok 11:37:17.0950 1168 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys 11:37:17.0965 1168 BrSerWdm - ok 11:37:17.0965 1168 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys 11:37:17.0965 1168 BrUsbMdm - ok 11:37:17.0981 1168 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys 11:37:17.0981 1168 BrUsbSer - ok 11:37:17.0981 1168 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys 11:37:17.0981 1168 BTHMODEM - ok 11:37:18.0121 1168 catchme - ok 11:37:18.0152 1168 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys 11:37:18.0152 1168 cdfs - ok 11:37:18.0215 1168 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys 11:37:18.0215 1168 cdrom - ok 11:37:18.0262 1168 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys 11:37:18.0262 1168 circlass - ok 11:37:18.0308 1168 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys 11:37:18.0308 1168 CLFS - ok 11:37:18.0402 1168 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys 11:37:18.0402 1168 CmBatt - ok 11:37:18.0402 1168 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys 11:37:18.0402 1168 cmdide - ok 11:37:18.0433 1168 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys 11:37:18.0449 1168 CNG - ok 11:37:18.0480 1168 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys 11:37:18.0480 1168 Compbatt - ok 11:37:18.0527 1168 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys 11:37:18.0527 1168 CompositeBus - ok 11:37:18.0574 1168 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys 11:37:18.0574 1168 crcdisk - ok 11:37:18.0620 1168 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\windows\system32\Drivers\dfsc.sys 11:37:18.0620 1168 DfsC - ok 11:37:18.0652 1168 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys 11:37:18.0652 1168 discache - ok 11:37:18.0698 1168 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys 11:37:18.0698 1168 Disk - ok 11:37:18.0745 1168 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys 11:37:18.0745 1168 drmkaud - ok 11:37:18.0808 1168 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\windows\System32\drivers\dxgkrnl.sys 11:37:18.0808 1168 DXGKrnl - ok 11:37:18.0901 1168 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys 11:37:18.0917 1168 ebdrv - ok 11:37:19.0088 1168 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys 11:37:19.0088 1168 elxstor - ok 11:37:19.0104 1168 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys 11:37:19.0104 1168 ErrDev - ok 11:37:19.0151 1168 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys 11:37:19.0151 1168 exfat - ok 11:37:19.0166 1168 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys 11:37:19.0166 1168 fastfat - ok 11:37:19.0182 1168 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys 11:37:19.0182 1168 fdc - ok 11:37:19.0213 1168 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys 11:37:19.0213 1168 FileInfo - ok 11:37:19.0229 1168 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys 11:37:19.0229 1168 Filetrace - ok 11:37:19.0260 1168 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys 11:37:19.0260 1168 flpydisk - ok 11:37:19.0291 1168 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys 11:37:19.0291 1168 FltMgr - ok 11:37:19.0307 1168 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys 11:37:19.0307 1168 FsDepends - ok 11:37:19.0369 1168 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\windows\system32\DRIVERS\fssfltr.sys 11:37:19.0369 1168 fssfltr - ok 11:37:19.0416 1168 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys 11:37:19.0416 1168 Fs_Rec - ok 11:37:19.0463 1168 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys 11:37:19.0463 1168 fvevol - ok 11:37:19.0510 1168 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys 11:37:19.0510 1168 gagp30kx - ok 11:37:19.0525 1168 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys 11:37:19.0525 1168 hcw85cir - ok 11:37:19.0556 1168 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys 11:37:19.0556 1168 HdAudAddService - ok 11:37:19.0619 1168 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys 11:37:19.0619 1168 HDAudBus - ok 11:37:19.0619 1168 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys 11:37:19.0619 1168 HidBatt - ok 11:37:19.0634 1168 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys 11:37:19.0650 1168 HidBth - ok 11:37:19.0666 1168 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys 11:37:19.0666 1168 HidIr - ok 11:37:19.0681 1168 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys 11:37:19.0681 1168 HidUsb - ok 11:37:19.0712 1168 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys 11:37:19.0712 1168 HpSAMD - ok 11:37:19.0759 1168 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys 11:37:19.0775 1168 HTTP - ok 11:37:19.0790 1168 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys 11:37:19.0790 1168 hwpolicy - ok 11:37:19.0837 1168 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys 11:37:19.0837 1168 i8042prt - ok 11:37:19.0884 1168 iaStor (0baa4115dfffd6a6d809a89d65e1281a) C:\windows\system32\DRIVERS\iaStor.sys 11:37:19.0900 1168 iaStor - ok 11:37:19.0931 1168 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\windows\system32\DRIVERS\iaStorV.sys 11:37:19.0931 1168 iaStorV - ok 11:37:20.0102 1168 igfx (36cc40b02ae593d6152ac8bd657720af) C:\windows\system32\DRIVERS\igdkmd32.sys 11:37:20.0134 1168 igfx - ok 11:37:20.0258 1168 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys 11:37:20.0258 1168 iirsp - ok 11:37:20.0414 1168 IntcAzAudAddService (3202e26501e5e18c35dc2cc74709a704) C:\windows\system32\drivers\RTKVHDA.sys 11:37:20.0430 1168 IntcAzAudAddService - ok 11:37:20.0570 1168 IntcHdmiAddService (264632ade8127b7baa2190cf6fad435b) C:\windows\system32\drivers\IntcHdmi.sys 11:37:20.0570 1168 IntcHdmiAddService - ok 11:37:20.0602 1168 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys 11:37:20.0602 1168 intelide - ok 11:37:20.0648 1168 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys 11:37:20.0648 1168 intelppm - ok 11:37:20.0680 1168 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys 11:37:20.0680 1168 IpFilterDriver - ok 11:37:20.0726 1168 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys 11:37:20.0726 1168 IPMIDRV - ok 11:37:20.0742 1168 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys 11:37:20.0742 1168 IPNAT - ok 11:37:20.0773 1168 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys 11:37:20.0773 1168 IRENUM - ok 11:37:20.0789 1168 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys 11:37:20.0789 1168 isapnp - ok 11:37:20.0820 1168 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys 11:37:20.0820 1168 iScsiPrt - ok 11:37:20.0836 1168 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys 11:37:20.0836 1168 kbdclass - ok 11:37:20.0851 1168 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys 11:37:20.0851 1168 kbdhid - ok 11:37:20.0914 1168 KL1 (94d67d49bd9503bb1d838405d80f2058) C:\windows\system32\DRIVERS\kl1.sys 11:37:20.0914 1168 KL1 - ok 11:37:20.0960 1168 kl2 (713576569667ac9e0f8556076004a96b) C:\windows\system32\DRIVERS\kl2.sys 11:37:20.0960 1168 kl2 - ok 11:37:21.0007 1168 KLIF (39920d69eaedb51757527aa54fe25216) C:\windows\system32\DRIVERS\klif.sys 11:37:21.0007 1168 KLIF - ok 11:37:21.0054 1168 KLIM6 (cf88b4985d957eee45c9939092e87c92) C:\windows\system32\DRIVERS\klim6.sys 11:37:21.0054 1168 KLIM6 - ok 11:37:21.0070 1168 klmouflt (3de1771c135328420315e21dde229bba) C:\windows\system32\DRIVERS\klmouflt.sys 11:37:21.0070 1168 klmouflt - ok 11:37:21.0101 1168 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys 11:37:21.0101 1168 KSecDD - ok 11:37:21.0132 1168 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys 11:37:21.0132 1168 KSecPkg - ok 11:37:21.0194 1168 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys 11:37:21.0194 1168 lltdio - ok 11:37:21.0241 1168 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys 11:37:21.0241 1168 LSI_FC - ok 11:37:21.0241 1168 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys 11:37:21.0241 1168 LSI_SAS - ok 11:37:21.0257 1168 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys 11:37:21.0257 1168 LSI_SAS2 - ok 11:37:21.0272 1168 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys 11:37:21.0272 1168 LSI_SCSI - ok 11:37:21.0304 1168 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys 11:37:21.0319 1168 luafv - ok 11:37:21.0350 1168 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys 11:37:21.0350 1168 megasas - ok 11:37:21.0366 1168 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys 11:37:21.0366 1168 MegaSR - ok 11:37:21.0382 1168 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys 11:37:21.0382 1168 Modem - ok 11:37:21.0413 1168 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys 11:37:21.0413 1168 monitor - ok 11:37:21.0460 1168 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys 11:37:21.0460 1168 mouclass - ok 11:37:21.0491 1168 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys 11:37:21.0491 1168 mouhid - ok 11:37:21.0491 1168 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys 11:37:21.0491 1168 mountmgr - ok 11:37:21.0522 1168 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys 11:37:21.0522 1168 mpio - ok 11:37:21.0538 1168 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys 11:37:21.0538 1168 mpsdrv - ok 11:37:21.0553 1168 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys 11:37:21.0553 1168 MRxDAV - ok 11:37:21.0584 1168 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\windows\system32\DRIVERS\mrxsmb.sys 11:37:21.0584 1168 mrxsmb - ok 11:37:21.0616 1168 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\windows\system32\DRIVERS\mrxsmb10.sys 11:37:21.0616 1168 mrxsmb10 - ok 11:37:21.0647 1168 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\windows\system32\DRIVERS\mrxsmb20.sys 11:37:21.0647 1168 mrxsmb20 - ok 11:37:21.0662 1168 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys 11:37:21.0662 1168 msahci - ok 11:37:21.0678 1168 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys 11:37:21.0678 1168 msdsm - ok 11:37:21.0725 1168 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys 11:37:21.0725 1168 Msfs - ok 11:37:21.0740 1168 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys 11:37:21.0740 1168 mshidkmdf - ok 11:37:21.0772 1168 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys 11:37:21.0772 1168 msisadrv - ok 11:37:21.0818 1168 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys 11:37:21.0818 1168 MSKSSRV - ok 11:37:21.0850 1168 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys 11:37:21.0850 1168 MSPCLOCK - ok 11:37:21.0865 1168 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys 11:37:21.0865 1168 MSPQM - ok 11:37:21.0896 1168 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys 11:37:21.0896 1168 MsRPC - ok 11:37:21.0896 1168 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys 11:37:21.0896 1168 mssmbios - ok 11:37:21.0912 1168 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys 11:37:21.0912 1168 MSTEE - ok 11:37:21.0928 1168 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys 11:37:21.0928 1168 MTConfig - ok 11:37:21.0959 1168 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys 11:37:21.0959 1168 Mup - ok 11:37:22.0006 1168 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys 11:37:22.0006 1168 NativeWifiP - ok 11:37:22.0068 1168 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys 11:37:22.0068 1168 NDIS - ok 11:37:22.0099 1168 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys 11:37:22.0099 1168 NdisCap - ok 11:37:22.0115 1168 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys 11:37:22.0115 1168 NdisTapi - ok 11:37:22.0130 1168 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys 11:37:22.0130 1168 Ndisuio - ok 11:37:22.0146 1168 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys 11:37:22.0146 1168 NdisWan - ok 11:37:22.0146 1168 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys 11:37:22.0146 1168 NDProxy - ok 11:37:22.0162 1168 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys 11:37:22.0162 1168 NetBIOS - ok 11:37:22.0177 1168 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys 11:37:22.0177 1168 NetBT - ok 11:37:22.0224 1168 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys 11:37:22.0240 1168 nfrd960 - ok 11:37:22.0240 1168 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys 11:37:22.0240 1168 Npfs - ok 11:37:22.0271 1168 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys 11:37:22.0271 1168 nsiproxy - ok 11:37:22.0333 1168 Ntfs (3795dcd21f740ee799fb7223234215af) C:\windows\system32\drivers\Ntfs.sys 11:37:22.0349 1168 Ntfs - ok 11:37:22.0364 1168 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys 11:37:22.0364 1168 Null - ok 11:37:22.0396 1168 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\windows\system32\DRIVERS\nvraid.sys 11:37:22.0396 1168 nvraid - ok 11:37:22.0411 1168 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\windows\system32\DRIVERS\nvstor.sys 11:37:22.0411 1168 nvstor - ok 11:37:22.0427 1168 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys 11:37:22.0427 1168 nv_agp - ok 11:37:22.0442 1168 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys 11:37:22.0442 1168 ohci1394 - ok 11:37:22.0474 1168 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys 11:37:22.0474 1168 Parport - ok 11:37:22.0489 1168 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys 11:37:22.0489 1168 partmgr - ok 11:37:22.0520 1168 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys 11:37:22.0520 1168 Parvdm - ok 11:37:22.0520 1168 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys 11:37:22.0536 1168 pci - ok 11:37:22.0536 1168 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys 11:37:22.0536 1168 pciide - ok 11:37:22.0567 1168 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys 11:37:22.0567 1168 pcmcia - ok 11:37:22.0567 1168 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys 11:37:22.0567 1168 pcw - ok 11:37:22.0614 1168 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys 11:37:22.0614 1168 PEAUTH - ok 11:37:22.0692 1168 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys 11:37:22.0692 1168 PptpMiniport - ok 11:37:22.0723 1168 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys 11:37:22.0723 1168 Processor - ok 11:37:22.0770 1168 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys 11:37:22.0770 1168 Psched - ok 11:37:22.0817 1168 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys 11:37:22.0817 1168 ql2300 - ok 11:37:22.0832 1168 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys 11:37:22.0832 1168 ql40xx - ok 11:37:22.0848 1168 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys 11:37:22.0848 1168 QWAVEdrv - ok 11:37:22.0864 1168 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys 11:37:22.0864 1168 RasAcd - ok 11:37:22.0895 1168 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys 11:37:22.0895 1168 RasAgileVpn - ok 11:37:22.0942 1168 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys 11:37:22.0942 1168 Rasl2tp - ok 11:37:22.0973 1168 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys 11:37:22.0973 1168 RasPppoe - ok 11:37:23.0020 1168 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys 11:37:23.0020 1168 RasSstp - ok 11:37:23.0051 1168 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys 11:37:23.0051 1168 rdbss - ok 11:37:23.0082 1168 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys 11:37:23.0082 1168 rdpbus - ok 11:37:23.0098 1168 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys 11:37:23.0098 1168 RDPCDD - ok 11:37:23.0129 1168 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys 11:37:23.0129 1168 RDPENCDD - ok 11:37:23.0144 1168 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys 11:37:23.0144 1168 RDPREFMP - ok 11:37:23.0160 1168 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys 11:37:23.0160 1168 RDPWD - ok 11:37:23.0207 1168 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys 11:37:23.0207 1168 rdyboost - ok 11:37:23.0269 1168 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys 11:37:23.0269 1168 rspndr - ok 11:37:23.0300 1168 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys 11:37:23.0300 1168 RTL8167 - ok 11:37:23.0347 1168 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys 11:37:23.0347 1168 SABI - ok 11:37:23.0394 1168 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys 11:37:23.0394 1168 sbp2port - ok 11:37:23.0425 1168 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys 11:37:23.0425 1168 scfilter - ok 11:37:23.0456 1168 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys 11:37:23.0456 1168 secdrv - ok 11:37:23.0503 1168 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys 11:37:23.0503 1168 Serenum - ok 11:37:23.0534 1168 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys 11:37:23.0534 1168 Serial - ok 11:37:23.0566 1168 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys 11:37:23.0566 1168 sermouse - ok 11:37:23.0612 1168 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys 11:37:23.0612 1168 sffdisk - ok 11:37:23.0628 1168 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys 11:37:23.0628 1168 sffp_mmc - ok 11:37:23.0644 1168 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\windows\system32\DRIVERS\sffp_sd.sys 11:37:23.0644 1168 sffp_sd - ok 11:37:23.0659 1168 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys 11:37:23.0659 1168 sfloppy - ok 11:37:23.0675 1168 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys 11:37:23.0690 1168 sisagp - ok 11:37:23.0706 1168 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys 11:37:23.0706 1168 SiSRaid2 - ok 11:37:23.0722 1168 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys 11:37:23.0722 1168 SiSRaid4 - ok 11:37:23.0737 1168 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys 11:37:23.0737 1168 Smb - ok 11:37:23.0784 1168 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys 11:37:23.0784 1168 spldr - ok 11:37:23.0846 1168 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\windows\system32\DRIVERS\srv.sys 11:37:23.0846 1168 srv - ok 11:37:23.0878 1168 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\windows\system32\DRIVERS\srv2.sys 11:37:23.0878 1168 srv2 - ok 11:37:23.0893 1168 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\windows\system32\DRIVERS\srvnet.sys 11:37:23.0893 1168 srvnet - ok 11:37:23.0940 1168 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys 11:37:23.0940 1168 stexstor - ok 11:37:23.0971 1168 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys 11:37:23.0971 1168 swenum - ok 11:37:24.0034 1168 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\drivers\tcpip.sys 11:37:24.0034 1168 Tcpip - ok 11:37:24.0065 1168 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\DRIVERS\tcpip.sys 11:37:24.0080 1168 TCPIP6 - ok 11:37:24.0112 1168 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys 11:37:24.0112 1168 tcpipreg - ok 11:37:24.0143 1168 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys 11:37:24.0143 1168 TDPIPE - ok 11:37:24.0143 1168 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys 11:37:24.0143 1168 TDTCP - ok 11:37:24.0174 1168 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys 11:37:24.0174 1168 tdx - ok 11:37:24.0190 1168 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys 11:37:24.0190 1168 TermDD - ok 11:37:24.0236 1168 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys 11:37:24.0236 1168 tssecsrv - ok 11:37:24.0268 1168 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys 11:37:24.0268 1168 tunnel - ok 11:37:24.0283 1168 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys 11:37:24.0283 1168 uagp35 - ok 11:37:24.0314 1168 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\windows\system32\DRIVERS\udfs.sys 11:37:24.0314 1168 udfs - ok 11:37:24.0361 1168 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys 11:37:24.0361 1168 uliagpkx - ok 11:37:24.0408 1168 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys 11:37:24.0408 1168 umbus - ok 11:37:24.0439 1168 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys 11:37:24.0439 1168 UmPass - ok 11:37:24.0470 1168 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys 11:37:24.0470 1168 usbccgp - ok 11:37:24.0502 1168 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys 11:37:24.0502 1168 usbcir - ok 11:37:24.0533 1168 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys 11:37:24.0533 1168 usbehci - ok 11:37:24.0548 1168 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\windows\system32\DRIVERS\usbhub.sys 11:37:24.0548 1168 usbhub - ok 11:37:24.0580 1168 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys 11:37:24.0580 1168 usbohci - ok 11:37:24.0626 1168 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys 11:37:24.0626 1168 usbprint - ok 11:37:24.0658 1168 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys 11:37:24.0658 1168 usbscan - ok 11:37:24.0704 1168 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS 11:37:24.0704 1168 USBSTOR - ok 11:37:24.0736 1168 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys 11:37:24.0736 1168 usbuhci - ok 11:37:24.0798 1168 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys 11:37:24.0798 1168 usbvideo - ok 11:37:24.0829 1168 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys 11:37:24.0829 1168 vdrvroot - ok 11:37:24.0860 1168 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys 11:37:24.0860 1168 vga - ok 11:37:24.0876 1168 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys 11:37:24.0876 1168 VgaSave - ok 11:37:24.0923 1168 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys 11:37:24.0923 1168 vhdmp - ok 11:37:24.0954 1168 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys 11:37:24.0954 1168 viaagp - ok 11:37:24.0970 1168 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys 11:37:24.0970 1168 ViaC7 - ok 11:37:24.0985 1168 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys 11:37:24.0985 1168 viaide - ok 11:37:25.0032 1168 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys 11:37:25.0032 1168 volmgr - ok 11:37:25.0048 1168 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys 11:37:25.0063 1168 volmgrx - ok 11:37:25.0094 1168 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys 11:37:25.0110 1168 volsnap - ok 11:37:25.0126 1168 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys 11:37:25.0141 1168 vsmraid - ok 11:37:25.0157 1168 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys 11:37:25.0157 1168 vwifibus - ok 11:37:25.0172 1168 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys 11:37:25.0172 1168 vwififlt - ok 11:37:25.0204 1168 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys 11:37:25.0204 1168 WacomPen - ok 11:37:25.0235 1168 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys 11:37:25.0235 1168 WANARP - ok 11:37:25.0250 1168 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys 11:37:25.0250 1168 Wanarpv6 - ok 11:37:25.0313 1168 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys 11:37:25.0313 1168 Wd - ok 11:37:25.0344 1168 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys 11:37:25.0344 1168 Wdf01000 - ok 11:37:25.0422 1168 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys 11:37:25.0422 1168 WfpLwf - ok 11:37:25.0438 1168 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys 11:37:25.0438 1168 WIMMount - ok 11:37:25.0531 1168 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys 11:37:25.0531 1168 WinUsb - ok 11:37:25.0578 1168 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys 11:37:25.0578 1168 WmiAcpi - ok 11:37:25.0625 1168 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys 11:37:25.0625 1168 ws2ifsl - ok 11:37:25.0656 1168 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys 11:37:25.0656 1168 WudfPf - ok 11:37:25.0703 1168 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys 11:37:25.0703 1168 WUDFRd - ok 11:37:25.0781 1168 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\windows\system32\DRIVERS\yk62x86.sys 11:37:25.0781 1168 yukonw7 - ok 11:37:25.0812 1168 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0 11:37:25.0999 1168 \Device\Harddisk0\DR0 - ok 11:37:25.0999 1168 Boot (0x1200) (80f1f6505f4f7557f37c3705680228dc) \Device\Harddisk0\DR0\Partition0 11:37:25.0999 1168 \Device\Harddisk0\DR0\Partition0 - ok 11:37:26.0015 1168 Boot (0x1200) (9d752003adb75fe309237fc971a97107) \Device\Harddisk0\DR0\Partition1 11:37:26.0015 1168 \Device\Harddisk0\DR0\Partition1 - ok 11:37:26.0046 1168 Boot (0x1200) (20f82fc2bf089e69614f0989f2658401) \Device\Harddisk0\DR0\Partition2 11:37:26.0046 1168 \Device\Harddisk0\DR0\Partition2 - ok 11:37:26.0046 1168 ============================================================ 11:37:26.0046 1168 Scan finished 11:37:26.0046 1168 ============================================================ 11:37:26.0062 1336 Detected object count: 0 11:37:26.0062 1336 Actual detected object count: 0 11:38:20.0069 1976 Deinitialize success ------------------------------------------------------------------------------- aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software Run date: 2011-10-23 11:38:45 ----------------------------- 11:38:45.481 OS Version: Windows 6.1.7600 11:38:45.481 Number of processors: 2 586 0x170A 11:38:45.497 ComputerName: LAFONTAINE UserName: pierre 11:38:46.059 Initialize success 11:40:02.343 AVAST engine defs: 11102300 11:40:33.137 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 11:40:33.137 Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 305245MB BusType: 3 11:40:33.168 Disk 0 MBR read successfully 11:40:33.184 Disk 0 MBR scan 11:40:33.184 Disk 0 unknown MBR code 11:40:33.199 Disk 0 scanning sectors +625139712 11:40:33.293 Disk 0 scanning C:\windows\system32\drivers 11:40:40.766 Service scanning 11:40:43.308 Modules scanning 11:40:49.205 Disk 0 trace - called modules: 11:40:49.236 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 11:40:49.252 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88180848] 11:40:49.252 3 CLASSPNP.SYS[8dd8959e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x873b3028] 11:40:50.360 AVAST engine scan C:\windows 11:40:52.746 AVAST engine scan C:\windows\system32 11:42:32.696 AVAST engine scan C:\windows\system32\drivers 11:42:40.621 AVAST engine scan C:\Users\pierre 11:44:20.929 AVAST engine scan C:\ProgramData 11:47:27.380 Scan finished successfully 11:55:16.832 Disk 0 MBR has been saved successfully to "C:\Users\pierre\Desktop\MBR.dat" 11:55:16.832 The log file has been saved successfully to "C:\Users\pierre\Desktop\aswMBR.txt" Merci

Et voila les trois autres rapports. OTL,MBAM et Combofix ------------------------ All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ccleaner deleted successfully. C:\Program Files\CCleaner\CCleaner.exe moved successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xporter vers Microsoft Excel\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26a913e3-1346-11e0-8c69-b9bdaa1f6764}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26a913e3-1346-11e0-8c69-b9bdaa1f6764}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26a913e3-1346-11e0-8c69-b9bdaa1f6764}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26a913e3-1346-11e0-8c69-b9bdaa1f6764}\ not found. File F:\LaunchU3.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found. File F:\LaunchU3.exe not found. C:\Users\pierre\AppData\Local\{082ED945-4858-4200-8684-E4F970536BF0} folder moved successfully. C:\Users\pierre\AppData\Local\{C90A5194-2C38-4D70-8C7C-CE83EED993E2} folder moved successfully. C:\Users\pierre\AppData\Local\{871D48D2-25E8-486D-BFB0-F8F063B1C25F} folder moved successfully. C:\Users\pierre\AppData\Local\{7B77F209-EBF9-423E-AD01-C6C720723AAB} folder moved successfully. C:\Users\pierre\AppData\Local\{0813245A-5BFF-405F-9AB3-C497434875D3} folder moved successfully. C:\Users\pierre\AppData\Local\{D7F3EBD6-9336-4816-BB91-B62A6CCC07C5} folder moved successfully. C:\Users\pierre\AppData\Local\{6053D551-02F1-489B-ACB7-93C2292424DC} folder moved successfully. C:\Users\pierre\AppData\Local\{74E01251-8380-4BF0-981D-B980994274CF} folder moved successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== < ipconfig /flushdns /c > Configuration IP de Windows Impossible de vider le cache de r‚solution DNS : La fonction a ‚chou‚ lors de l'ex‚cution. C:\Users\pierre\Desktop\cmd.bat deleted successfully. C:\Users\pierre\Desktop\cmd.txt deleted successfully. C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job moved successfully. C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1871111397-3539990770-1974983793-1003Core.job moved successfully. C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1871111397-3539990770-1974983793-1003UA.job moved successfully. File\Folder C:\*.sqm not found. File\Folder C:\WINDOWS\System32\*.tmp not found. File\Folder C:\WINDOWS\*.tmp not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Boris ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: pierre ->Temp folder emptied: 13471744 bytes ->Temporary Internet Files folder emptied: 230180 bytes ->FireFox cache emptied: 25877890 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 470 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 526092 bytes RecycleBin emptied: 1030 bytes Total Files Cleaned = 38.00 mb C:\windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.31.0 log created on 10222011_184422 Files\Folders moved on Reboot... File\Folder C:\windows\temp\TMP00000007525EA54AD875FC05 not found! Registry entries deleted on Reboot... ------------------------------------ Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Version de la base de données: 7998 Windows 6.1.7600 (Safe Mode) Internet Explorer 8.0.7600.16385 22/10/2011 19:04:43 mbam-log-2011-10-22 (19-04-43).txt Type d'examen: Examen rapide Elément(s) analysé(s): 169650 Temps écoulé: 2 minute(s), 38 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) --------------------------------------------------- ComboFix 11-10-21.06 - pierre 22/10/2011 19:12:54.1.2 - x86 MINIMAL Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.3005.2405 [GMT 2:00] Lancé depuis: c:\users\pierre\Desktop\ComboFix.exe AV: Lavasoft Ad-Watch Live! Antivirus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Un nouveau point de restauration a été créé . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\FullRemove.exe . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-09-22 au 2011-10-22 )))))))))))))))))))))))))))))))))))) . . 2011-10-22 16:46 . 2011-10-22 17:01 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7097977B-50B8-4D55-88EB-37DA96833F40}\offreg.dll 2011-10-22 16:44 . 2011-10-22 16:44 -------- d-----w- C:\_OTL 2011-10-22 16:07 . 2011-10-22 16:07 -------- d-----w- c:\users\pierre\AppData\Local\ArcSoft 2011-10-22 16:07 . 2011-10-22 16:10 -------- d-----w- c:\programdata\ArcSoft 2011-10-22 16:06 . 2006-11-10 13:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys 2011-10-22 16:05 . 2011-10-22 16:05 -------- d-----w- c:\program files\Kodak 2011-10-22 16:05 . 2011-10-22 16:07 -------- d-----w- c:\program files\Common Files\ArcSoft 2011-10-22 16:05 . 2011-10-22 16:07 -------- d-----w- c:\users\pierre\AppData\Roaming\ArcSoft 2011-10-22 16:05 . 2001-09-05 02:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll 2011-10-22 16:05 . 2001-09-05 02:18 225280 ------w- c:\program files\Common Files\InstallShield\IScript\iscript.dll 2011-10-22 16:05 . 2001-09-05 02:14 176128 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll 2011-10-22 16:05 . 2001-09-05 02:13 32768 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll 2011-10-22 14:47 . 2011-10-22 14:47 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-10-22 14:42 . 2011-04-29 10:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-10-22 14:41 . 2011-10-22 14:41 -------- d-----w- c:\programdata\Lavasoft 2011-10-22 14:41 . 2011-10-22 14:41 -------- d-----w- c:\program files\Lavasoft 2011-10-22 09:26 . 2011-10-22 09:26 -------- d-----w- c:\users\pierre\AppData\Roaming\Malwarebytes 2011-10-22 09:26 . 2011-10-22 09:26 -------- d-----w- c:\programdata\Malwarebytes 2011-10-22 09:26 . 2011-10-22 09:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-10-22 09:26 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-11 20:22 . 2011-10-11 20:22 -------- d-----w- c:\windows\fr 2011-10-11 17:01 . 2011-10-11 17:01 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-10-11 16:57 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\system32\UIRibbon.dll 2011-10-11 16:57 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2011-10-02 13:29 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7097977B-50B8-4D55-88EB-37DA96833F40}\mpengine.dll . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-03 16:20 . 2011-05-22 07:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ArcSoft MediaImpression Monitor"="c:\program files\Kodak\MediaImpression SE\ArcMonitor.exe" [2010-04-21 73728] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCInstallQueue"="netman.dll" [2009-07-14 280576] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\kloehk.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKLM\~\startupfolder\C:^Users^pierre^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk] path=c:\users\pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2009-11-14 02:01 174104 ----a-w- c:\windows\System32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2009-11-14 02:01 141848 ----a-w- c:\windows\System32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCInstallQueue] 2009-07-14 01:16 280576 ----a-w- c:\windows\System32\netman.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2009-11-14 02:01 151064 ----a-w- c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104] R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-26 1343400] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-04-29 64512] . . Contenu du dossier 'Tâches planifiées' . 2011-10-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-29 07:40] . . ------- Examen supplémentaire ------- . TCP: DhcpNameServer = 212.27.40.240 212.27.40.241 FF - ProfilePath - c:\users\pierre\AppData\Roaming\Mozilla\Firefox\Profiles\vbgdy7sm.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Anti-bannière: KavAntiBanner@kaspersky.ru_bak - c:\program files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak FF - Ext: Analyse des liens (URL Advisor): linkfilter@kaspersky.ru_bak - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: Kaspersky Virtual Keyboard: virtualKeyboard@kaspersky.ru - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru . - - - - ORPHELINS SUPPRIMES - - - - . SafeBoot-mcmscsvc SafeBoot-MCODS MSConfigStartUp-APLangApp - c:\program files\AnyPC Client\APLangApp.exe MSConfigStartUp-ccleaner - c:\program files\CCleaner\CCleaner.exe MSConfigStartUp-CLMLServer - c:\program files\CyberLink\Power2Go\CLMLSvc.exe MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe MSConfigStartUp-PDVD8LanguageShortcut - c:\program files\CyberLink\PowerDVD8\Language\Language.exe MSConfigStartUp-RemoteControl8 - c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe MSConfigStartUp-SynTPEnh - c:\program files\Synaptics\SynTP\SynTPEnh.exe MSConfigStartUp-UCam_Menu - c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe MSConfigStartUp-UpdateLBPShortCut - c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe MSConfigStartUp-UpdateP2GoShortCut - c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe MSConfigStartUp-UpdatePDRShortCut - c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe MSConfigStartUp-UpdatePPShortCut - c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe MSConfigStartUp-UpdatePSTShortCut - c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe . . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Heure de fin: 2011-10-22 19:19:52 ComboFix-quarantined-files.txt 2011-10-22 17:19 . Avant-CF: 113 868 218 368 octets libres Après-CF: 113 683 058 688 octets libres . - - End Of File - - B0C18FA957237202DC614C50804A0D78 Merci encore Pour l'intant il n'y à eu aucun changement.

Bonjour, J'ai le processus SVCHOST.exe qui me bouffe toutes les ressources de mon PC. Voici le rapport HijackThis, si quelqu'un peux me filer un coup de main. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:58:04, on 22/10/2011 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16700) Boot mode: Normal Running processes: C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\system32\taskhost.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\pierre\Downloads\HiJackThis.exe C:\windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Hotmail, Messenger, Actualité, Sport, People, Femmes - MSN France R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Hotmail, Messenger, Actualité, Sport, People, Femmes - MSN France R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O13 - Gopher Prefix: O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- End of file - 4187 bytes Et voici les deux rapport d'OTL. OTL logfile created on: 10/22/2011 3:55:38 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\pierre\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: France | Language: FRA | Date Format: dd/MM/yyyy 2.93 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 65.81% Memory free 5.86 Gb Paging File | 4.77 Gb Available in Paging File | 81.35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 130.17 Gb Total Space | 107.19 Gb Free Space | 82.34% Space Free | Partition Type: NTFS Drive D: | 152.82 Gb Total Space | 55.18 Gb Free Space | 36.11% Space Free | Partition Type: NTFS Computer Name: LAFONTAINE | User Name: pierre | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\pierre\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe (Kaspersky Lab ZAO) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO) DRV - (KL1) -- C:\windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys () DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (IntcHdmiAddService) Intel® -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/'>http://fr.msn.com/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 FF - prefs.js..extensions.enabledItems: virtualKeyboard@kaspersky.ru:11.0.2.579 FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.579 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.579 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru [2011/05/31 19:21:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru [2011/05/31 19:21:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru [2011/05/31 19:21:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/01 15:02:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/01 15:02:27 | 000,000,000 | ---D | M] [2010/12/29 13:07:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pierre\AppData\Roaming\mozilla\Extensions [2011/10/22 15:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pierre\AppData\Roaming\mozilla\Firefox\Profiles\vbgdy7sm.default\extensions [2011/10/02 15:17:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\pierre\AppData\Roaming\mozilla\Firefox\Profiles\vbgdy7sm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011/06/01 22:21:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2011/03/04 20:07:32 | 000,000,000 | ---D | M] (Anti-bannière) -- C:\Program Files\mozilla firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2011/03/04 20:06:56 | 000,000,000 | ---D | M] (Analyse des liens (URL Advisor)) -- C:\Program Files\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak [2011/05/31 19:21:26 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2011\FFEXT\KAVANTIBANNER@KASPERSKY.RU [2011/05/31 19:21:26 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2011\FFEXT\LINKFILTER@KASPERSKY.RU [2011/05/31 19:21:27 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2011\FFEXT\VIRTUALKEYBOARD@KASPERSKY.RU [2011/03/24 21:09:27 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml [2011/03/24 21:09:27 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml [2011/03/24 21:09:27 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml [2011/03/24 21:09:27 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml [2011/03/24 21:09:27 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.224\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.224\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.224\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2011/10/22 11:32:09 | 000,438,080 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 15065 more lines... O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm () O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95DE52F9-5E06-47C9-BE22-4B7FE2603F77}: DhcpNameServer = 212.27.40.240 212.27.40.241 O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) -C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky Lab ZAO) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{26a913e3-1346-11e0-8c69-b9bdaa1f6764}\Shell - "" = AutoRun O33 - MountPoints2\{26a913e3-1346-11e0-8c69-b9bdaa1f6764}\Shell\AutoRun\command - "" = F:\LaunchU3.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^pierre^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk - - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: APLangApp - hkey= - key= - File not found MsConfig - StartUpReg: ccleaner - hkey= - key= - C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd) MsConfig - StartUpReg: CLMLServer - hkey= - key= - File not found MsConfig - StartUpReg: EA Core - hkey= - key= - File not found MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found MsConfig - StartUpReg: NCInstallQueue - hkey= - key= - File not found MsConfig - StartUpReg: PDVD8LanguageShortcut - hkey= - key= - File not found MsConfig - StartUpReg: Persistence - hkey= - key= - File not found MsConfig - StartUpReg: RemoteControl8 - hkey= - key= - File not found MsConfig - StartUpReg: SynTPEnh - hkey= - key= - File not found MsConfig - StartUpReg: UCam_Menu - hkey= - key= - File not found MsConfig - StartUpReg: UpdateLBPShortCut - hkey= - key= - File not found MsConfig - StartUpReg: UpdateP2GoShortCut - hkey= - key= - File not found MsConfig - StartUpReg: UpdatePDRShortCut - hkey= - key= - File not found MsConfig - StartUpReg: UpdatePPShortCut - hkey= - key= - File not found MsConfig - StartUpReg: UpdatePSTShortCut - hkey= - key= - File not found MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: mcmscsvc - Service SafeBootMin: MCODS - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: mcmscsvc - Service SafeBootNet: MCODS - Service SafeBootNet: Messenger - Service SafeBootNet: MpfService - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found ========== Files/Folders - Created Within 30 Days ========== [2011/10/22 11:56:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011/10/22 11:26:07 | 000,000,000 | ---D | C] -- C:\Users\pierre\AppData\Roaming\Malwarebytes [2011/10/22 11:26:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/10/22 11:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/10/22 11:26:00 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2011/10/22 11:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/10/12 17:11:51 | 000,000,000 | ---D | C] -- C:\Users\pierre\AppData\Local\{082ED945-4858-4200-8684-E4F970536BF0} [2011/10/12 17:03:23 | 000,000,000 | ---D | C] -- C:\Users\pierre\AppData\Local\{C90A5194-2C38-4D70-8C7C-CE83EED993E2} [2011/10/11 22:22:01 | 000,000,000 | ---D | C] -- C:\windows\fr [2011/10/11 18:59:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011/10/11 18:57:59 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UIRibbon.dll [2011/10/11 18:57:58 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UIRibbonRes.dll [2011/10/11 18:51:26 | 000,000,000 | ---D | C] -- C:\Users\pierre\AppData\Local\{871D48D2-25E8-486D-BFB0-F8F063B1C25F} [2011/10/10 15:32:12 | 000,000,000 | ---D | C] -- C:\Users\pierre\AppData\Local\{7B77F209-EBF9-423E-AD01-C6C720723AAB} [2011/10/09 12:46:54 | 000,000,000 | ---D | C] -- C:\Users\pierre\AppData\Local\{0813245A-5BFF-405F-9AB3-C497434875D3} [2011/10/02 16:41:42 | 000,000,000 | ---D | C] -- C:\Users\pierre\AppData\Local\{D7F3EBD6-9336-4816-BB91-B62A6CCC07C5} [2011/09/26 22:39:34 | 000,000,000 | ---D | C] -- C:\Users\pierre\AppData\Local\{6053D551-02F1-489B-ACB7-93C2292424DC} [2011/09/23 06:44:28 | 000,000,000 | ---D | C] -- C:\Users\pierre\AppData\Local\{74E01251-8380-4BF0-981D-B980994274CF} ========== Files - Modified Within 30 Days ========== [2011/10/22 15:59:00 | 000,001,078 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1871111397-3539990770-1974983793-1003UA.job [2011/10/22 14:13:01 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/10/22 14:13:01 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/10/22 14:00:49 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2011/10/22 14:00:40 | 2362,920,960 | -HS- | M] () -- C:\hiberfil.sys [2011/10/22 12:12:41 | 000,013,472 | ---- | M] () -- C:\Users\pierre\Desktop\cc_20111022_121234.reg [2011/10/22 11:56:15 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011/10/22 11:32:09 | 000,438,080 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts [2011/10/22 11:26:04 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/10/17 17:59:06 | 000,001,026 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1871111397-3539990770-1974983793-1003Core.job [2011/10/03 18:20:29 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2011/10/22 12:12:38 | 000,013,472 | ---- | C] () -- C:\Users\pierre\Desktop\cc_20111022_121234.reg [2011/10/22 11:56:14 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011/10/22 11:26:04 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/03/04 20:06:49 | 000,115,369 | ---- | C] () -- C:\windows\System32\drivers\klin.dat [2011/03/04 20:06:49 | 000,097,961 | ---- | C] () -- C:\windows\System32\drivers\klick.dat [2010/12/29 13:07:11 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat [2010/12/28 15:24:53 | 000,000,036 | ---- | C] () -- C:\Users\pierre\AppData\Local\housecall.guid.cache [2010/03/11 02:22:58 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini [2010/03/11 02:06:48 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2009/12/05 22:16:46 | 000,744,806 | ---- | C] () -- C:\windows\System32\perfh00C.dat [2009/12/05 22:16:46 | 000,344,522 | ---- | C] () -- C:\windows\System32\perfi00C.dat [2009/12/05 22:16:46 | 000,148,292 | ---- | C] () -- C:\windows\System32\perfc00C.dat [2009/12/05 22:16:46 | 000,038,160 | ---- | C] () -- C:\windows\System32\perfd00C.dat [2009/12/05 22:01:49 | 000,004,608 | ---- | C] () -- C:\windows\System32\HdmiCoin.dll [2009/12/05 22:01:48 | 000,982,220 | ---- | C] () -- C:\windows\System32\igkrng500.bin [2009/12/05 22:01:47 | 000,439,300 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin [2009/12/05 22:01:47 | 000,134,592 | ---- | C] () -- C:\windows\System32\igfcg500.bin [2009/12/05 22:01:47 | 000,092,216 | ---- | C] () -- C:\windows\System32\igfcg500m.bin [2009/12/05 05:17:31 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe [2009/09/09 19:01:40 | 000,027,675 | ---- | C] () -- C:\windows\System32\drivers\klopp.dat [2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2009/07/14 06:33:53 | 000,342,600 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT [2009/07/14 04:05:48 | 000,651,648 | ---- | C] () -- C:\windows\System32\perfh009.dat [2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat [2009/07/14 04:05:48 | 000,120,580 | ---- | C] () -- C:\windows\System32\perfc009.dat [2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat [2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT [2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat [2009/07/14 02:55:09 | 001,332,736 | ---- | C] () -- C:\windows\System32\hpotiop1.dll [2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll [2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat ========== LOP Check ========== [2011/08/14 17:46:47 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Windows Live Writer [2010/12/29 22:17:16 | 000,000,000 | ---D | M] -- C:\Users\pierre\AppData\Roaming\GrabPro [2010/12/30 00:21:45 | 000,000,000 | ---D | M] -- C:\Users\pierre\AppData\Roaming\Orbit [2010/12/29 22:09:16 | 000,000,000 | ---D | M] -- C:\Users\pierre\AppData\Roaming\ProgSense [2010/12/12 12:06:36 | 000,000,000 | ---D | M] -- C:\Users\pierre\AppData\Roaming\Windows Live Writer [2011/10/16 14:29:05 | 000,032,482 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010/06/09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\windows\system32\drivers\kl1.sys [2010/06/09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\windows\system32\drivers\kl2.sys [2011/03/04 20:00:35 | 000,488,536 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\windows\system32\drivers\klif.sys [2010/04/22 19:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\windows\system32\drivers\klim6.sys [2009/11/02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\windows\system32\drivers\klmouflt.sys < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010/04/17 22:07:15 | 000,000,000 | ---D | M] -- C:\Users\pierre\AppData\Roaming\Adobe [2010/03/11 19:51:34 | 000,000,000 | ---D | M] -- C:\Users\pierre\AppData\Roaming\Google [2010/12/29 22:17:16 | 000,000,000 | ---D | M] -- C:\Users\pierre\AppData\Roaming\GrabPro [2010/03/11 02:24:48 | 000,000,000 | ---D | M] -- C:\Users\pierre\AppData\Roaming\Identities [2010/03/11 19:56:49 | 000,000,000 | ---D | M] -- C:\Users\pierre\AppData\Roaming\Macromedia [2011/10/22 11:26:07 | 000,000,000 | ---D | M] -- C:\Users\pierre\AppData\Roaming\Malwarebytes [2009/12/05 22:11:14 | 000,000,000 | ---D | M] -- C:\Users\pierre\AppData\Roaming\Media Center Programs [2010/12/29 15:04:40 | 000,000,000 | --SD | M] -- C:\Users\pierre\AppData\Roaming\Microsoft [2010/12/29 13:07:21 | 000,000,000 | ---D | M] -- C:\Users\pierre\AppData\Roaming\Mozilla [2010/10/09 17:30:48 | 000,000,000 | ---D | M] -- C:\Users\pierre\AppData\Roaming\MozillaControl [2010/12/30 00:21:45 | 000,000,000 | ---D | M] -- C:\Users\pierre\AppData\Roaming\Orbit [2010/12/29 22:09:16 | 000,000,000 | ---D | M] -- C:\Users\pierre\AppData\Roaming\ProgSense [2010/12/29 15:07:30 | 000,000,000 | ---D | M] -- C:\Users\pierre\AppData\Roaming\U3 [2011/04/24 10:49:38 | 000,000,000 | ---D | M] -- C:\Users\pierre\AppData\Roaming\vlc [2010/12/12 12:06:36 | 000,000,000 | ---D | M] -- C:\Users\pierre\AppData\Roaming\Windows Live Writer < %APPDATA%\*.exe /s > [2010/04/15 20:52:56 | 000,010,134 | R--- | M] () -- C:\Users\pierre\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2005/06/06 11:29:14 | 000,110,592 | ---- | M] () -- C:\Users\pierre\AppData\Roaming\U3\0DA0C76172F09934\cleanup.exe [2006/02/21 12:31:16 | 002,592,768 | ---- | M] () -- C:\Users\pierre\AppData\Roaming\U3\0DA0C76172F09934\LaunchPad.exe < %SYSTEMDRIVE%\*.exe > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CDROM.SYS > [2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys [2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys [2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: DISK.SYS > [2009/07/14 03:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\drivers\disk.sys [2009/07/14 03:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys [2009/07/14 03:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys < MD5 for: EXPLORER.EXE > [2009/10/06 08:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe [2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe [2009/10/06 07:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe < MD5 for: IASTOR.SYS > [2009/10/13 04:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009/10/13 04:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\System32\drivers\iaStor.sys [2009/10/13 04:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_3f3653f13a033ed4\iaStor.sys [2009/10/13 04:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys < MD5 for: IASTORV.SYS > [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: NDIS.SYS > [2009/07/14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys [2009/07/14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys < MD5 for: NETLOGON.DLL > [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: RASACD.SYS > [2009/07/14 01:54:40 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=30A81B53C766D0133BB86D234E5556AB -- C:\Windows\System32\drivers\rasacd.sys [2009/07/14 01:54:40 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=30A81B53C766D0133BB86D234E5556AB -- C:\Windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_0fb054d9c6a6b4d4\rasacd.sys < MD5 for: RDPWD.SYS > [2009/07/14 02:01:55 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=801371BA9782282892D00AADB08EE367 -- C:\Windows\System32\drivers\rdpwd.sys [2009/07/14 02:01:55 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=801371BA9782282892D00AADB08EE367 -- C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16385_none_4b4bde6b36561dcb\rdpwd.sys < MD5 for: SCECLI.DLL > [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: SFLOPPY.SYS > [2009/07/14 01:45:52 | 000,013,824 | ---- | M] (Microsoft Corporation) MD5=DB96666CC8312EBC45032F30B007A547 -- C:\Windows\System32\drivers\sfloppy.sys [2009/07/14 01:45:52 | 000,013,824 | ---- | M] (Microsoft Corporation) MD5=DB96666CC8312EBC45032F30B007A547 -- C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_x86_neutral_2102f5344367a352\sfloppy.sys [2009/07/14 01:45:52 | 000,013,824 | ---- | M] (Microsoft Corporation) MD5=DB96666CC8312EBC45032F30B007A547 -- C:\Windows\winsxs\x86_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_e6e06650dbcf54b4\sfloppy.sys < MD5 for: TCPIP.SYS > [2009/07/14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys [2010/06/14 08:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys [2010/06/14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\System32\drivers\tcpip.sys [2010/06/14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys < MD5 for: TDPIPE.SYS > [2009/07/14 02:01:37 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1875C1490D99E70E449E3AFAE9FCBADF -- C:\Windows\System32\drivers\tdpipe.sys [2009/07/14 02:01:37 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1875C1490D99E70E449E3AFAE9FCBADF -- C:\Windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_db828d8fa60ad848\tdpipe.sys < MD5 for: TDTCP.SYS > [2009/07/14 02:01:37 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=7551E91EA999EE9A8E9C331D5A9C31F3 -- C:\Windows\System32\drivers\tdtcp.sys [2009/07/14 02:01:37 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=7551E91EA999EE9A8E9C331D5A9C31F3 -- C:\Windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_db828d8fa60ad848\tdtcp.sys < MD5 for: USBPRINT.SYS > [2009/07/14 02:17:06 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=797D862FE0875E75C7CC4C1AD7B30252 -- C:\Windows\System32\drivers\usbprint.sys [2009/07/14 02:17:06 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=797D862FE0875E75C7CC4C1AD7B30252 -- C:\Windows\System32\DriverStore\FileRepository\usbprint.inf_x86_neutral_203e16627752a160\usbprint.sys [2009/07/14 02:17:06 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=797D862FE0875E75C7CC4C1AD7B30252 -- C:\Windows\winsxs\x86_usbprint.inf_31bf3856ad364e35_6.1.7600.16385_none_32d0188e22bd908f\usbprint.sys < MD5 for: USBSCAN.SYS > [2009/07/14 02:14:44 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=576096CCBC07E7C4EA4F5E6686D6888F -- C:\Windows\System32\drivers\usbscan.sys [2009/07/14 02:14:44 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=576096CCBC07E7C4EA4F5E6686D6888F -- C:\Windows\System32\DriverStore\FileRepository\sti.inf_x86_neutral_6a74c91c1f723826\usbscan.sys [2009/07/14 02:14:44 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=576096CCBC07E7C4EA4F5E6686D6888F -- C:\Windows\winsxs\x86_sti.inf_31bf3856ad364e35_6.1.7600.16385_none_59b5278c421a3644\usbscan.sys < MD5 for: USERINIT.EXE > [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009/07/14 03:15:20 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\expsrv.dll [2010/10/05 21:27:04 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\windows\system32\klogon.dll [2009/07/14 03:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\msvbvm60.dll < %systemroot%\Tasks\*.job /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A42A9F39 < End of report > ---------------------------------------------------------------------------- OTL Extras logfile created on: 10/22/2011 3:55:38 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\pierre\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: France | Language: FRA | Date Format: dd/MM/yyyy 2.93 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 65.81% Memory free 5.86 Gb Paging File | 4.77 Gb Available in Paging File | 81.35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 130.17 Gb Total Space | 107.19 Gb Free Space | 82.34% Space Free | Partition Type: NTFS Drive D: | 152.82 Gb Total Space | 55.18 Gb Free Space | 36.11% Space Free | Partition Type: NTFS Computer Name: LAFONTAINE | User Name: pierre | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{3B160861-7250-451E-B5EE-8B92BF30A710}" = Microsoft Works "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007 "{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007 "{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007 "{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007 "{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007 "{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007 "{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007 "{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007 "{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007 "{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A89DEBCA-F743-3412-97F6-B2E489194551}" = Google Talk Plugin "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger "{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.6 - Français "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{C861504E-2F57-4F95-AB0A-C7C7D8E46A4E}" = Windows Live Family Safety "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "CCleaner" = CCleaner "Defraggler" = Defraggler "ExpressBurn" = Express Burn Disc Burning Software "HDMI" = Intel® Graphics Media Accelerator Driver "HijackThis" = HijackThis 2.0.2 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300 "Marvell Miniport Driver" = Marvell Miniport Driver "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23) "VLC media player" = VLC media player 1.0.1 "WinLiveSuite" = Windows Live ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Merci d'avance

Et celui de AD-Remover. © CJoint.com, 2010

Et voici le rapport de ZHPDiag. © CJoint.com, 2010 Merci

Bonjour, J'ai le processus SVCHOST.exe qui me bouffe toutes les ressources de mon PC. Voici le rapport HijackThis, si quelqu'un peux me filer un coup de main. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:58:28, on 29/12/2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16700) Boot mode: Normal Running processes: C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\trend micro\HijackThis\HijackThis.exe C:\windows\system32\SearchFilterHost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" O4 - HKLM\..\RunOnce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU') O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O13 - Gopher Prefix: O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- End of file - 4952 bytes Voila Merci d'avance